CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede mmmap Nybegynder
19. juni 2008 - 18:56 Der er 8 kommentarer og
2 løsninger

Fjernelse af AdWare

Hej Eksperter.
Jeg tror jeg har fået noget AdWare på min computer. Min skrivebordsbaggrund er blevet udskiftet med en HTML-fil, som jeg har slettet nu, og der åbnes engang i mellem et internet explorer vindue, hvori der er lavet en model magen til Windows XP's sikkerhedscenter. Jeg har kørt en Ad-Aware scanning, dog uden forbedringer. Her er en HiJackThis-log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:42, on 19-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\heerfordt\EPG Service\EPGService.exe
C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Lenovo\Bluetooth Software\BTTray.exe
C:\Programmer\Launchy\Launchy.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Opera\opera.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmer\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmer\FlashGet\getflash.dll
O3 - Toolbar: vrmdtneg - {AC45091C-C7E0-452A-A605-ECE97D354E24} - C:\WINDOWS\vrmdtneg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RssBandit] "C:\Programmer\RssBandit\RSSBandit.exe" -t
O4 - HKCU\..\Run: [uTorrent] "C:\Programmer\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Programmer\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Programmer\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Programmer\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Mads Kalør\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213179537281
O21 - SSODL: xvorfwbd - {60A1B0B8-6A86-46F0-B3D0-814165C238C7} - C:\WINDOWS\xvorfwbd.dll
O21 - SSODL: wpvmqosg - {7A1F23EC-0F8A-43B5-A8F8-7153C661D573} - C:\WINDOWS\wpvmqosg.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPG Service - Unknown owner - C:\Programmer\heerfordt\EPG Service\EPGService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TVService - Team MediaPortal - C:\Programmer\Team MediaPortal\MediaPortal TV Server\TVService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11262 bytes


Mvh. Mads
Avatar billede mmmap Nybegynder
19. juni 2008 - 18:57 #1
OPDATERET: Jeg har lige opdaget at når jeg holder musen over det øverste af baggrunden kommer der et lille vindue frem, som jeg kan lukke, minimere osv.
Avatar billede levich Nybegynder
19. juni 2008 - 19:01 #2
Følg vejledningen her: http://www.eksperten.dk/artikler/1123
Bagefter vil jeg gerne se en ny log fra hijackthis, superantispyware og combofix.
Avatar billede Computer Hjælp (Gratis) Mester
19. juni 2008 - 19:29 #3
Afinstaller
* µTorrent
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

<levich> fortsætter...
Avatar billede johnstigers Seniormester
19. juni 2008 - 20:48 #4
Skal slettes:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: vrmdtneg - {AC45091C-C7E0-452A-A605-ECE97D354E24} - C:\WINDOWS\vrmdtneg.dll

Og så en adware screensaver fra freeze.com

Der er nok at tage fat på, så følg Kommentar: levich 19/06-2008 19:01:16 + Kommentar: karise_larry 19/06-2008 19:29:46 så er du godt på vej!
Avatar billede mmmap Nybegynder
19. juni 2008 - 22:05 #5
Nu har jeg gjort hvad levich sagde, men så først karise_larry's svar senere, men det er også ordnet nu. Jeg har også gjort hvad du sage, john. Her er alverdens logs som kom undervejs, samt en hijackthis-log jeg kørte til sidst. De kommer i den opståede rækkefølge:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/19/2008 at 09:35 PM

Application Version : 4.0.1154

Core Rules Database Version : 3485
Trace Rules Database Version: 1476

Scan type      : Complete Scan
Total Scan Time : 02:09:28

Memory items scanned      : 169
Memory threats detected  : 0
Registry items scanned    : 7237
Registry threats detected : 20
File items scanned        : 28786
File threats detected    : 16

Trojan.Unclassified/GTS
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{AC45091C-C7E0-452A-A605-ECE97D354E24}
    HKCR\CLSID\{AC45091C-C7E0-452A-A605-ECE97D354E24}
    HKCR\CLSID\{AC45091C-C7E0-452A-A605-ECE97D354E24}
    HKCR\CLSID\{AC45091C-C7E0-452A-A605-ECE97D354E24}\InprocServer32
    HKCR\CLSID\{AC45091C-C7E0-452A-A605-ECE97D354E24}\InprocServer32#ThreadingModel
    HKCR\CLSID\{AC45091C-C7E0-452A-A605-ECE97D354E24}\ProgID
    HKCR\CLSID\{AC45091C-C7E0-452A-A605-ECE97D354E24}\Programmable
    HKCR\CLSID\{AC45091C-C7E0-452A-A605-ECE97D354E24}\TypeLib
    HKCR\CLSID\{AC45091C-C7E0-452A-A605-ECE97D354E24}\VersionIndependentProgID
    HKCR\vrmdtneg.1
    HKCR\vrmdtneg
    HKCR\TypeLib\{17BCCFC6-2042-46B2-94E4-DC1AC1816EDF}
    HKCR\TypeLib\{17BCCFC6-2042-46B2-94E4-DC1AC1816EDF}\1.0
    HKCR\TypeLib\{17BCCFC6-2042-46B2-94E4-DC1AC1816EDF}\1.0\0
    HKCR\TypeLib\{17BCCFC6-2042-46B2-94E4-DC1AC1816EDF}\1.0\0\win32
    HKCR\TypeLib\{17BCCFC6-2042-46B2-94E4-DC1AC1816EDF}\1.0\FLAGS
    HKCR\TypeLib\{17BCCFC6-2042-46B2-94E4-DC1AC1816EDF}\1.0\HELPDIR
    C:\WINDOWS\VRMDTNEG.DLL

Trojan.Net-MU/Gen
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

Adware.OneStepSearch
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP12\A0000514.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP20\A0001256.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP20\A0001257.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP20\A0001258.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP31\A0003291.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP34\A0003324.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP34\A0003325.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP34\A0003326.EXE

Spyware.RelevantKnowledge
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP20\A0001255.EXE

RelevantKnowledge Spyware Component
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP20\A0001273.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP28\A0001798.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP28\A0001799.EXE

Trojan.WINDLL32
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BED7C6D4-7E50-4CBA-A356-77CA27EC28AC}\RP67\A0010492.EXE

Trojan.Dropper/Gen
    C:\WINDOWS\NELTABXW.EXE

Adware.VideoAccessCodec/Gen
    C:\WINDOWS\XVORFWBD.DLL



Derefter en hijackthis-log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:50, on 19-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\heerfordt\EPG Service\EPGService.exe
C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\uTorrent\uTorrent.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Lenovo\Bluetooth Software\BTTray.exe
C:\Programmer\Launchy\Launchy.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Opera\opera.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmer\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmer\FlashGet\getflash.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Programmer\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Programmer\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Programmer\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Programmer\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Mads Kalør\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213179537281
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: xvorfwbd - {60A1B0B8-6A86-46F0-B3D0-814165C238C7} - C:\WINDOWS\xvorfwbd.dll (file missing)
O21 - SSODL: wpvmqosg - {7A1F23EC-0F8A-43B5-A8F8-7153C661D573} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPG Service - Unknown owner - C:\Programmer\heerfordt\EPG Service\EPGService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TVService - Team MediaPortal - C:\Programmer\Team MediaPortal\MediaPortal TV Server\TVService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11338 bytes


En ComboFix-log:

ComboFix 08-06-16.5 - Mads Kalør 2008-06-19 21:44:18.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1030.18.891 [GMT 2:00]
Running from: C:\Documents and Settings\Mads Kalør\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-05-19 to 2008-06-19  )))))))))))))))))))))))))))))))
.

2008-06-19 19:13 . 2008-06-19 19:13    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-06-19 19:13 . 2008-06-19 19:13    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\SUPERAntiSpyware.com
2008-06-19 19:13 . 2008-06-19 19:13    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 19:09 . 2008-06-19 19:09    <DIR>    d--------    C:\Programmer\CCleaner
2008-06-19 18:54 . 2008-06-19 18:54    <DIR>    d--------    C:\Programmer\Trend Micro
2008-06-19 17:40 . 2008-06-19 17:40    <DIR>    d--------    C:\Programmer\Lavasoft
2008-06-19 17:40 . 2008-06-19 19:12    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-06-19 17:40 . 2008-06-19 17:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-19 17:02 . 2008-06-19 09:13    139,264    --a------    C:\WINDOWS\eomb.exe
2008-06-19 16:52 . 2008-06-19 16:52    0    --ah-----    C:\WINDOWS\SwSys2.bmp
2008-06-19 16:52 . 2008-06-19 16:52    0    --ah-----    C:\WINDOWS\SwSys1.bmp
2008-06-19 16:50 . 2008-06-19 16:50    <DIR>    d--------    C:\Programmer\Install Creator
2008-06-19 16:50 . 2008-06-19 16:50    <DIR>    d--------    C:\Programmer\Game_Maker7
2008-06-19 16:15 . 2008-06-19 16:15    <DIR>    d--------    C:\Programmer\Macromedia
2008-06-19 16:15 . 2008-06-19 16:16    <DIR>    d--------    C:\Programmer\Fælles filer\Macromedia
2008-06-19 15:50 . 2008-06-19 16:18    <DIR>    d--------    C:\Downloads
2008-06-19 15:06 . 2008-06-19 15:06    <DIR>    d--------    C:\Programmer\NeroInstall.bak
2008-06-19 14:03 . 2008-06-19 14:03    <DIR>    d--------    C:\Programmer\FileZilla FTP Client
2008-06-19 14:03 . 2008-06-19 14:09    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\FileZilla
2008-06-18 22:21 . 2008-06-19 16:14    <DIR>    d--------    C:\WINDOWS\Downloaded Installations
2008-06-18 22:21 . 2008-06-18 22:21    <DIR>    d--------    C:\Programmer\Pro Imaging Powertoys
2008-06-18 21:06 . 2008-06-18 21:06    <DIR>    d--------    C:\Programmer\MagicDVDRipper
2008-06-18 20:50 . 2008-06-18 20:50    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\dvdcss
2008-06-18 20:15 . 2008-05-06 08:01    45,056    --a------    C:\WINDOWS\system32\WNASPI32.DLL
2008-06-18 20:15 . 2008-05-06 08:01    16,512    --a------    C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-18 19:30 . 2008-06-18 19:30    <DIR>    d--------    C:\Programmer\Handbrake
2008-06-17 21:09 . 2008-06-17 21:09    <DIR>    d--------    C:\WINDOWS\system32\Adobe
2008-06-17 15:12 . 2008-06-19 10:41    <DIR>    d--------    C:\Programmer\Opera
2008-06-17 13:05 . 2008-06-17 13:05    <DIR>    d--------    C:\Programmer\iTunes
2008-06-17 13:05 . 2008-06-17 13:05    <DIR>    d--------    C:\Programmer\iPod
2008-06-17 13:03 . 2008-06-17 13:04    <DIR>    d--------    C:\Programmer\QuickTime
2008-06-17 13:01 . 2008-06-17 13:01    <DIR>    d--------    C:\Programmer\Fælles filer\Apple
2008-06-17 12:52 . 2008-06-17 12:52    <DIR>    d--------    C:\Programmer\Apple Software Update
2008-06-17 12:51 . 2008-06-17 12:51    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Apple
2008-06-17 11:59 . 2008-06-17 11:59    <DIR>    d--------    C:\Programmer\AIM Productions
2008-06-17 11:59 . 1998-10-29 15:45    306,688    --a------    C:\WINDOWS\IsUninst.exe
2008-06-17 11:57 . 2008-06-17 11:57    <DIR>    d--------    C:\Programmer\OmniGSoft Mini-Dogfight 1.4
2008-06-17 11:56 . 2008-06-17 11:56    <DIR>    d--------    C:\Programmer\JAMDAT Mobile
2008-06-17 11:56 . 2008-06-17 12:01    <DIR>    d--------    C:\Programmer\Hexacto Games
2008-06-17 11:56 . 1999-12-17 11:13    86,016    --a------    C:\WINDOWS\unvise32.exe
2008-06-17 11:35 . 2008-06-17 11:35    303    --a------    C:\WINDOWS\CDPlayer.ini
2008-06-16 14:50 . 2008-06-16 14:50    <DIR>    d--hsc---    C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-06-16 14:50 . 2008-06-16 14:50    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-15 19:15 . 2008-04-13 20:45    10,368    --a------    C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-15 19:15 . 2008-04-13 20:45    10,368    --a--c---    C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-15 19:13 . 2008-06-15 19:13    <DIR>    d--------    C:\Programmer\LibUSB-Win32-0.1.10.1
2008-06-15 19:13 . 2005-03-09 20:50    46,592    --a------    C:\WINDOWS\system32\libusb0.dll
2008-06-15 19:13 . 2005-03-09 20:50    33,792    --a------    C:\WINDOWS\system32\drivers\libusb0.sys
2008-06-15 19:13 . 2005-03-09 20:50    19,456    --a------    C:\WINDOWS\system32\libusbd-9x.exe
2008-06-15 19:13 . 2005-03-09 20:50    18,944    --a------    C:\WINDOWS\system32\libusbd-nt.exe
2008-06-15 09:47 . 2008-06-18 22:36    69    --a------    C:\WINDOWS\NeroDigital.ini
2008-06-15 09:46 . 2008-06-15 11:03    <DIR>    d--------    C:\HammerAutosave
2008-06-15 09:02 . 2008-06-15 09:02    <DIR>    d--------    C:\Python25
2008-06-15 08:21 . 2008-06-15 21:03    <DIR>    d--------    C:\tmp
2008-06-15 08:18 . 2008-06-15 08:18    <DIR>    d--------    C:\Programmer\Blender Foundation
2008-06-15 08:18 . 2008-06-15 08:18    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\Blender Foundation
2008-06-14 23:38 . 2008-06-14 23:38    <DIR>    d--------    C:\Programmer\NewTek
2008-06-14 23:37 . 2008-06-14 23:43    <DIR>    d--------    C:\Documents
2008-06-13 22:40 . 2008-06-13 22:40    <DIR>    d--------    C:\Documents and Settings\mads kal??r
2008-06-13 22:32 . 2008-06-13 22:32    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\TomTom
2008-06-13 22:31 . 2008-06-13 22:31    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\Nero
2008-06-13 22:27 . 2008-06-13 22:27    <DIR>    d--------    C:\Programmer\Nero
2008-06-13 22:27 . 2008-06-13 22:29    <DIR>    d--------    C:\Programmer\Fælles filer\Nero
2008-06-13 22:27 . 2008-06-13 22:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Nero
2008-06-13 22:19 . 2008-06-13 22:19    376    --a------    C:\WINDOWS\ODBC.INI
2008-06-13 15:39 . 2008-06-13 16:13    <DIR>    d--------    C:\Programmer\Miranda IM
2008-06-13 15:39 . 2008-06-13 15:40    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\Miranda
2008-06-13 15:31 . 2005-07-12 14:25    401,408    --a------    C:\WINDOWS\system32\pvmjpg30.dll
2008-06-13 15:25 . 2008-06-13 15:25    <DIR>    d--------    C:\WINDOWS\system32\URTTEMP
2008-06-13 15:24 . 2007-01-26 02:04    196,096    --a------    C:\WINDOWS\system32\macd32.dll
2008-06-13 15:24 . 2007-01-26 02:04    138,752    --a------    C:\WINDOWS\system32\mase32.dll
2008-06-13 15:24 . 2007-01-26 02:04    136,192    --a------    C:\WINDOWS\system32\mamc32.dll
2008-06-13 15:24 . 2004-07-02 17:28    84,992    --a------    C:\WINDOWS\system32\ATL70.DLL
2008-06-13 15:24 . 2007-01-26 02:04    57,856    --a------    C:\WINDOWS\system32\masd32.dll
2008-06-13 15:23 . 2007-01-26 02:04    27,648    --a------    C:\WINDOWS\system32\ma32.dll
2008-06-13 15:22 . 2007-01-04 10:07    171,520    --a------    C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-06-13 15:22 . 2004-02-24 13:04    41,219    --a------    C:\WINDOWS\RSETPATH.exe
2008-06-13 15:22 . 2005-02-09 12:59    14,165    --a------    C:\WINDOWS\system32\drivers\Pclepci.sys
2008-06-13 15:20 . 2008-06-13 15:30    <DIR>    d--------    C:\Programmer\Pinnacle
2008-06-13 15:20 . 2008-06-13 15:32    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-06-13 15:17 . 2008-06-13 15:31    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-06-13 13:40 . 2008-06-19 08:34    <DIR>    d--------    C:\guide
2008-06-13 13:39 . 2008-06-13 13:39    <DIR>    d--------    C:\Programmer\heerfordt
2008-06-13 13:36 . 2008-06-13 13:36    <DIR>    d--------    C:\Programmer\DivX
2008-06-13 13:36 . 2008-06-13 14:56    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\DivX
2008-06-13 12:46 . 2008-06-13 13:01    <DIR>    d--------    C:\Programmer\GYLDENDALS DVD leksikon
2008-06-13 08:12 . 2008-06-13 08:12    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\vlc
2008-06-13 08:09 . 2008-06-13 13:00    <DIR>    d--------    C:\Programmer\VideoLAN
2008-06-12 22:55 . 2008-06-17 11:59    <DIR>    d--------    C:\Programmer\Microsoft ActiveSync
2008-06-12 22:51 . 2008-06-13 09:24    <DIR>    d--------    C:\Programmer\TomTom HOME
2008-06-12 22:51 . 2008-06-12 22:51    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\InstallShield
2008-06-12 15:42 . 2008-06-12 15:47    <DIR>    d--------    C:\Programmer\Free FLV Converter
2008-06-12 15:19 . 2008-06-17 13:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-12 15:05 . 2008-06-12 15:06    <DIR>    d--------    C:\Programmer\Magic Video Converter
2008-06-12 15:05 . 2004-05-26 21:37    719,872    --a------    C:\WINDOWS\system32\devil.dll
2008-06-12 15:05 . 2003-03-19 11:03    544,768    --a------    C:\WINDOWS\system32\msvcr71d.dll
2008-06-12 15:05 . 2006-10-09 07:07    344,064    --a------    C:\WINDOWS\system32\MSVCR70.DLL
2008-06-12 15:05 . 2006-09-16 19:44    314,368    --a------    C:\WINDOWS\system32\avisynth.dll
2008-06-12 15:03 . 2008-06-12 15:03    <DIR>    d--------    C:\WINDOWS\system32\da
2008-06-12 15:03 . 2008-06-12 15:03    <DIR>    d--------    C:\WINDOWS\system32\bits
2008-06-12 15:03 . 2008-06-12 15:03    <DIR>    d--------    C:\WINDOWS\l2schemas
2008-06-12 15:01 . 2008-06-12 15:03    <DIR>    d--------    C:\WINDOWS\ServicePackFiles
2008-06-12 14:53 . 2008-06-12 14:53    <DIR>    d--------    C:\WINDOWS\EHome
2008-06-12 14:44 . 2004-08-26 17:48    701,440    ---------    C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-12 14:20 . 2008-06-12 14:20    <DIR>    d--------    C:\Programmer\Sports Interactive
2008-06-12 14:20 . 2008-06-12 14:20    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\Sports Interactive
2008-06-12 14:06 . 2008-06-17 13:05    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\Apple Computer
2008-06-12 12:25 . 2008-06-12 12:25    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\Lenovo
2008-06-12 12:22 . 2008-06-12 12:22    <DIR>    d--------    C:\Programmer\Ubisoft
2008-06-12 12:12 . 2008-06-17 20:46    <DIR>    d--------    C:\Programmer\Steam
2008-06-12 11:32 . 2008-06-12 11:32    <DIR>    d--------    C:\Programmer\uTorrent
2008-06-12 11:30 . 2008-06-19 18:55    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\uTorrent
2008-06-12 09:11 . 2008-06-19 18:14    <DIR>    d--------    C:\Programmer\FlashGet
2008-06-12 09:11 . 2006-03-02 14:00    359,040    --a------    C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-06-12 08:58 . 2008-06-12 08:58    <DIR>    d--------    C:\Programmer\MSXML 6.0
2008-06-12 08:54 . 2008-06-12 08:54    <DIR>    d--------    C:\Programmer\Launchy
2008-06-11 23:12 . 2008-06-11 23:12    <DIR>    d--------    C:\Programmer\MSXML 4.0
2008-06-11 23:11 . 2006-03-02 14:00    221,184    --a------    C:\WINDOWS\system32\wmpns.dll
2008-06-11 23:07 . 2008-06-12 09:03    <DIR>    d--------    C:\Programmer\Microsoft SQL Server
2008-06-11 23:05 . 2008-06-12 09:03    <DIR>    d--------    C:\Programmer\Team MediaPortal
2008-06-11 23:05 . 2008-06-12 09:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-06-11 22:28 . 2008-06-11 22:33    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\Launchy
2008-06-11 22:25 . 2008-06-11 22:25    <DIR>    d--------    C:\Programmer\Notepad++
2008-06-11 22:25 . 2008-06-11 22:48    <DIR>    d--------    C:\Documents and Settings\Mads Kalør\Application Data\Notepad++
2008-06-11 21:36 . 2008-06-11 21:36    <DIR>    d--------    C:\Programmer\Logon Loader

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 20:18    ---------    d-----w    C:\Programmer\microsoft frontpage
2008-06-13 13:30    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-06-11 11:59    ---------    d-----w    C:\Programmer\Lenovo
2008-06-10 21:00    ---------    d-----w    C:\Programmer\Intel
2008-06-10 20:55    315,392    ----a-w    C:\WINDOWS\HideWin.exe
2008-06-10 20:55    ---------    d-----w    C:\Programmer\Realtek
2008-06-10 20:55    ---------    d-----w    C:\Programmer\Fælles filer\InstallShield
2008-06-10 20:54    ---------    d-----w    C:\Programmer\Broadcom
2008-06-10 20:48    720,600    ----a-w    C:\WINDOWS\qfe178.tmp
2008-06-10 20:39    ---------    d-----w    C:\Programmer\Onlinetjenester
2008-06-10 20:38    ---------    d-----w    C:\Programmer\Fælles filer\Tjenester
2008-06-06 13:00    221,184    ----a-w    C:\WINDOWS\system32\TubeFinder.exe
2008-06-04 16:42    9,728    ----a-w    C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-04 16:42    32,768    ----a-w    C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-04 16:42    141,312    ----a-w    C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-04 16:42    119,568    ----a-w    C:\WINDOWS\system32\VB6FR.DLL
2008-06-04 16:42    101,888    ----a-w    C:\WINDOWS\system32\VB6STKIT.DLL
2008-05-30 17:22    9,464    ------w    C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:22    9,336    ------w    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-30 17:22    43,528    ------w    C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-30 17:22    129,784    ------w    C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:22    120,056    ------w    C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:22    118,520    ------w    C:\WINDOWS\system32\pxinsi64.exe
2008-05-16 09:58    12,632    ----a-w    C:\WINDOWS\system32\lsdelete.exe
2008-05-08 14:02    203,136    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11    1,292,288    ----a-w    C:\WINDOWS\system32\quartz.dll
2008-04-29 09:20    15,648    ----a-w    C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19    15,648    ----a-w    C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19    12,960    ----a-w    C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 06:44    667,648    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-04-14 16:20    1,804    ----a-w    C:\WINDOWS\system32\dcache.bin
2008-04-14 16:09    331,264    ----a-w    C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:05    998,400    ----a-w    C:\WINDOWS\system32\msgina.dll
2008-04-14 16:04    759,296    ----a-w    C:\WINDOWS\system32\winntbbu.dll
2008-04-14 16:03    9,344    ----a-w    C:\WINDOWS\system32\framebuf.dll
2008-04-14 16:03    539,648    ----a-w    C:\WINDOWS\system32\comuid.dll
2008-04-14 16:03    3,072    ----a-w    C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 16:03    3,072    ----a-w    C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 16:03    285,696    ----a-w    C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:03    16,896    ----a-w    C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:45    2,026,496    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:44    4,096    ----a-w    C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:44    2,147,840    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:42    83,456    ----a-w    C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:42    77,824    ------w    C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:40    559,104    ----a-w    C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:40    49,152    ----a-w    C:\WINDOWS\system32\inetres.dll
2008-04-14 15:38    9,728    ----a-w    C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:38    1,845,632    ----a-w    C:\WINDOWS\system32\win32k.sys
2008-04-14 15:37    65,536    ----a-w    C:\WINDOWS\system32\browselc.dll
2008-04-14 15:36    57,344    ----a-w    C:\WINDOWS\system32\mshtmler.dll
2008-04-14 15:36    103,424    ----a-w    C:\WINDOWS\system32\dpcdll.dll
2008-04-14 07:06    11,264    ----a-w    C:\WINDOWS\system32\spnpinst.exe
2008-04-14 07:05    995,328    ----a-w    C:\WINDOWS\system32\setupapi.dll
2008-04-14 07:05    423,936    ----a-w    C:\WINDOWS\system32\licdll.dll
2008-04-13 18:44    17,664    ----a-w    C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40    454,144    ----a-w    C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36    2,935,808    ----a-w    C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35    24,064    ----a-w    C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35    192,000    ----a-w    C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31    7,424    ----a-w    C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30    61,440    ----a-w    C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37    208,384    ----a-w    C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37    138,752    ----a-w    C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26    12,288    ----a-w    C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26    12,288    ----a-w    C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21    733,696    ----a-w    C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48    1,647,616    ----a-w    C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45    216,064    ----a-w    C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23    48,128    ----a-w    C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39    884,736    ----a-w    C:\WINDOWS\system32\msimsg.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:05 15360]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]
"uTorrent"="C:\Programmer\uTorrent\uTorrent.exe" [2008-06-12 11:32 219952]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:17 1289000]
"LaunchList"="C:\Programmer\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"LPManager"="C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe" [2007-03-01 02:02 120368]
"PMHandler"="C:\WINDOWS\system32\PMHandler.exe" [2006-05-20 09:28 24576]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-10-12 16:28 1282048]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 15:21 16384000 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Programmer\Realtek\Audio\InstallShield\AzMixerSel.exe" [2007-08-23 14:48 53248]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"TPWAUDAP"="C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 16:38 54824]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:05 15360]

C:\Documents and Settings\Mads Kal&#8250;r\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F&#8216;lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Screen Clipper and Launcher til OneNote 2007.lnk - C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - C:\Programmer\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 12:23:40 561213]
Launchy.lnk - C:\Programmer\Launchy\Launchy.exe [2008-06-12 08:54:40 274432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xvorfwbd"= {60A1B0B8-6A86-46F0-B3D0-814165C238C7} - C:\WINDOWS\xvorfwbd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Programmer\Lenovo\HOTKEY\tphklock.dll 2007-12-14 16:36 28672 C:\Programmer\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\FlashGet\\flashget.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
"C:\\Programmer\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmer\\Ubisoft\\Splinter Cell Pandora Tomorrow\\Support\\Check_Appli\\pandora_detection.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\Programmer\Microsoft ActiveSync\rapimgr.exe"= C:\Programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmer\Microsoft ActiveSync\wcescomm.exe"= C:\Programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmer\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmer\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Programmer\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Programmer\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Programmer\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Programmer\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Programmer\\Steam\\SteamApps\\kal0er_the_terrorist_hunter\\counter-strike source\\hl2.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Programmer\\Opera\\opera.exe"=
"C:\\Programmer\\Fælles filer\\Nero\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2005-12-21 14:09]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 EPG Service;EPG Service;"C:\Programmer\heerfordt\EPG Service\EPGService.exe" [2008-01-13 10:23]
R2 FNF5SVC;Fn+F5 Service;C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 10:24]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
S3 TVService;TVService;"C:\Programmer\Team MediaPortal\MediaPortal TV Server\TVService.exe" [2008-04-18 18:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19d9f8fa-3730-11dd-ad9a-000fb0d2fa1b}]
\Shell\AutoRun\command - calc

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 10:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 21:48:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-19 21:49:23
ComboFix-quarantined-files.txt  2008-06-19 19:49:12

Pre-Run: 66,354,520,064 byte ledig
Post-Run: 66,421,366,784 byte ledig

317    --- E O F ---    2008-06-17 20:40:51


Og til sidst endnu en hijackthis-log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:57, on 19-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\heerfordt\EPG Service\EPGService.exe
C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Lenovo\Bluetooth Software\BTTray.exe
C:\Programmer\Launchy\Launchy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmer\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmer\FlashGet\getflash.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Programmer\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Programmer\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Programmer\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Mads Kalør\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213179537281
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: xvorfwbd - {60A1B0B8-6A86-46F0-B3D0-814165C238C7} - C:\WINDOWS\xvorfwbd.dll (file missing)
O21 - SSODL: wpvmqosg - {7A1F23EC-0F8A-43B5-A8F8-7153C661D573} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPG Service - Unknown owner - C:\Programmer\heerfordt\EPG Service\EPGService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TVService - Team MediaPortal - C:\Programmer\Team MediaPortal\MediaPortal TV Server\TVService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11209 bytes
Avatar billede mmmap Nybegynder
19. juni 2008 - 22:45 #6
Desuden kommer den AdWare som jeg startede tråden for ikke mere, så det var da godt :) Men hvis I vil se om der er andet AdWare, så vil jeg være meget glad for det - selvom der er meget at kigge i gennem..
Avatar billede levich Nybegynder
19. juni 2008 - 22:53 #7
Fix disse to linjer med hijackthis:
O21 - SSODL: xvorfwbd - {60A1B0B8-6A86-46F0-B3D0-814165C238C7} - C:\WINDOWS\xvorfwbd.dll (file missing)
O21 - SSODL: wpvmqosg - {7A1F23EC-0F8A-43B5-A8F8-7153C661D573} - (no file)

Og en ny hijackthis-log bagefter, men ellers er vi færdige.
Avatar billede mmmap Nybegynder
20. juni 2008 - 08:29 #8
Okay, her er den nye. Venter lige med at acceptere svar før vi er sikre på at vi er færdige.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:29:02, on 20-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\heerfordt\EPG Service\EPGService.exe
C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Lenovo\Bluetooth Software\BTTray.exe
C:\Programmer\Launchy\Launchy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmer\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmer\FlashGet\getflash.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Programmer\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Programmer\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Programmer\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Programmer\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Mads Kalør\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programmer\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213179537281
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPG Service - Unknown owner - C:\Programmer\heerfordt\EPG Service\EPGService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TVService - Team MediaPortal - C:\Programmer\Team MediaPortal\MediaPortal TV Server\TVService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11114 bytes
Avatar billede levich Nybegynder
22. juni 2008 - 18:58 #9
Det ser godt ud herfra.
Avatar billede mmmap Nybegynder
22. juni 2008 - 20:38 #10
Okay, tak for hjælpen
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Password sikkerhed Af jhjorsal i Andet sikkerhed 2 13/07/202413:12 13/07/202422:46
Automatisering af certifikat proces - Danske virksomheder Af Søren i Andet sikkerhed 1 29/05/202414:23 30/05/202409:03
VPN i forhold til facebook? Af Novice-1 i Andet sikkerhed 2 26/05/202412:09 26/05/202420:54
Fjerne adgangskode Af Geo" søster i Andet sikkerhed 4 25/04/202418:19 26/04/202422:46
Krypetring af USB -stick Af FinBalance i Andet sikkerhed 16 04/03/202412:39 08/03/202415:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 09:22 Opret Windows 11 som lokalkonto Af Uvanga i Windows
I går 21:02 Google my maps Af 1Dorte i Andet software
I går 20:30 Fortnite PS5 Af Sshansen i Andet hardware
I går 16:27 Musikafspiller på Samsung S10 telefon Af mort1 i Mobiltelefoner
I går 14:44 Markere et område der ikke skal med i sum Af lurup i Excel
White papers
Flere white papers »


Premium
Teaser billede
Blodbad på børserne: Tech-aktierne nedsmelter og trækker hele det amerikanske aktiemarked ned
Læs mere »
OpenAI har udviklet et særligt værktøj, der med 99,9 procents sikkerhed kan identificere tekst skabt med ChatGPT
Din Azure-konto kan blive misbrugt til kryptomining - helt uskyldige virksomheder ender med kæmpe-elregning
Danske virksomheder mister konkurrence-evne, hvis de ikke investerer i AI, advarer IT-Branchen
Se alle »
Computerworld
Teaser billede
Første test: Denne helt nye wunder-CPU vil du have i din næste laptop
Læs mere »
Guide til det perfekte trådløse netværk: Wi-fi til 'prepper'-typer
’Apple Intelligence’ slippes løs: Her kommer første mulighed for at afprøve Apples kunstige intelligens
Flere statslige it-løsninger ramt af netværksproblemer - ansatte kunne ikke få mail-adgang
Se alle »
CIO
Teaser billede
Stor aftale gør Microsofts datacentre hurtigere - investerer i netværksudstyr
Læs mere »
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
NIS2 i Danmark udskydes med flere måneder: Her er den nye dato, hvor loven træder i kraft
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
Sådan får du overblik og beskytter dine cloudapplikationer
Læs mere »
Unbreakable - sådan sikrer du dig vedvarende og uafbrudt adgang til dine data
SASE: Træf det rette valg – første gang
Guide: Sådan udvikler du en moderne netværksstrategi
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »