Så har jeg kørt Combofix og HiJack igen:
ComboFix 09-03-22.01 - Thomas Helsborg 2009-03-23 10:10:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.1535.1054 [GMT 1:00]
Kører fra: c:\documents and settings\Thomas Helsborg\Skrivebord\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
c:\docume~1\THOMAS~1\LOKALE~1\tonhoc.fps
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-02-23 til 2009-03-23 )))))))))))))))))))))))))))))))))))
.
2009-03-19 13:17 . 2009-03-19 13:17 <DIR> d-------- c:\documents and settings\Thomas Helsborg\Application Data\Malwarebytes
2009-03-19 13:17 . 2009-03-19 13:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-19 13:17 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-19 13:17 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 13:33 . 2009-03-19 13:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 19:43 --------- d-----w c:\documents and settings\Thomas Helsborg\Application Data\mIRC
2009-03-17 13:34 --------- d-----w c:\documents and settings\Thomas Helsborg\Application Data\Skype
2009-03-11 21:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-19 16:03 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-19 16:03 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-02-19 15:55 24,616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-02-19 15:55 13,224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-02-19 15:55 1,107,296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-30 11:24 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 11:24 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-29 16:27 --------- d-----w c:\programmer\MSBuild
2009-01-29 16:27 --------- d-----w c:\programmer\Microsoft Works
2009-01-29 16:25 --------- d-----w c:\programmer\Microsoft.NET
2009-01-29 16:23 --------- d-----w c:\programmer\Microsoft Visual Studio 8
2009-01-29 16:11 --------- d-----w c:\programmer\PowerISO
2009-01-28 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-07-14 10:00 19,488 ----a-w c:\documents and settings\Thomas Helsborg\Application Data\GDIPFONTCACHEV1.DAT
2008-09-16 19:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008091620080917\index.dat
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"igndlm.exe"="d:\programmer\D2D Download Manager\DLM.exe" [2008-08-01 1103216]
"Google Update"="c:\documents and settings\Thomas Helsborg\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"SpybotSD TeaTimer"="d:\programmer\Spybot\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"Dell AIO Printer A920"="c:\programmer\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"Adobe Reader Speed Launcher"="d:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EverioService"="d:\programmer\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]
"QuickTime Task"="d:\programmer\QuickTime\qttask.exe" [2006-09-01 282624]
"StartCCC"="c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="d:\programmer\Picasa\PicasaMediaDetector.exe" [2007-10-23 443968]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2008-02-14 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\programmer\Fælles filer\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 12:24 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= c:\docume~1\THOMAS~1\LOKALE~1\Temp\..\tonhoc.fps
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 10ad
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 d:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 d:\programmer\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\programmer\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 22:18 443968 d:\programmer\Picasa\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 d:\programmer\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 d:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 11:17 61440 c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-08 18:38 1266936 c:\programmer\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 16:22 1519616 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"d:\\Poker\\B2BPOKER\\PointPoker\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"d:\\Programmer\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"d:\\Spil\\Civilization 4\\Civilization4.exe"=
"c:\\StubInstaller.exe"=
"d:\\Programmer\\LimeWire\\LimeWire.exe"=
"c:\\Programmer\\Java\\jre1.5.0_03\\bin\\javaw.exe"=
"c:\\Programmer\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"d:\\Programmer\\Joost\\xulrunner\\tvprunner.exe"=
"d:\\Programmer\\mIRC\\mirc.exe"=
"d:\\Programmer\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"d:\\Programmer\\CyberLink\\PCM4Everio\\EverioService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"d:\\Spil\\FEAR\\FEAR.exe"=
"c:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmer\\MSN Messenger\\livecall.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programmer\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18005:TCP"= 18005:TCP:BitComet 18005 TCP
"18005:UDP"= 18005:UDP:BitComet 18005 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-22 325128]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-30 298264]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-08-18 3712]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-02-19 13224]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-07-13 167808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fb9c888-78e6-11dd-9744-000cf192312d}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Indhold af mappen 'Planlagte Opgaver'
2009-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
2009-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1580818891-839522115-1004.job
- c:\documents and settings\Thomas Helsborg\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 12:43]
2009-03-22 c:\windows\Tasks\User_Feed_Synchronization-{F81AF2F8-E1EE-4281-943E-6D98BB65AA1E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - TOMME GENVEJE FJERNET - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-LiveMonitor - c:\programmer\MSI\Live Update 3\LMonitor.exe
MSConfigStartUp-NeroFilterCheck - c:\programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-updateMgr - d:\programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.dr.dk/uInternet Settings,ProxyOverride = localhost
IE: E&ksporter til Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - d:\poker\Mansion\MANSION.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} -
hxxps://www.basisbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cabDPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} -
hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cabDPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} -
hxxp://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cabDPF: {CAC677B6-4963-4305-9066-0BD135CD9233} -
hxxp://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cabDPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} -
hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exeDPF: {D8575CE3-3432-4540-88A9-85A1325D3375} -
hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabDPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} -
hxxp://asp07.photoprintit.de/microsite/10023/defaults/activex/ImageUploader3.cabFF - ProfilePath - c:\documents and settings\Thomas Helsborg\Application Data\Mozilla\Firefox\Profiles\2cjj9i39.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\programmer\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Thomas Helsborg\Lokale indstillinger\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\programmer\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programmer\D2D Download Manager\npfpdlm.dll
FF - plugin: d:\programmer\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programmer\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\programmer\Firefox\plugins\NPAdbESD.dll
FF - plugin: d:\programmer\Firefox\plugins\npJoostPlugin.dll
FF - plugin: d:\programmer\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programmer\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programmer\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programmer\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programmer\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programmer\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programmer\QuickTime\Plugins\npqtplugin7.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-23 10:12:59
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logitech\bluetooth\LBTServ.dll
.
Gennemført tid: 2009-03-23 10:14:53
ComboFix-quarantined-files.txt 2009-03-23 09:14:51
Pre-Kørsel: 7,613,956,096 byte ledig
Post-Kørsel: 7,602,434,048 byte ledig
215 --- E O F --- 2009-03-13 12:21:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18, on 2009-03-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Dell AIO Printer A920\dlbkbmgr.exe
C:\Programmer\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Programmer\CyberLink\PCM4Everio\EverioService.exe
D:\Programmer\QuickTime\qttask.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Thomas Helsborg\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programmer\Spybot\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Programmer\Spyware\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dr.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmer\Spybot\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Programmer\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EverioService] "D:\Programmer\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] D:\Programmer\D2D Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Thomas Helsborg\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmer\Spybot\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Programmer\Picasa\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Poker\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Poker\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - D:\Poker\Mansion\MANSION.exe
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - D:\Poker\Mansion\MANSION.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programmer\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programmer\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://asia.msi.com.twO15 - Trusted Zone:
http://global.msi.com.twO15 - Trusted Zone:
http://www.msi.com.twO16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://downol.dr.dk/download/netradio/Rawflow.cabO16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) -
https://www.basisbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.srtest.com/srl_bin/sysreqlab3.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) -
http://upload.facebook.com/controls/FacebookPhotoUploader3.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155914495296O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab2.cabO16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -
http://liveupdate.msi.com.tw/autobios/LOnline/install.cabO16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) -
http://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cabO16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab.cabO16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) -
http://photoservice.fujicolor.de/ips-opdata/layout/fuji01/activex/IPSUploader4.cabO16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exeO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocxO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) -
http://asp07.photoprintit.de/microsite/10023/defaults/activex/ImageUploader3.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
--
End of file - 10282 bytes