Hjælp til virus rens..

1 [ENTER]

undskyd for spam

karise ser du ikke på denne her. Det er også første gan han er på¨eksperten

http://www.eksperten.dk/spm/854253

Hej Karise-Larry
Jeg har faktisk prøvet at skrive 1 (efterfulgt af et enter)

Den skriver:
C: Windows

og så sker der ikke mere ved det.

<maria_agnete>: Glem dette med [recovery console] i denne omgang...

_Kan_ du logge på alm. på XP ???

Nej, når jeg indtaster mit password og enter står den bare og "tænker", men der sker ikke mere.. :(

... også i "Fejlsikker" tilstand ?

Jeg prøver igen på mandag, kommer ikke til computeren før.
Indtil videre tak for hjælpen, det er jo helt kanon, at man kan få hjælp herinde :D
men mon ikke jeg vender tilbage.
Hvordan ser I egentlig hvilke filer, der skal fikses.. er det erfaring?

Hej igen, Nu er jeg tilbage på min pind.
Jeg fik åbnet computeren i fejlsikret tilstand og jeg har kørt Malware - combofix og highjack i dag og filerne kommer herunder.

Malwarebytes' Anti-Malware 1.30
Database version: 1427
Windows 5.1.2600 Service Pack 3

2008-12-02 10:52:39
mbam-log-2008-12-02 (10-52-39).txt

Skan type: Fuldstændig skanning (C:\|E:\|)
Objekter skannet: 135396
Tid tilbagelagt: 29 minute(s), 36 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 15
Inficerede Registeringsdatabase Værdier: 5
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 18

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Interface\{764bc8b4-1159-4736-8af1-f124a7c8c3a8} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{df3f06c6-d443-48a8-bdf2-4e31f0554ebf} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3ed86073-2fa7-4cf4-810b-28b030671678} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3a267370-076e-4af4-b986-77626b8e89df} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a267370-076e-4af4-b986-77626b8e89df} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UAV (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vmware hptray (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\quicktime task (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Program Files\WebMediaViewer\hpmun.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\UAV\UAV.cpl.vir (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\601325\601325.dll.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D731F70-F128-43E5-A33D-164A5664BBCC}\RP634\A0065891.exe (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D731F70-F128-43E5-A33D-164A5664BBCC}\RP634\A0065892.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D731F70-F128-43E5-A33D-164A5664BBCC}\RP635\A0066023.exe (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D731F70-F128-43E5-A33D-164A5664BBCC}\RP635\A0067080.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D731F70-F128-43E5-A33D-164A5664BBCC}\RP635\A0072080.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D731F70-F128-43E5-A33D-164A5664BBCC}\RP636\A0072530.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D731F70-F128-43E5-A33D-164A5664BBCC}\RP636\A0072532.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UAV.cpl (Rogue.UltimateAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\hpmom.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\hpmon.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\qttask.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaViewer\qttaskm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\COMMON\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

ComboFix 08-12-01.01 - Common 2008-12-02 10:54:53.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.311 [GMT 1:00]
Running from: c:\documents and settings\COMMON\Desktop\Ny mappe\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\COMMON\Application Data\HbTools
c:\documents and settings\COMMON\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
c:\documents and settings\COMMON\My Documents\My Music\My Music.url
c:\documents and settings\COMMON\My Documents\My Videos\My Video.url
c:\program files\TinyProxy
c:\program files\TinyProxy\tinyproxy.exe
c:\program files\UAV
c:\program files\UAV\UAV.cpl
c:\program files\UAV\uav.ooo
c:\program files\UAV\UAV1.dat
c:\program files\UAV\Uninstall.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\fmark2.dat
c:\windows\system32\601325
c:\windows\system32\601325\601325.dll

.
(((((((((((((((((((((((((  Files Created from 2008-11-02 to 2008-12-02  )))))))))))))))))))))))))))))))
.

2008-11-26 19:42 . 2008-11-26 19:42    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2008-11-26 19:42 . 2008-11-26 19:42    <DIR>    d--------    c:\documents and settings\COMMON\Application Data\Malwarebytes
2008-11-26 19:42 . 2008-11-26 19:42    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-26 19:42 . 2008-10-22 16:10    38,496    --a------    c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-26 19:42 . 2008-10-22 16:10    15,504    --a------    c:\windows\system32\drivers\mbam.sys
2008-11-26 17:49 . 2008-11-26 19:13    <DIR>    d--------    c:\program files\Enigma Software Group
2008-11-26 11:58 . 2008-09-08 11:41    333,824    -----c---    c:\windows\system32\dllcache\srv.sys
2008-11-26 11:54 . 2008-08-14 11:11    2,189,184    -----c---    c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-26 11:54 . 2008-08-14 11:09    2,145,280    -----c---    c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-26 11:54 . 2008-08-14 10:33    2,066,048    -----c---    c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-26 11:54 . 2008-08-14 10:33    2,023,936    -----c---    c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-26 11:54 . 2008-09-15 13:12    1,846,400    -----c---    c:\windows\system32\dllcache\win32k.sys
2008-11-26 11:54 . 2008-10-24 12:21    455,296    -----c---    c:\windows\system32\dllcache\mrxsmb.sys
2008-11-26 11:51 . 2008-09-04 18:15    1,106,944    -----c---    c:\windows\system32\dllcache\msxml3.dll
2008-11-26 11:51 . 2008-10-15 17:34    337,408    -----c---    c:\windows\system32\dllcache\netapi32.dll
2008-11-26 11:36 . 2008-11-26 19:06    <DIR>    d-a------    c:\documents and settings\All Users\Application Data\TEMP
2008-11-26 10:21 . 2008-11-26 10:21    <DIR>    d--hs----    C:\C01A79303A8DDB48
2008-11-25 13:22 . 2008-11-25 13:28    4,337    ---h-----    c:\windows\f49f4d98.dat
2008-11-25 13:20 . 2008-11-26 12:59    1    ---h-----    c:\windows\f49f4daa.dat
2008-11-06 15:43 . 2008-11-06 18:25    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Corel
2008-11-06 15:38 . 2008-11-06 15:40    <DIR>    d--------    c:\program files\Common Files\Corel

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 18:38    ---------    d-----w    c:\program files\CCleaner
2008-11-20 10:16    ---------    d-----w    c:\documents and settings\All Users\Application Data\pdf995
2008-11-06 17:25    ---------    d-----w    c:\documents and settings\COMMON\Application Data\Corel
2008-11-06 14:38    ---------    d-----w    c:\program files\Corel
2008-10-24 11:21    455,296    ----a-w    c:\windows\system32\drivers\mrxsmb.sys
2008-10-11 14:14    ---------    d-----w    c:\program files\Common Files\Wise Installation Wizard
2008-10-11 14:08    108    ----a-w    C:\HiroConfig.dat
2008-10-11 11:16    ---------    d-----w    c:\program files\Windows Media Connect 2
2008-10-11 10:33    ---------    d-----w    c:\documents and settings\All Users\Application Data\Hiro-Media
2008-02-19 14:30    25,992    -c--a-w    c:\documents and settings\COMMON\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-11 3022848]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Mediafour Mac Volume Notifications"="c:\program files\Common Files\Mediafour\MACVNTFY.EXE" [2002-12-17 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-21 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-08-15 271672]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2006-10-18 40960]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2006-10-18 45056]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"nwiz"="nwiz.exe" [2003-12-11 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 c:\windows\SOUNDMAN.EXE]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Getting Started with MacDrive 5.lnk - c:\program files\Mediafour\MacDrive5\MDGSTART.EXE [2002-10-08 65536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
2003-11-07 10:24 61440 c:\program files\Common Files\Mediafour\MacDriveiTunesPatch.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages    REG_MULTI_SZ      msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SAS Institute\\SAS\\V8\\sas.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2003-11-05 26272]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-08 78416]
S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2007-09-06 34671]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-08 20560]
S2 C01A79303A8DDB48;C01A79303A8DDB48;\??\c:\c01a79303a8ddb48\C01A79303A8DDB48 []
S2 Logical Disk Manager (dmserver) ;Logical Disk Manager (dmserver) ;c:\program files\tinyproxy\tinyproxy.exe []
S3 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.sys [2003-10-07 223264]
S3 sasrfcService;sasrfc Service;c:\program files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe [2004-12-21 41984]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf850640-29b0-11da-9e8c-000feafec372}]
\Shell\AutoRun\command - setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{C39E6B6E-7E2A-43FF-8EC4-6731ED3B9D47} - (no file)
ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\COMMON\Application Data\Mozilla\Firefox\Profiles\te6krw7s.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:da-DK:official
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 11:04:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C01A79303A8DDB48]
"ImagePath"="\??\c:\c01a79303a8ddb48\C01A79303A8DDB48"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\program files\Common Files\Mediafour\MacDriveiTunesPatch.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Trend Micro\HijackThis\HijackThis.exe
.
**************************************************************************
.
Completion time: 2008-12-02 11:09:27 - machine was rebooted [COMMON]
ComboFix-quarantined-files.txt  2008-12-02 10:09:24

Pre-Run: 19,225,628,672 bytes free
Post-Run: 19,230,027,776 bytes free

160    --- E O F ---    2008-11-26 11:51:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:04, on 02-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Getting Started with MacDrive 5.lnk = C:\Program Files\Mediafour\MacDrive5\MDGSTART.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - F:\Dendrogram_program\Ebay\Ebay.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.dk/s/v/15.13/uploader2.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098873797656
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: hiro - {50BA1131-168F-4C08-A69B-4012273F222E} - (no file)
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logical Disk Manager (dmserver)  - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7595 bytes

... og jeg kan ikke åbne computeren i andet end fejlsikret tilstand. Vil det hjælpe efter jeg har fjernet nogen af de grimme filer ??

... Prøv...

men hvilke skal jeg fjerne?

Jeg har fjernet dem som ccleaner og Malware foreslår jeg skal fjerne.

nu har jeg fået en ny computer. IT-fyrene her på stedet synes det var nemmere at overføre alle mine filer til en ny..

så.. jeg får vist ikke brug for mere hjælp på dette problem ;)

Du skal have mange tak for hjælpen Hr. Karise Larry :D

(Var ellers lige på vej *S*)

Læg selv et [svar] og la' os dele...

Det er jo skørt.. jeg har jo ikke selv gjort noget ;)

så er det vist ordnet :D