HiJackThis log. Mange forgæves forsøg på fjernelse af snavs

Virker meget bekendt *S*
Følg proceduren herfra ->
http://www.eksperten.dk/artikler/1123

Velkommen til Eksperten.dk
Generelt -> http://expfaq.dk/

okay, vil da prøve det først. Men tvivler på det virker, det her er altså ondt...

og tak, skal da prøve at falde til :)

Så har jeg kørt proceduren igennem som anvist, der er blevet slettet en del småtteri, men det har ikke umiddelbart løst problemet. Jeg har prøvet at afinstallere hvad jeg nu havde af fildelingsprogrammer. Håber der er nogen der kan hjælpe den stakkels gymnasieelev her :)

combofix:

ComboFix 07-12-09.1 - malte j 2007-12-09 18:19:53.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.148 [GMT 1:00]
Running from: C:\Programmer\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\malte j\Foretrukne\Error Cleaner.url
C:\Documents and Settings\malte j\Foretrukne\Privacy Protector.url
C:\Documents and Settings\malte j\Foretrukne\Spyware&Malware Protection.url
C:\Documents and Settings\malte j\Skrivebord\Error Cleaner.url
C:\Documents and Settings\malte j\Skrivebord\Privacy Protector.url
C:\Documents and Settings\malte j\Skrivebord\Spyware&Malware Protection.url
C:\Programmer\cnss.zip
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\voipwet.dll

.
(((((((((((((((((((((((((  Files Created from 2007-11-09 to 2007-12-09  )))))))))))))))))))))))))))))))
.

2007-12-09 18:18 . 2007-12-09 18:18    1,596,353    --a------    C:\Programmer\ComboFix.exe
2007-12-09 17:16 . 2007-12-09 17:16    208,266    --a------    C:\Programmer\rootchk.exe
2007-12-09 15:23 . 2007-12-09 15:23    <DIR>    d--------    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Application Data\SUPERAntiSpyware.com
2007-12-09 15:06 . 2007-12-09 15:06    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-09 15:05 . 2007-12-09 15:05    <DIR>    d--------    C:\Documents and Settings\malte j\Application Data\SUPERAntiSpyware.com
2007-12-09 15:01 . 2007-12-09 15:25    <DIR>    d--------    C:\Programmer\superantispyware
2007-12-09 14:27 . 2007-12-09 14:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-09 14:25 . 2007-12-09 14:25    <DIR>    d--------    C:\Programmer\Yahoo!
2007-12-09 14:23 . 2007-12-09 14:26    <DIR>    d--------    C:\Programmer\Ccleaner
2007-12-08 20:16 . 2007-08-19 21:40    546,176    --a------    C:\autoruns.exe
2007-12-08 20:16 . 2007-08-19 21:40    456,064    --a------    C:\autorunsc.exe
2007-12-08 17:12 .     <DIR>        C:\Programmer\Fælles filer\LogiShrd
2007-12-08 16:40 . 2007-10-29 23:12    49,152    --a------    C:\wact.exe
2007-12-03 00:58 . 2007-12-03 00:58    <DIR>    d--------    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Application Data\Lavasoft
2007-12-03 00:56 . 2004-09-10 10:19    <DIR>    d--------    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Skrivebord
2007-12-03 00:56 . 2004-09-10 10:19    <DIR>    d--h-----    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Skabeloner
2007-12-03 00:56 . 2004-09-10 10:19    <DIR>    d--h-----    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Printere
2007-12-03 00:56 . 2004-09-10 10:19    <DIR>    dr-------    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Menuen Start
2007-12-03 00:56 . 2004-09-10 10:19    <DIR>    d--h-----    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Lokale indstillinger
2007-12-03 00:56 . 2004-09-10 10:34    <DIR>    dr-------    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Foretrukne
2007-12-03 00:56 . 2004-09-10 10:34    <DIR>    dr-------    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Dokumenter
2007-12-03 00:56 . 2006-03-04 08:18    <DIR>    d--------    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Bluetooth Software
2007-12-03 00:56 . 2006-03-04 08:31    <DIR>    d--------    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Application Data\Symantec
2007-12-03 00:56 . 2006-03-04 08:27    <DIR>    d--------    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Application Data\IBM
2007-12-03 00:56 . 2004-09-10 10:19    <DIR>    d--h-----    C:\Documents and Settings\Administrator.ELEVMASKINE_6\Andre computere
2007-12-03 00:38 . 2007-12-03 00:38    <DIR>    d--------    C:\Programmer\richvideocodec.maybedel
2007-12-03 00:38 . 2007-12-01 16:05    307,200    --a------    C:\WINDOWS\kopmet.dll
2007-12-03 00:38 . 2007-12-01 16:05    270,336    --a------    C:\WINDOWS\jetctrl.dll
2007-12-03 00:38 . 2007-12-01 16:05    143,360    --a------    C:\WINDOWS\nretcip.exe
2007-11-30 23:17 . 2007-11-30 23:18    <DIR>    d--------    C:\Programmer\zero g registry.maybedel
2007-11-30 23:17 . 2007-11-30 23:18    <DIR>    d--------    C:\Programmer\GeoGebra
2007-11-30 23:15 . 2007-11-30 23:15    <DIR>    d--h-----    C:\Documents and Settings\malte j\InstallAnywhere
2007-11-30 23:14 . 2007-11-30 23:14    23,276,454    --a------    C:\Programmer\GeoGebra_3_0_0_0_Release_Candidate_1.exe
2007-11-14 19:22 . 2004-09-10 10:19    <DIR>    d--------    C:\Documents and Settings\TEMP.ELEVMASKINE_6\Skrivebord
2007-11-14 19:22 . 2007-11-14 19:22    <DIR>    d--h-----    C:\Documents and Settings\TEMP.ELEVMASKINE_6\Skabeloner
2007-11-14 19:22 . 2004-09-10 10:19    <DIR>    d--h-----    C:\Documents and Settings\TEMP.ELEVMASKINE_6\Printere
2007-11-14 19:22 . 2007-11-14 19:22    <DIR>    dr-------    C:\Documents and Settings\TEMP.ELEVMASKINE_6\Menuen Start
2007-11-14 19:22 . 2007-11-14 19:22    <DIR>    d--h-----    C:\Documents and Settings\TEMP.ELEVMASKINE_6\Lokale indstillinger
2007-11-14 19:22 . 2007-11-14 19:22    <DIR>    dr-------    C:\Documents and Settings\TEMP.ELEVMASKINE_6\Foretrukne
2007-11-14 19:22 . 2007-11-14 19:22    <DIR>    dr-------    C:\Documents and Settings\TEMP.ELEVMASKINE_6\Dokumenter
2007-11-14 19:22 . 2006-03-04 08:18    <DIR>    d--------    C:\Documents and Settings\TEMP.ELEVMASKINE_6\Bluetooth Software
2007-11-14 19:22 . 2004-09-10 10:19    <DIR>    d--h-----    C:\Documents and Settings\TEMP.ELEVMASKINE_6\Andre computere

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 14:02    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-09 13:56    ---------    d-----w    C:\Programmer\LimeWire
2007-12-02 22:34    ---------    d-----w    C:\Documents and Settings\malte j\Application Data\U3
2007-11-04 18:50    ---------    d-----w    C:\Programmer\ffdshow
2007-11-04 18:49    ---------    d-----w    C:\Programmer\DesignWorkshop Lite
2007-11-04 18:48    ---------    d-----w    C:\Programmer\Blaze Gif Creator
2007-11-04 18:44    ---------    d-----w    C:\Programmer\3D maks studio
2007-11-02 20:05    ---------    d-----w    C:\Programmer\Dance6_Club_Demo
2007-11-02 20:03    42,727,121    ----a-w    C:\Programmer\2C745485-B8CF-443C-B39B-3A865EEDBD0F.zip
2007-11-02 20:03    ---------    d-----w    C:\Programmer\2C745485-B8CF-443C-B39B-3A865EEDBD0F
2007-09-26 20:01    35,984    ----a-w    C:\Documents and Settings\malte j\Application Data\GDIPFONTCACHEV1.DAT
2007-08-13 09:34    33,807,872    ----a-w    C:\Programmer\utpatch436creative.exe
2007-07-31 22:41    93,118,544    ----a-w    C:\Programmer\qc1051dan.exe
2007-07-25 18:54    2,819,737    ----a-w    C:\Programmer\mwa.zip
2007-07-25 18:37    1,286,523    ----a-w    C:\Programmer\brickblast.zip
2007-07-15 20:53    3,126,056    ----a-w    C:\Programmer\LimeWireWin.exe
2007-07-05 12:26    31,162,823    ----a-w    C:\Programmer\FreeHandMX-en.zip
2007-06-28 21:47    7,914,332    ----a-w    C:\Programmer\interior_design_bonus.exe
2007-06-26 23:20    15,505,200    ----a-w    C:\Programmer\IE7-WindowsXP-x86-enu.exe
2007-06-02 21:32    6,221,304    ------w    C:\Programmer\winamp535_full_emusic-7plus.exe
2007-05-20 21:29    144,215,369    ------w    C:\Programmer\rendering.exe
2007-05-16 20:12    69,062,833    ------w    C:\Programmer\animation0.exe
2007-05-14 16:14    99,716,072    ------w    C:\Programmer\basicconcepts.exe
2007-05-05 11:02    33,258,392    ------w    C:\Programmer\GoogleSketchUpWEN.exe
2007-05-01 20:40    5,386,752    ------w    C:\Programmer\12579-02_03.exe
2007-04-30 12:48    52,127,136    ------w    C:\Programmer\GoogleSketchUpProWEN.exe
2007-04-30 08:47    14,764,808    ------w    C:\Programmer\DivXInstaller.exe
2007-04-30 08:14    2,534,725    ------w    C:\Programmer\blaze-gif-creator.exe
2007-04-16 16:02    93,202,809    ------w    C:\Programmer\java_ee_sdk-5_02-solaris-i586-nojdk.bin
2007-04-07 16:19    3,512,037    ------w    C:\Programmer\AVICodecPackPlus2.exe
2007-03-20 15:59    19,994,184    ------w    C:\Programmer\QuickTimeInstaller.exe
2007-03-19 20:31    11,868,792    ------w    C:\Programmer\winamp533_full_bundle_emusic-7plus.exe
2007-02-26 17:18    3,429,680    ------w    C:\Programmer\DW_Tutorial.zip
2007-02-26 17:05    8,054,797    ------w    C:\Programmer\DesignWorkshop_Lite-Win.exe
2007-02-26 15:59    9,852,867    ------w    C:\Programmer\DiagramStudio42_Setup.exe
2007-02-23 21:36    1,037,824    ------w    C:\Programmer\smartdraw_11M_BM45_setup.msi
2007-02-23 21:28    8,312,640    ------w    C:\Programmer\esankey_en.exe
2007-02-23 21:28    2,337    ------w    C:\Programmer\INSTALL.LOG
2007-02-23 21:15    1,970,873    ------w    C:\Programmer\diagramdraw-1_00.zip
2007-01-16 19:35    345,068,035    ------w    C:\Programmer\Photoshop_CS2.exe
2007-01-12 20:05    6,653,146    ------w    C:\Programmer\sop14_dev.zip
2007-01-02 22:29    14,774,576    ------w    C:\Programmer\IE7-WindowsXP-x86-dan.exe
2007-01-02 22:03    67,215    ------w    C:\Programmer\xilisoft[1].video.converter.3.1.5.0430.keygen-tsrh.zip
2007-01-02 21:35    9,388    ------w    C:\Programmer\Xilisoft.3GP.video.converter.v3.1.10.build.1106b.incl.CRACK-Q-.r.3558819.TPB.torrent
2007-01-02 21:22    14,559,301    ------w    C:\Programmer\x-video-converter.exe
2007-01-02 21:09    10,416,181    ------w    C:\Programmer\video130.exe
2007-01-02 20:50    25,600    --sh--w    C:\Programmer\Thumbs.db
2006-12-17 12:25    645,670    ------w    C:\Programmer\uTorrent-1.6-install.exe
2006-12-17 12:07    3,089,547    ------w    C:\Programmer\ffdshow-20051015.exe
2006-12-17 12:01    413,547    ------w    C:\Programmer\MatroskaSplitter.exe
2006-12-17 11:52    643,144    ------w    C:\Programmer\XviD-1.1.2-01112006.exe
2006-10-29 17:37    2,041,756    ------w    C:\Programmer\Armadillo-3.Run.v1.0.zip
2006-10-22 18:24    7,290,120    ------w    C:\Programmer\setup.exe
2006-10-21 22:35    12,841,064    ------w    C:\Programmer\SkypeSetup.exe
2006-10-16 21:05    496,085    ------w    C:\Programmer\pivot.zip
2006-10-11 22:10    41,854,391    ------w    C:\Programmer\is730dan.exe
2006-10-03 15:55    5,560,963    ------w    C:\Programmer\iPod-Converter_r9637.exe
2006-10-03 15:46    3,977,905    ------w    C:\Programmer\winavi-video-converter.exe
2006-09-14 20:13    6,206,440    ------w    C:\Programmer\winamp524_full_emusic-7plus.exe
2006-09-11 20:35    3,204,123    ------w    C:\Programmer\SciTE4AutoIt3.exe
2006-09-11 20:22    2,976,424    ------w    C:\Programmer\autoit-v3.2.0.1-setup.exe
2006-09-09 22:54    588,119    ------w    C:\Programmer\dosguide.zip
2006-09-09 22:16    4,032,264    ------w    C:\Programmer\imacros-setup.exe
2006-08-11 20:40    3,112    ------w    C:\Programmer\toast spammer.plsc
2006-08-11 20:36    890    ------w    C:\Programmer\mocking.plsc
2006-08-11 20:33    22,647    ------w    C:\Programmer\Styles.plsc
2006-08-11 18:30    1,588    ------w    C:\Programmer\huhu clone 1.1.plsc
2006-08-11 18:25    2,529    ------w    C:\Programmer\gcwarning0-5.plsc
2006-08-11 15:57    8,493    ------w    C:\Programmer\Babelfish_Translator.plsc
2006-08-11 15:27    743,088    ------w    C:\Programmer\HC2Setup.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 15:00]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 20:43]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"WMPNSCFG"="C:\Programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:30]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 14:05]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 13:07 C:\WINDOWS\soundman.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 11:50]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 11:47]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 11:51]
"suScheduler"="C:\Programmer\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 16:32]
"ISUSPM Startup"="c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" []
"cssauthe"="C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 17:08]
"ACTray"="C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2006-01-31 21:19]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-14 22:10]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 16:14]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-02-16 10:54]
"atwtusb"="atwtusb.exe" [2005-09-21 17:08 C:\WINDOWS\system32\ATWTUSB.EXE]
"ACWLIcon"="C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-01-31 21:12]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 15:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BTTray.lnk - C:\Programmer\Lenovo\Bluetooth Software\BTTray.exe [2005-12-02 13:30:42]
iFinger 2.0.lnk - C:\Programmer\iFinger\iFinger.exe [2006-08-29 17:15:01]
InterVideo WinCinema Manager.lnk - C:\Programmer\IBMTOOLS\Apps\Common\Bin\WinCinemaMgr.exe [2006-12-21 18:06:14]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kopmet"= {28587DB0-C784-4C67-BE1F-3B2BCD9BEC9C} - C:\WINDOWS\kopmet.dll [2007-12-01 16:05 307200]
"jetctrl"= {9279A12C-B525-4920-B1F4-0C39B19F0ABF} - C:\WINDOWS\jetctrl.dll [2007-12-01 16:05 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-09-06 09:56 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
S4 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys
S4 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
S4 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
S4 smi2;smi2;\??\C:\Programmer\SMI2\smi2.sys
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5562362-a5a3-11dc-8076-0014a4de8b2f}]
\Shell\AutoRun\command - F:\pptview.exe /S /L "playlist.txt"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc4cb180-9815-11db-bec3-0014a4de8b2f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-03-20 16:00:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Programmer\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Programmer\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Programmer\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\MALTEJ~1\LOKALE~1\Temp\tdfwomehINE_6.dll
-> C:\WINDOWS\kopmet.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 18:29:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 18:31:41 - machine was rebooted
.
    --- E O F ---

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:52, on 09-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmer\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Programmer\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\PMHandler.exe
C:\Programmer\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Lenovo\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\IBM ThinkVantage\Client Security Solution\pwmgre.exe
C:\Programmer\iFinger\iFinger.exe
C:\Programmer\IBMTOOLS\Apps\Common\Bin\WinCinemaMgr.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\malte j\Skrivebord\hijackthis\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/dk/da
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [suScheduler] C:\Programmer\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauthe] "C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: iFinger 2.0.lnk = C:\Programmer\iFinger\iFinger.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\IBMTOOLS\Apps\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Programmer\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O15 - Trusted Zone: http://www.pornospasser.dk
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O21 - SSODL: kopmet - {28587DB0-C784-4C67-BE1F-3B2BCD9BEC9C} - C:\WINDOWS\kopmet.dll
O21 - SSODL: jetctrl - {9279A12C-B525-4920-B1F4-0C39B19F0ABF} - C:\WINDOWS\jetctrl.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Programmer\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programmer\ThinkVantage\SystemUpdate\UCLauncherService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 10716 bytes


root log'en:

********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
09-12-2007 17:18:00,01

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 17:18:02
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a5,e7,58,c8,ce,be,a7,97,4b,1f,fa,45,9d,42,02,1d,2a,17,eb,13,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fe,95,92,d7,67,3a,19,61,7a,1a,35,f6,7e,0c,16,b0,70,..
"khjeh"=hex:46,f5,a1,5f,25,a6,46,7a,1f,fb,30,30,24,9c,15,dc,6b,6e,03,09,81,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:83,de,f7,96,be,1e,58,3e,61,c1,b9,70,1f,b2,b4,b3,86,18,fb,8e,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a5,e7,58,c8,ce,be,a7,97,4b,1f,fa,45,9d,42,02,1d,2a,17,eb,13,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fe,95,92,d7,67,3a,19,61,7a,1a,35,f6,7e,0c,16,b0,70,..
"khjeh"=hex:46,f5,a1,5f,25,a6,46,7a,1f,fb,30,30,24,9c,15,dc,6b,6e,03,09,81,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:83,de,f7,96,be,1e,58,3e,61,c1,b9,70,1f,b2,b4,b3,86,18,fb,8e,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a5,e7,58,c8,ce,be,a7,97,4b,1f,fa,45,9d,42,02,1d,2a,17,eb,13,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fe,95,92,d7,67,3a,19,61,7a,1a,35,f6,7e,0c,16,b0,70,..
"khjeh"=hex:46,f5,a1,5f,25,a6,46,7a,1f,fb,30,30,24,9c,15,dc,6b,6e,03,09,81,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:83,de,f7,96,be,1e,58,3e,61,c1,b9,70,1f,b2,b4,b3,86,18,fb,8e,10,..

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000261

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

okay, det er rimlig vildt... det ser faktisk ud til det er forsvundet! ufatteligt...

nå, men nu da jeg er ny her, så ved jeg ikke lige om du har fortjent point'ene, for at linke til en artikel.. det kan du måske svare mig på også?

i mellem tiden kan jeg jo se om det dukker op igen..

Rimeligt vildt *S* Visse madopskrifter ser vildt ud for mig ...

------------------------------------------------------------------------

Der er enkelte uønskede elementer tilbage endnu !!!

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O21 - SSODL: kopmet - {28587DB0-C784-4C67-BE1F-3B2BCD9BEC9C} - C:\WINDOWS\kopmet.dll
O21 - SSODL: jetctrl - {9279A12C-B525-4920-B1F4-0C39B19F0ABF} - C:\WINDOWS\jetctrl.dll
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

Genstart Normalt.

Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

C:\WINDOWS\kopmet.dll
C:\WINDOWS\jetctrl.dll

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller nej til den.

------------------------------------------------------------------------

Jeg kan se at du - måske mere eller mindre mod din vilje - har installeret [Yahoo Toolbar] ?
Den er dog ikke 'farlig', men bare et irriterende program/toolbar som bare fylder op .
Hvis du vil slippe af med den kan du følge guiden herfra ->
http://support.microsoft.com/kb/303047

jetctrl.dll kunne jeg slette, men kopmet.dll får jeg en fejlmeddelse på: adgang nægtet, kontroler om disken er fuld eller om det bliver brugt af noget andet.

ny HJT scanning:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:46, on 09-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmer\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Programmer\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\PMHandler.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\IBM ThinkVantage\Client Security Solution\pwmgre.exe
C:\Programmer\Lenovo\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iFinger\iFinger.exe
C:\Programmer\IBMTOOLS\Apps\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\malte j\Skrivebord\hijackthis\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/dk/da
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [suScheduler] C:\Programmer\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauthe] "C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: iFinger 2.0.lnk = C:\Programmer\iFinger\iFinger.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\IBMTOOLS\Apps\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O15 - Trusted Zone: http://www.pornospasser.dk
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O21 - SSODL: kopmet - {7C7C98F6-F887-47C2-95A5-C0FC44505157} - C:\WINDOWS\kopmet.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Programmer\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programmer\ThinkVantage\SystemUpdate\UCLauncherService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 10550 bytes

Slet nævnte kopmet.dll i såkaldt fejlsikker tilstand..

Hvordan kører PC'en så nu ?

den kører eminent, bedre end før virusen. Jeg takker rigtig mange gange! nu har jeg også sidder og bakset med den i over 15 timer...

Jeg kan se at du - måske mere eller mindre mod din vilje - har installeret [Yahoo Toolbar] ?
Den er dog ikke 'farlig', men bare et irriterende program/toolbar som bare fylder op .
Hvis du vil slippe af med den kan du følge guiden herfra ->
http://support.microsoft.com/kb/303047

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

jeg takker rigtig mange gange for de gode råd og en (igen) funktionel bærbar

http://expfaq.dk/behandling_af_svar#behandling_af_svar

nu er genvejene på min desktop kommet tilbage og min startside er igen ændret, så krigen er endnu ikke ovre. Jeg kører programmerne igen for at få det fjernet, og ser om det hjælper. Jeg lover at jeg ikke glemmer dig, jeg vil bare gerne have min bærbar er funktionel først

... startside ændret til hvad ?

ER tidl. nævnt
C:\WINDOWS\kopmet.dll
blever ædt ???

jeg undskylder, det var kopmet.dll der ruskede rundt, havde glemt at få den slettet.

tak for hjælpen

Takker for P.