Logs - Hurtige point

Highjack this:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:20, on 19-07-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=4081127
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer leveret af Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://spil2.spilxl.dk/0486e9d9fe8c55b0fa4d591b91083c12/game.php?file=687474703a2f2f7370696c322e7370696c786c2e646b2f30343836653964396665386335356230666134643539316239313038336331322f3838372e646372&width=100%&height=100%&spilxl=1&cr=1&ovrprldr=1"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5490 bytes

AntiMalmware



Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6001 Service Pack 1

19-07-2009 22:25:54
mbam-log-2009-07-19 (22-25-54).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 185721
Tid tilbagelagt: 2 hour(s), 7 minute(s), 10 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

Super Antispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/19/2009 at 11:24 PM

Application Version : 4.0.1154

Core Rules Database Version : 4003
Trace Rules Database Version: 1943

Scan type      : Complete Scan
Total Scan Time : 00:33:15

Memory items scanned      : 210
Memory threats detected  : 0
Registry items scanned    : 5829
Registry threats detected : 0
File items scanned        : 23444
File threats detected    : 128

Adware.Tracking Cookie
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@myroitracking[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@stat.youku[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@www.burstbeacon[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ads.gamesbannernet[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@myroitracking[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@content.yieldmanager.edgesuite[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@www.burstnet[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@thefind[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@www.burstnet[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@xiti[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@content.yieldmanager.edgesuite[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@specificclick[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@bluestreak[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@doubleclick[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@insightexpressai[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@apmebf[4].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@apmebf[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@apmebf[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@apmebf[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@interclick[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@bluestreak[6].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@bluestreak[5].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@bluestreak[4].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@bluestreak[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@partyaccount[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@partyaccount[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@tradedoubler[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@divx.112.2o7[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@www6.addfreestats[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@movia.112.2o7[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@statcounter[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@statcounter[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ads.veoh[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@content.yieldmanager[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@server.cpmstar[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@banner.gratis-ting[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@billigespil.adservinginternational[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@server.cpmstar[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@aller.112.2o7[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@tribalfusion[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@stat.swedbank[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@stat.swedbank[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@track.adform[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@track.adform[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@bs.serving-sys[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@statse.webtrendslive[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@lstat.youku[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@danskespil.112.2o7[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@etailmedia[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@media6degrees[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@media6degrees[5].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@paypal.112.2o7[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ad.trackbar[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@media6degrees[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@media6degrees[6].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@media6degrees[7].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@media6degrees[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ad1.emediate[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@adtech[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@viacom.adbureau[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@partypoker[4].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@partypoker[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@partypoker[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@partypoker[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@advertising[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@clicksor[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@stats.paypal[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@clicksor[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@stats.manticoretechnology[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@a1.interclick[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@fastclick[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ad.zanox[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@eas8.emediate[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@questionmarket[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@eas4.emediate[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@eas.apm.emediate[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@banner2.gratis-ting[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@2o7[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@eas.apm.emediate[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@eas.apm.emediate[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@adecn[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@media.mtvnservices[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@adecn[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@eas.apm.emediate[6].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@eas.apm.emediate[5].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@chitika[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@chitika[5].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@yadro[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@secure.partyaccount[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ashford.112.2o7[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@chitika[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@atdmt[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ad.yieldmanager[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@mediaplex[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@chitika[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@www.googleadservices[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@www.googleadservices[4].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@www.googleadservices[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@www.googleadservices[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@clicks.adengage[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ad.yieldmanager[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ads.pointroll[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@secure.partyaccount[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@adbrite[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ad.sxvalue[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ads.widgetbucks[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@imrworldwide[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@serving-sys[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@revsci[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ads.widgetbucks[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@adbrite[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@adbrite[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@www.googleadservices[6].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@server.iad.liveperson[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@ads.us.e-planning[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\Low\tehmina@server.iad.liveperson[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@bluestreak[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@bluestreak[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@track.adform[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@divx.112.2o7[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@track.adform[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@bs.serving-sys[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@partypoker[1].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@clicksor[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@atdmt[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@atdmt[3].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@serving-sys[2].txt
    C:\Users\Tehmina\AppData\Roaming\Microsoft\Windows\Cookies\tehmina@myroitracking[1].txt

Forstår du overhovedet noget af dette vulapyk? :S

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Højreklik på skrivebordet og vælg ny->tekstdokument og kopier  indholdet mellem  linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::

-------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

Nu jeg ikke helt med på, hvordan og hvad du mener med det indhold der skal i den "nylavede" txt fil CFSript.txt..?

Men overså dit "GEM PÅ SKRIVEBORD", og kom til at isntallere combofix. Den lavede en logfil der som du beskriver ligger i C:\ og hedder combifix.txt.

Den ser sådan ud:

ComboFix 09-07-19.04 - Tehmina 20-07-2009 11:55.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.45.1030.18.1013.238 [GMT 2:00]
Kører fra: c:\users\Tehmina\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-717278323-3742353507-79397828-500

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-06-20 til 2009-07-20  )))))))))))))))))))))))))))))))))))
.

2009-07-20 10:03 . 2009-07-20 10:03    --------    d-----w-    c:\users\Tehmina\AppData\Local\temp
2009-07-19 22:00 . 2000-06-23 12:05    136704    ----a-w-    c:\windows\system32\iacenc.dll
2009-07-19 22:00 . 2000-06-22 11:09    56320    ------w-    c:\windows\system32\iyvu9_32.dll
2009-07-19 22:00 . 2009-07-19 22:00    --------    d-----w-    c:\program files\Ligos
2009-07-19 21:57 . 1998-10-29 17:45    306688    ----a-w-    c:\windows\IsUninst.exe
2009-07-19 21:37 . 2009-07-02 12:34    327688    ----a-w-    c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-19 21:37 . 2009-07-02 12:34    2052376    ----a-w-    c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-19 21:37 . 2009-07-02 12:34    906520    ----a-w-    c:\programdata\avg8\update\backup\avgemc.exe
2009-07-19 21:37 . 2009-07-02 12:34    2167576    ----a-w-    c:\programdata\avg8\update\backup\avgresf.dll
2009-07-19 21:37 . 2009-07-02 12:34    2301208    ----a-w-    c:\programdata\avg8\update\backup\avguiadv.dll
2009-07-19 21:37 . 2009-07-02 12:34    3402008    ----a-w-    c:\programdata\avg8\update\backup\avgui.exe
2009-07-19 21:37 . 2009-07-02 12:34    1204504    ----a-w-    c:\programdata\avg8\update\backup\avgabout.dll
2009-07-19 21:37 . 2009-07-02 12:34    337176    ----a-w-    c:\programdata\avg8\update\backup\avglogx.dll
2009-07-19 21:37 . 2009-07-02 12:34    829208    ----a-w-    c:\programdata\avg8\update\backup\avgcfgx.dll
2009-07-19 21:37 . 2009-07-02 12:34    3298072    ----a-w-    c:\programdata\avg8\update\backup\setup.exe
2009-07-19 21:34 . 2009-07-02 12:31    1085208    ----a-w-    c:\programdata\avg8\update\backup\avgupd.exe
2009-07-19 21:34 . 2009-07-02 12:31    1454360    ----a-w-    c:\programdata\avg8\update\backup\avgupd.dll
2009-07-19 18:03 . 2009-07-19 18:03    3775175    ----a-w-    c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-19 18:03 . 2009-07-19 18:03    --------    d-----w-    c:\users\Tehmina\AppData\Roaming\Malwarebytes
2009-07-19 18:02 . 2009-07-13 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-07-19 18:02 . 2009-07-13 11:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 18:02 . 2009-07-19 18:04    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-07-19 18:02 . 2009-07-19 18:02    --------    d-----w-    c:\programdata\Malwarebytes
2009-07-19 18:00 . 2009-07-19 18:00    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2009-07-19 17:59 . 2009-07-19 17:59    --------    d-----w-    c:\program files\SUPERAntiSpyware
2009-07-19 17:59 . 2009-07-19 17:59    --------    d-----w-    c:\users\Tehmina\AppData\Roaming\SUPERAntiSpyware.com
2009-07-19 17:58 . 2009-07-19 17:58    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2009-07-19 17:58 . 2009-07-19 17:58    --------    d-----w-    c:\program files\CCleaner
2009-07-19 17:57 . 2009-07-19 17:57    --------    d-----w-    c:\program files\Trend Micro
2009-07-16 13:46 . 2009-07-16 13:46    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-07-16 13:34 . 2009-07-16 13:35    --------    d-----w-    c:\program files\Common Files\DivX Shared
2009-07-16 13:07 . 2009-06-15 15:24    156672    ----a-w-    c:\windows\system32\t2embed.dll
2009-07-16 13:07 . 2009-06-15 15:20    72704    ----a-w-    c:\windows\system32\fontsub.dll
2009-07-16 13:07 . 2009-06-15 15:20    10240    ----a-w-    c:\windows\system32\dciman32.dll
2009-07-16 13:07 . 2009-06-15 12:52    289792    ----a-w-    c:\windows\system32\atmfd.dll
2009-07-06 20:58 . 2009-07-06 20:59    --------    d-----w-    c:\program files\QuickTime
2009-07-06 20:58 . 2009-07-06 20:58    --------    d-----w-    c:\programdata\Apple Computer
2009-06-26 14:07 . 2009-07-19 16:26    --------    d-----w-    c:\program files\AskBarDis

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 21:34 . 2009-03-07 09:20    335752    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-07-19 20:44 . 2009-03-07 09:11    --------    d-----w-    c:\program files\TuneUp Utilities 2009
2009-07-19 18:36 . 2008-11-27 08:21    --------    d-----w-    c:\program files\Google
2009-07-19 18:19 . 2009-05-26 15:13    --------    d-----w-    c:\users\Tehmina\AppData\Roaming\Skype
2009-07-19 17:28 . 2008-11-27 08:06    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-07-19 16:34 . 2008-12-14 16:43    --------    d-----w-    c:\program files\Nokia
2009-07-19 16:05 . 2009-05-26 15:19    --------    d-----w-    c:\users\Tehmina\AppData\Roaming\skypePM
2009-07-17 01:06 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-07-16 13:35 . 2008-12-07 19:48    --------    d-----w-    c:\program files\DivX
2009-07-09 22:27 . 2008-01-21 05:51    77202    ----a-w-    c:\windows\system32\perfc006.dat
2009-07-09 22:27 . 2008-01-21 05:51    463344    ----a-w-    c:\windows\system32\perfh006.dat
2009-07-09 13:31 . 2008-12-17 14:31    --------    d-----w-    c:\users\Tehmina\AppData\Roaming\WebCallDirect
2009-07-02 12:34 . 2009-03-07 09:20    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-07-02 12:34 . 2009-03-07 09:20    27784    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 16:59 . 2008-12-24 19:46    --------    d-----w-    c:\users\Tehmina\AppData\Roaming\uTorrent
2009-06-15 18:21 . 2009-06-14 20:24    --------    d-----w-    c:\users\Tehmina\AppData\Roaming\LimeWire
2009-06-14 20:23 . 2009-06-14 20:22    --------    d-----w-    c:\program files\LimeWire
2009-06-11 01:08 . 2008-11-27 08:27    --------    d-----w-    c:\program files\Microsoft Works
2009-06-08 15:45 . 2009-06-08 15:45    456304    ----a-w-    c:\programdata\Google\Google Toolbar\Update\gtb2EE0.tmp.exe
2009-05-29 15:48 . 2009-01-03 14:04    90112    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\DXPlugin.dll
2009-05-29 15:48 . 2009-01-03 14:04    69632    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\SystemInfo.dll
2009-05-29 15:48 . 2009-01-03 14:04    6656    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\NativeDiskfree.dll
2009-05-29 15:48 . 2009-01-03 14:04    61440    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\NativeUnzip.dll
2009-05-29 15:48 . 2009-01-03 14:04    59904    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\zlib1.dll
2009-05-29 15:48 . 2009-01-03 14:04    57344    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\DXT.dll
2009-05-29 15:48 . 2009-01-03 14:04    315392    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\jogl.dll
2009-05-29 15:48 . 2009-01-03 14:04    20480    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\jogl_awt.dll
2009-05-29 15:48 . 2009-01-03 14:04    20480    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\gluegen-rt.dll
2009-05-29 15:48 . 2009-01-03 14:04    155648    ----a-w-    c:\users\Tehmina\AppData\Roaming\Agency9\3DMapsK1\3DMapsK1\natives\NativeJpegDecoder.dll
2009-05-26 15:19 . 2009-05-26 15:19    56    ---ha-w-    c:\programdata\ezsidmv.dat
2009-05-26 15:12 . 2009-05-26 15:12    --------    d-----w-    c:\program files\Common Files\Skype
2009-05-26 15:12 . 2009-05-26 15:11    --------    d-----r-    c:\program files\Skype
2009-05-26 15:12 . 2009-05-26 15:11    --------    d-----w-    c:\programdata\Skype
2009-05-17 14:55 . 2009-03-07 09:12    604416    ----a-w-    c:\windows\system32\TUProgSt.exe
2009-05-17 14:55 . 2009-05-17 14:55    361216    ----a-w-    c:\windows\system32\TuneUpDefragService.exe
2009-05-13 21:54 . 2009-05-13 21:54    90112    ----a-w-    c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54    823296    ----a-w-    c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54    823296    ----a-w-    c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54    815104    ----a-w-    c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54    811008    ----a-w-    c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54    802816    ----a-w-    c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54    685056    ----a-w-    c:\windows\system32\DivX.dll
2009-05-09 05:50 . 2009-06-14 14:46    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-14 14:46    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-05-07 19:32 . 2009-03-07 09:20    108552    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2009-04-30 12:37 . 2009-06-14 11:13    293376    ----a-w-    c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-14 11:13    428544    ----a-w-    c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-10 20:14    784896    ----a-w-    c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 20:14    636928    ----a-w-    c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 20:14    2033152    ----a-w-    c:\windows\system32\win32k.sys
2009-06-14 11:41 . 2009-01-29 15:53    134648    ----a-w-    c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-13 21:55 . 2009-05-13 21:55    1044480    ----a-w-    c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55    200704    ----a-w-    c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-27 08:11 . 2008-11-27 08:11    74    --sh--r-    c:\windows\CT4CET.bin
2008-11-27 16:28 . 2008-11-27 16:26    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41    294912    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Steam"="c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0687A13F-F275-4284-99DA-E1578E1A7DFD}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{F386D752-AD00-41AC-8912-86C7DD62AB94}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{7A280204-E527-452F-A129-FEC235C386F8}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{3E6A5DC4-0242-497C-8482-B7E07D7A0784}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{B5EF41CF-D790-4B0A-976A-9323D71CB1C8}"= UDP:c:\program files\LowRateVoip\LowRateVoip.exe:LowRateVoip
"{9DEF13C2-C353-4C58-BCAE-6F2E37A575AB}"= TCP:c:\program files\LowRateVoip\LowRateVoip.exe:LowRateVoip
"TCP Query User{D6423AC4-E0CA-489B-B71D-E9AC4C45846B}c:\\program files\\webcalldirect.com\\webcalldirect\\webcalldirect.exe"= UDP:c:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe:Client to make VoIP calls.
"UDP Query User{BCAE60DA-7829-43CD-9082-D8C5BF19629B}c:\\program files\\webcalldirect.com\\webcalldirect\\webcalldirect.exe"= TCP:c:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe:Client to make VoIP calls.
"TCP Query User{2C96C29A-7D6F-4A49-B5D0-9C7B14C5D147}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CCFF6A12-86A0-49DA-B15A-38BBC8C9D07B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{AAB92D60-86BB-4C45-BA87-BB17FD10FB1D}c:\\program files\\webcalldirect.com\\webcalldirect\\webcalldirect.exe"= UDP:c:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe:Client to make VoIP calls.
"UDP Query User{863C808C-F81A-4EB5-84F4-FBD15A1C4194}c:\\program files\\webcalldirect.com\\webcalldirect\\webcalldirect.exe"= TCP:c:\program files\webcalldirect.com\webcalldirect\webcalldirect.exe:Client to make VoIP calls.
"{BA22DBAE-210E-4557-857E-C6B219ED4B85}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{D063D543-5552-4C90-9B19-D28C49F2170B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{4F736FDE-DE8E-4E83-9256-445CF6E8FFC8}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{60875BB7-3914-4AA2-80E7-B8B59804DBD0}"= c:\program files\Skype\Phone\Skype.exe:Skype

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07-03-2009 11:20 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07-03-2009 11:20 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [27-11-2008 10:50 73728]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [07-03-2009 11:20 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07-03-2009 11:20 298776]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [27-11-2008 18:42 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [27-11-2008 18:42 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [27-11-2008 18:42 7424]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-07-20 c:\windows\Tasks\User_Feed_Synchronization-{52D9BB3B-07F4-467E-BD0B-6276BEB79E45}.job
- c:\windows\system32\msfeedssync.exe [2009-06-14 11:31]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
Trusted Zone: danskebank.dk
FF - ProfilePath - c:\users\Tehmina\AppData\Roaming\Mozilla\Firefox\Profiles\lqlv80n4.default\
FF - prefs.js: browser.startup.homepage - www.google.dk
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=da-DK&FORM=MICDLV&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLITIKKER ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 12:03
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2009-07-20 12:06
ComboFix-quarantined-files.txt  2009-07-20 10:06

Pre-Kørsel: 110.411.239.424 byte ledig
Post-Kørsel: 110.391.033.856 byte ledig

230    --- E O F ---    2009-07-17 09:35

Der er ikke noget i loggrn. Hvordan synes du selv computeren virker?

c:\program files\LimeWire *SUK*