CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede mrwheel Nybegynder
03. april 2010 - 00:40 Der er 8 kommentarer og
1 løsning

Virus / underlige BHO

Hej Jeg har lavet en række forskellige logs som jeg har lagt ind her, pt er maskinen ved at lave en Malmware scanning og den er ikke færdig.

Inden jeg har lavet en DDS log har jeg dog kørt CC-Cleaner.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14-11-2009 18:35:55
System Uptime: 04-02-2010 23:29:53 (1369 hours ago)

Motherboard: ASUSTeK Computer INC. |  | P5LD2
Processor: Intel(R) Core(TM)2 CPU          6300  @ 1.86GHz | Socket 775 | 1862/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 186 GiB total, 133,441 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 240,137 GiB free.
E: is FIXED (NTFS) - 100 GiB total, 31,174 GiB free.
F: is FIXED (NTFS) - 101 GiB total, 63,384 GiB free.
G: is FIXED (NTFS) - 86 GiB total, 77 GiB free.
H: is FIXED (NTFS) - 197 GiB total, 87,809 GiB free.
I: is CDROM (CDFS)
J: is CDROM ()
N: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_19\4&CA55412&0&00E3
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_19\4&CA55412&0&00E3
Service: yukonw7

==== System Restore Points ===================

RP149: 01-04-2010 19:00:12 - Windows Update
RP150: 02-04-2010 09:21:33 - Removed MobileMe Control Panel
RP151: 02-04-2010 09:42:29 - Removed TTDAlter
RP152: 02-04-2010 14:18:28 - Installed Locomotion
RP153: 02-04-2010 14:28:24 - Removed Locomotion
RP154: 02-04-2010 15:50:25 - Installed InstallShield Restore Point
RP155: 02-04-2010 17:27:30 - Installed EPSON Print CD
RP156: 02-04-2010 17:29:43 - Installed EPSON Easy Photo Print
RP157: 02-04-2010 17:29:55 - Installed EPSON Easy Photo Print
RP158: 02-04-2010 17:32:54 - Installed EPSON Attach To Email
RP159: 02-04-2010 17:33:40 - Installed EPSON Scan Assistant
RP160: 02-04-2010 17:34:16 - Installed EPSON File Manager
RP161: 02-04-2010 17:34:30 - Installed EPSON File Manager
RP162: 02-04-2010 17:35:26 - Installed Camera RAW Plug-In for EPSON Creativity Suite
RP163: 02-04-2010 17:35:39 - Installed Camera RAW Plug-In for EPSON Creativity Suite
RP164: 02-04-2010 23:23:33 - Removed Rapidshare Auto Downloader 4.0
RP165: 02-04-2010 23:24:22 - Fjernede Politikens Engelsk-Dansk Dansk-Engelsk Ordbog
RP166: 03-04-2010 00:02:11 - Installed HiJackThis

==== Installed Programs ======================

Acrobat.com
Active WebCam
adgangforalle.dk 2.1
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3 - Dansk
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AirPlus G DWL-G510
Airport Mania
Akeeba eXtract Wizard 2.5
Apple Application Support
Apple Software Update
AVG 9.0
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Big Fish Games: Game Manager
BlazeDTV 6.0
Camera RAW Plug-In for EPSON Creativity Suite
Camtasia Studio 6
CCleaner
CoffeeCup HTML Editor
Connect
Crane Simulator 2009
DAEMON Tools Toolbar
DHTML Editing Component
Digital Signatur
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Scan
EPSON Scan Assistant
EPSON Stylus Photo RX585_RX610 Håndbog
erLT
FileZilla Client 3.3.2
Gadget til seneste dokumenter i Microsoft Office 2007
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Gmail Backup
Google Apps
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Handbrake 0.9.4
HiJackThis
HijackThis 2.0.2
Java(TM) 6 Update 17
Kildevisning til Windows SideShow
kuler
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (2.0.0.24)
MSVCRT
Nero 8
NetSoftware
Notepad++
NVIDIA GAME System Software 2.8.1
Opdatering til Microsoft Office Excel 2007 Help (KB963678)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669)
Opdatering til Microsoft Office Word 2007 Help (KB963665)
OpenTTD 1.0.0-RC3
Overførselsværktøj til Windows Live
PDF Settings CS4
Photoshop Camera Raw
QuickTime
RapidShare Manager
REALTEK DTV USB DEVICE
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype Toolbars
Skype™ 4.2
SmartFTP Client Setup Files 4.0 (x64) (remove only)
Snagit 9.1
Suite Shared Configuration CS4
System Requirements Lab
Tobii SymbolMate
TV 2 NEWS
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb979895)
USB DVB-T TV Driver
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Internet Explorer Platform Preview
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
WinRAR arkivering
Xilisoft iPhone Ringtone Maker
YouTube Downloader 2.5.3
ZyXEL Wireless N-lite USB Adapter Utility

==== End Of File ===========================



DDS (Ver_10-03-17.01) - NTFSX64 
Run by Henrik Larsen at  0:28:46,33 on 03-04-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Professional  6.1.7600.0.1252.45.1030.18.3199.876 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATICLE.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\ZyXEL\NWD-270N\Common\NWD-270N.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\ZyXEL\NWD-270N\Common\RalinkRegistryWriter.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
I:\EPSETUP.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
E:\Sikkerhed\dds.pif
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.dk/
uSearch Bar = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files (x86)\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: gwprimawega: {3791e684-c401-7f0b-e28d-4ad6bcfcf5e2} - c:\windows\syswow64\ttl9-f_l.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Hjælp til tilmelding til Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: IEHlprObj Class: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\netsoftware\IEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files (x86)\techsmith\snagit 9\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [Sidebar] c:\program files (x86)\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [AdobeBridge] "c:\program files (x86)\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [EPSON Stylus Photo RX585 Series] c:\windows\system32\spool\drivers\x64\3\e_iaticle.exe /fu "c:\windows\temp\E_S33E9.tmp" /EF "HKCU"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Google Quick Search Box] "c:\program files (x86)\google\quick search box\GoogleQuickSearchBox.exe"  /autorun
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [TV 2 NEWS] c:\program files (x86)\tv 2\tv 2 news\tv2news.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [NBKeyScan] "c:\program files (x86)\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [NetSoftware] "c:\program files\netsoftware\starter.exe" /path="c:\program files\NetSoftware"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\users\henrik~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{91120000-001a-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files (x86)\techsmith\snagit 9\Snagit32.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files (x86)\zyxel\nwd-270n\common\NWD-270N.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://netbank.danskebank.dk/html/activex/DB/Menu.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15109/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\SKYPEIEPLUGIN.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\google\google~4\GO36F4~1.DLL
{00C6482D-C502-44C8-8409-FCE54AD9C208}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{32099AAC-C132-4136-9E9A-4E364A424E17}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\henrik~1\appdata\roaming\mozilla\firefox\profiles\s39h9wmt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/ig?hl=da&source=iglk
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\netsoftware\gemgecko\components\gemgecko.dll
FF - component: c:\users\henrik larsen\appdata\roaming\mozilla\firefox\profiles\s39h9wmt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\henrik larsen\appdata\roaming\mozilla\firefox\profiles\s39h9wmt.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\henrik larsen\appdata\roaming\mozilla\firefox\profiles\s39h9wmt.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",  1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",      2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",      1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",  25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",    5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwa.sys [2010-1-22 27144]
R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2010-1-22 56008]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6a.sys [2010-1-22 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-1-22 269320]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-1-22 35464]
R1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-1-22 316936]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-5 308064]
R2 avgfws9;AVG Firewall;c:\program files (x86)\avg\avg9\avgfws9.exe [2010-3-5 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-5 5888008]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files (x86)\zyxel\nwd-270n\common\RalinkRegistryWriter.exe [2009-11-15 69632]
R3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSDriver.sys [2010-1-22 132616]
R3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSFilter.sys [2010-1-22 35848]
R3 lvpepf64;Volume Adapter;c:\windows\system32\drivers\lv302a64.sys [2009-11-14 15896]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-11-14 327576]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [2009-7-13 42912]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 117152]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [2009-10-26 38944]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-22 34032]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]
S2 gupdate1ca6852e7b3de0d;Tjenesten Google Update (gupdate1ca6852e7b3de0d);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-11-18 133104]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-11-15 1038088]
S3 GoogleDesktopManager-110309-193829;Google Desktop-administrator 5.9.911.3589;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2010-1-24 30192]
S3 netr28ux;Driver til trådløst RT2870 USB LAN-kort til Vista;c:\windows\system32\drivers\netr28ux.sys [2009-6-10 867328]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-11-22 113704]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-11-22 19496]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-11-22 152616]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-11-22 133160]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-11-22 34856]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-11-22 128552]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-11-22 145960]
S3 StorSvc;Lagertjeneste;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-9-28 395264]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
VBEFile=c:\windows\syswow64\WScript.exe "%1" %*
VBSFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-04-02 22:11:14    24664    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-04-02 22:06:12    0    d-----w-    c:\program files (x86)\Trend Micro
2010-04-02 22:05:55    0    d-----w-    c:\users\henrik~1\appdata\roaming\Malwarebytes
2010-04-02 22:05:48    0    d-----w-    c:\programdata\Malwarebytes
2010-04-02 22:05:48    0    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2010-04-02 22:02:36    0    d-----w-    c:\program files (x86)\TrendMicro
2010-04-02 18:40:53    0    d-----w-    c:\program files (x86)\CCleaner
2010-04-02 15:31:06    0    d-----w-    c:\programdata\UDL
2010-04-02 15:27:46    0    d-----w-    c:\program files (x86)\EPSON Print CD
2010-04-02 13:46:49    86528    ----a-w-    c:\windows\system32\E_IBCBCLE.DLL
2010-04-02 13:46:49    129536    ----a-w-    c:\windows\system32\E_ILMCLE.DLL
2010-04-02 13:46:44    0    d-----w-    c:\program files\EPSON
2010-04-02 13:45:38    26    ----a-w-    c:\windows\CDERX585EXPORT.ini
2010-04-02 12:18:44    0    d-----w-    c:\program files (x86)\Atari
2010-04-02 08:21:06    2562    ----a-w-    c:\windows\diagwrn.xml
2010-04-02 08:21:06    1908    ----a-w-    c:\windows\diagerr.xml
2010-04-02 08:01:47    0    d-----w-    c:\programdata\RoboForm
2010-04-02 08:01:16    0    d-----w-    c:\program files (x86)\Siber Systems
2010-04-02 07:34:00    0    d-----w-    c:\program files\WinRAR
2010-04-01 14:21:40    65536    --sha-w-    c:\users\henrik larsen\ntuser.dat{d0462b4f-3d8f-11df-9614-e6b61f91c5e6}.TM.blf
2010-04-01 14:21:40    524288    --sha-w-    c:\users\henrik larsen\ntuser.dat{d0462b4f-3d8f-11df-9614-e6b61f91c5e6}.TMContainer00000000000000000002.regtrans-ms
2010-04-01 14:21:40    524288    --sha-w-    c:\users\henrik larsen\ntuser.dat{d0462b4f-3d8f-11df-9614-e6b61f91c5e6}.TMContainer00000000000000000001.regtrans-ms
2010-03-31 12:23:44    1306624    ----a-w-    c:\windows\syswow64\ttl9-f_l.dll
2010-03-31 11:07:29    0    d-----w-    C:\Downloads
2010-03-28 12:09:22    0    d-----w-    c:\program files (x86)\Owen Rudge
2010-03-28 12:08:38    0    d-----w-    c:\windows\Downloaded Installations
2010-03-27 14:34:19    107864    ----a-w-    c:\windows\syswow64\tsccvid.dll
2010-03-27 14:34:16    0    d-----w-    c:\windows\syswow64\QuickTime
2010-03-27 14:33:53    0    d-----w-    c:\program files (x86)\common files\TechSmith Shared
2010-03-26 22:48:08    0    d-----w-    c:\program files (x86)\Akeeba
2010-03-23 08:46:02    0    d-----w-    c:\program files\OpenTTD
2010-03-22 14:46:05    0    d-----w-    c:\program files (x86)\Internet Explorer Platform Preview
2010-03-18 14:18:23    0    d-----w-    c:\program files (x86)\YouTube Downloader
2010-03-17 21:58:51    0    d-----w-    C:\adgangforalle.dk
2010-03-17 07:58:36    8704    --sha-w-    c:\users\henrik larsen\Thumbs.db
2010-03-14 17:03:45    294912    ----a-w-    c:\windows\system32\browserchoice.exe
2010-03-09 15:15:55    3972    ----a-w-    c:\users\henrik larsen\Birthe Larsen.pkcs12
2010-03-05 09:02:54    12976    ----a-w-    c:\windows\system32\avgrssta.dll

==================== Find3M  ====================

2010-04-02 17:58:56    0    ----a-w-    c:\users\henrik larsen\temp.dat
2010-03-30 18:41:15    76536    ----a-w-    c:\windows\system32\perfc006.dat
2010-03-30 18:41:15    461038    ----a-w-    c:\windows\system32\perfh006.dat
2010-03-05 09:02:58    316936    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2010-03-05 09:02:54    35464    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2010-03-05 09:02:46    27144    ----a-w-    c:\windows\system32\drivers\AVGIDSwa.sys
2010-03-05 09:02:42    269320    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2010-03-05 09:02:39    56008    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2010-02-24 08:16:06    212864    ------w-    c:\windows\system32\MpSigStub.exe
2010-02-23 08:22:50    1192960    ----a-w-    c:\windows\system32\wininet.dll
2010-02-23 07:56:00    977920    ----a-w-    c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56    1225216    ----a-w-    c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45    606208    ----a-w-    c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43    64512    ----a-w-    c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43    5964800    ----a-w-    c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24    10978816    ----a-w-    c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20    381440    ----a-w-    c:\windows\syswow64\iedkcs32.dll
2010-02-02 08:36:47    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-02-02 07:45:54    2048    ----a-w-    c:\windows\syswow64\tzres.dll
2010-01-19 09:05:57    424960    ----a-w-    c:\windows\system32\secproc.dll
2010-01-19 09:05:57    422912    ----a-w-    c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57    121856    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57    121856    ----a-w-    c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44    305152    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43    357888    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37    356352    ----a-w-    c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37    306688    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31    85504    ----a-w-    c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31    85504    ----a-w-    c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31    365568    ----a-w-    c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30    369152    ----a-w-    c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33    324608    ----a-w-    c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33    277504    ----a-w-    c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30    320512    ----a-w-    c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30    280064    ----a-w-    c:\windows\syswow64\RMActivate_ssp.exe
2009-07-14 07:34:23    39236    ----a-w-    c:\windows\inf\perflib\0406\perfd.dat
2009-07-14 07:34:23    39236    ----a-w-    c:\windows\inf\perflib\0406\perfc.dat
2009-07-14 07:34:23    306636    ----a-w-    c:\windows\inf\perflib\0406\perfi.dat
2009-07-14 07:34:23    306636    ----a-w-    c:\windows\inf\perflib\0406\perfh.dat
2009-07-14 04:54:24    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 04:54:24    174    --sha-w-    c:\program files (x86)\desktop.ini
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53    398848    --sha-w-    c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH:  0:30:23,59 ===============


Sig endelig til hvis i har brug for yderligere log filer!
Avatar billede mrwheel Nybegynder
03. april 2010 - 07:58 #1
Her er logfilen fra MalWarebytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03-04-2010 07:54:52
mbam-log-2010-04-03 (07-54-52).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|H:\|)
Objekter skannet: 584047
Tid gået: 2 time(r), 42 minut(ter), 16 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabase Nøgler Inficeret: 3
Registreringsdatabase Værdier Inficeret: 0
Registreringsdatabase Data Objekter Inficeret: 1
Inficerede Mapper: 2
Inficerede Filer: 8

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabase Nøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3791e684-c401-7f0b-e28d-4ad6bcfcf5e2} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3791e684-c401-7f0b-e28d-4ad6bcfcf5e2} (Adware.BHO) -> No action taken.

Registreringsdatabase Værdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabase Data Objekter Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Inficerede Mapper:
C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> No action taken.
C:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> No action taken.

Inficerede Filer:
E:\RapidShare\Adobe keygens\LiCSrCLWAATCdkd\adobe-master-cs4pre-keygen.exe (Trojan.Agent.CK) -> No action taken.
E:\RapidShare\EA universelkeygen\Keygen\Keygen.exe (Trojan.Orsam) -> No action taken.
E:\RapidShare\Screen Capture\TechSmith\Tech.SnagitV9.1.0B.206.ZWTSerial\Techsmith Snagit 9.1.0 Build 206.ZWT\Keygen\Keygen_Z.W.T\keygen.exe (Malware.Tool) -> No action taken.
C:\Windows\System32\SYSTEM32\DRIVERS\RTL2832UBDA.sys (Trojan.Agent) -> No action taken.
C:\Windows\System32\SYSTEM32\DRIVERS\RTL2832UUSB.sys (Trojan.Agent) -> No action taken.
C:\Windows\System32\SYSTEM32\DRIVERS\RTL2832U_IRHID.sys (Trojan.Agent) -> No action taken.
C:\ProgramData\blazedvd.dll (Trojan.Agent) -> No action taken.
C:\Windows\SysWOW64\ttl9-f_l.dll (Adware.BHO) -> No action taken.
Avatar billede Computer Hjælp (Gratis) Mester
03. april 2010 - 10:03 #2
YFFER PYFFER...

Hvad tror du ...No action taken... betyder ?

Du glemte tryk på "Fjern det valgte" da MalwareBytes var kørt færdig... Så OM IGEN med MalwareBytes (husk evt. opdatering først!)

---

Og la' nu vær' med at 'lege' med disse "Keygen" / "Cracks" / ... det fører jo ikke noget godt med sig!!!
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
Avatar billede mrwheel Nybegynder
03. april 2010 - 10:13 #3
Se jeg tog den første log, men så at der skulle udføres så det skete kort efter jeg postede den første Malware log. Her er den så udført.


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03-04-2010 07:59:35
mbam-log-2010-04-03 (07-59-35).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|H:\|)
Objekter skannet: 584047
Tid gået: 2 time(r), 42 minut(ter), 16 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabase Nøgler Inficeret: 3
Registreringsdatabase Værdier Inficeret: 0
Registreringsdatabase Data Objekter Inficeret: 1
Inficerede Mapper: 2
Inficerede Filer: 8

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabase Nøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3791e684-c401-7f0b-e28d-4ad6bcfcf5e2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3791e684-c401-7f0b-e28d-4ad6bcfcf5e2} (Adware.BHO) -> Quarantined and deleted successfully.

Registreringsdatabase Værdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabase Data Objekter Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Filer:
E:\RapidShare\Adobe keygens\LiCSrCLWAATCdkd\adobe-master-cs4pre-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
E:\RapidShare\EA universelkeygen\Keygen\Keygen.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
E:\RapidShare\Screen Capture\TechSmith\Tech.SnagitV9.1.0B.206.ZWTSerial\Techsmith Snagit 9.1.0 Build 206.ZWT\Keygen\Keygen_Z.W.T\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS\RTL2832UBDA.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS\RTL2832UUSB.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS\RTL2832U_IRHID.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\blazedvd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ttl9-f_l.dll (Adware.BHO) -> Delete on reboot.
Avatar billede f-arn Guru
03. april 2010 - 10:13 #4
Det værste er at jeg tror det er en 64 bit. Det betyder at logløsning ikke er muligt her. Forum software gør at der skæres for meget af Old Timer logs.
Avatar billede Computer Hjælp (Gratis) Mester
03. april 2010 - 10:28 #5
<f-arn>: Du kører bare videre her...
Avatar billede mrwheel Nybegynder
03. april 2010 - 10:32 #6
JA det er et 64 bit OS jeg har, og det er først blevet slemt efter at jeg var inde på en ukendt hjemmeside den anden dag (jeg landede på den ved et tilfælde).

Jeg bruger dog ikke P2P programmer...
Avatar billede Computer Hjælp (Gratis) Mester
03. april 2010 - 10:39 #7
Hmmm...

... og på den måde (...ukendt hjemmeside den anden dag (jeg landede på den ved et tilfælde)...) dukkede
E:\RapidShare\*
bare op ???
*S*
Avatar billede mrwheel Nybegynder
03. april 2010 - 10:49 #8
Det er ikke kommet fra deres side de underlige reklamer der dukkede op i min IE8 de er kommet fra en anden side...

Man skal ikke skære alt over en kam hvad angår disse ting / sider men ja der skal passes på men maskine køre glimmerende igen... ;) trækker følehornene til mig igen.
Avatar billede mrwheel Nybegynder
18. august 2010 - 18:49 #9
Ja hvorfor lukke spørgsmålet mon? især når folk hakker på en at man gør noget som nogen mener er forkert, men man kan faktisk hente lovlige ting på visse sider.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 01:14 Windows 10 - IIS 10 Af bsn i Windows
I går 20:39 Boot fra USB Af poulmadsen i Windows
I går 11:43 Gmail-ikon på skrivebordet Win 10 Af ErikHg i Fri debat
I går 09:22 Lopslag Af Luffe i Excel
03/0719:15 Personlige indstillinger på Facebook Af nu_igen i Sociale medier
White papers
Flere white papers »


Premium
Teaser billede
IBM Danmark lander million-underskud - omsætning faldet med halv milliard kroner på et år
Læs mere »
Rigsrevisionen undersøger it-sikkerheden i Banedanmarks signalsystem
Nye prisstigninger kan være på vej til VMware-kunder: Priser står til flerdobling
Oplæring i ny it skaber frustrationer: Mange ansatte føler, at de spilder tiden
Se alle »
Computerworld
Teaser billede
Softwarefirmaet Teamviewer med 640.000 kunder globalt ramt af avanceret hackerangreb
Læs mere »
En pladesaks, 1000W og et Nvidia-grafikkort til 14.000 kroner - sådan opgraderede jeg min pc
Test: Endelig en skærm der er god til alt - lige fra gaming og underholdning til kontorbrug
I dag træder nye de regler om registrering af din arbejdstid i kraft: Er du klar?
Se alle »
CIO
Teaser billede
Efter stort hackerangreb mod Teamviewer: Stop dine opdateringer og tjek opsætningen nu
Læs mere »
I dag træder nye de regler om registrering af din arbejdstid i kraft: Er du klar?
Frygtet melding: Russiske hackere har stjålet Microsoft-kunders e-mails
Russisk hack af Microsoft er meget større end først antaget
Se alle »
Job & Karriere
Teaser billede
Bo solgte sit software-system for et treciftret millionbeløb: Brugte pengene på at købe 80 medarbejdere til ny storsatsning
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
MDR: Transparent sikkerhed og overvågning i realtid
Læs mere »
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Samlet platform sikrer sammenhæng, kontrol og sikkerhed i hybrid cloud
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »