Så skulle den være klaret ;0)....Håber jeg !
Først Malware....
Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2
21:55:04 21-08-2008
mbam-log-08-21-2008 (21-55-04).txt
Skan type: Fuldstændig skanning (F:\|)
Objekter skannet: 220662
Tid tilbagelagt: 1 hour(s), 17 minute(s), 16 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 2
Inficerede Registeringsdatabase Nøgler: 44
Inficerede Registeringsdatabase Værdier: 6
Inficerede Registeringsdatabase Filer: 4
Inficerede Mapper: 4
Inficerede Filer: 37
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
F:\WINDOWS\system32\byXPGXRj.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\hiotasnm.dll (Trojan.Vundo.H) -> Delete on reboot.
Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474c31c5-578b-4192-8562-2e474578dc27} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkjcctq (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{474c31c5-578b-4192-8562-2e474578dc27} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{660bc9a1-c4fa-4ae8-9a57-1fef79068e63} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{660bc9a1-c4fa-4ae8-9a57-1fef79068e63} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1a8b365-e7b0-46b7-b2ac-b9df7ea36961} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d1a8b365-e7b0-46b7-b2ac-b9df7ea36961} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.browserwatcher (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.browserwatcher.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.pornpro_bho (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.pornpro_bho.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.precachebrowserhost (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingenhancer.precachebrowserhost.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{125e9d24-2428-38d2-8e23-804e3275209c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f2579e9-ec37-3112-9bde-d2db14e95c32} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e12688ce-9384-28e3-a041-4e1a9ce14506} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5abbd91b-0215-2fe1-7a7e-753f05b40cb8} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96fdc0f6-929e-e96c-597f-386cd3c7d7aa} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b056fd59-0c72-3878-da81-4c5239908200} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98d555cc-a569-43fb-2f43-3a98ccda4b50} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\banneradsgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\000000af (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm4fbb1ce1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: f:\windows\system32\byxpgxrj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: f:\windows\system32\byxpgxrj -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Inficerede Mapper:
F:\Programmer\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Programmer\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
F:\Programmer\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
F:\Programmer\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
Inficerede Filer:
F:\WINDOWS\system32\jkkJcCtq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\byXPGXRj.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\jRXGPXyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\jRXGPXyb.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\eudonq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\hiotasnm.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\mnsatoih.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
F:\Documents and Settings\Michael\Lokale indstillinger\Temp\tem632.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
F:\Documents and Settings\Michael\Lokale indstillinger\Temp\tem1C.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
F:\Programmer\PCHealthCenter\5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\Programmer\PCHealthCenter\7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\Programmer\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{815B814E-50BC-4A95-A280-39E647463DAF}\RP253\A0045335.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\qoMeDTkI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\{56c779a5-1f17-ed15-c75e-a64882fc8577}.dll-uninst.exe (Adware.Agent) -> Quarantined and deleted successfully.
F:\Programmer\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Programmer\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Programmer\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Programmer\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
F:\Programmer\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
F:\Programmer\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
F:\Programmer\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
F:\Programmer\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
F:\Programmer\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
F:\Programmer\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
F:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
F:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\WINDOWS\BM4fbb1ce1.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\WINDOWS\BM4fbb1ce1.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\Documents and Settings\Michael\Lokale indstillinger\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Documents and Settings\Michael\Lokale indstillinger\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Documents and Settings\Michael\Lokale indstillinger\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Documents and Settings\Michael\Lokale indstillinger\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Documents and Settings\Michael\Lokale indstillinger\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
OG HER SÅ HIJACK::::::
Logfile of HijackThis v1.99.1
Scan saved at 21:56:54, on 21-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Programmer\Bonjour\mDNSResponder.exe
F:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Programmer\Fighters\configservice.exe
F:\Programmer\Cyberlink\Shared files\RichVideo.exe
F:\Programmer\Trend Micro\Internet Security\SfCtlCom.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\SearchIndexer.exe
F:\Programmer\Fighters\licenseservice.exe
F:\Programmer\Fighters\updateservice.exe
F:\Programmer\Fighters\ScannerService.exe
F:\PROGRA~1\AVG\AVG8\avgam.exe
F:\Programmer\Trend Micro\BM\TMBMSRV.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Programmer\D-Link\AirPlus G\AirGCFG.exe
F:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
F:\Programmer\Trend Micro\Internet Security\UfSeAgnt.exe
F:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
F:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
F:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
F:\Programmer\iTunes\iTunesHelper.exe
F:\Programmer\Fighters\spywarefighter\SpywarefighterUser.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe
F:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\Octoshape Streaming Services\Michael\OctoshapeClient.exe
F:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
F:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
F:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Programmer\Windows Desktop Search\WindowsSearch.exe
F:\Programmer\Windows Live\Messenger\usnsvc.exe
F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
F:\Programmer\Trend Micro\Internet Security\TmProxy.exe
F:\Programmer\Internet Explorer\iexplore.exe
F:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Programmer\Internet Explorer\iexplore.exe
F:\WINDOWS\explorer.exe
F:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
F:\WINDOWS\System32\wiaacmgr.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\Michael\Skrivebord\hijack\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: AmsServer
O2 - BHO: (no name) - {660BC9A1-C4FA-4AE8-9A57-1FEF79068E63} - F:\WINDOWS\system32\byXPGXRj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9767C1BF-CA05-4E3B-9436-88F0804C06E5} - F:\WINDOWS\system32\xxyyywVN.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\Programmer\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmer\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\Programmer\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] F:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] F:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] F:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "F:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [³] e
O4 - HKLM\..\Run: [ž] exe
O4 - HKLM\..\Run: [spywarefighterguard] F:\Programmer\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "F:\Programmer\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "F:\Programmer\Octoshape Streaming Services\Michael\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [swg] F:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - HKCU\..\Run: [kek] c:\WINDOWS\system32\kek.exe
O4 - HKCU\..\Run: [³] e
O4 - HKCU\..\Run: [ž] exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Windows-pc-søgning.lnk = F:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF -
res://F:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://F:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://F:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://F:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://F:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://F:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://F:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://F:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://downol.dr.dk/download/netradio/Rawflow.cabO16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -
http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1219232637203O16 - DPF: {5BEB08D4-5421-446C-B329-10377FC45736} (Croom3_50 Object) -
http://launcher.room-3.com/room3_40/room3_50.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203686013030O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
http://www.trendsecure.com/easy_install/_activex/da/TSEasyInstallX.CABO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll eudonq.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Version Cue CS3 - Unknown owner - F:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - F:\Programmer\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - F:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PTK License-FIGHTERS-34712163 - SPAMfighter - F:\Programmer\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-34712163 - SPAMfighter - F:\Programmer\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-34712163 - SPAMfighter - F:\Programmer\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-34712163 - SPAMfighter - F:\Programmer\Fighters\configservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Programmer\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Trend Micros centrale kontrolkomponent (SfCtlCom) - Trend Micro Inc. - F:\Programmer\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - F:\Programmer\Trend Micro\BM\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - F:\Programmer\Trend Micro\Internet Security\TmProxy.exe