Er der nogen som vil se paa disse logs
HejJeg har en computer Fujitsu Siemens amilo L 1310G
Den er meget langsom baade til at starte op og den staar paa windows lukkes skaermen i mindst 10 minutter foer den slukker helt ned. Derudover er den meget langsom og alt lyd paa den er hakket. Jeg har afinstalleret antivirus da den var udloebet.(men problemet opstod foer det loeb ud.
Jeg ville helst omformatere hele computeren men den stopper altid ved at bede om sata drive. Jeg har original recovery cd til den. CD/DVD'en i computeren duer ikke saa jeg har proevet at om formatere fra en extern dvd/cd.
Jeg har nu lavet koert de 4 programmer som i instruktionen.
Den ene sagde at der var en rootkit og har via et andet program fundet udaf at den hedder app/PSExc-gen.
Her er de 3 logfiler
Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010-01-09 13:54:40
mbam-log-2010-01-09 (13-54-40).txt
Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 187197
Tid tilbagelagt: 4 hour(s), 41 minute(s), 30 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
(Ingen mistænkelige filer fundet)
ComboFix 10-01-04.01 - Lene 2010-01-09 7:25.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.894.600 [GMT 1:00]
Kører fra: c:\documents and settings\Lene\Skrivebord\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Lene\Dokumenter\cc_20090324_221931.reg
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\windows\system32\DRIVERS\atapi.sys . . . er inficeret!!
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-12-09 til 2010-01-09 )))))))))))))))))))))))))))))))))))
.
2010-01-08 05:22 . 2010-01-08 05:22 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 12:14 . 2010-01-07 12:14 -------- d-----w- c:\programmer\MSSOAP
2010-01-07 12:11 . 2010-01-07 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-01-07 12:11 . 2010-01-07 12:11 -------- d-----w- c:\documents and settings\Lene\Application Data\Webroot
2010-01-07 12:11 . 2009-11-06 14:19 1563008 ----a-w- c:\windows\WRSetup.dll
2010-01-07 12:11 . 2010-01-07 12:11 -------- d-----w- c:\programmer\Webroot
2010-01-07 11:12 . 2010-01-07 11:12 164 ----a-w- c:\windows\install.dat
2010-01-06 19:36 . 2010-01-06 19:36 -------- d-----w- c:\programmer\Microsoft
2010-01-02 10:38 . 2009-10-21 05:39 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2010-01-02 10:38 . 2009-10-21 05:39 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2010-01-02 10:38 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-01-02 10:34 . 2009-10-12 13:40 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-01-02 10:34 . 2009-10-12 13:40 150016 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-01-02 09:39 . 2010-01-02 09:39 79488 ----a-w- c:\documents and settings\Lene\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 06:38 . 2009-05-25 17:02 7420704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-09 06:37 . 2009-05-25 17:02 327456 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-09 06:18 . 2006-02-16 17:22 -------- d-----w- c:\programmer\Fælles filer\Symantec Shared
2010-01-09 06:18 . 2009-06-11 08:39 -------- d-----w- c:\programmer\Norton AntiVirus
2010-01-09 06:04 . 2009-05-25 17:02 99812 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-09 06:04 . 2009-05-25 17:02 31580 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-09 05:55 . 2006-02-15 18:25 -------- d-----w- c:\documents and settings\Lene\Application Data\Skype
2010-01-08 21:51 . 2009-06-10 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-08 05:25 . 2009-03-16 09:08 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2009-03-16 09:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-03-16 09:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 19:24 . 2006-02-15 17:47 75552 ----a-w- c:\documents and settings\Lene\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 17:45 . 2005-09-04 14:57 464514 ----a-w- c:\windows\system32\perfh006.dat
2010-01-02 17:45 . 2005-09-04 14:57 86410 ----a-w- c:\windows\system32\perfc006.dat
2009-11-11 10:46 . 2009-11-11 10:50 391680 ----a-w- c:\windows\system32\CF29086.exe
2009-11-06 11:00 . 2009-11-06 11:00 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 11:00 . 2009-11-06 11:00 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 11:00 . 2009-11-06 11:00 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-10-29 07:43 . 2005-09-04 14:57 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2005-09-04 14:57 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2005-09-04 14:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2005-09-04 14:56 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2005-09-04 14:56 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:40 . 2005-09-04 14:56 79872 ----a-w- c:\windows\system32\raschap.dll
2007-04-25 08:49 . 2008-04-26 20:40 328 ------w- c:\programmer\GuideMenuSetup.iss
2007-04-06 03:28 . 2008-04-26 20:44 1237 ------w- c:\programmer\WinDVDSetup.iss
2008-04-26 21:05 . 2008-04-26 21:05 8 --sh--r- c:\windows\system32\0EADB8B601.sys
2008-05-13 21:04 . 2008-04-26 21:05 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
- 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 14:14 238968 ----a-w- c:\programmer\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2004-11-24 53248]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-03-11 24095528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-01 77824]
"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]
"PowerManager"="c:\programmer\Power Manager\PM.exe" [2005-08-19 163840]
"Net-It Launcher"="c:\windows\system32\NILaunch.exe" [1998-02-05 24576]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"SpySweeper"="c:\programmer\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
PGPtray.lnk - c:\programmer\PGP Corporation\PGP for Windows XP\PGPtray.exe [2006-3-19 331776]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuideMenu
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-03-12 21:43 81920 ----a-w- c:\programmer\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-03 18:55 1862144 ----a-w- c:\programmer\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBMGRNT.EXE]
2002-07-17 16:42 69692 ----a-w- c:\progra~2\SAFEBO~1\sbmgrnt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eFax 4.1"="c:\programmer\eFax Messenger 4.1\J2GDllCmd.exe" /R
"eFax 4.3"="c:\programmer\eFax Messenger 4.3\J2GDllCmd.exe" /R
"EPSON Stylus DX3800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
"HP Software Update"=c:\programmer\hp\HP Software Update\HPWuSchd2.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"ATIPTA"=c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmer\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmer\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2006-04-12 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2006-04-12 5248]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [2002-07-17 24280]
R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [2002-02-09 44688]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-06 29808]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2002-07-17 4368]
R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [2002-07-17 5808]
R2 PGPsdkServ;PGPsdkService;c:\windows\system32\PGPsdkServ.exe [2006-03-19 65536]
R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot Solo\sbmgrnt.exe [2002-07-17 69692]
R2 WRConsumerService;Webroot Client Service;c:\programmer\Webroot\WebrootSecurity\WRConsumerService.exe [2010-01-07 1201640]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2005-09-04 5504]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [2008-04-28 93440]
S3 krdpdre;krdpdre;\??\c:\docume~1\Lene\LOKALE~1\Temp\krdpdre.sys --> c:\docume~1\Lene\LOKALE~1\Temp\krdpdre.sys [?]
S3 UsbCmxp;Scientific Atlanta WebSTAR 2000 series Cable Modem;c:\windows\system32\DRIVERS\sacmxp2.sys --> c:\windows\system32\DRIVERS\sacmxp2.sys [?]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [2008-03-06 98432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Indhold af mappen 'Planlagte Opgaver'
2010-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmer\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 05:51]
2010-01-08 c:\windows\Tasks\wrSpySweeper_LDD7D1476CE28482C98ADA9056AF7438D.job
- c:\programmer\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-01-07 14:19]
2010-01-08 c:\windows\Tasks\wrSpySweeper_LDD7D1476CE28482C98ADA9056AF7438D.job
- c:\programmer\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-01-07 14:19]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.jubii.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 172.16.0.1:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
.
------- Fil Associationer -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - TOMME GENVEJE FJERNET - - - -
MSConfigStartUp-QuickTime Task - c:\programmer\QuickTime\QTTask.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 07:37
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85779AE8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7636f28
\Driver\ACPI -> ACPI.sys @ 0xf7442cb8
\Driver\atapi -> 0x85779ae8
\Driver\iaStor -> iaStor.sys @ 0xf7318974
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Gennemført tid: 2010-01-09 07:44:46
ComboFix-quarantined-files.txt 2010-01-09 06:44
ComboFix2.txt 2009-03-26 08:01
ComboFix3.txt 2009-03-17 05:37
Pre-Kørsel: 53,376,278,528 byte ledig
Post-Kørsel: 53,361,848,320 byte ledig
- - End Of File - - 9789228D8F2D824EB2472337CBA4D916
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55, on 2010-01-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Programmer\Fælles filer\Protexis\License Service\PSIService.exe
C:\Program Files\SafeBoot Solo\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Programmer\Power Manager\PM.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\DrvMon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [SMSERIAL] "sm56hlpr.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Programmer\Power Manager\PM.exe
O4 - HKLM\..\Run: [Net-It Launcher] "C:\WINDOWS\system32\NILaunch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DrvMon.exe] "C:\WINDOWS\system32\DrvMon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Programmer\Fælles filer\Protexis\License Service\PSIService.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot Solo\SBMGRNT.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
--
End of file - 8156 bytes
Paa forhaand tak for hjaelpen.
MVH
Lene