Windows Vista mister pusten når setup-filer køres

Prøve med lidt oprydning:

Hent CCleaner her > http://www.spywareinfo.dk/#/manualer/ccleaner.htm
Installer CCleaner, og fjerne fluebenet udfor Yahoo Toolbar - ingen grund til at få det skrammel på.
Du skal ikke køre programmet endnu.

Hent RegSupreme her > http://www.spywareinfo.dk/#/manualer/regsupreme.htm
Lad programmet opdaterer, men du skal ikke køre programmet endnu.

Genstart i fejlsikret tilstand, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

Start så CCleaner > Fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder i både Windows og Programmer.  Kør et par gange eller til der ikke er mere og komme efter.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.  Kør et par gange, eller til der ikke er mere og komme efter.
Klik på OK, klik på Luk når den er færdig.

Start Regsupreme, klik på Registry cleaner
Første faneblad Options her sættes prikken i Aggressive.
Andet faneblad Mode her skal prikken være i Reference mode.
De resterende faneblade, skal man normalt ikke røre ved.
Når det er gjort, klik på Start, klik på Ja/Yes til advarslen.
Når forløbet er færdigt, klik på Fix.
Klik på Ja for at lave backup.
Please give a description for this backup
Jeg skriver altid datoen, f.eks 301207, klik så på OK.
Når den er færdig, klik på Close.
Gentag forløbet to-tre gange.
Genstart.

Vælg det rigtige styresystem og kør denne scanning.

Til XP styresystem:
Sæt Windows cd'en i drevet > når den popper-op så luk den ned oppe i det røde X i højre hjørne.
Gå i Start > Kør > Skriv: sfc /scannow - bemærk mellemrummet efter sfc > Tryk OK
Der kommer en bjælke så længe scanningen køre - og når den er færdig forsvinder den igen og du får ikke andre meldinger.
Genstart…

Til Vista styresystem:
Gå i Start - Skriv i søgefeltet > cmd > vælg det program som hedder > cmd.exe > og højreklik på den og sig "Kør som administrator"
Skriv: SFC.exe /Scannow > ENTER
Indsæt din Windows CD/DVD, hvis du bliver bedt om det.
Efter scanningen > Genstart…

Hjalp det??

Hej! Tak for svaret!

Den er stadig ikke god, efter jeg indsætter en dvd med et spil på, går der 10-15 min før den får startet setup-filen...

Hent Malwarebytes Anti-Malware www.spywarefri.dk/downloads1/mbam-setup.exe og tryk på Kør…

Installer programmet - når det er gjort skal du lade programmet opdatere sig.  Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde.  Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.

OBS!!  Ovenstående scanning skal foretages som enkelt scanning for samtlige brugere på maskinen - det vil sige, at der skal logges ind på hver enkelt bruger og køres en scanning…

Kopier loggen herind, og så træffer vi beslutning om hvad der videre skal ske…

Tog sin tid :)

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6002 Service Pack 2

08-08-2009 22:13:44
mbam-log-2009-08-08 (22-13-38).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 712556
Tid tilbagelagt: 3 hour(s), 38 minute(s), 22 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 3
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 2
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> No action taken.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Program Files\MySearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> No action taken.

Inficerede Filer:
C:\Users\Clausen\AppData\Roaming\Microsoft\Windows\update8123.cmp (Trojan.Agent) -> No action taken.

Ked af at skrive det - men du har ikke fulgt vejledningen, så det er en OM'er.

Men denne gang så skal du lade den fjerne det den finder:

Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.

Kom også lige med HJT log.

1. Hent nyeste version af HijackThis ned til skrivebordet.

2. Dobbeltklik på installationsfilen, og følg installationsvejledningen.

3. Dobbeltklik på det nye HijackThis ikon på skrivebordet.

4. På menuen der kommer op, klikker du på: Do a systemscan and save a logfile.

5. Efter et kort øjeblik åbner en logfil i notesblok, kopier teksten herind.

6. Hvis du ikke selv vælger at gemme loggen på skrivebordet, bliver den automatisk gemt på destinationen: C:/Programmer/hijackthis.log hvor du senere kan finde den.

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

OBS!!  Da renseprogrammer af mange sikkerhedsprogrammet vil blive opfattet som infektioner - er det en god idé at afbryde sikkerhedsprogrammerne under installation og scanninger…

Var dette korrekt? Havde nemlig ikke afsluttet med at fjerne, havde jeg overset... resten må jeg prøve i morgen, tak for indsatsen indtil videre! :)

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6002 Service Pack 2

08-08-2009 23:48:06
mbam-log-2009-08-08 (23-48-06).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 712556
Tid tilbagelagt: 3 hour(s), 38 minute(s), 22 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 3
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 2
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Users\Clausen\AppData\Roaming\Microsoft\Windows\update8123.cmp (Trojan.Agent) -> Quarantined and deleted successfully.

Citat: ...Kom også lige med HJT log...

C:\Users\Clausen\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/da-dk/wlscctrl2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiProt.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - C:\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\BMWgroup\transbase\tbmux32.exe

--
End of file - 8839 bytes

Det er også en OM'er, der mangler noget… *S*

Det er alt hvad jeg får frem... tilgengæld får jeg en fejl under scanning:

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HiJckThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start and type:

notepad c:\windows\system32\drivers\tec\hosts

and press Enter. Find the line(s) HiJackThis reports and delete them. Save the file as 'Hosts.' (with quotes), and reboot.

For Vista: Simply, exit HijackYhis, right click on the HiJackThis icon, choose 'Run as administrator'.

Skal selvfølgelig siges, at jeg har gjort som der står, og kørt som adm. Fejlen kommer alligevel.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:28, on 09-08-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Clausen\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/da-dk/wlscctrl2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiProt.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - C:\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\BMWgroup\transbase\tbmux32.exe

--
End of file - 8591 bytes

Nye scanning, der manglede alligevel noget... :)

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Og en ny HJT - log...

Først log'en fra ComboFix

ComboFix 09-08-08.04 - Clausen 09-08-2009 14:11.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate  6.0.6002.2.1252.45.1033.18.2047.1274 [GMT 2:00]
Kører fra: c:\users\Clausen\Desktop\C\ComboFix.exe
Kommandoer benyttet :: c:\users\Clausen\Desktop\C\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1928220643-765048467-717173681-1003
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\INSTALL.LOG
c:\windows\Installer\4b6604.msi
c:\windows\system32\bffbfd_g.dll
c:\windows\system32\HLVDD.DLL

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-07-09 til 2009-08-09  )))))))))))))))))))))))))))))))))))
.

2009-08-08 16:33 . 2009-08-08 16:33    3942047    ----a-w-    c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 16:33 . 2009-08-08 16:33    --------    d-----w-    c:\users\Clausen\AppData\Roaming\Malwarebytes
2009-08-08 16:33 . 2009-08-03 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-08-08 16:33 . 2009-08-03 11:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 16:33 . 2009-08-08 16:34    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-08-08 16:33 . 2009-08-08 16:33    --------    d-----w-    c:\programdata\Malwarebytes
2009-08-08 13:48 . 2005-04-12 10:54    331184    ------w-    c:\windows\system32\difxapi.dll
2009-08-08 13:48 . 2009-08-08 13:48    --------    d-----w-    c:\program files\VIA
2009-08-08 13:47 . 2009-05-05 07:59    22168    ----a-w-    c:\windows\system32\drivers\xfilt.sys
2009-08-08 13:47 . 2009-05-05 07:58    13976    ----a-w-    c:\windows\system32\drivers\videX32.sys
2009-08-08 12:15 . 2009-08-08 12:16    --------    d-----w-    c:\program files\RegSupreme
2009-08-03 19:20 . 2009-07-03 14:49    64160    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2009-08-03 19:19 . 2009-08-03 19:19    --------    dc-h--w-    c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-03 19:19 . 2009-07-08 17:28    2920112    -c--a-w-    c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-03 19:19 . 2009-08-03 19:20    --------    d-----w-    c:\programdata\Lavasoft
2009-08-03 19:19 . 2009-08-03 19:19    --------    d-----w-    c:\program files\Lavasoft
2009-07-22 07:26 . 2009-07-22 07:26    0    ----a-w-    c:\windows\system32\atiicdxx.dat
2009-07-21 16:30 . 2009-07-21 16:31    --------    d-----w-    c:\program files\Driver Cleaner Pro
2009-07-21 15:35 . 2009-07-21 16:28    --------    d-----w-    c:\program files\Driver Sweeper
2009-07-21 15:03 . 2009-07-21 18:37    --------    d-----w-    c:\program files\RailWorks
2009-07-21 15:03 . 2009-07-21 15:03    --------    d-----w-    c:\windows\RailWorks
2009-07-21 14:29 . 2006-12-20 08:00    671112    ----a-w-    c:\windows\system32\hdinst_windows.dll
2009-07-21 14:29 . 2006-11-30 09:06    69632    ----a-w-    c:\windows\system32\hasp_inst_help1.dll
2009-07-21 14:29 . 2005-09-06 15:06    28672    ----a-w-    c:\windows\system32\hlduinst.exe
2009-07-21 14:29 . 2006-12-20 09:55    3066968    ----a-w-    c:\windows\system32\hinstd.dll
2009-07-21 14:29 . 2006-12-20 08:00    2511360    ----a-w-    c:\windows\system32\haspds_windows.dll
2009-07-21 14:29 . 2002-07-26 15:02    153088    ----a-w-    c:\windows\system32\UNWISE.EXE
2009-07-21 14:08 . 2009-07-21 14:08    --------    d-----w-    C:\Tecar Forum
2009-07-21 07:19 . 2009-05-10 20:28    253952    ----a-w-    c:\program files\Uninstall My Search Bar.dll
2009-07-20 13:03 . 2009-07-20 13:06    --------    d-----w-    c:\windows\system32\ca-ES
2009-07-20 13:03 . 2009-07-20 13:06    --------    d-----w-    c:\windows\system32\eu-ES
2009-07-20 13:03 . 2009-07-20 13:06    --------    d-----w-    c:\windows\system32\vi-VN
2009-07-20 12:41 . 2009-07-20 12:41    --------    d-----w-    c:\windows\system32\EventProviders
2009-07-20 12:39 . 2009-04-11 05:03    12240896    ----a-w-    c:\windows\system32\NlsLexicons0007.dll
2009-07-20 12:39 . 2009-04-11 06:28    1081344    ----a-w-    c:\windows\system32\SLCExt.dll
2009-07-20 12:39 . 2009-04-11 06:27    3408896    ----a-w-    c:\windows\system32\SLsvc.exe
2009-07-20 12:37 . 2009-04-11 06:28    950784    ----a-w-    c:\windows\system32\gpedit.dll
2009-07-20 12:36 . 2009-04-11 06:28    177664    ----a-w-    c:\windows\system32\WSDMon.dll
2009-07-20 12:35 . 2009-04-11 06:28    218624    ----a-w-    c:\windows\system32\wdscore.dll
2009-07-20 12:35 . 2009-04-11 06:27    130560    ----a-w-    c:\windows\system32\PkgMgr.exe
2009-07-20 12:35 . 2009-04-11 06:28    247808    ----a-w-    c:\windows\system32\drvstore.dll
2009-07-15 07:20 . 2009-06-15 14:53    156672    ----a-w-    c:\windows\system32\t2embed.dll
2009-07-15 07:20 . 2009-06-15 14:52    23552    ----a-w-    c:\windows\system32\lpk.dll
2009-07-15 07:20 . 2009-06-15 14:52    72704    ----a-w-    c:\windows\system32\fontsub.dll
2009-07-15 07:20 . 2009-06-15 14:51    10240    ----a-w-    c:\windows\system32\dciman32.dll
2009-07-15 07:20 . 2009-06-15 12:42    289792    ----a-w-    c:\windows\system32\atmfd.dll
2009-07-15 07:20 . 2009-04-11 06:28    34304    ----a-w-    c:\windows\system32\atmlib.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 12:29 . 2008-09-04 17:21    463110    ----a-w-    c:\windows\system32\perfh006.dat
2009-08-09 12:29 . 2008-09-04 17:21    76994    ----a-w-    c:\windows\system32\perfc006.dat
2009-08-09 12:24 . 2008-09-01 18:41    --------    d-----w-    c:\users\Clausen\AppData\Roaming\Skype
2009-08-09 08:58 . 2008-09-01 18:41    --------    d-----w-    c:\users\Clausen\AppData\Roaming\skypePM
2009-08-09 08:57 . 2008-10-30 17:05    --------    d-----w-    c:\program files\LogMeIn
2009-08-08 13:50 . 2008-09-04 15:37    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-08-08 11:33 . 2009-05-02 19:56    --------    d-----w-    c:\users\Clausen\AppData\Roaming\BitTorrent
2009-08-04 20:10 . 2009-07-06 16:04    --------    d-----w-    c:\users\Clausen\AppData\Roaming\Download Manager
2009-07-21 21:52 . 2009-07-29 13:27    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 13:27    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 13:27    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 13:27    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-07-21 07:23 . 2009-05-02 19:55    --------    d-----w-    c:\users\Clausen\AppData\Roaming\DNA
2009-07-21 07:18 . 2009-02-14 21:31    --------    d-----w-    c:\program files\DAEMON Tools Toolbar
2009-07-20 13:31 . 2008-12-15 11:38    --------    d-----w-    c:\program files\Windows Live Safety Center
2009-07-20 13:07 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Calendar
2009-07-20 13:07 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-07-20 13:07 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Sidebar
2009-07-20 13:07 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Collaboration
2009-07-20 13:07 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Journal
2009-07-20 13:07 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Photo Gallery
2009-07-20 13:07 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Defender
2009-07-20 13:03 . 2006-11-02 10:25    665600    ----a-w-    c:\windows\inf\drvindex.dat
2009-07-20 12:52 . 2006-11-02 12:35    37665    ----a-w-    c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-20 09:59 . 2008-09-04 15:37    --------    d-----w-    c:\program files\Common Files\InstallShield
2009-07-19 11:10 . 2008-09-02 13:21    335752    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-07-16 08:24 . 2008-09-07 16:50    --------    d-----w-    c:\programdata\Microsoft Help
2009-07-13 09:14 . 2008-10-24 10:08    --------    d-----w-    c:\program files\Tolerance Data
2009-07-06 08:34 . 2008-09-01 05:07    99864    ----a-w-    c:\users\Clausen\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-06 08:11 . 2008-09-07 16:56    --------    d-----w-    c:\program files\Microsoft Works
2009-07-06 07:58 . 2009-07-06 07:58    --------    d-----w-    c:\program files\Common Files\PCSuite
2009-07-06 07:58 . 2008-09-17 18:18    --------    d-----w-    c:\program files\Nokia
2009-07-06 07:58 . 2008-09-17 18:18    --------    d-----w-    c:\program files\Common Files\Nokia
2009-07-06 07:56 . 2008-09-17 18:17    --------    d-----w-    c:\programdata\Installations
2009-07-06 07:56 . 2009-07-06 07:56    95232    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-06 07:56 . 2009-07-06 07:56    8192    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-06 07:56 . 2009-07-06 07:56    61440    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-06 07:56 . 2009-07-06 07:56    10240    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-06 07:56 . 2009-07-06 07:56    33848696    ----a-w-    c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_dan.exe
2009-06-30 15:37 . 2009-04-30 19:55    0    ----a-w-    c:\users\Clausen\temp.dat
2009-06-30 09:21 . 2008-09-17 18:58    --------    d-----w-    c:\program files\DIFX
2009-06-30 09:20 . 2009-06-30 09:20    --------    d-----w-    c:\program files\Garmin
2009-06-28 10:31 . 2009-03-09 16:14    --------    d-----w-    c:\programdata\hps
2009-06-28 10:29 . 2009-06-28 10:29    --------    d-----w-    c:\program files\expert_fotoservice4.5
2009-06-24 15:30 . 2009-06-24 15:30    --------    d-----w-    c:\program files\bilka_fotoservice4.5
2009-06-24 15:23 . 2009-03-09 16:00    --------    d-----w-    c:\program files\bilka_fotoservice
2009-06-24 09:00 . 2009-06-24 09:00    --------    d-----w-    c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-24 09:00 . 2009-06-24 09:00    --------    d-----w-    c:\program files\iTunes
2009-06-24 09:00 . 2009-06-24 09:00    --------    d-----w-    c:\program files\iPod
2009-06-24 09:00 . 2008-09-18 19:28    --------    d-----w-    c:\program files\Common Files\Apple
2009-06-24 08:59 . 2009-06-24 08:59    --------    d-----w-    c:\program files\Bonjour
2009-06-24 08:58 . 2009-06-24 08:58    --------    d-----w-    c:\program files\QuickTime
2009-06-24 08:55 . 2009-06-24 08:55    0    ---ha-w-    c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-06-24 08:54 . 2008-09-18 19:28    --------    d-----w-    c:\programdata\Apple
2009-06-24 08:51 . 2009-06-24 08:51    75048    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-24 08:47 . 2008-09-02 13:21    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-06-24 08:47 . 2008-09-02 13:21    27784    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 18:49 . 2009-06-22 18:46    1603536    ----a-w-    c:\programdata\hps\1179\setup_Bilka_fotoservice.exe
2009-06-21 16:10 . 2009-06-21 16:10    108144    ----a-w-    c:\windows\system32\CmdLineExt.dll
2009-06-21 16:05 . 2009-06-21 16:05    --------    d-----w-    c:\program files\Codemasters
2009-06-21 09:47 . 2009-06-21 09:47    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-21 09:43 . 2008-09-17 19:01    --------    d-----w-    c:\users\Clausen\AppData\Roaming\Nokia
2009-06-21 00:42 . 2009-06-21 00:42    --------    d-----w-    c:\program files\PC Connectivity Solution
2009-06-21 00:37 . 2009-06-21 00:37    95232    ----a-w-    c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-21 00:37 . 2009-06-21 00:37    8192    ----a-w-    c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-21 00:37 . 2009-06-21 00:37    61440    ----a-w-    c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-21 00:37 . 2009-06-21 00:37    10240    ----a-w-    c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-21 00:37 . 2009-06-21 00:38    33850480    ----a-w-    c:\programdata\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_dan.exe
2009-06-10 19:44 . 2009-06-10 19:44    --------    d-----w-    c:\program files\Common Files\Skype
2009-06-10 19:44 . 2009-06-10 19:44    --------    d-----r-    c:\program files\Skype
2009-06-10 19:44 . 2008-09-01 18:15    --------    d-----w-    c:\programdata\Skype
2009-06-05 11:40 . 2009-06-05 11:40    3351812    ----a-w-    c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-05 11:40 . 2009-06-05 11:40    36864    ----a-w-    c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-05 11:40 . 2009-06-05 11:40    3181612    ----a-w-    c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-05 11:40 . 2009-06-05 11:40    24380456    ----a-w-    c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13DK.exe
2009-06-05 09:42 . 2009-06-05 09:42    39424    ----a-w-    c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42    2060288    ----a-w-    c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2009-06-05 09:42    17408    ----a-w-    c:\windows\system32\drivers\netaapl.sys
1998-10-07 15:16 . 2008-10-24 10:08    148480    ----a-w-    c:\program files\UNWISE.EXE
2006-11-22 14:58 . 2006-11-22 14:58    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):72,e3,49,8b,3c,09,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F0CCA4D1-3CCD-46CB-90B5-2CAFEFF7D180}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{27FE6998-16EB-4538-9BCD-182C9A1B4A85}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{AE94BE20-6863-4C52-AFF4-D84848945552}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{56E6F9E1-9984-4B2B-B43F-64CFB4894D39}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9DDD87C4-E6A0-4334-A85E-A3D646BEAF62}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{38B524EF-64B6-4242-B4F2-E7A909AFA8E7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A20A5C33-E636-4AD0-B49D-DA3A4E91451C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{443BC8ED-9E63-4E2C-A558-259CF6C7E997}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{17F75831-9C0E-4F6C-A450-759766AE4ED5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DEE34438-0D16-4429-8C3C-69405FD2AD95}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{045682E5-1494-481C-820B-71590259B9E8}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{E6BD685D-C4D7-4F08-9280-BB41EF1947E7}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{5FE65FA1-C84F-4EBF-8896-0C73A07DE207}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{3BA20497-08E7-4666-80AD-CD518536F8B8}c:\\bmwgroup\\etklokal\\javaclient\\j2re1.4.2_01\\bin\\java.exe"= UDP:c:\bmwgroup\etklokal\javaclient\j2re1.4.2_01\bin\java.exe:java
"UDP Query User{E65AED00-0AD1-4417-9D7F-951E8361E4F5}c:\\bmwgroup\\etklokal\\javaclient\\j2re1.4.2_01\\bin\\java.exe"= TCP:c:\bmwgroup\etklokal\javaclient\j2re1.4.2_01\bin\java.exe:java
"TCP Query User{C35A2017-C4C8-49D8-BD8D-C7D33B1DE32F}c:\\bmwgroup\\etklokal\\javaclient\\etk.exe"= UDP:c:\bmwgroup\etklokal\javaclient\etk.exe:ETK
"UDP Query User{B37BFB9B-ECC1-4AC5-8B71-EAD5E961CB7B}c:\\bmwgroup\\etklokal\\javaclient\\etk.exe"= TCP:c:\bmwgroup\etklokal\javaclient\etk.exe:ETK
"TCP Query User{81309CAD-EA6B-463F-B4C6-BA43A25C1F19}c:\\bmwgroup\\javaclient\\j2re1.4.2_01\\bin\\java.exe"= UDP:c:\bmwgroup\javaclient\j2re1.4.2_01\bin\java.exe:java
"UDP Query User{699450B5-8BD2-4233-8AE4-9C6EEF13C2F1}c:\\bmwgroup\\javaclient\\j2re1.4.2_01\\bin\\java.exe"= TCP:c:\bmwgroup\javaclient\j2re1.4.2_01\bin\java.exe:java
"TCP Query User{71F3FD07-8240-4949-8576-3694BDFFC409}c:\\bmwgroup\\javaclient\\etk.exe"= UDP:c:\bmwgroup\javaclient\etk.exe:ETK
"UDP Query User{01562091-6B37-4D19-8EA2-0EA62D401FDB}c:\\bmwgroup\\javaclient\\etk.exe"= TCP:c:\bmwgroup\javaclient\etk.exe:ETK
"TCP Query User{C11628D9-0C26-427C-999A-BC6CCAC9E7F7}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A6F520BE-AE8D-4FA2-8D2B-A40FE9DA1024}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B16A204C-2072-4DBC-8057-4C84BAC60004}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{1DD2C7B5-E426-43D7-B996-93F61A80E449}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{6159C5FF-D8C0-4592-B507-D5E0ADAA699D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{6F843D80-F2FF-41A9-8576-A852AE686AD4}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{324920EB-AD87-4B82-B905-27E2976697E1}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{FBEF345F-BCCC-49A3-95DA-95E55176A66A}c:\\users\\clausen\\program files\\dna\\btdna.exe"= UDP:c:\users\clausen\program files\dna\btdna.exe:btdna.exe
"UDP Query User{349856C1-DC28-448F-B759-21F25E68C9B8}c:\\users\\clausen\\program files\\dna\\btdna.exe"= TCP:c:\users\clausen\program files\dna\btdna.exe:btdna.exe
"{93EEA5E1-5651-4FFF-AC67-46D2723D21CD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0B693DA4-BCB2-48AE-9911-08397FC0F9B9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{027BEBCD-2833-465C-A0A7-1E1B67713E99}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{48A09428-59CF-405F-9DE6-EAA485841B1B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [03-08-2009 21:20 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [08-08-2009 15:47 22168]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [02-09-2008 15:21 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03-02-2009 18:33 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02-09-2008 15:21 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02-09-2008 15:21 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03-07-2009 16:49 1029456]
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [30-10-2008 18:44 147456]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [30-10-2008 18:45 241664]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [30-10-2008 18:45 217088]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [30-10-2008 18:45 368640]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [30-10-2008 18:45 249856]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24-07-2008 19:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [30-10-2008 19:06 47640]
R2 Transbase;Transbase;c:\bmwgroup\transbase\tbmux32.exe [12-10-2008 12:19 385024]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [30-10-2008 18:45 1306624]
R3 SndTAudio;SndTAudio;c:\windows\System32\drivers\SndTAudio.sys [14-12-2008 01:23 23096]
R3 SndTVideo;SndTVideo;c:\windows\System32\drivers\SndTVideo.sys [14-12-2008 01:23 3768]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [05-06-2009 11:42 17408]
S3 SoundMovieServer;SoundMovieServer;c:\windows\System32\snmvtsvc.exe [14-12-2008 01:23 200704]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\System32\drivers\usbaapl.sys [05-06-2009 11:42 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ      WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1928220643-765048467-717173681-1000Core.job
- c:\users\Clausen\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-11 20:17]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1928220643-765048467-717173681-1000UA.job
- c:\users\Clausen\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-11 20:17]

2009-08-09 c:\windows\Tasks\User_Feed_Synchronization-{94AD5CE0-5737-4869-B726-D7C15BE53E6B}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: danskebank.dk
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 14:22
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(5568)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dan.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\LogMeIn\x86\LogMeInSystray.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
.
**************************************************************************
.
Gennemført tid: 2009-08-09 14:37 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-08-09 12:37

Pre-Kørsel: 19.877.621.760 bytes free
Post-Kørsel: 19.770.658.816 byte ledig

320    --- E O F ---    2009-08-04 08:02

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:29, on 09-08-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Clausen\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/da-dk/wlscctrl2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiProt.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - C:\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\BMWgroup\transbase\tbmux32.exe

--
End of file - 8115 bytes

Hvordan køre isenkrammet nu - har det hjulpet??

Den reagerer klart hurtigere... især når der surfes, og generel åbning af vinduer.

MEN, jeg kan stadig ikke køre en Setup-fil uden den dør fuldstændig...

Jeg vil lige ha' en alternative vurdering af de logs - så har rekvireret en backup... *SS*

Alletiders! :)

Afinstaller Bittorrent i Tilføj/Fjern programmer.
Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Kør Hijackthis, scan, sæt flueben ved følgende, luk alle vinduer undtaget Hijackthis, klik på fix checked, når den er færdig, genstart.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

---------------------------------------
Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
c:\Program Files\BitTorrent
c:\users\clausen\program files\dna

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Det er det hele, vi skal ikke se flere logs.

Done... vil I ikke se de nye logs?

Nej der kommer ikke noget nyt frem ved dem mere…

Citat > Den reagerer klart hurtigere... især når der surfes, og generel åbning af vinduer.

MEN, jeg kan stadig ikke køre en Setup-fil uden den dør fuldstændig...

Men jeg har lidt på fornemmelsen at det ikke løste dit problem?  Er det rigtigt så må du ud i en repair > http://www.bleepingcomputer.com/tutorials/tutorial148.html

Hjælper det ikke, jamen så bliver det en formatering så jeg vedhæfter lige en vejledning i sådan en:

Backup af mail og adresser i Outlook Express >
http://www.spywareinfo.dk/#/tip-og-tricks/backup-email.htm

Backup af mail og adresser i Outlook >
http://www.spywareinfo.dk/#/tip-og-tricks/backup_outlook.htm

Vælg det rigtige styresystem!!

Formateringen XP >
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29193

Installation - geninstallation Vista
Video > http://www.pcworld.dk/blogs/Vistabloggen/368?a=blog&i=9
Og en skriftlig vejledning > http://www.helgec.dk/vista-install.html

Vi kan ikke gøre det bedre!!

Hej igen!

Computeren er generelt hurtigere, som også tidligere skrevet. Men nej, den kan sjovt nok ikke køre store prgrammer.

Tror som du selv siger, at jeg må ud i en formatering... :-/

Men mange tak for input, og venligst post et svar, så jeg kan overlevere point!

Ha' en god dag :)

Lidt irriterende - men en løsning der virker hver gang. *SS*

Et godt råd - lad fildeling/P2P programmer være, det er roden til alt ondt.

Men vent til Fromsej har lagt et svar også - så kan vi dele de skide point… *S*

Det kommer her.