Hjælp til spyware/virus fjernelse

Jeg ser på den...

YFFER PYFFER !!!

Velkommen til Eksperten.dk
Generelt -> http://expfaq.dk/

Den PC må da være skrubumulig at arbejde med ???
Virkelig flydt med skrammel'snavs' !!!

Hvad har du haft 'gang i' ?

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

Logfile of HijackThis v1.99.1
Scan saved at 00:45:07, on 25-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\iexplore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\AdVantage\AdVantage.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Compaq_Ejer\Skrivebord\alle mapper\TeamViewer3\TeamViewer.exe
C:\Documents and Settings\Compaq_Ejer\Skrivebord\alle mapper\com renser\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201CD1AA-1319-48C7-6324-4B71B70595C6} - (no file)
O2 - BHO: (no name) - {264BD4FA-4612-1995-632C-4D71BF059799} - (no file)
O2 - BHO: (no name) - {3E1C17DE-8069-DAEF-181B-8E8DB05183CF} - (no file)
O2 - BHO: (no name) - {3E4E408D-D331-8BEF-1E13-888DB850809E} - (no file)
O2 - BHO: (no name) - {3F17C496-037A-09AA-5712-5800BFBADCCC} - (no file)
O2 - BHO: (no name) - {4D41C695-530C-5A89-5714-2C00BDC0DBC7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6C121788-8230-88B8-1813-888DB851D59E} - (no file)
O2 - BHO: (no name) - {6D1E44DA-D56E-8ABD-491B-8E8DB0508298} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B1E2A62B-329F-3F4A-EC54-3A7610490491} - (no file)
O2 - BHO: (no name) - {B9DBA715-6BA3-3E29-8B2F-3BE671F208C2} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BDDAA046-66F2-3927-892F-3BE671F20E98} - (no file)
O2 - BHO: (no name) - {C2C86422-F1C3-AB12-EE21-FD8A3F852B97} - (no file)
O2 - BHO: (no name) - {C4C96523-F19E-AD16-EE29-FB8A378524C5} - (no file)
O2 - BHO: (no name) - {C595352C-A7C8-F915-B929-FB8A37852891} - (no file)
O2 - BHO: (no name) - {C59C3F77-F6C7-AF16-BB21-FD8A3F857C96} - (no file)
O2 - BHO: (no name) - {C7771518-82F5-892C-D10F-89ADDACC7793} - (no file)
O2 - BHO: (no name) - {E9D9A146-60F8-3928-D227-3DE679F309C1} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [JustVoip] "C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Programmer\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Rxteeahh] "C:\Documents and Settings\Compaq_Ejer\Application Data\?ecurity\e?plorer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Eabt] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\MBOLS~1\tracert.exe" -vt ndrv
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Ejer\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179769450984
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

ComboFix 08-03-24.1 - Compaq_Ejer 2008-03-25  0:47:39.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.262 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Ejer\Skrivebord\rens pc\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Ejer\Application Data\APPATC~1
C:\Documents and Settings\Compaq_Ejer\Application Data\ASEMBL~1
C:\Documents and Settings\Compaq_Ejer\Application Data\CROSOF~1
C:\Documents and Settings\Compaq_Ejer\Application Data\CURITY~1
C:\Documents and Settings\Compaq_Ejer\Application Data\DOBE~1
C:\Documents and Settings\Compaq_Ejer\Application Data\ECURIT~1
C:\Documents and Settings\Compaq_Ejer\Application Data\ECURIT~1\e?plorer.exe
C:\Documents and Settings\Compaq_Ejer\Application Data\FNTS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\ICROSO~1
C:\Documents and Settings\Compaq_Ejer\Application Data\MBOLS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\MBOLS~1\tracert.exe
C:\Documents and Settings\Compaq_Ejer\Application Data\MCROSO~1
C:\Documents and Settings\Compaq_Ejer\Application Data\PPATCH~1
C:\Documents and Settings\Compaq_Ejer\Application Data\PPPATC~1
C:\Documents and Settings\Compaq_Ejer\Application Data\RACLE~1
C:\Documents and Settings\Compaq_Ejer\Application Data\RACLE~2
C:\Documents and Settings\Compaq_Ejer\Application Data\SKS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\SMANTE~1
C:\Documents and Settings\Compaq_Ejer\Application Data\SMBOLS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\STEM32~1
C:\Documents and Settings\Compaq_Ejer\Application Data\TSKS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\WNSXS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\YMANTE~1
C:\Documents and Settings\Compaq_Ejer\Application Data\YSTEM3~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\ASEMBL~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\CROSOF~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\CURITY~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\DOBE~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\ICROSO~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\MBOLS~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\SEMBLY~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\SSTEM~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\SSTEM3~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\STEM32~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\TSKS~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\WNSXS~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\YMBOLS~1
C:\Programmer\dobe~1
C:\Programmer\Fælles filer\{29A89~1
C:\Programmer\Fælles filer\{39A89~1
C:\Programmer\Insider
C:\Programmer\Insider\Insider.exe
C:\Programmer\Insider\UnInstall.exe
C:\Programmer\mantec~1
C:\Programmer\mbols~1
C:\Programmer\pppatc~1
C:\Programmer\racle~1
C:\Programmer\stem~1
C:\Programmer\Temporary
C:\Programmer\tsks~1
C:\Programmer\wnsxs~1
C:\Programmer\ymante~1
C:\Programmer\ymbols~1
C:\WINDOWS\alxtb1.dll
C:\WINDOWS\asks~1
C:\WINDOWS\asks~2
C:\WINDOWS\btgrab.dll
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\ecurit~1
C:\WINDOWS\fnts~1
C:\WINDOWS\iexplore.exe
C:\WINDOWS\mantec~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~2
C:\WINDOWS\racle~1
C:\WINDOWS\sembly~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\stem32~1
C:\WINDOWS\system32\alxres.dll
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\dailytoolbar.dll
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~2
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\jao.dll
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\sks~2
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wstart.dll
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem3~1
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COM+_MESSAGES
-------\Legacy_CORE
-------\Legacy_IPRIP
-------\Service_core
-------\Service_Iprip


(((((((((((((((((((((((((  Files Created from 2008-02-24 to 2008-03-24  )))))))))))))))))))))))))))))))
.

2008-03-25 00:50 . 2004-08-27 05:00    24,576    --a------    C:\WINDOWS\system32\CF_init.exe
2008-03-24 23:36 . 2008-03-24 23:36    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-03-24 23:36 . 2008-03-24 23:36    <DIR>    d--------    C:\Documents and Settings\Compaq_Ejer\Application Data\SUPERAntiSpyware.com
2008-03-24 23:36 . 2008-03-24 23:36    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-24 23:27 . 2008-03-24 23:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-24 23:26 . 2008-03-24 23:26    <DIR>    d--------    C:\Programmer\CCleaner
2008-03-17 18:24 . 2008-03-17 18:24    <DIR>    d--------    C:\Programmer\Xvid
2008-03-17 18:24 . 2007-06-28 18:52    765,952    --a------    C:\WINDOWS\system32\xvidcore.dll
2008-03-17 18:24 . 2007-06-28 18:54    180,224    --a------    C:\WINDOWS\system32\xvidvfw.dll
2008-03-17 18:24 . 2007-06-28 18:55    77,824    --a------    C:\WINDOWS\system32\xvid.ax
2008-03-12 19:31 . 2008-03-25 00:53    <DIR>    d--------    C:\Programmer\AdVantage

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 23:53    ---------    d-----w    C:\Documents and Settings\Compaq_Ejer\Application Data\Skype
2008-03-24 22:35    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-24 22:26    ---------    d-----w    C:\Programmer\Yahoo!
2008-03-21 21:52    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-03-21 17:00    ---------    d-----w    C:\Programmer\Norton Security Scan
2008-02-22 19:22    ---------    d-----w    C:\Documents and Settings\Compaq_Ejer\Application Data\BSplayer
2008-02-22 08:46    ---------    d-----w    C:\Programmer\Symantec
2008-02-21 23:01    ---------    d-----w    C:\Programmer\Alwil Software
2008-02-21 22:29    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-21 14:34    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 23:09    ---------    d-----w    C:\Programmer\Panda Security
2008-02-20 22:45    ---------    d-----w    C:\Programmer\SC
2008-02-20 21:50    ---------    d-----w    C:\Programmer\Spybot - Search & Destroy
2008-02-20 21:21    ---------    d-----w    C:\Documents and Settings\Compaq_Ejer\Application Data\TeamViewer
2008-02-19 12:26    ---------    d-----w    C:\Programmer\Apple Software Update
2008-02-19 12:26    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple
2008-01-31 04:31    ---------    d-----w    C:\Programmer\winvi
2008-01-25 09:12    25,088    ----a-w    C:\WINDOWS\system32\drivers\teamviewervpn.sys
2007-11-19 19:14    57,424    ----a-w    C:\Documents and Settings\Compaq_Ejer\Application Data\GDIPFONTCACHEV1.DAT
2007-06-19 11:47    166,664    ----a-w    C:\Documents and Settings\Compaq_Ejer\Application Data\setup_dk[1].exe
2006-12-16 19:36    798    ----a-w    C:\Documents and Settings\Compaq_Ejer\Application Data\wklnhst.dat
2006-12-03 20:13    77,824    ----a-w    C:\Documents and Settings\Compaq_Ejer\gotgo.exe
.
[code]<pre>
----a-w        1,141,841 2006-08-30 21:19:19  C:\Documents and Settings\Compaq_Ejer\Skrivebord\skrivebord\vigtigt\IEPrivacyKeeper2.3 .exe
</pre>[/code]


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201CD1AA-1319-48C7-6324-4B71B70595C6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{264BD4FA-4612-1995-632C-4D71BF059799}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E1C17DE-8069-DAEF-181B-8E8DB05183CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4E408D-D331-8BEF-1E13-888DB850809E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F17C496-037A-09AA-5712-5800BFBADCCC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D41C695-530C-5A89-5714-2C00BDC0DBC7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C121788-8230-88B8-1813-888DB851D59E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D1E44DA-D56E-8ABD-491B-8E8DB0508298}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1E2A62B-329F-3F4A-EC54-3A7610490491}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9DBA715-6BA3-3E29-8B2F-3BE671F208C2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDDAA046-66F2-3927-892F-3BE671F20E98}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2C86422-F1C3-AB12-EE21-FD8A3F852B97}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4C96523-F19E-AD16-EE29-FB8A378524C5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C595352C-A7C8-F915-B929-FB8A37852891}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C59C3F77-F6C7-AF16-BB21-FD8A3F857C96}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7771518-82F5-892C-D10F-89ADDACC7793}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9D9A146-60F8-3928-D227-3DE679F309C1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 23:24 68856]
"JustVoip"="C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe" [2008-01-02 16:38 8770864]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"AdVantage"="C:\Programmer\AdVantage\AdVantage.exe" [2007-11-05 11:12 884176]
"Rxteeahh"="C:\Documents and Settings\Compaq_Ejer\Application Data\?ecurity\e?plorer.exe" [ ]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Eabt"="C:\DOCUME~1\COMPAQ~1\APPLIC~1\MBOLS~1\tracert.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 21:05 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 19:23 663552]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 23:11 49152]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"avgnt"="C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" [2006-03-29 12:54 233512]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-28 22:39 286720]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BlueSoleil.lnk - C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-09-19 15:44:17 1048576]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{29A89213-088C-1030-0112-06050719002d}"= "C:\Programmer\Fælles filer\{29A89213-088C-1030-0112-06050719002d}\Update.exe" mc-110-12-0000478

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows peer-til-peer-gruppering
"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 10:12]
S2 JYEWKWZO;JYEWKWZO;C:\WINDOWS\system32\jyewkwzo.qog []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\COMPAQ~1\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 p2pgasvc;Gruppegodkendelse på peer-netværk;C:\WINDOWS\system32\svchost.exe [2004-08-27 05:00]
S3 p2pimsvc;Identitetsstyring for peer-netværk;C:\WINDOWS\system32\svchost.exe [2004-08-27 05:00]
S3 p2psvc;Peer-netværk;C:\WINDOWS\system32\svchost.exe [2004-08-27 05:00]
S3 PNRPSvc;PNRP (Peer Name Resolution Protocol);C:\WINDOWS\system32\svchost.exe [2004-08-27 05:00]
S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\system32\DRIVERS\snct511.sys [2003-04-22 11:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc    REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 17:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2006-06-10 17:32:13 C:\WINDOWS\Tasks\Internettjenester.job"
- C:\Programmer\Hewlett-Packard\SDP\HPSdpApp.exe_/remind /LaunchPoint reminder /App C:\Programmer\Hewlett-Packard\Internet Services\StartIS.aml
"2008-03-21 17:43:23 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmer\Norton Security Scan\Nss.exe
"2008-03-21 02:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Programmer\RegSweep\RegSweep.ex
- C:\Programmer\RegSweep
"2008-03-24 23:53:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmer\Symantec\LiveUpdate\NDetect.exe
"2008-03-24 23:41:01 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"

undsklyd det tog lidt tid
jeg kunne ikke starte den i fejlsikret tilstand så jeg har kørt superanitpywer program i normalt tilstand.  så den første log er med normalt tilstand. Men så fik jeg lidt hjælp og den korte log er fra fejlsikret tilstand

håber det hjælper
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/24/2008 at 11:50 PM

Application Version : 4.0.1154

Core Rules Database Version : 3423
Trace Rules Database Version: 1415

Scan type      : Quick Scan
Total Scan Time : 00:11:53

Memory items scanned      : 536
Memory threats detected  : 1
Registry items scanned    : 433
Registry threats detected : 23
File items scanned        : 11863
File threats detected    : 56

Adware.ClickSpring/Resident
    C:\WINDOWS\SYSTEM32\WWRETHQ.DLL
    C:\WINDOWS\SYSTEM32\WWRETHQ.DLL

Adware.ClickSpring
    [Eabt] C:\DOCUME~1\COMPAQ~1\APPLIC~1\MBOLS~1\TRACERT.EXE
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\MBOLS~1\TRACERT.EXE
    C:\DOCUMENTS AND SETTINGS\COMPAQ_EJER\APPLICATION DATA\?ECURITY\E?PLORER.EXE
    C:\DOCUMENTS AND SETTINGS\COMPAQ_EJER\APPLICATION DATA\??MBOLS\TRACERT.EXE
    C:\WINDOWS\Prefetch\TRACERT.EXE-2BBB3983.pf

Trojan.Unknown Origin
    [Router] C:\PROGRAMMER\ROUTER\ROUTER.EXE
    C:\PROGRAMMER\ROUTER\ROUTER.EXE
    C:\WINDOWS\SYSTEM32\WTSICOMSV32.EXE
    C:\WINDOWS\SYSTEM32\WTSSVTR.EXE
    C:\WINDOWS\Prefetch\ROUTER.EXE-0A66D9D3.pf

Adware.Vundo Variant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{494794C0-5809-5888-0A14-2C00BDC0DA93}
    HKCR\CLSID\{494794C0-5809-5888-0A14-2C00BDC0DA93}
    HKCR\CLSID\{494794C0-5809-5888-0A14-2C00BDC0DA93}\InprocServer32
    HKCR\CLSID\{494794C0-5809-5888-0A14-2C00BDC0DA93}\InprocServer32#ThreadingModel
    HKCR\CLSID\{494794C0-5809-5888-0A14-2C00BDC0DA93}\Programmable
    HKCR\CLSID\{494794C0-5809-5888-0A14-2C00BDC0DA93}\TypeLib

Adware.Tracking Cookie
    C:\Documents and Settings\Compaq_Ejer\Cookies\compaq_ejer@doubleclick[1].txt
    C:\Documents and Settings\Compaq_Ejer\Cookies\compaq_ejer@ad.outerinfoads[1].txt
    C:\Documents and Settings\Compaq_Ejer\Cookies\compaq_ejer@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Compaq_Ejer\Cookies\compaq_ejer@adtech[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@advertising[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@stats1.reliablestats[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@indexstats[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@go.winantivirus[3].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@cpvfeed[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@cts.metricsdirect[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@dk.winantivirus[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@doubleclick[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@go.winantivirus[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@mediaplex[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@pacificpoker[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@partypoker[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@rotator.adjuggler[1].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@winantivirus[2].txt
    C:\Documents and Settings\Gæst\Cookies\gæst@www.drivecleaner[1].txt

Adware.Admess
    HKCR\AppId\{F6BDB4E5-D6AA-4D1F-8B67-BCB0F2246E21}
    HKCR\AppId\WStart.DLL
    HKCR\AppId\WStart.DLL#WStart
    HKLM\Software\WSoft
    HKLM\Software\WSoft#WSoft
    C:\WINDOWS\SYSTEM32\TCPSERVICE2.EXE

Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url
    C:\Documents and Settings\All Users\Menuen Start\Security Troubleshooting.url

Trojan.Media-Codec
    C:\Documents and Settings\Compaq_Ejer\Foretrukne\Online Security Test.url

Adware.ClickSpring/Outer Info Network
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
    C:\Programmer\Outerinfo\FF\chrome.manifest
    C:\Programmer\Outerinfo\FF\components\FF.dll
    C:\Programmer\Outerinfo\FF\components\OuterinfoAds.xpt
    C:\Programmer\Outerinfo\FF\components
    C:\Programmer\Outerinfo\FF\install.rdf
    C:\Programmer\Outerinfo\FF
    C:\Programmer\Outerinfo\OiUninstaller.exe
    C:\Programmer\Outerinfo\outerinfo.ico
    C:\Programmer\Outerinfo\Terms.rtf
    C:\Programmer\Outerinfo
    C:\Documents and Settings\Compaq_Ejer\Menuen Start\Programmer\Outerinfo\Terms.lnk
    C:\Documents and Settings\Compaq_Ejer\Menuen Start\Programmer\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Compaq_Ejer\Menuen Start\Programmer\Outerinfo

RootKit.TnCore/Trace
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys

Adware.WinTouch/XInside
    C:\Programmer\Router\UnInstall.exe
    C:\Programmer\Router

Malware.DriveCleaner
    C:\DOCUMENTS AND SETTINGS\COMPAQ_EJER\LOKALE INDSTILLINGER\APPLICATION DATA\MICROSOFT\MESSENGER\MAROCANGEL1984@HOTMAIL.COM\SHARING FOLDERS\INSTALLDRIVECLEANERSTART_DK.EXE

Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\COMPAQ_EJER\SKRIVEBORD\SKRIVEBORD\ALLE MAPPER\FORSKELLIGE\CLICK TO FIND AND FIX ERRORS.URL

Malware.TitanShield
    C:\DOCUMENTS AND SETTINGS\COMPAQ_EJER\SKRIVEBORD\SKRIVEBORD\VIGTIGT\TITANSHIELD_SETUP.EXE

Rogue.Unclassified/Loader
    C:\WINDOWS\SYSTEM32\LWSXSQPA.EXE

Trojan.Downloader-HotWin
    C:\WINDOWS\SYSTEM32\ZOWTWTRX.EXE

Trojan.SUSP/Transponder
    C:\WINDOWS\SUSP.EXEak




--------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/25/2008 at 00:34 AM

Application Version : 4.0.1154

Core Rules Database Version : 3423
Trace Rules Database Version: 1415

Scan type      : Quick Scan
Total Scan Time : 00:09:01

Memory items scanned      : 266
Memory threats detected  : 0
Registry items scanned    : 454
Registry threats detected : 0
File items scanned        : 11842
File threats detected    : 4

Adware.Tracking Cookie
    C:\Documents and Settings\Compaq_Ejer\Cookies\compaq_ejer@doubleclick[1].txt
    C:\Documents and Settings\Compaq_Ejer\Cookies\compaq_ejer@imrworldwide[2].txt

Adware.ClickSpring
    C:\DOCUMENTS AND SETTINGS\COMPAQ_EJER\APPLICATION DATA\?ECURITY\E?PLORER.EXE
    C:\DOCUMENTS AND SETTINGS\COMPAQ_EJER\LOKALE INDSTILLINGER\TEMP\!UPDATE.EXE

Der blev sandelig også ædt en del elementer!!!

Vil gerne (skal) se en frisk HiJackThis Log EFTER ComboFix + SAS ...

1. combofix log
ComboFix 08-03-24.1 - Compaq_Ejer 2008-03-25 23:31:26.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.246 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Ejer\Skrivebord\rens pc\ComboFix.exe
.
-- Script messages for sUBs --
pv -kf -l"* pid.bat *" 
CF9543.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\WINDOWS\* 
CF9543.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Programmer\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Programmer\*" 
CF9543.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Compaq_Ejer\Application Data\APPATC~1
C:\Documents and Settings\Compaq_Ejer\Application Data\ASEMBL~1
C:\Documents and Settings\Compaq_Ejer\Application Data\CROSOF~1
C:\Documents and Settings\Compaq_Ejer\Application Data\CURITY~1
C:\Documents and Settings\Compaq_Ejer\Application Data\DOBE~1
C:\Documents and Settings\Compaq_Ejer\Application Data\ECURIT~1
C:\Documents and Settings\Compaq_Ejer\Application Data\ECURIT~1\e?plorer.exe
C:\Documents and Settings\Compaq_Ejer\Application Data\FNTS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\ICROSO~1
C:\Documents and Settings\Compaq_Ejer\Application Data\MBOLS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\MBOLS~1\tracert.exe
C:\Documents and Settings\Compaq_Ejer\Application Data\MCROSO~1
C:\Documents and Settings\Compaq_Ejer\Application Data\PPATCH~1
C:\Documents and Settings\Compaq_Ejer\Application Data\PPPATC~1
C:\Documents and Settings\Compaq_Ejer\Application Data\RACLE~1
C:\Documents and Settings\Compaq_Ejer\Application Data\RACLE~2
C:\Documents and Settings\Compaq_Ejer\Application Data\SKS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\SMANTE~1
C:\Documents and Settings\Compaq_Ejer\Application Data\SMBOLS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\STEM32~1
C:\Documents and Settings\Compaq_Ejer\Application Data\TSKS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\WNSXS~1
C:\Documents and Settings\Compaq_Ejer\Application Data\YMANTE~1
C:\Documents and Settings\Compaq_Ejer\Application Data\YSTEM3~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\ASEMBL~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\CROSOF~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\CURITY~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\DOBE~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\ICROSO~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\MBOLS~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\SEMBLY~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\SSTEM~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\SSTEM3~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\STEM32~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\TSKS~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\WNSXS~1
C:\Documents and Settings\Compaq_Ejer\Dokumenter\YMBOLS~1
C:\Programmer\dobe~1
C:\Programmer\Fælles filer\{29A89~1
C:\Programmer\Fælles filer\{39A89~1
C:\Programmer\Insider
C:\Programmer\Insider\Insider.exe
C:\Programmer\Insider\UnInstall.exe
C:\Programmer\mantec~1
C:\Programmer\mbols~1
C:\Programmer\pppatc~1
C:\Programmer\racle~1
C:\Programmer\stem~1
C:\Programmer\Temporary
C:\Programmer\tsks~1
C:\Programmer\wnsxs~1
C:\Programmer\ymante~1
C:\Programmer\ymbols~1
C:\WINDOWS\alxtb1.dll
C:\WINDOWS\asks~1
C:\WINDOWS\asks~2
C:\WINDOWS\btgrab.dll
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\ecurit~1
C:\WINDOWS\fnts~1
C:\WINDOWS\iexplore.exe
C:\WINDOWS\mantec~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~2
C:\WINDOWS\racle~1
C:\WINDOWS\sembly~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\stem32~1
C:\WINDOWS\system32\alxres.dll
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\dailytoolbar.dll
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~2
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\jao.dll
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\sks~2
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wstart.dll
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem3~1
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COM+_MESSAGES
-------\Legacy_CORE
-------\Legacy_IPRIP
-------\Service_core
-------\Service_Iprip


(((((((((((((((((((((((((  Files Created from 2008-02-25 to 2008-03-25  )))))))))))))))))))))))))))))))
.

2008-03-25 00:50 . 2004-08-27 05:00    24,576    --a------    C:\WINDOWS\system32\CF_init.exe
2008-03-24 23:36 . 2008-03-24 23:36    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-03-24 23:36 . 2008-03-24 23:36    <DIR>    d--------    C:\Documents and Settings\Compaq_Ejer\Application Data\SUPERAntiSpyware.com
2008-03-24 23:36 . 2008-03-24 23:36    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-24 23:27 . 2008-03-24 23:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-24 23:26 . 2008-03-24 23:26    <DIR>    d--------    C:\Programmer\CCleaner
2008-03-17 18:24 . 2008-03-17 18:24    <DIR>    d--------    C:\Programmer\Xvid
2008-03-17 18:24 . 2007-06-28 18:52    765,952    --a------    C:\WINDOWS\system32\xvidcore.dll
2008-03-17 18:24 . 2007-06-28 18:54    180,224    --a------    C:\WINDOWS\system32\xvidvfw.dll
2008-03-17 18:24 . 2007-06-28 18:55    77,824    --a------    C:\WINDOWS\system32\xvid.ax
2008-03-12 19:31 . 2008-03-25 23:11    <DIR>    d--------    C:\Programmer\AdVantage

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 22:23    ---------    d-----w    C:\Documents and Settings\Compaq_Ejer\Application Data\Skype
2008-03-24 22:35    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-24 22:26    ---------    d-----w    C:\Programmer\Yahoo!
2008-03-21 21:52    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-03-21 17:00    ---------    d-----w    C:\Programmer\Norton Security Scan
2008-02-22 19:22    ---------    d-----w    C:\Documents and Settings\Compaq_Ejer\Application Data\BSplayer
2008-02-22 08:46    ---------    d-----w    C:\Programmer\Symantec
2008-02-21 23:01    ---------    d-----w    C:\Programmer\Alwil Software
2008-02-21 22:29    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-21 14:34    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 23:09    ---------    d-----w    C:\Programmer\Panda Security
2008-02-20 22:45    ---------    d-----w    C:\Programmer\SC
2008-02-20 21:50    ---------    d-----w    C:\Programmer\Spybot - Search & Destroy
2008-02-20 21:21    ---------    d-----w    C:\Documents and Settings\Compaq_Ejer\Application Data\TeamViewer
2008-02-19 12:26    ---------    d-----w    C:\Programmer\Apple Software Update
2008-02-19 12:26    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple
2008-01-31 04:31    ---------    d-----w    C:\Programmer\winvi
2008-01-25 09:12    25,088    ----a-w    C:\WINDOWS\system32\drivers\teamviewervpn.sys
2008-01-11 05:40    44,544    ----a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-11-19 19:14    57,424    ----a-w    C:\Documents and Settings\Compaq_Ejer\Application Data\GDIPFONTCACHEV1.DAT
2007-06-19 11:47    166,664    ----a-w    C:\Documents and Settings\Compaq_Ejer\Application Data\setup_dk[1].exe
2006-12-16 19:36    798    ----a-w    C:\Documents and Settings\Compaq_Ejer\Application Data\wklnhst.dat
2006-12-03 20:13    77,824    ----a-w    C:\Documents and Settings\Compaq_Ejer\gotgo.exe
.
[code]<pre>
----a-w        1,141,841 2006-08-30 21:19:19  C:\Documents and Settings\Compaq_Ejer\Skrivebord\skrivebord\vigtigt\IEPrivacyKeeper2.3 .exe
</pre>[/code]


(((((((((((((((((((((((((((((  snapshot@2008-03-25_ 0.55.12.90  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-25 14:12:40    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_8b0.dat
+ 2008-03-25 18:05:36    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_a8.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 23:24 68856]
"JustVoip"="C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe" [2008-01-02 16:38 8770864]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"AdVantage"="C:\Programmer\AdVantage\AdVantage.exe" [2007-11-05 11:12 884176]
"Rxteeahh"="C:\Documents and Settings\Compaq_Ejer\Application Data\?ecurity\e?plorer.exe" [ ]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Eabt"="C:\DOCUME~1\COMPAQ~1\APPLIC~1\MBOLS~1\tracert.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-13 21:05 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 19:23 663552]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 23:11 49152]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2005-01-02 01:24 180269]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"avgnt"="C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" [2006-03-29 12:54 233512]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-28 22:39 286720]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BlueSoleil.lnk - C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-09-19 15:44:17 1048576]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{29A89213-088C-1030-0112-06050719002d}"= "C:\Programmer\Fælles filer\{29A89213-088C-1030-0112-06050719002d}\Update.exe" mc-110-12-0000478

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows peer-til-peer-gruppering
"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 10:12]
S2 JYEWKWZO;JYEWKWZO;C:\WINDOWS\system32\jyewkwzo.qog []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\COMPAQ~1\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 p2pgasvc;Gruppegodkendelse på peer-netværk;C:\WINDOWS\system32\svchost.exe [2004-08-27 05:00]
S3 p2pimsvc;Identitetsstyring for peer-netværk;C:\WINDOWS\system32\svchost.exe [2004-08-27 05:00]
S3 p2psvc;Peer-netværk;C:\WINDOWS\system32\svchost.exe [2004-08-27 05:00]
S3 PNRPSvc;PNRP (Peer Name Resolution Protocol);C:\WINDOWS\system32\svchost.exe [2004-08-27 05:00]
S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\system32\DRIVERS\snct511.sys [2003-04-22 11:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc    REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 17:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2006-06-10 17:32:13 C:\WINDOWS\Tasks\Internettjenester.job"
- C:\Programmer\Hewlett-Packard\SDP\HPSdpApp.exe_/remind /LaunchPoint reminder /App C:\Programmer\Hewlett-Packard\Internet Services\StartIS.aml
"2008-03-21 17:43:23 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmer\Norton Security Scan\Nss.exe
"2008-03-21 02:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Programmer\RegSweep\RegSweep.ex
- C:\Programmer\RegSweep
"2008-03-25 22:33:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmer\Symantec\LiveUpdate\NDetect.exe
"2008-03-25 21:40:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 23:33:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\JYEWKWZO]
"ImagePath"="\??\C:\WINDOWS\system32\jyewkwzo.qog"
.
Completion time: 2008-03-25 23:34:22
ComboFix-quarantined-files.txt  2008-03-25 22:34:13
.
2008-03-12 12:09:06    --- E O F --- 




------------------------------------------------------------------



2. Superantispyware prog log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/26/2008 at 00:02 AM

Application Version : 4.0.1154

Core Rules Database Version : 3424
Trace Rules Database Version: 1416

Scan type      : Complete Scan
Total Scan Time : 00:25:37

Memory items scanned      : 505
Memory threats detected  : 0
Registry items scanned    : 5736
Registry threats detected : 0
File items scanned        : 25419
File threats detected    : 83

Adware.Tracking Cookie
    C:\Documents and Settings\Compaq_Ejer\Cookies\compaq_ejer@atdmt[2].txt
    C:\Documents and Settings\Compaq_Ejer\Cookies\compaq_ejer@imrworldwide[1].txt
    C:\Documents and Settings\Compaq_Ejer\Cookies\compaq_ejer@track.adform[1].txt

Adware.ClickSpring
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP410\A0214786.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP410\A0214793.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP410\A0214849.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP411\A0214942.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP418\A0219532.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP418\A0219539.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP423\A0220936.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP423\A0220937.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP427\A0223412.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP427\A0223418.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP431\A0225763.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP431\A0225769.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP439\A0233624.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP440\A0234729.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237083.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237116.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP447\A0239088.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP449\A0239204.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP449\A0239308.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP450\A0239452.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP450\A0239663.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP453\A0240095.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP454\A0240203.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP457\A0240639.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP458\A0240713.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP460\A0241897.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP460\A0241957.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP462\A0242110.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP464\A0242289.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP465\A0243500.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP467\A0244992.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP467\A0246204.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP470\A0252025.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP470\A0252026.EXE

Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP410\A0214789.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP410\A0214852.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP418\A0219535.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP469\A0247969.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP469\A0247970.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP469\A0247971.EXE

Adware.Vundo Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP439\A0234616.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP440\A0234740.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237160.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP448\A0239097.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP449\A0239211.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP449\A0239317.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP450\A0239459.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP450\A0239720.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP453\A0240102.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP454\A0240211.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP457\A0240647.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP458\A0240704.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP460\A0241896.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP460\A0241955.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP462\A0242117.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP464\A0242297.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP465\A0243499.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP467\A0245001.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP467\A0246197.DLL

Adware.ClickSpring/Outer Info Network
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237117.EXE

Adware.IPWins
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237118.EXE

Adware.180solutions/Seekmo
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237172.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237173.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237174.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237176.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237177.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237178.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237179.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237180.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237181.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237182.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP445\A0237183.DLL

Adware.StarsDoor
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP446\A0237274.EXE

Trojan.Media-Codec/V3
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP446\A0238300.EXE

Trojan.WinSRV32
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP446\A0238307.EXE

Adware.OuterInfo-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP469\A0247975.EXE

Malware.DriveCleaner
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP469\A0247980.EXE

Malware.TitanShield
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP469\A0247981.EXE

Rogue.Unclassified/Loader
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP469\A0247982.EXE

Trojan.Downloader-HotWin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP469\A0247983.EXE




----------------------------------------------------------

3. Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 00:22:41, on 26-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\AdVantage\AdVantage.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymSCUI.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Compaq_Ejer\Skrivebord\alle mapper\TeamViewer3\TeamViewer.exe
C:\Documents and Settings\Compaq_Ejer\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201CD1AA-1319-48C7-6324-4B71B70595C6} - (no file)
O2 - BHO: (no name) - {264BD4FA-4612-1995-632C-4D71BF059799} - (no file)
O2 - BHO: (no name) - {3E1C17DE-8069-DAEF-181B-8E8DB05183CF} - (no file)
O2 - BHO: (no name) - {3E4E408D-D331-8BEF-1E13-888DB850809E} - (no file)
O2 - BHO: (no name) - {3F17C496-037A-09AA-5712-5800BFBADCCC} - (no file)
O2 - BHO: (no name) - {4D41C695-530C-5A89-5714-2C00BDC0DBC7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6C121788-8230-88B8-1813-888DB851D59E} - (no file)
O2 - BHO: (no name) - {6D1E44DA-D56E-8ABD-491B-8E8DB0508298} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B1E2A62B-329F-3F4A-EC54-3A7610490491} - (no file)
O2 - BHO: (no name) - {B9DBA715-6BA3-3E29-8B2F-3BE671F208C2} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BDDAA046-66F2-3927-892F-3BE671F20E98} - (no file)
O2 - BHO: (no name) - {C2C86422-F1C3-AB12-EE21-FD8A3F852B97} - (no file)
O2 - BHO: (no name) - {C4C96523-F19E-AD16-EE29-FB8A378524C5} - (no file)
O2 - BHO: (no name) - {C595352C-A7C8-F915-B929-FB8A37852891} - (no file)
O2 - BHO: (no name) - {C59C3F77-F6C7-AF16-BB21-FD8A3F857C96} - (no file)
O2 - BHO: (no name) - {C7771518-82F5-892C-D10F-89ADDACC7793} - (no file)
O2 - BHO: (no name) - {E9D9A146-60F8-3928-D227-3DE679F309C1} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [JustVoip] "C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Programmer\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Rxteeahh] "C:\Documents and Settings\Compaq_Ejer\Application Data\?ecurity\e?plorer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Eabt] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\MBOLS~1\tracert.exe" -vt ndrv
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Ejer\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179769450984
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Karise Larry  , har du travlt? :)

Sorry - den er druknet i E-mailer (fint dænsk ikk' *S*?)

ComboFix + SAS har virkelig ædt en del utøj !!!

---------------------------------

Du kører tilsyneladende både med
* AntiVir PersonalEdition
* avast!
Afinstaler den ene af dem (behold avast!)

---------------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Folders to delete:
C:\Programmer\Yahoo!\
C:\Documents and Settings\Compaq_Ejer\Application Data\?ecurity\
C:\DOCUME~1\COMPAQ~1\APPLIC~1\MBOLS~1\
~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

---------------------------------

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {201CD1AA-1319-48C7-6324-4B71B70595C6} - (no file)
O2 - BHO: (no name) - {264BD4FA-4612-1995-632C-4D71BF059799} - (no file)
O2 - BHO: (no name) - {3E1C17DE-8069-DAEF-181B-8E8DB05183CF} - (no file)
O2 - BHO: (no name) - {3E4E408D-D331-8BEF-1E13-888DB850809E} - (no file)
O2 - BHO: (no name) - {3F17C496-037A-09AA-5712-5800BFBADCCC} - (no file)
O2 - BHO: (no name) - {4D41C695-530C-5A89-5714-2C00BDC0DBC7} - (no file)
O2 - BHO: (no name) - {6C121788-8230-88B8-1813-888DB851D59E} - (no file)
O2 - BHO: (no name) - {6D1E44DA-D56E-8ABD-491B-8E8DB0508298} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B1E2A62B-329F-3F4A-EC54-3A7610490491} - (no file)
O2 - BHO: (no name) - {B9DBA715-6BA3-3E29-8B2F-3BE671F208C2} - (no file)
O2 - BHO: (no name) - {BDDAA046-66F2-3927-892F-3BE671F20E98} - (no file)
O2 - BHO: (no name) - {C2C86422-F1C3-AB12-EE21-FD8A3F852B97} - (no file)
O2 - BHO: (no name) - {C4C96523-F19E-AD16-EE29-FB8A378524C5} - (no file)
O2 - BHO: (no name) - {C595352C-A7C8-F915-B929-FB8A37852891} - (no file)
O2 - BHO: (no name) - {C59C3F77-F6C7-AF16-BB21-FD8A3F857C96} - (no file)
O2 - BHO: (no name) - {C7771518-82F5-892C-D10F-89ADDACC7793} - (no file)
O2 - BHO: (no name) - {E9D9A146-60F8-3928-D227-3DE679F309C1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Rxteeahh] "C:\Documents and Settings\Compaq_Ejer\Application Data\?ecurity\e?plorer.exe"
O4 - HKCU\..\Run: [Eabt] "C:\DOCUME~1\COMPAQ~1\APPLIC~1\MBOLS~1\tracert.exe" -vt ndrv
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Ejer\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

---------------------------------

Ta' en tur med CCleaner (som du allerede har)
http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)

---------------------------------