virus eller spyware

Følg denne vejledning:
http://www.spywarefri.dk/forum/links/hjtanv.htm
Vi skal se logs fra AVG, Combofix og Hijackthis i nævnte rækkefølge.

Er der ingen risiko ved at lægge logfiler ind i forum?

og hvad er p2p og fildelingsprogrammer?

Nej, der er ingen risiko for almindelige brugere.
Vi kan se om du bruger netbank, og hvilken bank der vil være tale om, men vi kan ikke se nogen former for koder.

P2P er f.eks Bearshare, eMule, KaZaA og div. Torrent programmer, som bruges til at hente musik, film og crackede programmer med.

Men navn, efternavn og min banks navn lægger jeg ud til offentligt skue? Undskyld hvis jeg forekommer lidt hysterisk?

... hvis der endelig skulle komme noget som viser dit navn så ka' du selv erstatte den med XXXXXXXXXXX ...

Der er >1.000.000 andre der har gennemført ovenstående HiackThis log procedure...

ok.. Vil hellere spørge en gang for meget, men jeg kører så...

"Når AVG Antispyware scanningen er færdig, tryk på - "Apply all actions" - knappen. Programmet laver en lille log; gem den på Skrivebordet, du skal skal kopiere indholdet af log'en ind i dit næste indlæg i forum.
"
Når jeg har trykket på apply all actions har jeg ikke mulighed for at gemme? Hvordan gør jeg?

Spring den del over, vi har et eller andet forklaringsproblem med den log, jeg har ikke fået kigget på det endnu.
De to vigtige er Combofix og Hijackthis.

Ærgeligt eller hvad?? avgas fandt ellers 19 inficerede objekter på den 1½ time den scannede.. Er det bare ligegyldigt så?

Her er log'en fra "swf_cf"

ComboFix 08-02-23.2 - Adam 2008-02-25 18:13:05.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.480 [GMT 1:00]
Running from: C:\Documents and Settings\Adam\Skrivebord\Spywarefri\SWF_CF.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate
.
(((((((((((((((((((((((((  Files Created from 2008-01-25 to 2008-02-25  )))))))))))))))))))))))))))))))
.

2008-02-25 09:40 . 2008-02-25 09:40    <DIR>    d--------    C:\Programmer\iPod
2008-02-24 22:58 . 2008-02-24 22:58    <DIR>    d--------    C:\Documents and Settings\Adam\Application Data\Grisoft
2008-02-24 22:57 . 2007-05-30 13:10    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-24 21:23 . 2008-02-24 21:23    <DIR>    d--------    C:\Programmer\CCleaner
2008-02-20 09:25 . 2008-02-20 09:25    <DIR>    d--------    C:\Programmer\Panda Security
2008-01-31 23:13 . 2008-01-31 23:13    90,112    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13    57,344    --a------    C:\WINDOWS\system32\QuickTime.qts
2008-01-30 19:13 . 2008-01-30 19:13    <DIR>    d--------    C:\Programmer\Google
2008-01-25 22:57 . 2008-02-22 22:30    <DIR>    d--------    C:\Documents and Settings\Adam\Application Data\DivX
2008-01-25 22:55 . 2008-01-04 22:58    129,784    ---------    C:\WINDOWS\system32\pxafs.dll
2008-01-25 22:55 . 2008-01-04 22:58    9,464    ---------    C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-25 22:55 . 2008-01-04 22:58    9,336    ---------    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-25 17:54 . 2008-01-25 22:55    <DIR>    d--------    C:\Programmer\DivX

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 08:40    ---------    d-----w    C:\Programmer\iTunes
2008-02-25 08:38    ---------    d-----w    C:\Programmer\QuickTime
2008-02-25 07:27    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\AVG7
2008-02-21 11:02    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\Skype
2008-02-21 09:16    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\skypePM
2008-02-05 21:45    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\IBM
2008-01-27 09:03    ---------    d-----w    C:\Programmer\Golden Axe
2008-01-22 21:43    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\Apple Computer
2008-01-22 21:42    ---------    d-----w    C:\Programmer\Bonjour
2008-01-22 21:42    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-22 21:41    ---------    d-----w    C:\Programmer\Apple Software Update
2008-01-22 21:40    ---------    d-----w    C:\Programmer\Fælles filer\Apple
2008-01-22 21:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple
2008-01-21 17:46    32    ----a-w    C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-21 17:43    ---------    d-----w    C:\Programmer\Skype
2008-01-21 17:43    ---------    d-----w    C:\Programmer\Fælles filer\Skype
2008-01-21 17:43    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Skype
2008-01-18 21:11    ---------    d-----w    C:\Programmer\PokerStars
2008-01-15 01:39    30,464    ----a-w    C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-14 21:10    ---------    d-----w    C:\Programmer\Java
2008-01-14 21:08    ---------    d-----w    C:\Programmer\Fælles filer\Java
2008-01-04 21:58    43,528    ------w    C:\WINDOWS\system32\drivers\pxhelp20.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 16:00 15360]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 02:10 442368]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:30 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 01:30 110592]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 01:30 512000]
"TPKMAPHELPER"="C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 16:28 868352]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19 94208]
"ControlCenter"="C:\Programmer\IBM fingerprint software\ctlcntr.exe" [2004-11-04 09:46 284766]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33 243248]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-11 21:00 344064]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 02:10 442368]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-12-16 03:41 90112]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 01:19 200704]
"TVT Scheduler Proxy"="C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [ ]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ACTray"="C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 01:19 208896]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [ ]
"SoundMAXPnP"="C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 22:15 579072]
"PCSuiteTrayApplication"="C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27 222208]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 16:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-09 09:47 219136]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - C:\Programmer\IBM\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18 565309]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-06 23:55:37 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Programmer\IBM fingerprint software\psfus.dll 2004-11-04 09:51 108636 C:\Programmer\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\java.exe"=
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"C:\\Programmer\\IBM\\Updater\\ucsmb.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 16:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 14:13]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-21 01:19]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2004-12-16 04:12]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2004-11-04 09:52]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 14:13]
R3 TPM;Winbond Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\tpm.sys [2005-10-09 21:35]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-11-15 03:00]
S3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-05-19 13:41]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-01-15 02:39]
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 16:34:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-02-25 17:20:16 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 18:20:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Fælles filer\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\IBM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
c:\programmer\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Windows Media Player\WMPNetwk.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\PC Connectivity Solution\NclBTHandler.exe
.
**************************************************************************
.
Completion time: 2008-02-25 18:23:35 - machine was rebooted
ComboFix-quarantined-files.txt  2008-02-25 17:23:30
.
2008-02-14 17:55:21    --- E O F ---

Her er loggen fra "hijack this"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:29, on 25-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Fælles filer\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\programmer\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\PC Connectivity Solution\NclBTHandler.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Adam\Skrivebord\Spywarefri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bold.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Programmer\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [StartCCC] C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194368534679
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Programmer\Fælles filer\Virtual Token\vtserver.exe

--
End of file - 12757 bytes

Hov de skulle ha v.æret kopieret et andet sted hen.. im very sorry.

?, det er da rigtig nok.

Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
---------------------------------------
Genstart i fejlsikret (tryk på <F8> under opstarten)
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Vi skal også se en frisk hijackthislog, samt en ny combofixlog.

ccleaner? har jeg ikke installeret det fra tidligere?

Så bare fortsæt.

Jeg har to logs fra superantispyware den ene er fra min første scanning (hvor den fandt 29) tror ikke jeg fik afsluttet det ordenligt.

Den anden er fra min scanning nummer to (hvor den fandt 5) jeg fik afsluttet scanning nummer to ordenligt. Håber du/i kan finde ud af det, for jeg kan tilsyneladende ikke :)

Anyways her er de (vist nok i rigtig rækkefølge :)

SUPERAntiSpyware Scan Log
Generated 02/26/2008 at 09:05 PM

Application Version : 3.5.1016

Core Rules Database Version : 3409
Trace Rules Database Version: 1401

Scan type      : Complete Scan
Total Scan Time : 01:05:11

Memory items scanned      : 177
Memory threats detected  : 0
Registry items scanned    : 6323
Registry threats detected : 0
File items scanned        : 36552
File threats detected    : 29

Adware.Tracking Cookie
    C:\Documents and Settings\Adam\Cookies\adam@advertising[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@adtech[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@imrworldwide[3].txt
    C:\Documents and Settings\Adam\Cookies\adam@www.googleadservices[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@ad.bolddk[3].txt
    C:\Documents and Settings\Adam\Cookies\adam@eas.apm.emediate[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@doubleclick[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@atdmt[3].txt
    C:\Documents and Settings\Adam\Cookies\adam@tradedoubler[3].txt
    C:\Documents and Settings\Adam\Cookies\adam@track.adform[4].txt
    C:\Documents and Settings\Adam\Cookies\adam@indexstats[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@ad.bolddk[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@ad.bolddk[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@ad.zanox[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@ad1.emediate[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@adfair[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@ads.estart[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@adtech[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@atdmt[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@doubleclick[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@eas4.emediate[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@ice.112.2o7[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@imrworldwide[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@imrworldwide[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@mediaplex[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@track.adform[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@track.adform[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@tradedoubler[2].txt
    C:\Documents and Settings\Adam\Cookies\adam@www.googleadservices[1].txt



Og så nummer 2
SUPERAntiSpyware Scan Log
Generated 02/26/2008 at 10:45 PM

Application Version : 3.5.1016

Core Rules Database Version : 3409
Trace Rules Database Version: 1401

Scan type      : Complete Scan
Total Scan Time : 00:53:44

Memory items scanned      : 177
Memory threats detected  : 0
Registry items scanned    : 6323
Registry threats detected : 0
File items scanned        : 36588
File threats detected    : 5

Adware.Tracking Cookie
    C:\Documents and Settings\Adam\Cookies\adam@adtech[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@ad.bolddk[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@doubleclick[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@mediaplex[1].txt
    C:\Documents and Settings\Adam\Cookies\adam@track.adform[1].txt

Og her er så en hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:25, on 26-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Fælles filer\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\programmer\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\PC Connectivity Solution\NclBTHandler.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\IBM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\IBM\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Adam\Skrivebord\Spywarefri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bold.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Programmer\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [StartCCC] C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194368534679
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Programmer\Fælles filer\Virtual Token\vtserver.exe

--
End of file - 13371 bytes

Og her er en fra combofix


ComboFix 08-02-23.2 - Adam 2008-02-26 23:08:59.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.458 [GMT 1:00]
Running from: C:\Documents and Settings\Adam\Skrivebord\Spywarefri\SWF_CF.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-01-26 to 2008-02-26  )))))))))))))))))))))))))))))))
.

2008-02-26 09:33 . 2008-02-26 22:51    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-26 09:33 . 2008-02-26 09:33    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-26 09:33 . 2008-02-26 09:33    <DIR>    d--------    C:\Documents and Settings\Adam\Application Data\SUPERAntiSpyware.com
2008-02-25 09:40 . 2008-02-25 09:40    <DIR>    d--------    C:\Programmer\iPod
2008-02-24 22:58 . 2008-02-24 22:58    <DIR>    d--------    C:\Documents and Settings\Adam\Application Data\Grisoft
2008-02-24 22:57 . 2007-05-30 13:10    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-24 21:23 . 2008-02-24 21:23    <DIR>    d--------    C:\Programmer\CCleaner
2008-02-20 09:25 . 2008-02-20 09:25    <DIR>    d--------    C:\Programmer\Panda Security
2008-01-31 23:13 . 2008-01-31 23:13    90,112    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13    57,344    --a------    C:\WINDOWS\system32\QuickTime.qts
2008-01-30 19:13 . 2008-01-30 19:13    <DIR>    d--------    C:\Programmer\Google

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 08:32    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-26 08:26    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\AVG7
2008-02-25 08:40    ---------    d-----w    C:\Programmer\iTunes
2008-02-25 08:38    ---------    d-----w    C:\Programmer\QuickTime
2008-02-22 21:30    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\DivX
2008-02-21 11:02    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\Skype
2008-02-21 09:16    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\skypePM
2008-02-05 21:45    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\IBM
2008-01-27 09:03    ---------    d-----w    C:\Programmer\Golden Axe
2008-01-25 21:55    ---------    d-----w    C:\Programmer\DivX
2008-01-22 21:43    ---------    d-----w    C:\Documents and Settings\Adam\Application Data\Apple Computer
2008-01-22 21:42    ---------    d-----w    C:\Programmer\Bonjour
2008-01-22 21:42    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-22 21:41    ---------    d-----w    C:\Programmer\Apple Software Update
2008-01-22 21:40    ---------    d-----w    C:\Programmer\Fælles filer\Apple
2008-01-22 21:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple
2008-01-21 17:46    32    ----a-w    C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-21 17:43    ---------    d-----w    C:\Programmer\Skype
2008-01-21 17:43    ---------    d-----w    C:\Programmer\Fælles filer\Skype
2008-01-21 17:43    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Skype
2008-01-18 21:11    ---------    d-----w    C:\Programmer\PokerStars
2008-01-15 01:39    30,464    ----a-w    C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-14 21:10    ---------    d-----w    C:\Programmer\Java
2008-01-14 21:08    ---------    d-----w    C:\Programmer\Fælles filer\Java
2008-01-11 05:40    44,544    ----a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-04 21:59    524,288    ----a-w    C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58    9,464    ------w    C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58    9,336    ------w    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58    43,528    ------w    C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-04 21:58    3,596,288    ----a-w    C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58    200,704    ----a-w    C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58    129,784    ------w    C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58    120,056    ------w    C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58    118,520    ------w    C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58    1,044,480    ----a-w    C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57    823,296    ----a-w    C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57    823,296    ----a-w    C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57    81,920    ----a-w    C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57    802,816    ----a-w    C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57    682,496    ----a-w    C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57    593,920    ----a-w    C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57    57,344    ----a-w    C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57    53,248    ----a-w    C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57    344,064    ----a-w    C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57    294,912    ----a-w    C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57    294,912    ----a-w    C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57    196,608    ----a-w    C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56    156,992    ----a-w    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56    12,288    ----a-w    C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-19 22:54    347,136    ----a-w    C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51    179,584    ------w    C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:13    3,592,192    ------w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:00    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 10:59    70,656    ------w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 10:59    625,664    ------w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 04:59    161,792    ------w    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41    550,912    ------w    C:\WINDOWS\system32\dllcache\oleaut32.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 16:00 15360]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 02:10 442368]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:30 204288]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-01-10 15:14 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 01:30 110592]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 01:30 512000]
"TPKMAPHELPER"="C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 16:28 868352]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19 94208]
"ControlCenter"="C:\Programmer\IBM fingerprint software\ctlcntr.exe" [2004-11-04 09:46 284766]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33 243248]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-11 21:00 344064]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 02:10 442368]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-12-16 03:41 90112]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 01:19 200704]
"TVT Scheduler Proxy"="C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 11:07 540672]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ACTray"="C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 01:19 208896]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"SoundMAXPnP"="C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 22:15 579072]
"PCSuiteTrayApplication"="C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27 222208]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 16:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-09 09:47 219136]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - C:\Programmer\IBM\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18 565309]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-06 23:55:37 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Programmer\IBM fingerprint software\psfus.dll 2004-11-04 09:51 108636 C:\Programmer\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\java.exe"=
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"C:\\Programmer\\IBM\\Updater\\ucsmb.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 16:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 14:13]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-21 01:19]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2004-12-16 04:12]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2004-11-04 09:52]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 14:13]
R3 TPM;Winbond Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\tpm.sys [2005-10-09 21:35]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-11-15 03:00]
S3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-05-19 13:41]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-01-15 02:39]
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 16:34:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 21:48:27 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 23:12:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-02-26 23:13:23
ComboFix-quarantined-files.txt  2008-02-26 22:13:12
ComboFix2.txt  2008-02-25 17:23:36
.
2008-02-14 17:55:21    --- E O F ---

Der er ikke noget at komme efter, er problemet løst?

Jeg synes den blevet langsommere, specielt under opstart. Kunne du i de tidligere logs se om der var noget?

Der har ikke rigtig været noget.

Ipod tjenesten kan godt være årsag, men hvad er langsom?
Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten >> iPod-tjeneste (iPod Service) << stop den hvis den kører, højreklik på den, klik på Egenskaber og vælg Starttype Manuel.

Ok. Men avgas fandt 19 inficerede filer som du ikke fik lov at læse da der var lidt problemer med forklaringen? er de også væk?

Og superantispyware fandt først 29 (hvor jeg lukkede forkert)
og bagefter 5 (hvor jeg lukkede rigtigt)

Den er langsom i opstart, den bruger hardisken helt ekstremt meget (kan se det fordi den blinker) synes jeg ikke den har gjort før..

Vil i øvrigt også gerne høre om jeg kan bruge alle eller nogen af de hentede programmer til at scanne fremover uden nogen kan læse min log? Hvilke kan jeg bruge og hvilke skal jeg evt passe på med for ikke at komme til at fjerne noget der ikke skal fjernes.

Du kan roligt bruge Ccleaner og SuperAntiSpyware selv.
Derimod skal Combofix og Hijackthis omgås med varsomhed.

Prøv dette:
Klik på Start->Kør skriv SFC /scannow (bemærk mellemrum), klik OK.
Din XP-CD skal sidde i drevet.
Genstart, se om det hjalp.

Kan jeg også bruge avgas?

problemet løst.. mange tak for hjælpen

Ja, du kan sagtens bruge Avgas også, husk at opdatere manuelt.

Det lyder godt, velbekomme. :-)