Hijackthis logfil.

Jeg ser på den...

Velkommen til Eksperten.dk
Generelt -> http://expfaq.dk/

Joooo - jeg ka' bekræfte at du har nogle 'snavs' elementer på dit system !!!

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; hvis du har 'mod' på det så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Tar' lige en kigger på det ;)

Sådan. Nu har jeg kørt en SuperAntiSpyware scanning :)

Her er loggen for scanningen:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/18/2008 at 07:22 PM

Application Version : 4.0.1154

Core Rules Database Version : 3463
Trace Rules Database Version: 1454

Scan type      : Complete Scan
Total Scan Time : 01:31:07

Memory items scanned      : 185
Memory threats detected  : 1
Registry items scanned    : 5809
Registry threats detected : 9
File items scanned        : 29264
File threats detected    : 142

Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\RQRKAWTN.DLL
    C:\WINDOWS\SYSTEM32\RQRKAWTN.DLL

Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{C14E6230-757D-4246-81CE-B34E2940C722}
    HKCR\CLSID\{C14E6230-757D-4246-81CE-B34E2940C722}
    HKCR\CLSID\{C14E6230-757D-4246-81CE-B34E2940C722}\InprocServer32
    HKCR\CLSID\{C14E6230-757D-4246-81CE-B34E2940C722}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\CBXOGYPF.DLL
    HKCR\CLSID\{C14E6230-757D-4246-81CE-B34E2940C722}

Adware.Vundo-Variant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE1E11AC-472C-40D9-9872-6F303BF2B6F0}
    HKCR\CLSID\{EE1E11AC-472C-40D9-9872-6F303BF2B6F0}
    HKCR\CLSID\{EE1E11AC-472C-40D9-9872-6F303BF2B6F0}\InprocServer32
    HKCR\CLSID\{EE1E11AC-472C-40D9-9872-6F303BF2B6F0}\InprocServer32#ThreadingModel
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DF97871-D546-444D-BB8C-64F1B79A5B1F}\RP384\A0118742.DLL

Adware.Tracking Cookie
    C:\Documents and Settings\Thomsen\Cookies\thomsen@adtech[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@spamfighter.112.2o7[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@anad.tacoda[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@www.burstbeacon[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@adsby.aim4media[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@82.98.235[5].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@adnetserver[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@www.googleadservices[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@track.adform[3].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@www.burstnet[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@doubleclick[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@advertising[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@antispywaremaster[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@ad.yieldmanager[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@specificclick[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@sale.antispywaremaster[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@ilead.itrack[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@www.livewebstats[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@imrworldwide[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@tacoda[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@gametracker[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@bs.serving-sys[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@burstnet[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@overture[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@partygaming.122.2o7[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@atdmt[3].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@partypoker[3].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@serving-sys[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@tracking.3gnet[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@tracking.vindicosuite[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@adopt.specificclick[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@eas.apm.emediate[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@tribalfusion[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@edcgruppen.112.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@doubleclick[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@eas.apm.emediate[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@stat.www[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@ad.adtoma[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@xiti[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@zedo[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@adtech[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@videoegg.adbureau[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@indextools[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@basisbank.112.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@tradedoubler[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@www.techmedia[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@saxobfdk.122.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@movia.112.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@trafficmp[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@statcounter[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@banner2.fynskemedier[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@ads.planetactive[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@mediaonenetwork[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@zanox[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@edsa.122.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@ad.yieldmanager[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@www.googleadservices[11].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@adrevolver[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@adserver.adreactor[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@mediataskmaster[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@ads.vlaze[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@ad.ofir[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@www.googleadservices[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@track.adform[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@www3.addfreestats[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@tribalfusion[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@ilead.itrack[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@ad.zanox[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@www.googleadservices[9].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@ad1.emediate[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@fastclick[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@advertising[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@partypoker[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@stat.onestat[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@adsby.aim4media[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@maxserving[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@media6degrees[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@media.adrevolver[3].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@media.adrevolver[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@pro-market[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@apmebf[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@mediaplex[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@atwola[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@eas4.emediate[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@www.jobfinder[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@casalemedia[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@cache.trafficmp[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@spamfighter.112.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@serving-sys[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@ads.pointroll[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@homedk.112.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@atdmt[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@imrworldwide[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@server.cpmstar[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@media.hotels[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@adopt.euroclick[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@kontera[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@adserver.easyad[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@tracking.notabenestats[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@bs.serving-sys[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@adnetserver[2].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@image.masterstats[1].txt
    C:\Documents and Settings\Grønnevej 118\Cookies\grønnevej_118@e2.emediate[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@zedo[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@ad.yieldmanager[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@partypoker[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@track.adform[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@adnetserver[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@doubleclick[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@atdmt[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@specificclick[2].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@adserver.adservinginternational[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@fastclick[1].txt
    C:\Documents and Settings\Thomsen\Cookies\thomsen@apmebf[1].txt

Trojan.Unclassified/MRT-Fake
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\BVXAQKHE.DLL
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\FIWTKCAO.DLL
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\FUHUYUYD.DLL
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\KOCPWSNU.DLL
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\OROBRRED.DLL
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\PGWRNFFK.DLL
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\SFXAKMDR.DLL
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\UXGKYUSS.DLL
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\VEHJCWSB.DLL
    C:\DOCUMENTS AND SETTINGS\GRøNNEVEJ 118\LOKALE INDSTILLINGER\TEMP\YFIUXWPA.DLL
    C:\WINDOWS\SYSTEM32\HQUHCJBU.DLL
    C:\WINDOWS\SYSTEM32\MFQLGBNU.DLL
    C:\WINDOWS\SYSTEM32\QJMEBYYL.DLL
    C:\WINDOWS\SYSTEM32\YSOSRUYK.DLL

Trojan.FakeAlert-Pinch/L
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DF97871-D546-444D-BB8C-64F1B79A5B1F}\RP370\A0109385.DLL

Adware.Vundo-Variant/H
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1DF97871-D546-444D-BB8C-64F1B79A5B1F}\RP386\A0118811.DLL

Trojan.Vundo-Variant/Small
    C:\WINDOWS\SYSTEM32\CVYTGUOB.DLL
    C:\WINDOWS\SYSTEM32\GERRLMBU.DLL
    C:\WINDOWS\SYSTEM32\PQGYVPEK.DLL

Trojan.Vundo-Variant/F
    C:\WINDOWS\SYSTEM32\EFCARHYP.DLL

Og her er en ny HiJack efter scanningen:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:53, on 18-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomsen\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5CE5AFCF-B142-4749-AD57-757599073DD4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {78A9247A-8EA1-4F5B-8750-5EB53D05639A} - (no file)
O2 - BHO: (no name) - {7C2A4B1A-B9E4-4F1D-A7B1-87E68C1B7578} - C:\WINDOWS\system32\geBtQJAP.dll (file missing)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - (no file)
O2 - BHO: (no name) - {efd37161-5053-47fc-9b0f-8029e217f9a8} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CurseClient] C:\Programmer\Curse\CurseClient.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Thomsen\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/games/gtauto/activex/CacheManager.CAB
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5DF9FF-ADC7-4D26-8D3D-38F8724844BF}: NameServer = 168.95.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbXOGYPF - cbXOGYPF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe

--
End of file - 11148 bytes

ComboFix ?

Sorry, havde jeg helt glemt.

Her er den:

ComboFix 08-05-15.3 - Thomsen 2008-05-18 22:33:07.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.561 [GMT 2:00]
Running from: C:\Documents and Settings\Thomsen\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomsen\Skrivebord\WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\Fælles filer\{089E8~1
C:\smp.bat
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\biknyfjv.exe
C:\WINDOWS\system32\euwarbog.ini
C:\WINDOWS\system32\exgpqwql.exe
C:\WINDOWS\system32\ftpstqpq.exe
C:\WINDOWS\system32\gmnvgdoj.ini
C:\WINDOWS\system32\kepvygqp.ini
C:\WINDOWS\system32\NTwaKRqr.ini
C:\WINDOWS\system32\NTwaKRqr.ini2
C:\WINDOWS\system32\PAJQtBeg.ini
C:\WINDOWS\system32\PAJQtBeg.ini2
C:\WINDOWS\system32\rpbykpdm.ini
C:\WINDOWS\system32\vasdnbaa.exe
C:\WINDOWS\system32\vdfpkrrc.ini

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


(((((((((((((((((((((((((  Files Created from 2008-04-18 to 2008-05-18  )))))))))))))))))))))))))))))))
.

2008-05-18 17:46 . 2006-03-27 12:56    <DIR>    d--------    C:\Documents and Settings\Administrator\Skrivebord
2008-05-18 17:46 . 2006-03-27 11:02    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Skabeloner
2008-05-18 17:46 . 2006-03-27 12:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Printere
2008-05-18 17:46 . 2006-03-27 12:56    <DIR>    dr-------    C:\Documents and Settings\Administrator\Menuen Start
2008-05-18 17:46 . 2006-03-27 12:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Lokale indstillinger
2008-05-18 17:46 . 2006-03-27 11:10    <DIR>    dr-------    C:\Documents and Settings\Administrator\Foretrukne
2008-05-18 17:46 . 2006-03-27 11:10    <DIR>    dr-------    C:\Documents and Settings\Administrator\Dokumenter
2008-05-18 17:46 . 2006-03-27 12:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Andre computere
2008-05-18 17:46 . 2008-05-18 17:46    <DIR>    d--------    C:\Documents and Settings\Administrator
2008-05-18 17:46 . 2008-05-18 22:32    1,024    --ah-----    C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-18 17:40 . 2008-05-18 17:40    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 17:39 . 2008-05-18 17:39    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-05-18 17:39 . 2008-05-18 17:39    <DIR>    d--------    C:\Documents and Settings\Thomsen\Application Data\SUPERAntiSpyware.com
2008-05-18 15:53 . 2007-07-06 18:39    401,720    --a------    C:\Programmer\HJTrenamed.exe
2008-05-18 15:52 . 2008-05-18 15:53    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2008-05-18 15:52 . 2008-05-18 15:52    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-18 15:52 . 2008-05-05 20:46    27,048    --a------    C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-18 15:52 . 2008-05-05 20:46    15,864    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-05-18 15:41 . 2008-05-18 15:56    <DIR>    d--------    C:\Programmer\SPYWAREfighter
2008-05-18 15:41 .     <DIR>        C:\Programmer\Fælles filer\Application
2008-05-18 11:56 . 2008-05-18 11:56    101,952    ---------    C:\WINDOWS\system32\wkhlysqn.dll_old
2008-05-18 11:53 . 2008-05-18 11:53    92,736    ---------    C:\WINDOWS\system32\mdpkybpr.dll_old
2008-05-18 11:49 . 2008-05-18 11:49    98,880    ---------    C:\WINDOWS\system32\tccjxhsl.dll_old
2008-05-18 01:48 . 2008-05-18 01:48    <DIR>    d--------    C:\b541c6b74a623e8d4b8dc42accb5
2008-05-17 17:11 . 2008-05-17 17:11    <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2008-05-17 17:11 . 2008-05-17 19:46    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-17 11:57 . 2008-05-17 11:57    100,928    ---------    C:\WINDOWS\system32\uavvnaka.dll_old
2008-05-17 11:48 . 2008-05-17 11:48    100,928    ---------    C:\WINDOWS\system32\twkflobv.dll_old
2008-05-16 16:02 . 2008-05-16 16:02    <DIR>    d--------    C:\1e6bc4eb4c176830d62c48046e44fa
2008-05-15 19:18 . 2008-05-18 15:34    109,825    --a------    C:\WINDOWS\BM0badb22d.xml
2008-05-13 19:41 . 2008-05-13 19:41    <DIR>    d--------    C:\Programmer\TVUPlayer
2008-05-13 19:41 . 2008-05-13 19:41    <DIR>    d--------    C:\Documents and Settings\Thomsen\LocalLow
2008-05-13 19:41 . 2008-05-13 19:41    <DIR>    d--------    C:\Documents and Settings\Thomsen\Application Data\TVU Networks
2008-05-13 19:41 . 2008-05-13 19:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-05-13 19:37 . 2008-05-13 19:37    <DIR>    d--------    C:\Programmer\JLC's Software
2008-05-13 19:37 . 2008-05-13 19:37    <DIR>    d--------    C:\Documents and Settings\Thomsen\Application Data\JLC's Software
2008-05-13 19:32 . 2008-05-13 19:32    <DIR>    d--------    C:\Programmer\Zattoo
2008-04-29 23:04 . 2008-04-29 23:04    <DIR>    d--------    C:\Programmer\CCleaner
2008-04-29 23:02 . 2008-04-29 23:02    <DIR>    d--------    C:\Documents and Settings\Thomsen\Application Data\Malwarebytes
2008-04-28 15:52 . 2008-05-05 17:47    664    --a------    C:\WINDOWS\system32\d3d9caps.dat
2008-04-27 11:27 .     <DIR>        C:\Programmer\Fælles filer\Eltima Shared
2008-04-27 11:27 . 2008-04-27 11:27    <DIR>    d--------    C:\Programmer\Eltima Software
2008-04-27 11:27 . 2008-04-27 11:27    <DIR>    d--------    C:\Documents and Settings\Thomsen\Application Data\Eltima Software
2008-04-27 11:27 . 2007-12-02 15:14    3,345,408    --a------    C:\WINDOWS\system32\avcodec-51.dll
2008-04-27 11:27 . 2007-12-02 15:14    448,512    --a------    C:\WINDOWS\system32\avformat-50.dll
2008-04-27 11:27 . 2007-12-02 15:13    40,960    --a------    C:\WINDOWS\wavdest.ax
2008-04-27 11:27 . 2007-12-02 15:14    19,968    --a------    C:\WINDOWS\system32\avutil-49.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 20:47    ---------    d-----w    C:\Documents and Settings\Thomsen\Application Data\Skype
2008-05-18 15:38    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-05-18 13:54    11,490    ----a-w    C:\Programmer\hijackthis.log
2008-05-18 13:08    ---------    d-----w    C:\Documents and Settings\Thomsen\Application Data\AVG7
2008-05-17 22:47    ---------    d-----w    C:\Documents and Settings\Thomsen\Application Data\teamspeak2
2008-05-17 21:33    ---------    d-----w    C:\Programmer\World of Warcraft
2008-05-17 21:29    ---------    d-----w    C:\Programmer\Warcraft III
2008-05-17 14:57    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-05-17 10:18    ---------    d-----w    C:\Programmer\VstPlugins
2008-05-17 10:18    ---------    d-----w    C:\Programmer\Image-Line
2008-05-14 17:19    ---------    d-----w    C:\Programmer\Windows Live Safety Center
2008-05-14 15:47    ---------    d-----w    C:\Programmer\FrostWire
2008-05-14 15:46    ---------    d-----w    C:\Programmer\VirtualDJ
2008-05-08 17:21    60,240    ----a-w    C:\Documents and Settings\Thomsen\Application Data\GDIPFONTCACHEV1.DAT
2008-04-29 20:07    ---------    d-----w    C:\Programmer\iTunes
2008-04-27 10:00    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 14:25    ---------    d-----w    C:\Documents and Settings\Thomsen\Application Data\FrostWire
2008-04-13 10:02    ---------    d-----w    C:\Programmer\MSECache
2008-04-10 21:08    ---------    d-----w    C:\Programmer\TrackManiaDemo
2008-04-10 19:11    ---------    d-----w    C:\Programmer\MSN Messenger
2008-04-10 19:11    ---------    d-----w    C:\Programmer\Messenger Plus! Live
2008-04-09 14:11    ---------    d-----w    C:\Programmer\LimeWire
2008-04-08 12:55    ---------    d-----w    C:\Programmer\Project64 1.6
2008-04-01 09:32    ---------    d-----w    C:\Programmer\Fælles filer\xing shared
2008-04-01 09:32    ---------    d-----w    C:\Programmer\Fælles filer\Real
2008-03-30 13:37    ---------    d-----w    C:\Programmer\MobMapUpdater
2008-03-30 12:53    ---------    d-----w    C:\Programmer\Curse
2007-05-16 11:42    110    ----a-w    C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2006-05-13 21:17    0    ----a-w    C:\Documents and Settings\Thomsen\Application Data\wklnhst.dat
2006-05-24 15:38    233,472    ----a-w    C:\Programmer\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 16:00    204,895    ----a-w    C:\Programmer\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41    77,824    ----a-w    C:\Programmer\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 15:59    426,081    ----a-w    C:\Programmer\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19    458,752    ----a-w    C:\Programmer\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35    139,264    ----a-w    C:\Programmer\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10    204,800    ----a-w    C:\Programmer\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42    106,496    ----a-w    C:\Programmer\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22    212,992    ----a-w    C:\Programmer\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21    167,936    ----a-w    C:\Programmer\mozilla firefox\plugins\RLVoiceUnpacker.dll
2007-05-16 20:02    80    --sh--r    C:\WINDOWS\system32\4ACF7D9092.dll
2007-11-14 13:31    32,768    -csha-w    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012007111420071115\index.dat
.
[code]<pre>
----a-w                0 2008-05-12 18:09:03  C:\Documents and Settings\Thomsen\Skrivebord\Incomplete\BP6H3562LPAXGID564GNKQM26YAQV5SV\Atomix Virtual DJ Professional 5.0.7\Virtual DJ Addons + Manual + Plugins + Sampler + Effects\Plugins\VideoEffect\PictureRotation v1.1 .exe
----a-w                0 2008-05-12 18:09:03  C:\Documents and Settings\Thomsen\Skrivebord\Incomplete\BP6H3562LPAXGID564GNKQM26YAQV5SV\Atomix Virtual DJ Professional 5.0.7\Virtual DJ Addons + Manual + Plugins + Sampler + Effects\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre>[/code]


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CE5AFCF-B142-4749-AD57-757599073DD4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78A9247A-8EA1-4F5B-8750-5EB53D05639A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C2A4B1A-B9E4-4F1D-A7B1-87E68C1B7578}]
            C:\WINDOWS\system32\geBtQJAP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C14E6230-757D-4246-81CE-B34E2940C722}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{efd37161-5053-47fc-9b0f-8029e217f9a8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2008-05-03 15:52 5724184]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-02-23 00:31 25388584]
"WebCamRT.exe"="" []
"CurseClient"="C:\Programmer\Curse\CurseClient.exe" [2008-04-16 21:31 1372160]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-13 21:05 344064]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 15:35 98393]
"SMSERIAL"="sm56hlpr.exe" [2005-09-16 15:01 557056 C:\WINDOWS\sm56hlpr.exe]
"OdTray.exe"="C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 15:14 1015871]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 20:38 579072]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [ ]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"089e81b1"="C:\WINDOWS\system32\pqgyvpek.dll" [ ]
"BM0badb22d"="C:\WINDOWS\system32\gerrlmbu.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 09:07 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXOGYPF]
cbXOGYPF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
odyEvent.dll 2007-06-23 19:45 106496 C:\WINDOWS\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Programmer\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Programmer\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\th0msen\\counter-strike\\hl.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Programmer\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\th0msen\\condition zero\\hl.exe"=
"C:\\StubInstaller.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\th0msen\\counter-strike source\\hl2.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\th0msen\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Programmer\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Warcraft III\\Warcraft III.exe"=
"C:\\Programmer\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"=
"C:\\Programmer\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
"C:\\Programmer\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"C:\\Programmer\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"=
"C:\\Programmer\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"=
"C:\\Programmer\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Programmer\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\FrostWire\\FrostWire.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\th0msen1991\\counter-strike\\hl.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard
"6113:TCP"= 6113:TCP:Blizz
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-11-09 19:54]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52]
R3 SpyFighter;SpyFighter Guard Device;C:\Programmer\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmer\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Thomsen\LOKALE~1\Temp\asbp2poa.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428a8bb0-0afa-11dc-83d4-00904be6920e}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 07:15:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-05-01 07:34:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-02 16:40:38 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 22:44:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-18 22:54:29 - machine was rebooted [Thomsen]
ComboFix-quarantined-files.txt  2008-05-18 20:54:23

Pre-Run: 31,814,397,952 byte ledig
Post-Run: 32,989,003,776 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

269    --- E O F ---    2008-05-18 08:50:39

Afinstaller

* SpeedUpMyPC (Bruger mere resourser end den gavner...)
* MessengerPlus *
* Limewire
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\geBtQJAP.dll
C:\WINDOWS\system32\wkhlysqn.dll_old
C:\WINDOWS\system32\mdpkybpr.dll_old
C:\WINDOWS\system32\tccjxhsl.dll_old
C:\WINDOWS\system32\uavvnaka.dll_old
C:\WINDOWS\system32\twkflobv.dll_old
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

Folders to delete:
C:\Programmer\Messenger Plus! Live
C:\Programmer\LimeWire
C:\Programmer\Uniblue\
~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5CE5AFCF-B142-4749-AD57-757599073DD4} - (no file)
O2 - BHO: (no name) - {78A9247A-8EA1-4F5B-8750-5EB53D05639A} - (no file)
O2 - BHO: (no name) - {7C2A4B1A-B9E4-4F1D-A7B1-87E68C1B7578} - C:\WINDOWS\system32\geBtQJAP.dll (file missing)
O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - (no file)
O2 - BHO: (no name) - {efd37161-5053-47fc-9b0f-8029e217f9a8} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Thomsen\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O20 - Winlogon Notify: cbXOGYPF - cbXOGYPF.dll (file missing)

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

---------------------------------------

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

(Status?)

Hej karise_larry
Undskyld jeg ikke har svaret i så lang tid.

Her er loggen fra Avenger:
-----------------------------
//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jul 16 19:48:15 2008

19:48:15: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jul 16 19:48:27 2008

19:48:27: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jul 16 19:48:41 2008

19:48:41: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jul 16 19:49:26 2008

19:49:26: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\WINDOWS\system32\geBtQJAP.dll" not found!
Deletion of file "C:\WINDOWS\system32\geBtQJAP.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\wkhlysqn.dll_old" deleted successfully.
File "C:\WINDOWS\system32\mdpkybpr.dll_old" deleted successfully.
File "C:\WINDOWS\system32\tccjxhsl.dll_old" deleted successfully.
File "C:\WINDOWS\system32\uavvnaka.dll_old" deleted successfully.
File "C:\WINDOWS\system32\twkflobv.dll_old" deleted successfully.
File "C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" deleted successfully.
File "C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" deleted successfully.
Folder "C:\Programmer\Messenger Plus! Live" deleted successfully.
Folder "C:\Programmer\LimeWire" deleted successfully.

Error:  folder "C:\Programmer\Uniblue" not found!
Deletion of folder "C:\Programmer\Uniblue" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.



Og her er en ny HiJackThis log:
--------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:00:33, on 17-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {92638d34-278f-1afb-3b14-e426ea8b4506} - {6054b8ae-624e-41b3-bfa1-f87243d83629} - C:\WINDOWS\system32\vyexlr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EE9EC181-ED6D-4340-A36E-86821EBFD2C6} - C:\WINDOWS\system32\yayvTkHX.dll
O2 - BHO: (no name) - {efd37161-5053-47fc-9b0f-8029e217f9a8} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM0badb22d] Rundll32.exe "C:\WINDOWS\system32\cxkxkggu.dll",s
O4 - HKLM\..\Run: [089e81b1] rundll32.exe "C:\WINDOWS\system32\suflunab.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech Produktregistrering.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/games/gtauto/activex/CacheManager.CAB
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5DF9FF-ADC7-4D26-8D3D-38F8724844BF}: NameServer = 168.95.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

--

Afinstaller
* FrostWire (Den havde jeg lige overset...)
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

-- Brug Avenger igen:

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\vyexlr.dll
C:\WINDOWS\system32\yayvTkHX.dll
C:\WINDOWS\system32\cxkxkggu.dll
C:\WINDOWS\system32\suflunab.dll
C:\WINDOWS\system32\pqgyvpek.dll
C:\WINDOWS\system32\gerrlmbu.dll

Folders to delete:
C:\Programmer\FrostWire
~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: {92638d34-278f-1afb-3b14-e426ea8b4506} - {6054b8ae-624e-41b3-bfa1-f87243d83629} - C:\WINDOWS\system32\vyexlr.dll
O2 - BHO: (no name) - {EE9EC181-ED6D-4340-A36E-86821EBFD2C6} - C:\WINDOWS\system32\yayvTkHX.dll
O2 - BHO: (no name) - {efd37161-5053-47fc-9b0f-8029e217f9a8} - (no file)
O4 - HKLM\..\Run: [BM0badb22d] Rundll32.exe "C:\WINDOWS\system32\cxkxkggu.dll",s
O4 - HKLM\..\Run: [089e81b1] rundll32.exe "C:\WINDOWS\system32\suflunab.dll",b

O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

---------------------------------------

Så nu har du tilsyneladende både
* Avast4
* AVG7

Kan ikke anbefales samtidig...

Afinstall
* Avast4
* AVG7
(Jo begge 2)

Ta' en oprydning med CCleaner som tidliger beskrevet.

Instaler AVG8 -> http://www.grisoft.cz/filedir/inst/avg_free_stf_en_8_138a1332.exe - lad den blive opdateret.
Ta' en komplet scanning med denne AVG8 ...

1. Afinstallation fuldført
2. Filer og mapper slettet vha. Avenger fuldført
3. Hijackthis checkede emner fixed fuldført (kunne dog ikke finde "O2 - BHO: (no name) - {EE9EC181-ED6D-4340-A36E-86821EBFD2C6} - C:\WINDOWS\system32\yayvTkHX.dll")

Avenger log:
------------
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\vyexlr.dll" deleted successfully.

Error:  file "C:\WINDOWS\system32\yayvTkHX.dll" not found!
Deletion of file "C:\WINDOWS\system32\yayvTkHX.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\cxkxkggu.dll" deleted successfully.
File "C:\WINDOWS\system32\suflunab.dll" deleted successfully.

Error:  file "C:\WINDOWS\system32\pqgyvpek.dll" not found!
Deletion of file "C:\WINDOWS\system32\pqgyvpek.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\gerrlmbu.dll" not found!
Deletion of file "C:\WINDOWS\system32\gerrlmbu.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Programmer\FrostWire" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.


Ny Hijackthis log:
------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:14, on 17-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\internet explorer\iexplore.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmer\Crawler\ctbr.dll
O2 - BHO: (no name) - {63E27459-9BB7-4D1B-87C3-11286E2FD081} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmer\Crawler\ctbr.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech Produktregistrering.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/games/gtauto/activex/CacheManager.CAB
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5DF9FF-ADC7-4D26-8D3D-38F8724844BF}: NameServer = 168.95.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmer\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmer\Spyware Terminator\sp_rsser.exe

--
End of file - 10365 bytes


4. CCleaner oprydning og afinstallation af Avast og AVG 7.5 + ny installeret af AVG8 er også gjort.

5. AVG8 scanning er i gang.

Hvis der er mere jeg skal gøre, så sig endelig til!

Hvad er dette du NU har fået på ->
C:\Programmer\Crawler\ctbr.dll

???

Men sikken du iøvrigt kan *S*


Lidt generel efterfølgende oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmer\Crawler\ctbr.dll
O2 - BHO: (no name) - {63E27459-9BB7-4D1B-87C3-11286E2FD081} - (no file)

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"

O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmer\Crawler\ctbr.dll

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da (Gem pakken en passende sted på din PC og DERFRA instalér pakken. Uden at have andre programmer/vinduer igang. Vil nok ta' sin tid...) + efterfølgende WindowsUpdate http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da

ny log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:04, on 18-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\HJTrenamed.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech Produktregistrering.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/games/gtauto/activex/CacheManager.CAB
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5DF9FF-ADC7-4D26-8D3D-38F8724844BF}: NameServer = 168.95.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,wbsys.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programmer\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

--
End of file - 9985 bytes

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...

--------------

Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da

Tak for hjælpen!

Takker for P.