Windows Update-fejl 80070490

Fremgangs måden for vista er:

Windows Update virker ikke, og opdateringer kan ikke installeres
Der skal en lille rettelse til, og det gør du med et lille program som hedder Dial-a-fix.



Her til Vista


1. Download denne fil. http://www.kortelinks.dk/?HPOOH
2. Højreklik på WindowsUpdate-Reg.cmd og vælg Kør som administrator.
3. Tjek Windows Update.

Desværre , melder stadig samme fejl

Prøv dette istedet http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=231&PN=1

Ved problemer med at opdatere til Vista Sp. 2, komponerede jeg følgende fremgangsmåde af det, jeg fandt på nettet. Prøv den, hvis de andre forslag ikke virker:

1. Kør CHKDSK. I mit tilfælde fandtes to korrupte filer.

2. CHKDSK's gerninger løser ikke problemet, men man skal notere sig de korrupte filer (én eller flere).

3. Derefter slettes de pågældende filer. Hvis de er i
system32-mappen, må man gennem klikkeøvelserne med at tage ejerskab, dernæst fuld kontrol og så slette.

(4. Kør CHKDSK igen og den genindlæser de to "Lost files".
Jeg er ikke sikker på, at dette punkt er nødvendigt, men det skader heller ikke.)

5. Så kunne Windows Update installere Sp2 uden problemer.

Selv om jeg lukker alt andet,kan den ikke få adgang "bruges af anden ...)

prøv dette: [imghttp://pctricks.dk/chkdsk-pa-vista-215.html[/img]
og bagefter dette


[imghttp://www.it-artikler.dk/2008/06/19/reparer-systemfilerne-i-windows-vista/[/img] sfc /scannow

prøv dette: http://pctricks.dk/chkdsk-pa-vista-215.html
og bagefter dette


http://www.it-artikler.dk/2008/06/19/reparer-systemfilerne-i-windows-vista/ sfc /scannow

Desværre , samme resultat.

Udfør venligst dette:


Hent og instalér CCleaner 1. http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning.





Hent Malwarebytes Anti-Malware herfra:
2. http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind i denne tråd.
Vigtigt: Du skal, inden du klikker på "Skan" knappen i Malwarebytes Anti-Malware gå op i fanen "Opdater", klik på "Tjek for opdatering", bliv ved til den skriver du har nyeste database, (DET SKAL UDFØRES).

Hent og kør sas

Hent og installer 1. http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start superantispyware, klik på Check for updates.
Klik på Scan your Computer, sæt flueben i de drev der skal scannes. (Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.


Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, og gemmer den på skrivebordet.





Hent HijackThis her, gem den I en mappe så du kan finde den.
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
1. Dobbeltklik på det nye HijackThis ikon
Vista bruger skal klikke med højre-musetast på program filen > Vælg "Kør som administrator"
2. På menuen der kommer op, klikker du på: Do a systemscan and save a logfile.
3. Efter et kort øjeblik åbner en logfil i notesblok, kopier teksten herind

Det var en større omgang.

Malwarebytes' Anti-Malware 1.44
Database version: 3739
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

14-02-2010 22:44:57
mbam-log-2010-02-14 (22-44-57).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 351748
Tid tilbagelagt: 1 hour(s), 47 minute(s), 7 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\temp\hcf.exe (Rogue.Installer) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:53:03, on 15-02-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\far\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparekassen-vendsyssel.dk
O15 - Trusted Zone: www.sparv.dk
O15 - Trusted Zone: www.testby.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparekassen-vendsyssel.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266072288649
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9721 bytes

Afinstaller ask toolbar


Kør hijackthis scan og fix disse linier


O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)




Kom med en ny hijackthis log og kør superantispyware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:01, on 15-02-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\far\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparekassen-vendsyssel.dk
O15 - Trusted Zone: www.sparv.dk
O15 - Trusted Zone: www.testby.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparekassen-vendsyssel.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266072288649
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9068 bytes

Kører nu superantispyware

Desværre samme fejlnummer

Kom med loggen og udfør dette



Hent Combofix, og gem den på dit skrivebord, som alg.exe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Luk alle andre vinduer ned.

Kør så combofix.exe, og følg anvisningerne.

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix txt

Indholdet af denne fil må du gerne lægge herind

Superantispyware loggen slettede jeg, kan selvfølgelig køre den igen?




ComboFix 10-02-16.03 - far 17-02-2010  21:35:43.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.2038.904 [GMT 1:00]
Kører fra: c:\users\far\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1674595945-2017179872-3778674227-500
c:\$recycle.bin\S-1-5-21-2304783522-1850635467-2630122807-500
c:\$recycle.bin\S-1-5-21-3852295878-3484362443-4022584128-500
c:\$recycle.bin\S-1-5-21-999333346-789248744-1644448349-500
C:\LOG.TXT
c:\users\far\Documents\regdata.reg

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-01-17 til 2010-02-17  )))))))))))))))))))))))))))))))))))
.

2010-02-17 20:49 . 2010-02-17 20:49    --------    d-----w-    c:\users\far\AppData\Local\temp
2010-02-17 20:49 . 2010-02-17 20:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-02-15 06:51 . 2010-02-15 06:51    52224    ----a-w-    c:\users\far\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-15 06:51 . 2010-02-16 14:48    117760    ----a-w-    c:\users\far\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-14 21:57 . 2010-02-14 21:57    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2010-02-14 21:57 . 2010-02-15 06:51    --------    d-----w-    c:\program files\SUPERAntiSpyware
2010-02-14 21:57 . 2010-02-14 21:57    --------    d-----w-    c:\users\far\AppData\Roaming\SUPERAntiSpyware.com
2010-02-14 21:56 . 2010-02-14 21:56    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-02-14 19:50 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 19:50 . 2010-02-14 19:50    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-02-14 19:50 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 18:18 . 2009-11-20 08:42    --------    d-----w-    c:\program files\BitComet
2010-02-10 18:22 . 2007-09-13 04:44    --------    d-----w-    c:\program files\Google
2010-02-09 19:40 . 2009-02-17 21:00    --------    d-----w-    c:\program files\Teamspeak2_RC2
2010-02-09 17:52 . 2007-11-20 14:55    --------    d-----w-    c:\program files\Lavasoft
2010-02-09 17:52 . 2007-11-20 14:55    --------    d-----w-    c:\programdata\Lavasoft
2010-01-30 16:08 . 2006-11-21 04:49    81790    ----a-w-    c:\windows\system32\perfc006.dat
2010-01-30 16:08 . 2006-11-21 04:49    471658    ----a-w-    c:\windows\system32\perfh006.dat
2010-01-30 12:42 . 2008-12-09 15:26    0    ----a-w-    c:\users\far\temp.dat
2010-01-17 08:36 . 2007-08-25 12:16    --------    d-----w-    c:\program files\Common Files\Adobe
2010-01-16 14:02 . 2009-11-01 19:42    --------    d-----w-    c:\program files\QuadWeb
2010-01-16 13:50 . 2008-12-23 20:38    --------    d-----w-    c:\users\far\AppData\Roaming\Vso
2010-01-14 17:24 . 2007-10-22 17:53    --------    d-----w-    c:\users\far\AppData\Roaming\Skype
2010-01-14 17:05 . 2007-11-25 14:53    --------    d-----w-    c:\users\far\AppData\Roaming\skypePM
2010-01-10 20:45 . 2010-01-10 20:45    --------    d-----w-    c:\program files\VSO
2010-01-10 13:56 . 2010-01-10 13:53    --------    d-----w-    c:\program files\Aplus FLV to DIVX Converter
2010-01-10 13:42 . 2010-01-10 13:42    --------    d-----w-    c:\program files\Emicsoft Studio
2010-01-02 19:35 . 2007-10-22 18:30    --------    d-----w-    c:\users\far\AppData\Roaming\FileZilla
2009-12-30 20:43 . 2009-12-30 20:37    --------    d-----w-    c:\program files\Unlocker
2009-12-30 18:16 . 2009-09-28 14:19    --------    d-----w-    c:\users\far\AppData\Roaming\vlc
2009-12-30 18:09 . 2009-11-20 18:40    --------    d-----w-    c:\program files\MpcStar
2009-12-27 13:17 . 2007-11-23 13:35    --------    d-----w-    c:\users\far\AppData\Roaming\Apple Computer
2009-12-27 13:16 . 2009-12-27 13:15    --------    d-----w-    c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-27 13:16 . 2009-12-27 13:15    --------    d-----w-    c:\program files\iTunes
2009-12-27 13:15 . 2009-12-27 13:15    --------    d-----w-    c:\program files\iPod
2009-12-27 13:15 . 2009-12-27 13:07    --------    d-----w-    c:\program files\Common Files\Apple
2009-12-27 13:14 . 2009-12-27 13:14    --------    d-----w-    c:\program files\Bonjour
2009-12-27 13:14 . 2009-12-27 13:13    --------    d-----w-    c:\program files\QuickTime
2009-12-23 11:41 . 2007-10-22 17:07    --------    d-----w-    c:\users\far\AppData\Roaming\U3
2009-12-16 18:41 . 2007-08-25 09:17    319456    ----a-w-    c:\windows\DIFxAPI.dll
2009-11-24 23:54 . 2008-12-30 23:09    1280480    ----a-w-    c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-12-30 23:09    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-30 23:09    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-12-30 23:09    53328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2008-12-30 23:09    48560    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-12-30 23:09    23120    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-12-30 23:09    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-11-22 19:13 . 2009-05-28 18:45    16    ----a-w-    c:\windows\popcinfo.dat
2009-11-22 14:58 . 2009-01-02 19:19    292120    ----a-w-    c:\programdata\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2009-11-20 20:48 . 2009-11-20 20:48    476512    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\RadioRip.dll
2009-11-20 20:48 . 2009-11-20 20:48    169312    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgSoundclick.dll
2009-11-20 20:48 . 2009-11-20 20:48    128352    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgMyspace.dll
2009-11-20 20:48 . 2009-11-20 20:48    111968    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgPandora.dll
2009-11-20 20:48 . 2009-11-20 20:48    99680    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgIJigg.dll
2009-11-20 20:48 . 2009-11-20 20:48    230752    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgHypemachine.dll
2009-11-20 20:48 . 2009-11-20 20:48    132448    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgImeem.dll
2009-11-20 20:48 . 2009-11-20 20:48    111968    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgLastfm.dll
2009-11-20 20:48 . 2009-11-20 20:48    120160    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgGeneral.dll
2009-11-20 20:48 . 2009-11-20 20:48    87392    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgDefault.dll
2009-11-20 20:48 . 2009-11-20 20:48    140640    ----a-w-    c:\programdata\RapidSolution\Tunebite_2009\RadioRip\PlgDeezer.dll
2009-11-20 08:42 . 2009-11-20 08:42    1032192    ----a-w-    c:\users\far\AppData\Roaming\Mozilla\Firefox\Profiles\n5w7h1jq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-15 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-02-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-15 06:51    548352    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57    948672    ----a-r-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57    35760    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
2007-12-18 13:20    401408    ------w-    c:\program files\Creative\Creative Media Lite\CTZDetec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52    49152    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33    141600    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 13:32    56080    ----a-w-    c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17    52256    ----a-w-    c:\program files\Home Cinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
2006-12-26 09:23    180224    ----a-w-    c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2007-09-04 10:45    2560000    ----a-w-    c:\program files\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 10:35    94208    ----a-w-    c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08    417792    ----a-w-    c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 13:54    16896    ----a-w-    c:\program files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
2009-09-10 16:58    4678960    ----a-w-    c:\program files\RapidSolution\Tunebite\Tunebite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33    15872    ----a-w-    c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
2007-09-07 07:26    86016    ----a-w-    c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33    202240    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9e,49,53,03,76,06,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2461692144-2294394301-1871040877-1000]
"EnableNotificationsRef"=dword:00000001

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [05-02-2009 19:38 212520]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31-12-2008 00:09 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [29-02-2008 16:03 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31-12-2008 00:09 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [31-12-2008 00:09 53328]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [11-08-2009 15:01 185640]
R3 RRNetCapMP;RRNetCapMP;c:\windows\System32\drivers\rrnetcap.sys [03-11-2009 16:47 27168]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25-01-2008 10:12 25088]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [25-08-2007 11:18 13976]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-07-2009 14:53 133104]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe --> c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [?]
S3 DrmRDriverV32;DrmRDriverV32;c:\windows\System32\drivers\DrmRDriverV32.sys [10-08-2008 15:24 23096]
S3 DrmRVideo32;DrmRVideo32;c:\windows\System32\drivers\DrmRVideo32.sys [10-08-2008 15:24 3768]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [16-06-2009 19:57 13224]
S3 MovRVDrv32;MovRVDrv32;c:\windows\System32\drivers\MovRVDrv32.sys [10-08-2008 13:13 3768]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [01-02-2008 15:17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [01-02-2008 15:17 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29-06-2007 01:01 42512]
S3 PhilCap;NXP service;c:\windows\System32\drivers\PhilCap.sys [25-08-2007 09:42 908896]
S3 RRNetCap;RRNetCap Service;c:\windows\System32\drivers\rrnetcap.sys [03-11-2009 16:47 27168]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [04-08-2008 15:12 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [04-08-2008 15:12 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [04-08-2008 15:12 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [04-08-2008 15:12 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [04-08-2008 15:12 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [04-08-2008 15:12 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [04-08-2008 15:12 110120]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\System32\drivers\usbaapl.sys [28-08-2009 19:42 40448]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [12-09-2007 12:14 118784]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 14:32    8192    ----a-w-    c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Indhold af mappen 'Planlagte Opgaver'

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:53]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:53]
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: bec.dk\web30.prod
Trusted Zone: danid.dk
Trusted Zone: nordjyskebank.dk
Trusted Zone: portalbank.dk\www
Trusted Zone: sparekassen-vendsyssel.dk\www
Trusted Zone: sparv.dk\www
Trusted Zone: tdc.dk\udstedelse.certifikat
Trusted Zone: testby.dk\www
Trusted Zone: danid.dk
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparekassen-vendsyssel.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
FF - ProfilePath - c:\users\far\AppData\Roaming\Mozilla\Firefox\Profiles\n5w7h1jq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - component: c:\users\far\AppData\Roaming\Mozilla\Firefox\Profiles\n5w7h1jq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\users\far\AppData\Roaming\Mozilla\Firefox\Profiles\n5w7h1jq.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\far\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 21:49
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2010-02-17  21:54:44
ComboFix-quarantined-files.txt  2010-02-17 20:54
ComboFix2.txt  2009-01-01 16:15

Pre-Kørsel: 15.657.492.480 byte ledig
Post-Kørsel: 15.395.581.952 byte ledig

- - End Of File - - 9E5656A0FDD696736E1FC9CA27DA052F

Nej det passer ikke den er her:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/15/2010 at 00:37 AM

Application Version : 4.0.1154

Core Rules Database Version : 4584
Trace Rules Database Version: 2396

Scan type      : Complete Scan
Total Scan Time : 01:34:27

Memory items scanned      : 622
Memory threats detected  : 0
Registry items scanned    : 8913
Registry threats detected : 0
File items scanned        : 48950
File threats detected    : 165

Adware.Tracking Cookie
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@track.adform[6].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adtech[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adserver3.openadex[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@atdmt[6].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@doubleclick[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@bankdata.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@sexinyourcity[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@stats.zmags[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@click.cashengines[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.clickadserver[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.sumotorrent[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.whaleads[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.whaleads[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adserver.hardsextube[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.sumotorrent[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@mediaprovider.adservinginternational[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adserver.adreactor[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@serving-sys[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@specificclick[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@www.pornbay[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@www.cracksearchengine[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@tradedoubler[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@hitbox[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@www.googleadservices[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@www.googleadservices[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@www.googleadservices[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ad.yieldmanager[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@doubleclick[5].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@tradedoubler[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ad.yieldmanager[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@bluestreak[5].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@www.googleadservices[5].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@www.googleadservices[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@track.webgains[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adtech[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@tradedoubler[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@toplist[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adtech[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adultfriendfinder[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adviva[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adviva[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adultfriendfinder[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.start[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adtech[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@findpriser[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@atdmt[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@track.adform[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@track.adform[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@statcounter[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@tribalfusion[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@tribalfusion[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@statcounter[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@www.partypoker[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@www.partypoker[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adprotraffic[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ad1.emediate[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.ad4game[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adxpansion[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.ad4game[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@chitika[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adbrite[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@secure.partyaccount[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adbrite[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adbrite[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.crakmedia[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@advertising[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adserver.karamco[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@stats.webtrafficagents[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@eas4.emediate[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@semlerit.112.2o7[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@click.mediadome[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@content.yieldmanager[6].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@content.yieldmanager[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@content.yieldmanager[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adserver3.openadex[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@advertising[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ad2.doublepimp[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.fulldls[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ads.fulldls[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@statse.webtrendslive[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@statse.webtrendslive[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ad.proxad[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ad.yieldmanager[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@advertising[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@aller.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@adviva[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@atdmt[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@apmebf[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@apmebf[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@atdmt[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@atdmt[4].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@audiag.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@bluestreak[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@banner.skisport[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@bluestreak[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@bravenet[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@bluestreak[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@bs.serving-sys[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@burstnet[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@cdn5.specificclick[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@cdn5.specificclick[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@content.yieldmanager[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@chitika[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@click.mediadome[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@click.mediadome[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@collective-media[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@cracksearchengine[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@cracksearchengine[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@danskespil.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@dansksupermarked.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@doubleclick[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@divx.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@doubleclick[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@doubleclick[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ehg-nokiafin.hitbox[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@dsupermarked.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@dustinab.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@e2.emediate[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@eas.apm.emediate[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@eas8.emediate[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@eas8.emediate[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@eas8.emediate[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ehg-bbc.hitbox[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ehg-linksys.hitbox[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ero-advertising[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@ehg-skistar.hitbox[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@elkjop.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@elkjop.112.2o7[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@exaporn[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@fastclick[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@findpriser[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@hardsextube[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@hitbox[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@kontera[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@m1.webstats.motigo[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@mediaplex[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@mediaplex[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@msnportal.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@msnportal.112.2o7[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@netsundhedsplejerske.advertserve[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@nykredit.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@nykredit.112.2o7[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@openx.findpriser[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@openx.findpriser[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@overture[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@partyaccount[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@partypoker[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@partypoker[3].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@revsci[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@semlerit.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@semlerit.112.2o7[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@serving-sys[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@specificclick[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@specificclick[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@statcounter[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@stats.zmags[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@sundheddk.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@telmore.112.2o7[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@telmore.112.2o7[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@track.adform[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@toplist[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@track.adform[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@valueclick[2].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@xiti[1].txt
    C:\Users\far\AppData\Roaming\Microsoft\Windows\Cookies\far@xiti[2].txt

Slet manuel denne fil og kom med en ny hijackthis log

C:\WINDOWS\popcinfo.dat

Har slettet filen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:11, on 18-02-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\far\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparekassen-vendsyssel.dk
O15 - Trusted Zone: www.sparv.dk
O15 - Trusted Zone: www.testby.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparekassen-vendsyssel.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266072288649
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9181 bytes

Fix denne linie

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)


Hvordan kører maskinen nu?

Jeg er nærmest lidt flov over at måtte sige at den kommer med samme fejl: Windows Update-fejl 80070490.
Alt andet på maskinen er iorden men kan stadig ikke opdatere.

Tag backup af dine data og prøv dette


Vi prøver metoden på en anden måde - nemlig ved hjælp af din Vista CD.

Sæt din computer til at boote fra CD/DVD'en - boote op på din installations cd - tryk på en tast når du bliver spurgt.

Ved "Velkommen til Installation", trykker du på F10 eller tryk på "R" for at reparere.

Nu kommer du til Genoprettelsekonsollen,
Af de tre muligheder skal du vælge den med Kommandoprompt.
Du skulle gerne ende med C:\WINDOWS>_
(Hvis den spørger efter admin. kode og du ikke bruger nogen, så tryk blot på <Enter>)

Hvilken Windows-installation vil du logge på: 1 <Enter>
Efter : <C:\WINDOWS > Skriver du: chkdsk c: /p /r <Enter>
Når den er færdig med at scanne, skriv: Exit <Enter>

Hvad endte denne med??

Undskyld jeg ikke har reageret.
Jeg tror dit sidste forslag ligger noget ud over mine evner, specielt fordi jeg ikke kunne få muligheden for at køre en reparation på den medfølgende cd.

Helt iorden.

Prøv dette igen istedet.


1. Download denne fil: http://www.kortelinks.dk/?HPOOH
2.Højreklik på WindowsUpdate-Reg.cmd og vælg Kør som administrator.
3. Tjek Windows Update.

Samme resultat:
Windows Update-fejl 80070490

Opdater malwarebytes og kør et nyt fuldstændigt scan, kom med loggen sammen med en ny hijackthis log.

Hvis at du bruger windows egen firewall så prøv at slå den fra. Kan du så opdatere?

Slog firewall fra: ingen forskel.

Malwarebytes' Anti-Malware 1.44
Database version: 3739
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

14-02-2010 22:44:57
mbam-log-2010-02-14 (22-44-57).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 351748
Tid tilbagelagt: 1 hour(s), 47 minute(s), 7 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\temp\hcf.exe (Rogue.Installer) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:11, on 02-03-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Windows\system32\conime.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\far\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparekassen-vendsyssel.dk
O15 - Trusted Zone: www.sparv.dk
O15 - Trusted Zone: www.testby.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparekassen-vendsyssel.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266072288649
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9066 bytes

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:




Killall
Snapshot::
File::
C:\temp\hcf.exe
C:\windows\system32\drivers\msqpdxmqltoixh.sys
Hosts::
Registry::
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msqpdxserv.sys
Driver::
msqpdxserv.sys


klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.




Opdater malwarebytes og kør et nyt fuldstændigt scan igen

ComboFix 10-03-02.02 - far 02-03-2010  21:44:27.5.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.2038.772 [GMT 1:00]
Kører fra: c:\users\far\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\far\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\temp\hcf.exe"
"c:\windows\system32\drivers\msqpdxmqltoixh.sys"
.

(((((((((((((((((((((((((((((  Filer skabt fra 2010-02-02 til 2010-03-02  )))))))))))))))))))))))))))))))))))
.

2010-03-02 20:56 . 2010-03-02 20:58    --------    d-----w-    c:\users\far\AppData\Local\temp
2010-03-02 20:56 . 2010-03-02 20:56    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-03-02 20:56 . 2010-03-02 20:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-02-25 21:51 . 2010-02-25 21:51    --------    d-----w-    c:\windows\CheckSur
2010-02-25 21:22 . 2010-02-25 21:22    --------    d-----w-    c:\users\far\AppData\Roaming\IrfanView
2010-02-24 11:13 . 2010-02-24 11:13    --------    d-----w-    C:\SparVen
2010-02-20 19:22 . 2010-02-20 19:24    --------    d-----w-    C:\TDC+drm
2010-02-20 16:16 . 2008-01-09 11:28    27632    ----a-w-    c:\windows\system32\drivers\seehcri.sys
2010-02-14 21:57 . 2010-02-14 21:57    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2010-02-14 21:57 . 2010-02-23 20:00    --------    d-----w-    c:\program files\SUPERAntiSpyware
2010-02-14 21:57 . 2010-02-14 21:57    --------    d-----w-    c:\users\far\AppData\Roaming\SUPERAntiSpyware.com
2010-02-14 21:56 . 2010-02-14 21:56    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-02-14 19:50 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 19:50 . 2010-02-14 19:50    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-02-14 19:50 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 14:26 . 2006-11-21 04:49    81790    ----a-w-    c:\windows\system32\perfc006.dat
2010-02-28 14:26 . 2006-11-21 04:49    471658    ----a-w-    c:\windows\system32\perfh006.dat
2010-02-28 14:23 . 2007-10-22 17:07    --------    d-----w-    c:\users\far\AppData\Roaming\U3
2010-02-26 21:53 . 2009-09-28 14:19    --------    d-----w-    c:\users\far\AppData\Roaming\vlc
2010-02-24 19:33 . 2010-02-15 06:51    117760    ----a-w-    c:\users\far\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-24 19:03 . 2009-11-20 18:40    --------    d-----w-    c:\program files\MpcStar
2010-02-20 16:16 . 2008-08-04 14:12    --------    d-----w-    c:\program files\Sony Ericsson
2010-02-20 16:16 . 2007-08-25 08:53    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-02-20 16:16 . 2008-08-04 14:38    --------    d-----w-    c:\program files\Avanquest update
2010-02-18 15:39 . 2009-11-20 08:42    --------    d-----w-    c:\program files\BitComet
2010-02-18 15:38 . 2009-12-27 13:07    --------    d-----w-    c:\program files\Common Files\Apple
2010-02-15 06:51 . 2010-02-15 06:51    52224    ----a-w-    c:\users\far\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-10 18:22 . 2007-09-13 04:44    --------    d-----w-    c:\program files\Google
2010-02-09 19:40 . 2009-02-17 21:00    --------    d-----w-    c:\program files\Teamspeak2_RC2
2010-02-09 17:52 . 2007-11-20 14:55    --------    d-----w-    c:\program files\Lavasoft
2010-02-09 17:52 . 2007-11-20 14:55    --------    d-----w-    c:\programdata\Lavasoft
2010-01-30 12:42 . 2008-12-09 15:26    0    ----a-w-    c:\users\far\temp.dat
2010-01-17 08:36 . 2007-08-25 12:16    --------    d-----w-    c:\program files\Common Files\Adobe
2010-01-16 14:02 . 2009-11-01 19:42    --------    d-----w-    c:\program files\QuadWeb
2010-01-16 13:50 . 2008-12-23 20:38    --------    d-----w-    c:\users\far\AppData\Roaming\Vso
2010-01-14 17:24 . 2007-10-22 17:53    --------    d-----w-    c:\users\far\AppData\Roaming\Skype
2010-01-14 17:05 . 2007-11-25 14:53    --------    d-----w-    c:\users\far\AppData\Roaming\skypePM
2010-01-10 20:45 . 2010-01-10 20:45    --------    d-----w-    c:\program files\VSO
2010-01-10 13:56 . 2010-01-10 13:53    --------    d-----w-    c:\program files\Aplus FLV to DIVX Converter
2010-01-10 13:42 . 2010-01-10 13:42    --------    d-----w-    c:\program files\Emicsoft Studio
2010-01-02 19:35 . 2007-10-22 18:30    --------    d-----w-    c:\users\far\AppData\Roaming\FileZilla
2009-12-16 18:41 . 2007-08-25 09:17    319456    ----a-w-    c:\windows\DIFxAPI.dll
.

------- Sigcheck -------

Cryptography Services Error !!
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-23 2012912]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-02-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-15 06:51    548352    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57    948672    ----a-r-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57    35760    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
2007-12-18 13:20    401408    ------w-    c:\program files\Creative\Creative Media Lite\CTZDetec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52    49152    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33    141600    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 13:32    56080    ----a-w-    c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17    52256    ----a-w-    c:\program files\Home Cinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
2006-12-26 09:23    180224    ----a-w-    c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2007-09-04 10:45    2560000    ----a-w-    c:\program files\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 10:35    94208    ----a-w-    c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08    417792    ----a-w-    c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 13:54    16896    ----a-w-    c:\program files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
2009-09-10 16:58    4678960    ----a-w-    c:\program files\RapidSolution\Tunebite\Tunebite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33    15872    ----a-w-    c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
2007-09-07 07:26    86016    ----a-w-    c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33    202240    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9e,49,53,03,76,06,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2461692144-2294394301-1871040877-1000]
"EnableNotificationsRef"=dword:00000001

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 133104]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-08-11 185640]
R3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2008-06-04 23096]
R3 DrmRVideo32;DrmRVideo32;c:\windows\system32\DRIVERS\DrmRVideo32.sys [2008-06-04 3768]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-06-16 13224]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
R3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-11-03 27168]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-23 12872]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [x]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-23 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-23 66632]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-11-03 27168]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 14:32    8192    ----a-w-    c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Indhold af mappen 'Planlagte Opgaver'

2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:53]

2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:53]
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: bec.dk\web30.prod
Trusted Zone: danid.dk
Trusted Zone: nordjyskebank.dk
Trusted Zone: portalbank.dk\www
Trusted Zone: sparekassen-vendsyssel.dk\www
Trusted Zone: sparv.dk\www
Trusted Zone: tdc.dk\udstedelse.certifikat
Trusted Zone: testby.dk\www
Trusted Zone: danid.dk
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparekassen-vendsyssel.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
FF - ProfilePath - c:\users\far\AppData\Roaming\Mozilla\Firefox\Profiles\n5w7h1jq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\users\far\AppData\Roaming\Mozilla\Firefox\Profiles\n5w7h1jq.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 22:09
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-02  22:10:24 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-03-02 21:10
ComboFix2.txt  2010-03-02 20:38
ComboFix3.txt  2010-02-17 20:54
ComboFix4.txt  2009-01-01 16:15

Pre-Kørsel: 38.755.934.208 byte ledig
Post-Kørsel: 38.438.031.360 byte ledig

- - End Of File - - 7D6718F9FE848C1D427FC7AC229DE531

Kommer der en log fra malwarebytes OPDATERET??

Malwarebytes' Anti-Malware 1.44
Database version: 3815
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

03-03-2010 07:42:29
mbam-log-2010-03-03 (07-42-29).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 352136
Tid tilbagelagt: 1 hour(s), 45 minute(s), 9 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

Jeg har pinget en expert indenfor combofix osv, da at jeg er kørt fast i dit problem.

Tak for anstrengelserne.

Så lidt :)

Men da at det ikke ser ud til at eksperten kommer, vil jeg anbefale dig at spørge her www.malwarecheck.dk/forum og linke til denne tråd