Avatar billede bjarnebif Novice
02. december 2009 - 15:49 Der er 19 kommentarer og
1 løsning

IE8 åbner 2-300 vinduer lynhyrtigt

Min internet explorer 8 er begydt på noget højst underligt.
Når jeg starter browseren, for at læse min mail på gmail, så begynder der at åbne 2-300 vinduer lynhurtigt efter hinanden, og det går så stærkt at jeg IKKE kan nå at lukke dem efterhånden.
Det er jeg godt nok MEGET træt af.
Skulle der ikke være en eller anden som ved hvad der kan være galt ??

Please, hjælp mig !!!

P.S. - Jeg har prøvet diverse anti-virus og anti-spyware
Avatar billede f-arn Guru
02. december 2009 - 15:52 #1
Prøv det her ->

Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista - Højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på opdater til den skriver at der ikke er flere opdateringer.
Avatar billede bjarnebif Novice
02. december 2009 - 16:42 #2
Her kommer de :
Først "mbam-log-2009-12-02 (16-23-34).txt"
Malwarebytes' Anti-Malware 1.41
Database version: 3277
Windows 5.1.2600 Service Pack 3

02/12/2009 16:23:34
mbam-log-2009-12-02 (16-23-34).txt

Skan type: Hurtig skanning
Objekter skannet: 123961
Tid tilbagelagt: 3 minute(s), 7 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 5
Inficerede Mapper: 0
Inficerede Filer: 7

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts (Trojan.Downloader) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Documents and Settings\Bjarne Lyngbo\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bjarne Lyngbo\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bjarne Lyngbo\Skrivebord\Free Porn & Adult Videos Forum.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bjarne Lyngbo\Skrivebord\Free porn videos, fast free porn - pornBB.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpcc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bjarne Lyngbo\Lokale indstillinger\Temp\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bjarne Lyngbo\Lokale indstillinger\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
-----------------------------------------------------------------
Så "DDS.txt"

DDS (Ver_09-12-01.01) - NTFSx86 
Run by Bjarne Lyngbo at 16:25:38,14 on 02/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1789.1423 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
D:\Spil\4 - Til Mona\Progs\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/ig?hl=da&source=iglk
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe,
BHO: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
TB: {CB789373-04D5-4EF4-9C16-871463FD0830} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Symantec PIF AlertEng] "c:\programmer\fælles filer\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\programmer\fælles filer\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TkBellExe] "c:\programmer\fælles filer\real\update_ob\realsched.exe"  -osboot
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programmer\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
Trusted Zone: danid.dk
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
TCP: {A4C25A26-BDC3-4FAC-8D01-8A7E580EDE7B} = 208.67.222.222,208.67.220.220

============= SERVICES / DRIVERS ===============

S4 gupdate;Google Update Service (gupdate);c:\programmer\google\update\GoogleUpdate.exe [2009-10-6 133104]
S4 iWinTrusted;iWinTrusted;c:\programmer\iwin games\iwintrusted.exe --> c:\programmer\iwin games\iWinTrusted.exe [?]
S4 organiserservice;organiser database;c:\vivida~1\organi~1.exe -zglaxservice organiserservice --> c:\vivida~1\ORGANI~1.EXE -zglaxservice organiserservice [?]

=============== Created Last 30 ================

2009-12-02 15:15:04    0    d-----w-    c:\docume~1\bjarne~1\applic~1\Malwarebytes
2009-12-02 15:15:00    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 15:14:59    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-02 15:14:59    0    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-12-02 15:14:59    0    d-----w-    c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-02 14:03:06    0    d-----w-    c:\windows\system32\wbem\Repository
2009-12-02 13:55:12    0    d-----w-    C:\0 - DivX Serier OK
2009-12-02 13:54:12    0    d-----w-    c:\programmer\Hide and Secret 3 - Pharaohs Quest
2009-12-02 13:54:11    0    d-----w-    c:\programmer\Lost City of Z - Special Edition
2009-12-02 13:53:52    0    d-----w-    c:\programmer\Romance of Rome
2009-12-02 13:53:48    0    d-----w-    c:\programmer\The Tudors
2009-12-02 13:53:47    0    d-----w-    c:\programmer\Company
2009-12-02 13:53:37    0    d-----w-    c:\programmer\Princess Isabella - A Witch's Curse
2009-12-02 13:53:36    0    d-----w-    c:\programmer\Reincarnations - Awakening
2009-12-02 13:19:08    0    d-----w-    c:\documents and settings\bjarne lyngbo\DoctorWeb
2009-12-02 12:35:56    0    d-----w-    C:\Spyware Doctor
2009-11-28 10:43:59    0    d-----w-    c:\programmer\Runtime Software
2009-11-26 21:03:56    0    d-----w-    c:\docume~1\bjarne~1\applic~1\FirstColony
2009-11-26 19:27:22    0    d-----w-    c:\docume~1\alluse~1\applic~1\ScreenSeven
2009-11-26 18:48:50    0    d-----w-    c:\docume~1\bjarne~1\applic~1\Azgard
2009-11-25 07:31:41    0    d-----w-    c:\docume~1\bjarne~1\applic~1\Alawar
2009-11-24 23:31:11    0    d-----w-    c:\docume~1\alluse~1\applic~1\Elaborate Bytes
2009-11-24 23:30:45    0    d-----w-    c:\programmer\Elaborate Bytes
2009-11-24 20:04:41    0    d-----w-    c:\docume~1\alluse~1\applic~1\SOS
2009-11-24 15:09:27    0    d-----w-    c:\docume~1\alluse~1\applic~1\EscapeTheMuseum2
2009-11-24 12:01:58    0    d-----w-    C:\0 - DivX Film OK
2009-11-23 22:43:35    262144    ----a-w-    c:\windows\_detmp.2
2009-11-23 22:43:35    227444    ----a-w-    c:\windows\_detmp.1
2009-11-23 21:26:05    0    d-----w-    C:\0 - DVD Film OK
2009-11-23 19:13:57    0    d-----w-    C:\temp_dvd
2009-11-23 19:13:03    0    d-----w-    c:\programmer\Dvd-cloner
2009-11-23 18:32:48    0    d-----w-    c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-11-23 18:09:54    0    d-----w-    c:\programmer\Norton 360
2009-11-23 18:09:05    0    d-----w-    c:\programmer\Symantec
2009-11-23 18:09:03    0    d-----w-    c:\docume~1\alluse~1\applic~1\Symantec
2009-11-23 17:33:02    94208    ----a-w-    c:\windows\system32\msstkprp.dll
2009-11-23 17:32:37    302    ----a-w-    c:\windows\_delis43.ini
2009-11-23 17:32:36    0    d-----w-    c:\documents and settings\bjarne lyngbo\WINDOWS
2009-11-23 17:30:57    368912    ----a-w-    c:\windows\system32\VBAR332.DLL
2009-11-23 17:30:57    252176    ----a-w-    c:\windows\system32\MSRD2X35.DLL
2009-11-23 17:30:57    24848    ----a-w-    c:\windows\system32\MSJTER35.DLL
2009-11-23 17:30:57    123664    ----a-w-    c:\windows\system32\MSJINT35.DLL
2009-11-23 17:30:57    1046288    ----a-w-    c:\windows\system32\MSJET35.DLL
2009-11-23 17:30:49    617472    ----a-w-    c:\windows\system32\COMCTL32.NU6
2009-11-23 17:30:49    0    d-----w-    c:\programmer\fælles filer\Symantec Shared
2009-11-22 10:56:44    11    ----a-w-    C:\IMAGE.dvd
2009-11-22 10:05:51    0    d-----w-    c:\docume~1\alluse~1\applic~1\IntDreams
2009-11-21 12:38:07    0    d-----w-    c:\programmer\fælles filer\PCSuite
2009-11-21 12:37:16    0    d-----w-    c:\programmer\PC Connectivity Solution
2009-11-17 18:38:10    0    d-----w-    c:\docume~1\bjarne~1\applic~1\Friday's games
2009-11-17 17:40:29    0    d-----w-    c:\docume~1\bjarne~1\applic~1\TimeMachine
2009-11-17 12:53:04    18816    ----a-w-    c:\windows\system32\drivers\pccsmcfd.sys
2009-11-17 11:42:16    0    d-----w-    C:\SIM Edit Tool
2009-11-15 18:35:06    0    d-----w-    c:\programmer\News Group File Grabber
2009-11-15 16:04:58    0    d-----w-    c:\windows\system32\NtmsData
2009-11-15 05:24:12    0    d-----w-    c:\docume~1\alluse~1\applic~1\WildWestQuest2
2009-11-14 20:16:31    0    d-----w-    c:\programmer\I-Fluid
2009-11-14 20:14:44    0    d-----w-    c:\windows\Season of Mystery The Cherry Blossom Murders
2009-11-14 20:14:44    0    d-----w-    c:\programmer\Season of Mystery The Cherry Blossom Murders
2009-11-14 16:31:56    0    d-----w-    c:\documents and settings\bjarne lyngbo\uspy
2009-11-14 15:12:55    0    d-----w-    c:\docume~1\bjarne~1\applic~1\GOA
2009-11-14 15:12:55    0    d-----w-    c:\docume~1\alluse~1\applic~1\GOA
2009-11-14 14:42:38    0    d-----w-    c:\docume~1\bjarne~1\applic~1\ForgottenRiddles2
2009-11-13 14:03:55    0    d-----w-    c:\programmer\WinAVIVideoConverter
2009-11-13 12:51:40    0    d-----w-    c:\docume~1\alluse~1\applic~1\Islands
2009-11-13 07:50:02    0    d-----w-    c:\docume~1\bjarne~1\applic~1\Playrix Entertainment
2009-11-12 23:42:57    0    d-----w-    c:\programmer\JDownloader
2009-11-12 00:26:47    0    d-----w-    c:\programmer\Samorost2
2009-11-11 18:31:11    0    d-----w-    C:\games
2009-11-11 14:19:45    0    d-----w-    c:\docume~1\bjarne~1\applic~1\EcoRescue
2009-11-09 22:14:02    0    d-----w-    c:\windows\Avenue Flo
2009-11-09 22:14:02    0    d-----w-    c:\programmer\Avenue Flo
2009-11-09 15:01:58    0    d-----w-    c:\docume~1\bjarne~1\applic~1\ElementalsTheMagicKey
2009-11-09 10:39:00    0    d-----w-    c:\programmer\Zip and Split
2009-11-07 10:51:24    0    d-----w-    c:\programmer\DVD Shrink

==================== Find3M  ====================

2009-12-02 15:21:51    83590    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-02 15:21:51    458944    ----a-w-    c:\windows\system32\perfh006.dat
2009-11-05 11:34:13    0    -c--a-w-    c:\documents and settings\bjarne lyngbo\temp.dat
2009-10-29 10:49:22    0    ----a-w-    c:\docume~1\bjarne~1\applic~1\mgsnhDemo_32.dll
2009-10-11 03:17:27    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-10-06 10:52:36    91136    ----a-w-    c:\windows\system32\nmwcdcls.dll
2009-09-04 16:44:40    69464    ----a-w-    c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:44:40    515416    ----a-w-    c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44:40    238936    ----a-w-    c:\windows\system32\xactengine3_5.dll
2009-09-04 16:29:34    453456    ----a-w-    c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29:34    235344    ----a-w-    c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29:32    5501792    ----a-w-    c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29:32    1974616    ----a-w-    c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29:30    1892184    ----a-w-    c:\windows\system32\D3DX9_42.dll
2008-03-09 05:25:10    236    -c-ha-w-    c:\programmer\fælles filer\dx.reg

============= FINISH: 16:26:41,90 ===============
-----------------------------------------------------------------
Og så "Attach.txt"

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/06/2009 17:26:34
System Uptime: 12/02/2009 16:24:38 (7032 hours ago)

Motherboard: ASUSTeK Computer INC. |  | P5N-EM HDMI
Processor: Intel(R) Core(TM)2 Duo CPU    E4600  @ 2.40GHz | Socket 775 | 2399/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 28,481 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 70,131 GiB free.
E: is FIXED (NTFS) - 155 GiB total, 35,148 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 155,943 GiB free.
G: is FIXED (NTFS) - 298 GiB total, 93,687 GiB free.
H: is FIXED (NTFS) - 233 GiB total, 136,333 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP204: 11/11/2009 16:38:04 - Systemkontrolpunkt
RP205: 12/11/2009 01:35:09 - Installed Big City Adventure-Sydney Australia
RP206: 13/11/2009 05:02:42 - Systemkontrolpunkt
RP207: 14/11/2009 05:42:44 - Systemkontrolpunkt
RP208: 15/11/2009 07:53:43 - Systemkontrolpunkt
RP209: 16/11/2009 08:49:53 - Systemkontrolpunkt
RP210: 17/11/2009 12:42:30 - Installed Myson SIM Edit Tool
RP211: 19/11/2009 05:27:45 - Systemkontrolpunkt
RP212: 20/11/2009 06:03:32 - Systemkontrolpunkt
RP213: 21/11/2009 16:31:11 - Systemkontrolpunkt
RP214: 22/11/2009 21:53:49 - Systemkontrolpunkt
RP215: 23/11/2009 16:24:28 - Removed Active@ UNDELETE
RP216: 23/11/2009 16:25:01 - Removed Ad-Aware
RP217: 23/11/2009 16:29:56 - Removed DownloadStudio
RP218: 23/11/2009 16:32:45 - Removed FLOCK!
RP219: 23/11/2009 16:33:21 - Configured Focus 500,000 Images
RP220: 23/11/2009 16:37:23 - Removed Drive Backup 8.51 Professional Trial
RP221: 23/11/2009 16:37:37 - Removed Partition Manager 9.0 Professional
RP222: 23/11/2009 16:39:21 - Removed Steam
RP223: 23/11/2009 16:39:39 - Removed SUPERAntiSpyware Professional
RP224: 23/11/2009 16:40:23 - Removed TubeHunter
RP225: 23/11/2009 16:40:33 - Removed TubeHunter Ultra
RP226: 23/11/2009 16:40:42 - Removed TubeHunter Ultra
RP227: 23/11/2009 16:41:28 - Removed Windows 7 Upgrade Advisor Beta
RP228: 23/11/2009 17:44:44 - Fjernede Apple Software Update
RP229: 25/11/2009 01:53:21 - Systemkontrolpunkt
RP230: 26/11/2009 01:58:16 - Systemkontrolpunkt
RP231: 27/11/2009 05:16:17 - Systemkontrolpunkt
RP232: 28/11/2009 00:12:46 - Installed Active@ File Recovery
RP233: 29/11/2009 00:15:41 - Systemkontrolpunkt
RP234: 30/11/2009 15:47:29 - Systemkontrolpunkt
RP235: 01/12/2009 19:54:57 - Systemkontrolpunkt
RP236: 02/12/2009 13:28:49 - Removed Google Earth Plug-in.
RP237: 02/12/2009 13:29:30 - Removed Active@ File Recovery
RP238: 02/12/2009 13:30:46 - Removed CuteFTP 8 Professional
RP239: 02/12/2009 13:55:44 - Removed Rise Of Legends
RP240: 02/12/2009 14:26:24 - Installed XP Repair Pro 4.0.
RP241: 02/12/2009 14:53:16 - Gendan handling

==== Installed Programs ======================

1912 Titanic Mystery
Absolute MP3 Splitter version 2.8.7
ACE Mega CoDecS Pack
Adam's Venture
Adobe Flash Player 10 ActiveX
Adrianne Stone Hidden Relics
Alexandra Fortune in Mystery of the Lunar Archipelago
Amazing Heists Dillinger
Ancient Quest Of Saqqarah
AndreaMosaic 3.32.3
Anno 1404
Aquapolis
ASUS Splendid
ASUSUpdate
Atomic ZIP Password Recovery 2.50
Autumn's Treasures - The Jade Coin
Avalon
Avenue Flo
Aveyond Lord of Twilight
Babylonia
Bato Treasures of Tibet
Be A King
Big City Adventure-Sydney Australia
Boulder Match 4
Bounty Special Edition
Brickshooter Egypt
BufferChm
Build-a-lot 4 Power Source
Campfire Legends The Hookman
Canon iP4300 Brugerregistrering
Canon iP4600 series Brugerregistrering
Canon iP4600 series Printer Driver
Canon PhotoRecord
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities My Printer
CD-LabelPrint
CloneDVD2
Combined Community Codec Pack 2006-07-28 (Remove Only)
ConvertXtoDVD 3.6.2.153
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Crystal Cave Classic 1.0
CueTour
CuteFTP 8 Professional
Department 42 - The Mystery of the Nine 1.00
Destinations
DeviceManagementQFolder
Diamon Jones - Amulet of the World
Digital Signatur
DocProc
DocProcQFolder
Dream Sleuth
Driver Genius Professional Edition 2007
DVD-CLONER V7.00 Build 990
DVD Shrink 3.2
Easy-WebPrint
Easy CD-DA Extractor 11
Easy CD-DA Extractor 12
Elementals The Magic Key
Empire Earth III
eMule
Engineer 2 1.0
Engineering
eSupportQFolder
Faerie Solitaire
Fortune Tiles Gold
Foxit Reader
FullDPAppQFolder
Gardenscapes
GearDrvs
Ghost Town Mysteries - Bodie
Google Earth Plug-in
Google Update Helper
HdO Adventure Hollywood
HdO Adventure Secrets of the Vatican
Hidden Wonders Of The Depths
Hide and Secret 3 - Pharaohs Quest
Holly 2 Magic Land
Hotel Mogul
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB952287)
Hotfix til Windows XP (KB961118)
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Scanjet 3800 series 7.0
HP Software Update
HP Solution Center 7.0
hpg3800
hpg3800QFolder
HPProductAssistant
ImTOO DVD Copy Express
ImTOO DVD Ripper Ultimate
Insider Tales The Stolen Venus
InstantShareDevices
Island Realms
Java(TM) 6 Update 17
JDownloader
Jewel Quest Mysteries 2 Trail of the Midnight Heart
Jewel Quest Mysteries Trail of the Midnight Heart 1.00
LEFT BEHIND: Tribulation Forces
Little Shop - World Traveler
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lost City of Z - Special Edition
Lost Realms Legacy of the Sun Princess
Lost Realms The Curse of Babylon 1.00
Magic Ball 4
Mahjongg Ancient Mayas
Malwarebytes' Anti-Malware
ManicTime
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Crypto-udbyder
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Software Update for Web Folders  (Danish) 12
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Miriels Enchanted Mystery
Monkey Money Slots 1.00
Moxxie's Tabloid Adventures
MP3 Stream Editor 3.4.4.1905
Mr Jones' Grave Yard Shift
MSRSD v4.15
MSVC80_x86
MSVC80_x86_v2
MSXML 4.0
MSXML 4.0 SP2 (KB954430)
Myson SIM Edit Tool
Mysterious City Vegas
Mysterious Worlds The Secret of Oak Island
Mystery Stories Berlin Nights
Mystic Emporium
MysticDiaryLostBrother 1.00
Nat Geo Eco Rescue Rivers
Natalie BrooksTheTreasuresof the Lost Kingdom 1.00
Nero 7 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Norton 360
NVIDIA Drivers
NVIDIA PhysX
NVIDIA PhysX SDK 2.8.1
OCR Software by I.R.I.S 7.0
Once Upon a Time in Chicago
Opdatering til Windows Internet Explorer 8 (KB971180)
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB943729)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB967715)
Operation Overkill
Pahelika Secret Legends
Pando
PanoStandAlone
PC Connectivity Solution
PhotoGallery
Plants vs Zombies
Pocahontas Princess of the Powhatan
PowerDVD
PrintFolder Pro
Pure Hidden
QuickTime
RandMap
Rangy Lil's Wild West Adventure 1.00
Rapidshare Downloader
RapidShare Manager
RealPlayer
Realtek High Definition Audio Driver
Reincarnations - Awakening
Relic Hunt (remove only)
Retail Virtual EVE
Righteous Kill Revenge of the Poet Killer
Rise Of Legends
Robbie Unforgettable Adventures
Romance of Rome
Save Our Spirit
Scan
ScannerCopy
Season Match 2
Season of Mystery The Cherry Blossom Murders
Sheep
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB969897)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows XP (KB923561)
Sikkerhedsopdatering til Windows XP (KB938464-v2)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952004)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956572)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB958690)
Sikkerhedsopdatering til Windows XP (KB959426)
Sikkerhedsopdatering til Windows XP (KB960225)
Sikkerhedsopdatering til Windows XP (KB960715)
Sikkerhedsopdatering til Windows XP (KB960803)
Sikkerhedsopdatering til Windows XP (KB961373)
Sikkerhedsopdatering til Windows XP (KB961501)
Sikkerhedsopdatering til Windows XP (KB963027)
Sikkerhedsopdatering til Windows XP (KB968537)
Sikkerhedsopdatering til Windows XP (KB969898)
Sikkerhedsopdatering til Windows XP (KB970238)
SkinsHP1
SlideShow
Slingo Mystery Whos Gold
SolutionCenter
Sonic_PrimoSDK
Sprilland Ritchie Adventures In Time 1.00
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
Sprouts Adventure
Strength & Honour
Subtitle Workshop 2.51
SuperMegaSpoof 2.0
The Clockwork Man
The Color of Murder
The Jolly Gangs Spooky Adventure
The Legend of Crystal Valley
The Mysterious Past of Gregory Phoenix 1.00
The Mystery of the Mary Celeste
THE Rename 2.1.6
The Tudors
The Village Mage Spellbinder
Time Machine Evolution 1.00
Trapped - The Abduction 1.00
Ultra Video Splitter 5.4.0610
UltraISO Premium V8.66
UnderCoverXP 1.22
Unlocker 1.8.7
VCRedistSetup
Vertigo
Vigtig opdatering til Windows Media Player 11 (KB959772)
Visual C++ 8.0 CRT (x86) WinSXS MSM
Vuze
WebFldrs XP
WebReg
Westward IV 1.00
Winamp
WinAVIVideoConverter
Windows-driverpakke - Hewlett-Packard Image  (12/28/2006 8.0.0.0)
Windows-driverpakke - Nokia Modem  (06/01/2009 7.01.0.4)
Windows-driverpakke - Nokia Modem  (10/05/2009 4.2)
Windows-driverpakke - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Wisegal
Wizards Hat
Wonderland Adventures Mysteries of Fire Island
World Mosaics 2
XML Paper Specification Shared Components Language Pack 1.0
Zip and Split
Zulus Zoo

==== End Of File ===========================
Avatar billede bjarnebif Novice
02. december 2009 - 16:46 #3
Nu fik jeg så fjernet 14 filer, men den gør stadigvæk det samme
Avatar billede bjarnebif Novice
02. december 2009 - 16:53 #4
De her 2 ting kan den så åbenbart ikke fjerne

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully
Avatar billede f-arn Guru
02. december 2009 - 17:28 #5
Vuze og eMule. Jeg synes du skulle afinstallere dem.

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

eller herfra

http://subs.geekstogo.com/ComboFix.exe

Kør så combofix.exe og følg anvisningerne.

Vigtigt--> Deaktiver dit antivirusprogram da det kan forstyrrer combofix
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her:  C:\Combofix.txt
Avatar billede bjarnebif Novice
02. december 2009 - 17:51 #6
ComboFix 09-12-02.03 - Bjarne Lyngbo 02/12/2009 17:38.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1789.1462 [GMT 1:00]
Kører fra: c:\documents and settings\Bjarne Lyngbo\Skrivebord\ComboFix.exe

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\95091086.ini
c:\documents and settings\Bjarne Lyngbo\Application Data\.#
c:\documents and settings\Bjarne Lyngbo\Application Data\inst.exe
c:\programmer\MajorShare\SYSInfo.ocx
C:\test.txt
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll

Inficeret kopi af c:\windows\system32\DRIVERS\atapi.sys blev fundet og desinficeret
Genskabt kopi fra - Kitty ate it :p
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


(((((((((((((((((((((((((((((  Filer skabt fra 2009-11-02 til 2009-12-02  )))))))))))))))))))))))))))))))))))
.

2009-12-02 15:31 . 2009-12-02 15:31    --------    d-----w-    C:\Converted
2009-12-02 15:29 . 2009-05-28 13:57    245760    ----a-w-    c:\windows\system32\snmvtsvc.exe
2009-12-02 15:29 . 2009-05-28 12:15    10936    ----a-w-    c:\windows\system32\SndTVideo.dll
2009-12-02 15:29 . 2009-05-28 12:15    3768    ----a-w-    c:\windows\system32\SndTVideo.sys
2009-12-02 15:29 . 2009-05-28 12:15    23096    ----a-w-    c:\windows\system32\SndTAudio.sys
2009-12-02 15:29 . 2009-05-28 12:15    23096    ----a-w-    c:\windows\system32\drivers\SndTAudio.sys
2009-12-02 15:29 . 2009-12-02 15:30    --------    d-----w-    c:\programmer\SoundTaxi
2009-12-02 15:15 . 2009-12-02 15:15    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Malwarebytes
2009-12-02 15:15 . 2009-09-10 13:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 15:14 . 2009-12-02 15:15    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-12-02 15:14 . 2009-12-02 15:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-02 15:14 . 2009-09-10 13:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-02 14:03 . 2009-12-02 14:03    --------    d-----w-    c:\windows\system32\wbem\Repository
2009-12-02 13:55 . 2009-12-02 13:56    --------    d-----w-    C:\0 - DivX Serier OK
2009-12-02 13:54 . 2009-12-02 13:54    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\GlobalSCAPE
2009-12-02 13:54 . 2009-12-02 13:54    --------    d-----w-    c:\programmer\Hide and Secret 3 - Pharaohs Quest
2009-12-02 13:54 . 2009-12-02 13:54    --------    d-----w-    c:\programmer\Lost City of Z - Special Edition
2009-12-02 13:53 . 2009-12-02 13:53    --------    d-----w-    c:\programmer\Romance of Rome
2009-12-02 13:53 . 2009-12-02 13:53    --------    d-----w-    c:\programmer\The Tudors
2009-12-02 13:53 . 2009-12-02 13:53    --------    d-----w-    c:\programmer\Company
2009-12-02 13:53 . 2009-12-02 13:53    --------    d-----w-    c:\programmer\Princess Isabella - A Witch's Curse
2009-12-02 13:53 . 2009-12-02 13:54    --------    d-----w-    c:\programmer\Reincarnations - Awakening
2009-12-02 13:19 . 2009-12-02 13:19    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\DoctorWeb
2009-12-02 12:35 . 2009-12-02 13:54    --------    d-----w-    C:\Spyware Doctor
2009-11-28 10:43 . 2009-11-28 10:43    --------    d-----w-    c:\programmer\Runtime Software
2009-11-26 21:03 . 2009-11-26 21:04    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\FirstColony
2009-11-26 19:27 . 2009-11-26 19:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\ScreenSeven
2009-11-26 18:48 . 2009-12-02 13:56    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Azgard
2009-11-25 07:31 . 2009-11-25 07:31    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Alawar
2009-11-24 23:31 . 2009-11-24 23:31    --------    d-----w-    c:\documents and settings\All Users\Application Data\Elaborate Bytes
2009-11-24 23:30 . 2009-11-24 23:30    --------    d-----w-    c:\programmer\Elaborate Bytes
2009-11-24 20:04 . 2009-11-24 20:04    --------    d-----w-    c:\documents and settings\All Users\Application Data\SOS
2009-11-24 15:09 . 2009-11-24 15:09    --------    d-----w-    c:\documents and settings\All Users\Application Data\EscapeTheMuseum2
2009-11-24 12:01 . 2009-12-02 13:55    --------    d-----w-    C:\0 - DivX Film OK
2009-11-23 21:26 . 2009-11-30 01:58    --------    d-----w-    C:\0 - DVD Film OK
2009-11-23 19:13 . 2009-11-23 19:13    --------    d-----w-    C:\temp_dvd
2009-11-23 19:13 . 2009-11-23 19:13    --------    d-----w-    c:\programmer\Dvd-cloner
2009-11-23 18:32 . 2009-11-23 18:32    --------    d-----w-    c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-11-23 18:09 . 2009-11-23 22:31    --------    d-----w-    c:\programmer\Norton 360
2009-11-23 18:09 . 2009-11-23 22:27    --------    d-----w-    c:\programmer\Symantec
2009-11-23 18:09 . 2009-11-23 22:31    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2009-11-23 17:33 . 1998-06-18 10:58    94208    ----a-w-    c:\windows\system32\msstkprp.dll
2009-11-23 17:32 . 2009-11-23 17:32    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\WINDOWS
2009-11-23 17:32 . 2009-11-23 17:32    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Application Data\Help
2009-11-23 17:30 . 2000-02-24 16:07    368912    ----a-w-    c:\windows\system32\VBAR332.DLL
2009-11-23 17:30 . 2000-02-24 16:07    252176    ----a-w-    c:\windows\system32\MSRD2X35.DLL
2009-11-23 17:30 . 2000-02-24 16:07    24848    ----a-w-    c:\windows\system32\MSJTER35.DLL
2009-11-23 17:30 . 2000-02-24 16:07    123664    ----a-w-    c:\windows\system32\MSJINT35.DLL
2009-11-23 17:30 . 2000-02-24 16:07    1046288    ----a-w-    c:\windows\system32\MSJET35.DLL
2009-11-23 17:30 . 2009-11-23 22:44    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2009-11-22 10:05 . 2009-11-22 10:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\IntDreams
2009-11-21 12:38 . 2009-11-21 12:38    --------    d-----w-    c:\programmer\Fælles filer\PCSuite
2009-11-21 12:37 . 2009-11-21 12:37    --------    d-----w-    c:\programmer\PC Connectivity Solution
2009-11-21 12:36 . 2009-11-21 12:35    33652688    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_dan.exe
2009-11-21 12:36 . 2009-11-21 12:36    95232    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-21 12:36 . 2009-11-21 12:36    8192    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-21 12:36 . 2009-11-21 12:36    61440    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-21 12:36 . 2009-11-21 12:36    10240    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-17 18:38 . 2009-11-17 18:38    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Friday's games
2009-11-17 17:40 . 2009-11-17 17:41    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\TimeMachine
2009-11-17 13:01 . 2009-11-17 13:00    24414896    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10DK.exe
2009-11-17 12:56 . 2009-11-17 12:56    3351812    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-17 12:56 . 2009-11-17 12:56    36864    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-17 12:56 . 2009-11-17 12:56    3203453    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-17 12:53 . 2008-08-26 08:26    18816    ----a-w-    c:\windows\system32\drivers\pccsmcfd.sys
2009-11-17 12:51 . 2009-11-17 12:52    33848696    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_dan_web[1].exe
2009-11-17 11:42 . 2009-11-17 12:25    --------    d-----w-    C:\SIM Edit Tool
2009-11-15 19:28 . 2009-11-15 19:28    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Application Data\Identities
2009-11-15 18:35 . 2009-11-23 15:36    --------    d-----w-    c:\programmer\News Group File Grabber
2009-11-15 16:04 . 2009-11-27 10:53    --------    d-----w-    c:\windows\system32\NtmsData
2009-11-15 05:24 . 2009-11-15 05:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\WildWestQuest2
2009-11-14 20:16 . 2009-11-14 20:17    --------    d-----w-    c:\programmer\I-Fluid
2009-11-14 20:14 . 2009-11-14 20:14    --------    d-----w-    c:\windows\Season of Mystery The Cherry Blossom Murders
2009-11-14 20:14 . 2009-11-14 20:14    --------    d-----w-    c:\programmer\Season of Mystery The Cherry Blossom Murders
2009-11-14 16:31 . 2009-11-14 17:42    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\uspy
2009-11-14 15:12 . 2009-11-14 15:12    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\GOA
2009-11-14 15:12 . 2009-11-14 15:12    --------    d-----w-    c:\documents and settings\All Users\Application Data\GOA
2009-11-14 14:42 . 2009-11-18 20:32    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\ForgottenRiddles2
2009-11-13 14:03 . 2009-11-13 14:03    --------    d-----w-    c:\programmer\WinAVIVideoConverter
2009-11-13 12:51 . 2009-11-13 13:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\Islands
2009-11-13 07:50 . 2009-11-13 07:50    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Playrix Entertainment
2009-11-12 23:42 . 2009-12-02 12:28    --------    d-----w-    c:\programmer\JDownloader
2009-11-12 00:26 . 2009-11-12 00:26    --------    d-----w-    c:\programmer\Samorost2
2009-11-11 18:31 . 2009-12-02 13:56    --------    d-----w-    C:\games
2009-11-11 14:19 . 2009-11-11 14:48    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\EcoRescue
2009-11-09 22:14 . 2009-11-09 22:14    --------    d-----w-    c:\programmer\Avenue Flo
2009-11-09 22:14 . 2009-11-09 22:14    --------    d-----w-    c:\windows\Avenue Flo
2009-11-09 15:01 . 2009-11-09 15:01    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\ElementalsTheMagicKey
2009-11-09 10:39 . 2009-11-09 10:39    --------    d-----w-    c:\programmer\Zip and Split
2009-11-07 10:51 . 2009-11-07 10:51    --------    d-----w-    c:\documents and settings\All Users\Application Data\DVD Shrink
2009-11-07 10:51 . 2009-11-07 10:51    --------    d-----w-    c:\programmer\DVD Shrink
2009-11-06 15:10 . 2009-11-06 15:10    --------    d-----w-    c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\myBabylon_English
2009-11-04 20:13 . 2009-11-04 20:13    152576    ----a-w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 16:43 . 2009-10-29 20:46    --------    d-----w-    c:\programmer\MajorShare
2009-12-02 16:42 . 2008-04-15 12:00    83590    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-02 16:42 . 2008-04-15 12:00    458944    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-02 13:56 . 2009-06-10 22:40    --------    d-----w-    c:\programmer\Foxit Reader
2009-12-02 13:56 . 2009-06-09 17:53    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Azureus
2009-12-02 13:56 . 2009-07-12 11:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\Gamers Digital
2009-12-02 13:55 . 2009-06-07 15:39    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2009-12-02 13:55 . 2009-06-14 12:13    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\dvdcss
2009-12-02 13:54 . 2009-06-23 09:58    --------    d-----w-    c:\programmer\Cute FTP 8 Pro
2009-12-02 13:54 . 2009-10-18 17:25    --------    d-----w-    c:\programmer\Games
2009-12-02 13:31 . 2009-06-12 18:10    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2009-12-02 12:29 . 2009-07-30 09:50    --------    d-----w-    c:\programmer\Google
2009-11-27 10:54 . 2009-06-09 13:05    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Vso
2009-11-26 22:48 . 2009-07-12 11:19    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Gamers Digital
2009-11-23 17:24 . 2009-06-14 10:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\SlySoft
2009-11-23 16:46 . 2009-09-27 07:11    --------    d-----w-    c:\programmer\Avast 4
2009-11-23 16:44 . 2009-09-14 14:41    --------    d-----w-    c:\programmer\AL Zip 7,0
2009-11-23 16:44 . 2009-09-14 14:41    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\ESTsoft
2009-11-23 15:41 . 2009-06-09 13:05    --------    d-----w-    c:\programmer\VSO
2009-11-23 15:40 . 2009-09-23 08:23    --------    d-----w-    c:\programmer\Unity
2009-11-23 15:40 . 2009-07-06 19:40    --------    d-----w-    c:\programmer\Tipard MPEG TS Converter
2009-11-23 15:39 . 2009-09-19 18:36    --------    d-----w-    c:\programmer\SUPERAntiSpyware
2009-11-23 15:39 . 2009-06-10 11:53    --------    d-----w-    c:\programmer\Fælles filer\Wise Installation Wizard
2009-11-23 15:29 . 2009-07-16 18:50    --------    d-----w-    c:\programmer\Conceiva Download Studio
2009-11-23 15:25 . 2009-06-10 11:54    --------    d-----w-    c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-23 15:22 . 2009-09-19 18:37    117760    ----a-w-    c:\documents and settings\Bjarne Lyngbo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-22 12:08 . 2009-06-09 17:53    --------    d-----w-    c:\programmer\Azureus
2009-11-21 12:38 . 2009-08-27 09:26    --------    d-----w-    c:\programmer\Fælles filer\Nokia
2009-11-21 12:38 . 2009-08-27 09:25    --------    d-----w-    c:\programmer\Nokia
2009-11-21 12:35 . 2009-08-27 09:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\Installations
2009-11-20 15:28 . 2009-09-22 19:55    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Merscom
2009-11-20 15:28 . 2009-09-22 19:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\Merscom
2009-11-19 11:21 . 2009-06-14 13:01    --------    d-----w-    c:\programmer\ImTOO DVD Copy Express
2009-11-17 13:11 . 2009-08-27 09:27    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\PC Suite
2009-11-13 22:13 . 2009-07-01 01:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\Sandlot Games
2009-11-12 00:37 . 2009-07-28 11:09    --------    d-----w-    c:\documents and settings\All Users\Application Data\JollyBear
2009-11-12 00:35 . 2009-07-28 11:48    --------    d-----w-    c:\programmer\LeeGTs Games
2009-11-11 18:31 . 2009-07-18 06:28    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\PlayFirst
2009-11-11 18:31 . 2009-07-18 06:28    --------    d-----w-    c:\documents and settings\All Users\Application Data\PlayFirst
2009-11-09 14:27 . 2009-08-18 06:23    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\blg
2009-11-09 14:27 . 2009-08-18 06:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\blg
2009-11-05 11:34 . 2009-07-20 13:17    0    -c--a-w-    c:\documents and settings\Bjarne Lyngbo\temp.dat
2009-11-04 20:26 . 2009-06-08 10:18    --------    d-----w-    c:\programmer\Java
2009-10-29 19:45 . 2009-10-29 19:45    --------    d--h--r-    c:\documents and settings\Bjarne Lyngbo\Application Data\SecuROM
2009-10-29 10:49 . 2009-10-29 10:49    0    ----a-w-    c:\documents and settings\Bjarne Lyngbo\Application Data\mgsnhDemo_32.dll
2009-10-29 10:49 . 2009-10-29 10:49    0    ----a-w-    c:\documents and settings\Bjarne Lyngbo\Application Data\mgsnhDemo_32.dll
2009-10-29 10:10 . 2009-10-29 10:10    --------    d-----w-    c:\programmer\Magitech
2009-10-27 16:52 . 2009-10-27 16:52    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Sierra Entertainment
2009-10-24 23:13 . 2009-10-24 23:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\Gogii
2009-10-24 20:40 . 2009-10-24 20:40    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Enki Games
2009-10-24 20:15 . 2009-10-24 20:15    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\TitanicMystery
2009-10-24 16:07 . 2009-09-05 19:11    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Big Fish Games
2009-10-21 13:38 . 2009-10-21 13:34    --------    d-----w-    c:\programmer\Easy CD-DA Extractor 12
2009-10-21 13:35 . 2009-10-21 13:35    --------    d-----w-    c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-10-21 12:56 . 2009-10-21 12:56    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Apple Computer
2009-10-18 17:16 . 2009-10-18 17:15    --------    d-----w-    c:\programmer\Boulder Match 4
2009-10-18 16:20 . 2009-09-08 19:54    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Flood Light Games
2009-10-18 16:20 . 2009-09-08 19:54    --------    d-----w-    c:\documents and settings\All Users\Application Data\Flood Light Games
2009-10-17 00:23 . 2009-10-17 00:22    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\GTM_Bodie
2009-10-16 23:59 . 2009-10-16 23:59    --------    d-----w-    c:\documents and settings\All Users\Application Data\MythPeople
2009-10-15 08:29 . 2009-10-15 08:29    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Little Games Company
2009-10-15 08:29 . 2009-10-15 08:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\Little Games Company
2009-10-14 03:57 . 2009-10-14 03:57    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\MBT
2009-10-11 03:17 . 2009-06-08 10:18    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-10-07 08:41 . 2009-10-04 13:50    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Freezetag
2009-10-06 21:13 . 2009-09-14 18:39    --------    d-----w-    c:\programmer\Adrianne Stone Hidden Relics
2009-10-06 10:52 . 2009-08-27 09:25    91136    ----a-w-    c:\windows\system32\nmwcdcls.dll
2009-10-06 06:57 . 2009-10-06 06:57    --------    d-----w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Total Eclipse
2009-10-04 20:58 . 2009-10-04 20:58    24576    ----a-r-    c:\documents and settings\Bjarne Lyngbo\Application Data\Microsoft\Installer\{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}\IconEDA2E9CA.exe
2009-10-04 20:58 . 2009-10-04 20:58    --------    d-----w-    c:\programmer\EVE Interactive
2009-09-23 08:10 . 2009-06-09 18:02    7154255    ----a-w-    c:\documents and settings\Bjarne Lyngbo\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-09-20 20:28 . 2009-09-20 20:28    281760    ----a-w-    c:\windows\system32\drivers\atksgt.sys
2009-09-20 20:28 . 2009-09-20 20:28    25888    ----a-w-    c:\windows\system32\drivers\lirsgt.sys
2009-09-04 16:44 . 2009-10-29 19:01    515416    ----a-w-    c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-10-29 19:01    238936    ----a-w-    c:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-07-18 16:22    69464    ----a-w-    c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-10-29 19:01    453456    ----a-w-    c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-10-29 19:01    235344    ----a-w-    c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-10-29 19:01    1974616    ----a-w-    c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-10-29 19:01    5501792    ----a-w-    c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-10-29 19:01    1892184    ----a-w-    c:\windows\system32\D3DX9_42.dll
2008-03-09 05:25 . 2009-07-07 17:12    236    -c-ha-w-    c:\programmer\Fælles filer\dx.reg
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\programmer\Fælles filer\Real\Update_OB\realsched.exe" [2009-06-09 185896]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-05-26 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Image Zone Hurtig start.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HP Image Zone Hurtig start.lnk
backup=c:\windows\pss\HP Image Zone Hurtig start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Photosmart Premier Hurtig start.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HP Photosmart Premier Hurtig start.lnk
backup=c:\windows\pss\HP Photosmart Premier Hurtig start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"ose"=3 (0x3)
"RichVideo"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ERSvc"=2 (0x2)
"CiSvc"=3 (0x3)
"aawservice"=2 (0x2)
"wuauserv"=2 (0x2)
"IJPLMSVC"=2 (0x2)
"BITS"=3 (0x3)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"organiserservice"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Crypkey License"=2 (0x2)
"iWinTrusted"=2 (0x2)
"ServiceLayer"=3 (0x3)
"gupdate"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Azureus\\Azureus.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Nye Programmer\\eMule\\emule.exe"=

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [02/12/2009 16:29 23096]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [02/12/2009 16:29 245760]
S4 gupdate;Google Update Service (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [06/10/2009 16:53 133104]
S4 iWinTrusted;iWinTrusted;c:\programmer\iWin Games\iWinTrusted.exe --> c:\programmer\iWin Games\iWinTrusted.exe [?]
S4 organiserservice;organiser database;c:\vivida~1\ORGANI~1.EXE -zglaxservice organiserservice --> c:\vivida~1\ORGANI~1.EXE -zglaxservice organiserservice [?]
.
Indhold af mappen 'Planlagte Opgaver'
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/ig?hl=da&source=iglk
Trusted Zone: danid.dk
TCP: {A4C25A26-BDC3-4FAC-8D01-8A7E580EDE7B} = 208.67.222.222,208.67.220.220
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

AddRemove-Alexandra Fortune in Mystery of the Lunar Archipelago - c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Temp\Uninstall.exe
AddRemove-Amazing Heists Dillinger_is1 - c:\games\Forgotten Riddles
AddRemove-Ancient Quest Of Saqqarah_is1 - c:\games\Forgotten Riddles
AddRemove-Aquapolis_is1 - c:\games\Forgotten Riddles
AddRemove-Avalon_is1 - c:\games\Forgotten Riddles
AddRemove-Aveyond Lord of Twilight_is1 - c:\games\Forgotten Riddles
AddRemove-Babylonia_is1 - c:\games\Forgotten Riddles
AddRemove-Be A King_is1 - c:\games\Forgotten Riddles
AddRemove-Bounty Special Edition_is1 - c:\games\Forgotten Riddles
AddRemove-Brickshooter Egypt_is1 - c:\games\Forgotten Riddles
AddRemove-Build-a-lot 4 Power Source_is1 - c:\games\Forgotten Riddles
AddRemove-CanonMyPrinter - c:\programmer\Canon\MyPrinter\uninst.exe uninst.ini
AddRemove-Digital Signatur - c:\documents and settings\All Users\Application Data\{D166A25B-41F0-45EA-B10E-DE7D7B5C3455}\csp.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Easy-PhotoPrint - c:\programmer\Canon Pixma IP 4300\Easy-PhotoPrint\uninst.exe uninst.ini
AddRemove-Easy-PrintToolBox - c:\programmer\Canon\Easy-PrintToolBox\uninst.exe uninst.ini
AddRemove-Engineer2_is1 - c:\games\Forgotten Riddles
AddRemove-Faerie Solitaire_is1 - c:\games\Forgotten Riddles
AddRemove-Fortune Tiles Gold_is1 - c:\games\Forgotten Riddles
AddRemove-HdO Adventure Secrets of the Vatican_is1 - c:\games\Forgotten Riddles
AddRemove-Hidden Wonders Of The Depths_is1 - c:\games\Forgotten Riddles
AddRemove-Holly 2 Magic Land_is1 - c:\games\Forgotten Riddles
AddRemove-Hotel Mogul_is1 - c:\games\Forgotten Riddles
AddRemove-Insider Tales The Stolen Venus_is1 - c:\games\Forgotten Riddles
AddRemove-Jewel Quest Mysteries 2 Trail of the Midnight Heart_is1 - c:\games\Forgotten Riddles
AddRemove-Jewel Quest Mysteries Trail of the Midnight Heart 1.00 - c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Temp\Uninstall.exe
AddRemove-LEFT BEHIND: Tribulation Forces_is1 - c:\games\Forgotten Riddles
AddRemove-Lost Realms Legacy of the Sun Princess_is1 - c:\games\Forgotten Riddles
AddRemove-Magic Ball 4_is1 - c:\games\Forgotten Riddles
AddRemove-Mahjongg Ancient Mayas_is1 - c:\games\Forgotten Riddles
AddRemove-MediaNavigation.CDLabelPrint - c:\programmer\Canon Pixma IP 4300\CD-LabelPrint\Uninstal.exe Canon.CDLabelPrint.Application
AddRemove-Monkey Money Slots 1.00 - c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Temp\Uninstall.exe
AddRemove-Moxxie's Tabloid Adventures - c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Temp\Uninstall.exe
AddRemove-Mr Jones' Grave Yard Shift_is1 - c:\games\Forgotten Riddles
AddRemove-Mysterious City Vegas_is1 - c:\games\Forgotten Riddles
AddRemove-Mystery Stories Berlin Nights_is1 - c:\games\Forgotten Riddles
AddRemove-Mystic Emporium_is1 - c:\games\Forgotten Riddles
AddRemove-MysticDiaryLostBrother 1.00 - c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Temp\Uninstall.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-Pahelika Secret Legends_is1 - c:\games\Forgotten Riddles
AddRemove-Plants vs Zombies_is1 - c:\games\Forgotten Riddles
AddRemove-Pocahontas Princess of the Powhatan_is1 - c:\games\Forgotten Riddles
AddRemove-Pure Hidden_is1 - c:\games\Forgotten Riddles
AddRemove-Rangy Lil's Wild West Adventure 1.00 - c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Temp\Uninstall.exe
AddRemove-RealJukebox 1.0 - c:\programmer\Fælles filer\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\programmer\Fælles filer\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-Relic Hunt - c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Temp\Uninstall.exe
AddRemove-Righteous Kill Revenge of the Poet Killer_is1 - c:\games\Forgotten Riddles
AddRemove-Robbie Unforgettable Adventures_is1 - c:\games\Forgotten Riddles
AddRemove-Season Match 2_is1 - c:\games\Forgotten Riddles
AddRemove-Slingo Mystery Whos Gold_is1 - c:\games\Forgotten Riddles
AddRemove-Sprilland Ritchie Adventures In Time 1.00 - c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Temp\Uninstall.exe
AddRemove-Sprouts Adventure_is1 - c:\games\Forgotten Riddles
AddRemove-The Color of Murder_is1 - c:\games\Forgotten Riddles
AddRemove-The Legend of Crystal Valley_is1 - c:\games\Forgotten Riddles
AddRemove-The Mystery of the Mary Celeste_is1 - c:\games\Forgotten Riddles
AddRemove-The Village Mage Spellbinder_is1 - c:\games\Forgotten Riddles
AddRemove-Vertigo - c:\documents and settings\Bjarne Lyngbo\Lokale indstillinger\Temp\Uninstall.exe
AddRemove-Wonderland Adventures Mysteries of Fire Island_is1 - c:\games\Forgotten Riddles
AddRemove-World Mosaics 2_is1 - c:\games\Forgotten Riddles



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-02 17:45
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmer\Cyberlink Power DVD\000.fcl"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1343024091-436374069-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1343024091-436374069-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:aa,f1,de,a4,49,e3,2d,ca,75,fa,4a,e9,a9,93,2e,25,4f,68,da,74,97,
  19,2e,be,79,80,60,d1,b7,75,05,5a,dc,c5,96,ef,40,59,af,0a,1d,c3,21,bb,06,de,\
"rkeysecu"=hex:c8,72,e3,38,70,93,7a,c3,19,f8,69,d9,6f,6f,d7,54
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(368)
c:\windows\system32\webcheck.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Gennemført tid: 2009-12-02 17:49 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-12-02 16:49

Pre-Kørsel: 30,429,818,880 byte ledig
Post-Kørsel: 31,479,808,000 byte ledig

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 008F33365A38CF6FB37ADE9F1C8E97C5
Avatar billede bjarnebif Novice
02. december 2009 - 17:58 #7
Så hjalp det til sidst.
Mange tak for hjælpen

Hvordan skal jeg gøre for at du kan få dine velfortjente points ???
Avatar billede f-arn Guru
02. december 2009 - 23:12 #8
Prøv at starte stifinder og se efter hvad der ligger i nedenstående mapper

C:\Converted
C:\0 - DivX Serier OK
C:\0 - DivX Film OK
C:\0 - DVD Film OK
C:\temp_dvd
C:\games



Find og upload disse filer hos Jotti eller Virustotal:

c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe


http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Du skal måske slå vis skjulte filer og mapper til.
Hvis du ikke ved hvordan så se her:

http://www.it-artikler.dk/2008/03/05/vis-skjulte-filer-og-mapper/

Kopier resultatet herind
Avatar billede f-arn Guru
02. december 2009 - 23:14 #9
Jeg synes ikke jeg kan se nogen aktive sikkerheds progammer?
Avatar billede bjarnebif Novice
03. december 2009 - 09:22 #10
Problemet er løst.
Hvordan giver man dig points ???
Avatar billede f-arn Guru
03. december 2009 - 09:42 #11
Jeg vil ikke ha' points da jeg ikke er overbevist om at din computer er "ren"
Avatar billede bjarnebif Novice
03. december 2009 - 09:50 #12
Den virker helt OK, og desuden skal den alligevel snart om-installeres, da det er laaangt over et år siden sidst.

Og du skal ha' mange tak for hjælpen
Avatar billede f-arn Guru
03. december 2009 - 10:22 #13
Tjaa-min computer er da over 4 år gammel, men der har da ikke været behov for hverken ominstallering, formatering eller andre "morsomheder"

Inficeret kopi af c:\windows\system32\DRIVERS\atapi.sys blev fundet og desinficeret
Genskabt kopi fra - Kitty ate it :p

Så nemt plejer man ikke at slippe fra sådan en!
Avatar billede bjarnebif Novice
03. december 2009 - 10:29 #14
Ja,men nu har jeg 4 drenge, som også bruger min puter, og hvad de laver når jeg ikke er hjemme, det har jeg ingen anelse om.
Men jeg har tænkt mig at købe windows 7 når den bliver tilgængelig. Den skulle jo være en hel del bedre.
Avatar billede f-arn Guru
03. december 2009 - 11:54 #15
eMule og Vuze (Azureus) er formentlig dine største problemer.
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/

Der kan virkelig komme meget skidt derfra!
Avatar billede bjarnebif Novice
03. december 2009 - 11:58 #16
De er begge slettet nu, ungerne brugte dem begge to til at hente musik og spil o.s.v.
De får en PC hver i julegave (vi er nogle stykker i familien som har skillinget sammen)
Så kan jeg forhåbentlig have min egen i fred.
Ha' en go' dag, og endnu engang tak for hjælpen.

P.S. - Jeg har lige købt Avast Antiviros Pro, den skulle vel kunne holde skidtet fra dørene....
Avatar billede f-arn Guru
03. december 2009 - 12:07 #17
Sålænge der bliver passet på hvad der bliver downloadet, så er der en chance. Men  du har ret. Den computer trænger til en formatering og geninstallation.
Avatar billede bjarnebif Novice
03. december 2009 - 12:11 #18
Kom nu med et svar i stedet for en kommentar.
Du har fortjent de 200 point
Avatar billede f-arn Guru
03. december 2009 - 12:17 #19
OK ;)
Avatar billede f-arn Guru
03. december 2009 - 12:43 #20
DDS sletter du bare fra skrivebordet, Malwarebytes kan afinstalleres via tilføj/fjern programmer i kontolpanel. Du kan selvfølgelig også beholde den og skanne med den en gang imellem. (husk opdatering)

Klik start, kør og kopier dettte: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester