Windows Firewall "hænger" under opstart

Du har en Facebook trojaner. Malwarebytes har muligvis nakket den helt, men det vil være en god ide at tjekke med flere scannere. SuperAntiSpyware og Kaspersky. Vejledninger til begge to her http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Hm, ok. Tak for henvendelsen. Jeg har nu kørt begge programmer, SuperAntiSpyware gav en  rapport, jeg logger her, efterfølgende - jeg slettede de 5 cookies, den så som trusler. Kaspersky meddelte mig to gange, at en fil havde et password - jeg ved ikke, om jeg evt skal undersøge noget videre her - men ellers fandt den ikke noget.

Venlig hilsen

Lars H.J.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/29/2010 at 10:32 AM

Application Version : 4.35.1002

Core Rules Database Version : 4866
Trace Rules Database Version: 2678

Scan type      : Complete Scan
Total Scan Time : 01:03:31

Memory items scanned      : 598
Memory threats detected  : 0
Registry items scanned    : 6184
Registry threats detected : 0
File items scanned        : 18542
File threats detected    : 5

Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@interclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt

Det lyder som om at Malwarebytes fik fjernet den helt. Du bør lige nulstille systemgendannelsen. Vejledning i mit link, hvis du ikke lige ved hvordan.

Stadigvæk problemer med firewallen i opstarten?

For en sikkerheds skyld så stik mig/os lige en hijackthis log

Hent HijackThis her, gem den I en mappe så du kan finde den.

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html


Dobbeltklik på det nye HijackThis ikon
Vista og windows 7 bruger skal klikke med højre-musetast på program filen > Vælg "Kør som administrator"
2. På menuen der kommer op, klikker du på: Do a systemscan and save a logfile.
3. Efter et kort øjeblik åbner en logfil i notesblok, kopier teksten herind

En HiJackThis log følger her (Tager heldigvis ikke lige 2 timer, som de 2 foregående programmer...)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:12, on 29-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer.exe
C:\Programmer\Microsoft IntelliType Pro\itype.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmer\DAEMON Tools Lite\DTLite.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Microsoft IntelliType Pro\dpupdchk.exe
D:\Programmer\uTorrent\uTorrent.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
D:\Programmer\Peerblock\peerblock.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Outlook Express\msimn.exe
D:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Programmer\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmer\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [itype] "C:\Programmer\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmer\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [iLike] C:\Programmer\iLike\1.2.16\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "d:\Programmer\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Genvej til peerblock.lnk = D:\Programmer\Peerblock\peerblock.exe
O4 - Startup: _uninst_setup_9.0.0.722_29.04.2010_11-23.exe.lnk = C:\Documents and Settings\Lars Hovgaard Jensen\Lokale indstillinger\Temp\_uninst_setup_9.0.0.722_29.04.2010_11-23.exe.bat
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Programmer\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5723/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Tjenesten Google Update (gupdate1c9e56cac377bc0) (gupdate1c9e56cac377bc0) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe

--
End of file - 11119 bytes

Noget at spændede at se? Men inden nogen bruger deres sene nattetimer, på dette projekt, så er det jo sådan set weekend, og med en ekstra helligdag, og godt vejr, forventer jeg ikke noget svar før tidligst i næste uge. God weekend!

Og, har iøvrigt lavet en systemgendannelse - som vejledningen sagde.

Du lavede forhåbentlig ikke en systemgendannelse. Meningen var at du skulle slette alle gamle gendannelsespunkter. Hvis du fulgte vejledningen, så var det også det du gjorde.

Jeg kan iøvrigt anbefale dig at læse dette, angående Facebook og billeder http://nettipsforum.dk/topic12890.html

Giv den gerne videre til vennerne, så den forhåbentligt kan blive kendt af så mange som muligt.

Iøvrigt, den bruger der bad om HijackThis loggen må også se på den.

Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linjerne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked. Genstart


O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Hvis at du ikke bruger en proxy server så skal denne entry også fixes


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local



Og så lige et afsluttende tjek


Hent Combofix, og gem den i en mappe, som alg.exe

http://kortlink.dk/7qa6

Luk alle andre vinduer ned.

Kør så combofix.exe (alg.exe), og følg anvisningerne.

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix txt

Indholdet af denne fil må du gerne lægge herind

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.



NB: Vista og windows 7 brugere skal højere klikke på combofix og vælge kør som administrator.

Afinstall
*  [uTorrent]

http://www.spywarefri.dk/artikel/farerne-ved-fildeling/

---

PS: Du behøver ikke at lade CCleaner starte automatisk under hver eneste opstart...

Drop nu det der pis med afinstallation af torrent og fildelingsprogrammer. Fildeling er ikke farligere end at man gør det til, bare man har ordentlig AV og bruger sund fornuft så er der ingen farer ved det.

(SELVE Fildelningprogrammet i sig SELV er ikke 'farligt'; det er mere elementer er kommer derfra som vil/kan give ballade. Sund fornuft eller ej ... Og lade den køre i baggrunden hele tiden - hmmm...)

Igen sund fornuft, download kun det at du er 100% sikekr på er rent og scan det efterfølgende med dit av og jotti og virustotal så er du sikker på at det er rent.

1. Det hører ikke nogen steder hjemme, at "beordre" andre brugere at afinstallere legitime programmer.

2. På den anden side, kan brug af fildelingsprogrammer ikke anbefales, hvis man gerne vil have sin bankkonto og passwords i fred. Man kan scanne med 50 programmer, og alligevel ikke være spor sikker på noget. Der dukker 50.000 stykker ny malware op hver DAG, og langt det meste på fildelingstjenster og cracksites.

1. Enig


2. Selvom at man så bruger det bedste av og ikke bruger p2p så kan man stadig få virus som f.eks den meget udbredte security tool.

Det med at spywarefri kræver afinstallere af p2p og torrent programmer er fuldstændig latterligt, de skal IKKE blande sig i om at brugerne bruger p2p, cracks og keygens, alt hvad at man bruger er på eget ansvar. Jeg bruger begge dele og har stadig en clean maskine. 

Så lige her til sidste synes jeg også at det er helt hen i vejret at de ikke vil supporte ulovlige systemer, de får jo ikke nogen bøde hvis at brugeren bliver bustet.

Haha, Karise:Larry  -hvorfor så ikke bare slette windows, eller lade være med at tænde for computeren? Eller tv'et, det er sikkert også usundt. Utorrent, og isohunt er af mine foretrukne programmer og digitale jagtmarker - og ja, der kommer lidt virus ind, en gang imellem - men du skal jo også have noget at lave, ellers ville du sikker kede dig ihjel ;-)


Det er da rigtigt, at jeg har ldet den køre i beggrunden, det var nu mere for at hente en længere film. Det er nu rettet. 

HiJackThis ændringerne følger.

Karise_Larry: CC cleaner opstart ved windows opstart rettet.

Partick14: HiJackThis er kørt, med dine anbefalede afcheckninger.

Umiddelbart har det givet den ændring, at mine Firefox Mozilla genvej til denne tråd, har åbnet den i MSExplorer (?). Det kunne jeg da godt tænke mig at få rettet tilbage (!).

Eller, ok, det er måske "ComboFix", der har ændret dette, hvad ved jeg... Nå, det ser ud til, at min "Default Browser" var blevet ændret, af en eller anden grund. Nu rettet tilbage.

Her er loggen, for Combofix, del 1

(Lige en kommentar - er det godt eller nødvendigt at have Windows Genoprettelseskonsol, hvad bruger man det til? Noget med noget backup, i tilfælde af crash? Skal jeg bare lade ComboFix installere det (lige i starten af kørslen):

ComboFix 10-05-02.02 - Lars Hovgaard Jensen 03-05-2010  10:26:07.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2047.1615 [GMT 2:00]
Kører fra: d:\downloadd\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100502-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Dannede nyt systemgendannelsespunkt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmer\WindowsUpdate

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DDNSFILTER


(((((((((((((((((((((((((((((  Filer skabt fra 2010-04-03 til 2010-05-03  )))))))))))))))))))))))))))))))))))
.

2010-05-01 16:11 . 2010-05-01 16:11    --------    d-----w-    c:\programmer\iPod
2010-05-01 16:11 . 2010-05-01 16:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-01 16:04 . 2010-05-01 16:04    --------    d-----w-    c:\programmer\Bonjour
2010-04-29 07:26 . 2010-04-29 07:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-29 07:25 . 2010-04-29 07:25    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\SUPERAntiSpyware.com
2010-04-29 07:25 . 2010-04-29 07:25    --------    d-----w-    c:\programmer\Fælles filer\Wise Installation Wizard
2010-04-22 19:15 . 2010-04-22 19:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\PhotoStitch
2010-04-15 14:02 . 2010-04-15 14:02    --------    d-----w-    c:\documents and settings\All Users\Application Data\F-Secure
2010-04-15 12:00 . 2010-04-15 12:02    --------    d-----w-    c:\programmer\Fælles filer\Adobe
2010-04-15 06:38 . 2010-04-15 06:39    --------    d-----w-    c:\programmer\QuickTime
2010-04-08 11:20 . 2010-04-08 11:20    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2010-04-07 15:21 . 2010-04-07 15:21    --------    d-----w-    c:\programmer\DAEMON Tools Lite

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 08:44 . 2009-12-01 15:45    --------    d-----w-    c:\programmer\SPAMfighter
2010-05-03 08:12 . 2009-05-23 16:12    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\uTorrent
2010-05-02 17:42 . 2009-06-26 07:10    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Apple Computer
2010-05-01 16:11 . 2009-06-26 07:07    --------    d-----w-    c:\programmer\Fælles filer\Apple
2010-05-01 16:03 . 2010-05-01 16:03    73000    ----a-w-    c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-01 16:03 . 2010-02-18 15:44    24452    ---ha-w-    c:\windows\system32\mlfcache.dat
2010-04-29 10:30 . 2010-03-16 11:13    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\vlc
2010-04-29 07:26 . 2010-04-29 07:26    52224    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-29 07:26 . 2010-04-29 07:26    117760    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-29 07:25 . 2010-04-29 07:25    65024    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-04-29 07:25 . 2010-04-29 07:25    5120    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-04-29 07:25 . 2010-04-29 07:25    18944    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-04-28 06:33 . 2003-07-30 15:02    3404288    ----a-w-    c:\windows\system32\logonuix.exe
2010-04-25 15:48 . 2010-04-25 15:48    388096    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-25 15:48 . 2009-08-19 10:34    --------    d-----w-    c:\programmer\Trend Micro
2010-04-22 19:56 . 2009-05-31 15:48    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\ZoomBrowser EX
2010-04-22 18:39 . 2009-05-31 15:47    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\CameraWindowDC
2010-04-15 22:14 . 2009-05-19 15:21    --------    d-----w-    c:\programmer\Google
2010-04-14 08:31 . 2009-05-23 17:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 21:07 . 2010-01-17 17:12    50354    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook\uninstall.exe
2010-04-12 21:07 . 2010-01-17 17:12    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook
2010-04-07 15:21 . 2009-05-23 12:51    --------    d-----w-    c:\programmer\DAEMON Tools Toolbar
2010-03-31 08:25 . 2009-07-25 15:25    8854    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe
2010-03-31 08:25 . 2009-07-25 15:25    45056    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2010-03-31 08:25 . 2009-07-25 15:25    45056    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2010-03-31 08:25 . 2009-07-25 15:25    40960    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2010-03-31 08:25 . 2009-07-25 15:25    10134    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe
2010-03-31 08:24 . 2010-03-31 08:24    --------    d-----w-    c:\programmer\Fælles filer\Stardock
2010-03-31 08:22 . 2010-03-31 08:22    --------    d-----w-    c:\programmer\FileSubmit
2010-03-31 07:25 . 2009-08-23 06:15    --------    d-----w-    c:\documents and settings\All Users\Application Data\Norton
2010-03-31 07:25 . 2010-03-01 22:21    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2010-03-31 07:21 . 2010-03-31 07:21    --------    d-----w-    c:\programmer\Fælles filer\Java
2010-03-31 07:21 . 2010-03-31 07:21    503808    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-513a1454-n\msvcp71.dll
2010-03-31 07:21 . 2010-03-31 07:21    499712    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-513a1454-n\jmc.dll
2010-03-31 07:21 . 2010-03-31 07:21    348160    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-513a1454-n\msvcr71.dll
2010-03-31 07:21 . 2010-03-31 07:21    61440    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-759f0271-n\decora-sse.dll
2010-03-31 07:21 . 2010-03-31 07:21    12800    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-759f0271-n\decora-d3d.dll
2010-03-31 07:21 . 2009-05-19 19:39    --------    d-----w-    c:\programmer\Java
2010-03-31 07:00 . 2009-05-19 20:56    29440    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-03-31 07:00 . 2010-03-31 07:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\Stardock
2010-03-31 07:00 . 2010-03-31 07:00    --------    d-----w-    c:\programmer\Stardock
2010-03-29 22:46 . 2009-08-20 12:32    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-08-20 12:32    20824    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-03-28 15:50 . 2003-07-30 15:10    447834    ----a-w-    c:\windows\system32\perfh006.dat
2010-03-28 15:50 . 2003-07-30 15:10    78192    ----a-w-    c:\windows\system32\perfc006.dat
2010-03-25 09:27 . 2010-04-13 11:38    1107264    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-20 18:27 . 2009-05-19 13:55    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2010-03-13 19:13 . 2010-03-13 19:13    --------    d-----w-    c:\programmer\Fælles filer\PCSuite
2010-03-13 19:13 . 2009-07-17 09:07    --------    d-----w-    c:\programmer\Fælles filer\Nokia
2010-03-13 19:13 . 2009-05-22 09:20    --------    d-----w-    c:\programmer\Nokia
2010-03-13 19:13 . 2009-05-22 09:23    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Nokia
2010-03-13 19:12 . 2010-03-13 19:12    --------    d-----w-    c:\programmer\PC Connectivity Solution
2010-03-13 19:11 . 2010-03-13 19:11    95232    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-13 19:11 . 2010-03-13 19:11    8192    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-13 19:11 . 2010-03-13 19:11    61440    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-13 19:11 . 2010-03-13 19:11    10240    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-13 19:08 . 2009-05-22 09:20    --------    d-----w-    c:\documents and settings\All Users\Application Data\Installations
2010-03-13 19:08 . 2010-03-13 19:11    34510000    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_dan.exe
2010-03-10 21:13 . 2009-06-06 10:22    0    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\temp.dat
2010-03-10 06:17 . 2003-07-30 15:17    420352    ----a-w-    c:\windows\system32\vbscript.dll
2010-03-09 09:07 . 2010-03-09 09:07    --------    d-----w-    c:\programmer\Microsoft IntelliType Pro
2010-03-09 02:28 . 2009-05-19 19:39    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-03-08 14:15 . 2010-02-02 12:43    451640    ----a-w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-03-08 08:38 . 2010-02-14 18:53    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox
2010-03-06 05:30 . 2010-03-06 05:30    5582848    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-26 08:04 . 2010-02-14 18:54    91696    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 08:02 . 2010-02-26 08:02    13264416    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10    21979992    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 06:18 . 2003-07-30 15:19    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-07-30 15:04    455680    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 04:39 . 2010-02-23 22:19    52224    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAlert.dll
2010-02-19 04:39 . 2010-02-23 22:19    101376    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore.dll
2010-02-17 12:09 . 2003-07-30 15:08    2192512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2002-09-09 14:07    2069376    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 19:46    293376    ------w-    c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2003-07-30 14:54    100864    ----a-w-    c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-07-30 15:16    226880    ----a-w-    c:\windows\system32\drivers\tcpip6.sys
2010-02-04 09:01 . 2010-02-08 22:06    74072    ----a-w-    c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-08 22:06    528216    ----a-w-    c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-08 22:06    238936    ----a-w-    c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-08 22:06    22360    ----a-w-    c:\windows\system32\X3DAudio1_7.dll
2010-02-02 10:22 . 2010-02-02 10:22    3351812    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-02-02 10:22 . 2010-02-02 10:22    36864    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-02-02 10:22 . 2010-02-02 10:22    3203453    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-02-02 10:22 . 2010-02-02 10:22    24414896    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_da.exe
2009-06-02 09:36 . 2009-06-02 09:36    1234120    -c--a-w-    c:\programmer\wrar380.exe
2009-06-01 22:58 . 2009-06-01 22:58    13714760    ----a-w-    c:\programmer\winzip121.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]
"ccleaner"="c:\programmer\CCleaner\ccleaner.exe" [2009-09-24 1685816]
"iLike"="c:\programmer\iLike\1.2.16\ilikesidebar.exe" [2008-09-10 63024]
"PC Suite Tray"="c:\programmer\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"DAEMON Tools Lite"="c:\programmer\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="d:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-29 2020592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmer\Fælles filer\Nokia\MPlatform\NokiaMServer" [X]
"Apoint"="c:\programmer\Apoint\Apoint.exe" [2003-08-20 151552]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 335872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-05 114741]
"StorageGuard"="c:\programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" [2003-02-12 155648]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SPAMfighter Agent"="c:\programmer\SPAMfighter\SFAgent.exe" [2009-08-27 336520]
"itype"="c:\programmer\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"LogonStudio"="c:\programmer\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper"="d:\programmer\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lars Hovgaard Jensen\Menuen Start\Programmer\Start\
Genvej til peerblock.lnk - d:\programmer\Peerblock\peerblock.exe [2010-3-8 1524824]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2009-6-21 809488]
Wireless Configuration Utility HW.15.lnk - c:\programmer\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe [2006-11-19 634880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuix.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21    548352    ----a-w-    d:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30    72208    ----a-w-    c:\programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Skyracer USB.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Skyracer USB.lnk
backup=c:\windows\pss\Skyracer USB.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lars Hovgaard Jensen^Menuen Start^Programmer^Start^Dropbox.lnk]
path=c:\documents and settings\Lars Hovgaard Jensen\Menuen Start\Programmer\Start\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06    142120    ----a-w-    d:\programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gupdate1c9e56cac377bc0"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmer\\uTorrent\\uTorrent.exe"=
"d:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Documents and Settings\\Lars Hovgaard Jensen\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
"d:\\Programmer\\SopCast\\adv\\SopAdver.exe"=
"d:\\Programmer\\SopCast\\SopCast.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23-05-2009 14:22 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20-05-2009 11:30 114768]
R1 SASDIFSV;SASDIFSV;d:\programmer\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;d:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [17-02-2010 11:15 61440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20-05-2009 11:30 20560]
R2 SECYPECP;SECYPECP;c:\windows\system32\drivers\SECYPECP.sys [16-02-2010 16:08 14032]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\programmer\SPAMfighter\sfus.exe [27-08-2009 10:24 189064]
R3 pbfilter;pbfilter;d:\programmer\Peerblock\pbfilter.sys [08-03-2010 11:03 14424]
S2 gupdate1c9e56cac377bc0;Tjenesten Google Update (gupdate1c9e56cac377bc0);c:\programmer\Google\Update\GoogleUpdate.exe [05-06-2009 01:32 133104]
S3 SASENUM;SASENUM;d:\programmer\SUPERAntiSpyware\SASENUM.SYS [17-02-2010 11:15 12872]

ComboFix, del 2:

Sætter pris på jeres tid og tålmodighed, jeg tror, det vil tage mig lang tid at sætte mig ind i det her - i har ligesom gjort forarbejdet, fornemmer jeg !

(Måske skulle der være flere point på spil... Bruger i egentlig de her point til noget? Kan man købe varer eller programmer for dem, eller hvordan virker det? Nå, et tillægsspørgsmål...)

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - PBFILTER
.
Indhold af mappen 'Planlagte Opgaver'

2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-06-04 23:31]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-06-04 23:31]

2010-03-09 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\programmer\Microsoft IntelliType Pro\itype.exe [2009-11-11 17:04]

2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{E885D613-DBB6-4147-A0A5-DDF2AD197CBB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.facebook.com/home.php?
IE: E&ksporter til Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: danid.dk
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536667&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - component: c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore.dll
FF - component: c:\programmer\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programmer\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\programmer\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programmer\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programmer\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-msnmsgr - c:\programmer\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-Rainlendar2 - d:\programmer\Rainlendar2\Rainlendar2.exe
AddRemove-Grand Theft Auto - d:\spil\gta\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 10:42
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll atapi.sys spch.sys >>UNKNOWN [0x89BC5938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf74a3cb8
\Driver\atapi -> sfsync02.sys @ 0xf7717d60
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xbaf1cbb0
PacketIndicateHandler -> NDIS.sys @ 0xbaf29a21
SendHandler -> NDIS.sys @ 0xbaf0787b
user & kernel MBR OK

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1606980848-854245398-1004\Software\SecuROM\License information*]
"datasecu"=hex:44,12,16,cd,c8,a0,9d,ec,88,23,6e,29,b4,19,2b,5f,b9,99,87,1b,05,
  d3,4e,68,3e,7b,1d,bb,49,c4,de,e9,49,60,3d,44,21,28,95,04,0f,60,1c,2e,bb,71,\
"rkeysecu"=hex:43,5d,80,f7,5e,70,59,6f,2b,b1,da,5e,47,dd,1f,7f
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(624)
d:\programmer\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2956)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\Canon\CAL\CALMAIN.exe
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
c:\programmer\Apoint\Apntex.exe
c:\programmer\Fælles filer\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\msiexec.exe
c:\programmer\Microsoft IntelliType Pro\dpupdchk.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\programmer\iPod\bin\iPodService.exe
c:\programmer\PC Connectivity Solution\ServiceLayer.exe
c:\programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmer\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Gennemført tid: 2010-05-03  10:51:55 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-05-03 08:51

Pre-Kørsel: 3.100.033.024 byte ledig
Post-Kørsel: 3.078.320.128 byte ledig

- - End Of File - - 6B49A6CFDED62ED45ED10436DB1D8D23

Find og upload denne fil til http://virusscan.jotti.org/en og www.virustotal.com/

Send resultaterne fra begge scanninger herind sammen med en ny hijackthis log. Ang. det med standard browser så Start > Angiv programmer og standarder > Brugerdefinderet, der kan du indstille din standard browser.

Pinligt det er denne fil at der skal uploades c:\windows\system32\drivers\sptd.sys

<< Citat fra Patrick14 - Det med at spywarefri kræver afinstallere af p2p og torrent programmer er fuldstændig latterligt, de skal IKKE blande sig i om at brugerne bruger p2p, cracks og keygens, alt hvad at man bruger er på eget ansvar. Jeg bruger begge dele og har stadig en clean maskine. >>

Og så forestiller du dig, at vi vil rode kastanierne ud af ilden for dig, fordi du ikke selv har et hammerslag forstand på tingene?

Enten er du snotdum, eller også er du utrolig naiv, vælg selv!

Desuden vil jeg gerne have mig frabedt flere private beskeder, vi to har intet at tale med hinanden om.

(Tak <fromsej> - helt enig *S*)

"Det med at spywarefri kræver afinstallere af p2p og torrent programmer er fuldstændig latterligt, de skal IKKE blande sig i om at brugerne bruger p2p, cracks og keygens, alt hvad at man bruger er på eget ansvar. Jeg bruger begge dele og har stadig en clean maskine." >>


Magen til vås skal man lede længe efter -BAH

Citat fra fromsej > Desuden vil jeg gerne have mig frabedt flere private beskeder, vi to har intet at tale med hinanden om.

Hvorfor bliver du for stresset så at du ikke kan øge din i forvejen kæmpe overvægt.

Grimt at læse om alt det mudderkastning.
Utorrent er åbenbart kontroversielt - det er da muligt, det er kilden til hele "emisseren". Jeg har haft problemer før, ad den vej. Tilgengæld har jeg også hentet meget godt derfra, så, tror ikke rigtigt, det kan opveje det. Selvfølgelig, ender det med, ingen gider hjælpe, kan jeg vel blive nødt til det. Men, vil hellere sætte mig ind i nogle ordentlige antivirus programmer og firewalls, der kan opdage farerne i tide. Det er så den risiko, jeg vælger at tage!

Iøvrigt, hvad leder vi efter, nu? Jeg har ikke haft problemer i et stykke tid, med "firewall" meddelelsen - ikke efter, jeg kørte Anti-Malware. Men okay, det er vel ikke ensbetydende med, jeg ikke har en virus, eller en trojaner liggende, et sted.

Patrick_14: Jeg kan ikke uploade den fil, sptd.sys til nogle af de nævnte steder, der står, filen bliver brugt af en andet program (eller anden person).
Prøver at gå i fejlsikret tilstand og kopiere den.
Det virkede! Kopierede filen til roden af c:/

1. resultat: Intet fundet
"Jotti logo


Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.
     

Filename:     sptd.sys
Status:    
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:      Thu 22 Apr 2010 08:29:08 (CET) Permalink
           
Additional info
File size:     691696 bytes
Filetype:     PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5:     cdddec541bc3c96f91ecb48759673505
SHA1:     9e5c19cd3d09644a937141377730e9bbf61d026b




Scanners
[ArcaVir]    
2010-04-21 Found nothing
    [F-Secure Anti-Virus]    
2010-04-22 Found nothing
[A-Squared]    
2010-04-22 Found nothing
    [G DATA]    
2010-04-22 Found nothing
[Avast! antivirus]    
2010-04-21 Found nothing
    [Ikarus]    
2010-04-22 Found nothing
[Grisoft AVG Anti-Virus]    
2010-04-21 Found nothing
    [Kaspersky Anti-Virus]    
2010-04-21 Found nothing
[Avira AntiVir]    
2010-04-21 Found nothing
    [ESET NOD32]    
2010-04-21 Found nothing
[Softwin BitDefender]    
2010-04-22 Found nothing
    [Panda Antivirus]    
2010-04-21 Found nothing
[ClamAV]    
2010-04-22 Found nothing
    [Quick Heal]    
2010-04-22 Found nothing
[CPsecure]    
2010-04-20 Found nothing
    [Sophos]    
2010-04-22 Found nothing
[Dr.Web]    
2010-04-22 Found nothing
    [VirusBlokAda VBA32]    
2010-04-20 Found nothing
[Frisk F-Prot Antivirus]    
2010-04-21 Found nothing
    [VirusBuster]    
2010-04-21 Found nothing


Scan a file - Hash search - Frequently Asked Questions - Privacy policy

© 2004-2010 Jotti <jotti@jotti.org>"


2. resultat. Hmm! Et antivirus program ved nanvn ESafe fandt noget!


"Srpski | &#1052;&#1072;&#1082;&#1077;&#1076;&#1086;&#1085;&#1089;&#1082;&#1080; | &#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577; | Suomi | ihMdI |  | &#1506;&#1489;&#1512;&#1497;&#1514; |  | Slovenš&#269;ina | Dansk | &#1056;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081; | Român&#259; | Türkçe | Nederlands | &#917;&#955;&#955;&#951;&#957;&#953;&#954;&#940; | Français | Svenska | Português | Italiano |  |  | Magyar | Deutsch | &#268;esky | Polski | Español
Virus Total    
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File sptd_1_.sys.0riginal__overlay_ received on 2010.05.02 10:02:39 (UTC)
Current status: finished
Result: 1/40 (2.50%)
Compact Compact
Print results Print results
Antivirus     Version     Last Update     Result
a-squared     4.5.0.50     2010.05.02     -
AhnLab-V3     2010.05.02.00     2010.05.01     -
AntiVir     8.2.1.224     2010.04.30     -
Antiy-AVL     2.0.3.7     2010.04.30     -
Authentium     5.2.0.5     2010.05.01     -
Avast     4.8.1351.0     2010.05.01     -
Avast5     5.0.332.0     2010.05.01     -
AVG     9.0.0.787     2010.05.02     -
BitDefender     7.2     2010.05.02     -
CAT-QuickHeal     10.00     2010.05.01     -
ClamAV     0.96.0.3-git     2010.05.02     -
Comodo     4739     2010.05.02     -
DrWeb     5.0.2.03300     2010.05.02     -
eSafe     7.0.17.0     2010.04.29     Win32.TrojanHorse
eTrust-Vet     35.2.7462     2010.04.30     -
F-Prot     4.5.1.85     2010.05.01     -
F-Secure     9.0.15370.0     2010.05.02     -
Fortinet     4.0.14.0     2010.05.01     -
GData     21     2010.05.02     -
Ikarus     T3.1.1.80.0     2010.05.02     -
Jiangmin     13.0.900     2010.05.02     -
Kaspersky     7.0.0.125     2010.05.02     -
McAfee     5.400.0.1158     2010.05.02     -
McAfee-GW-Edition     6.8.5     2010.05.01     -
Microsoft     1.5703     2010.05.02     -
NOD32     5079     2010.05.02     -
Norman     6.04.12     2010.05.01     -
nProtect     2010-05-02.01     2010.05.02     -
Panda     10.0.2.7     2010.05.01     -
PCTools     7.0.3.5     2010.05.02     -
Prevx     3.0     2010.05.02     -
Rising     22.45.04.03     2010.04.30     -
Sophos     4.53.0     2010.05.02     -
Sunbelt     6249     2010.05.02     -
Symantec     20091.2.0.41     2010.05.02     -
TheHacker     6.5.2.0.275     2010.05.02     -
TrendMicro     9.120.0.1004     2010.05.01     -
VBA32     3.12.12.4     2010.04.30     -
ViRobot     2010.5.1.2299     2010.05.02     -
VirusBuster     5.0.27.0     2010.05.01     -
Additional information
File size: 691696 bytes
MD5  : cdddec541bc3c96f91ecb48759673505
SHA1  : 9e5c19cd3d09644a937141377730e9bbf61d026b
SHA256: b030ffa02832317ac5626bf1bf8a4a95a5992c9a6e81bc1c002d5f4d667c27fb
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x63B0A
timedatestamp.....: 0x4AD245EA (Sun Oct 11 22:54:02 2009)
machinetype.......: 0x14C (Intel I386)

( 12 sections )
name viradd virsiz rawdsiz ntrpy md5
.edata 0x1000 0x14B73 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.edata 0x16000 0x2709C 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text 0x3E000 0x20207 0x20400 7.96 b88cf3255aaee6705ab46197854b17a6
.data 0x5F000 0x13A4 0x400 2.40 df0d06d560fa5383d6d4f5067e25319c
INIT 0x61000 0x61B1 0x6200 7.69 818f205e91614790113dce9c7d1f110d
.edata 0x68000 0x80EA 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x71000 0xC2C 0xE00 5.15 bc33a666d0aac5d917d67571cdba6607
.const 0x72000 0x52A00 0x52A00 6.97 1bafa517162c7268f1df16e0c382b551
.rsrc 0xC5000 0x388 0x400 2.98 1379be621a0e90e5a6fb9983f1a033cf
.sptd0 0xC6000 0x3E1E 0x4000 7.45 d48e4c205cab8517e363768bdfe7adb6
.sptd1 0xCA000 0x23F5A 0x24000 8.00 a0cef734d9fac556689483ad745b2f9b
.reloc 0xEE000 0x4600 0x4600 7.16 156740c56ae22853277818da0bfce88a

( 3 imports )

> hal.dll: KeRaiseIrqlToDpcLevel, KeStallExecutionProcessor, KfRaiseIrql, KeGetCurrentIrql, KfLowerIrql, KfAcquireSpinLock, KfReleaseSpinLock, READ_PORT_UCHAR
> ntoskrnl.exe: IofCallDriver, IofCompleteRequest, ObfDereferenceObject, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, MmUnmapIoSpace, MmMapIoSpace, RtlInitAnsiString, sprintf, RtlAnsiStringToUnicodeString, RtlUnicodeStringToAnsiString, ExDeleteResourceLite, ObReferenceObjectByHandle, ZwOpenDirectoryObject, ExInitializeResourceLite, KeClearEvent, KeSetEvent, IoCreateDevice, ObfReferenceObject, _allmul, _aulldiv, swprintf, KeQuerySystemTime, KeInitializeEvent, _wcsnicmp, RtlWriteRegistryValue, MmLockPagableDataSection, PsGetCurrentProcessId, IoGetCurrentProcess, _allshr, _except_handler3, KeLeaveCriticalRegion, ExReleaseResourceLite, ExfInterlockedInsertTailList, ExAcquireResourceSharedLite, ExAcquireResourceExclusiveLite, KeEnterCriticalRegion, ExGetPreviousMode, RtlEqualUnicodeString, ProbeForRead, MmUserProbeAddress, RtlUpcaseUnicodeString, memmove, _aullrem, ExAllocatePoolWithTagPriority, _alldiv, IoDeleteDevice, KeWaitForSingleObject, MmMapLockedPagesSpecifyCache, wcsstr, IoWMIRegistrationControl, IoBuildSynchronousFsdRequest, RtlDeleteRegistryValue, _allrem, IoReuseIrp, ExFreeToPagedLookasideList, ExAllocateFromPagedLookasideList, IoBuildDeviceIoControlRequest, IoSetThreadHardErrorMode, IoBuildPartialMdl, IoAllocateMdl, KeResetEvent, KeDelayExecutionThread, IoDriverObjectType, IoRegisterShutdownNotification, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, KeWaitForMultipleObjects, MmHighestUserAddress, IoFileObjectType, IoFreeIrp, IoAllocateIrp, MmIsAddressValid, MmProbeAndLockPages, IoFreeMdl, MmUnlockPages, MmSizeOfMdl, strncpy, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, MmIsDriverVerifying, PsGetVersion, ProbeForWrite, IoGetDeviceObjectPointer, IoInitializeIrp, ExfInterlockedRemoveHeadList, ExQueueWorkItem, KeReleaseSemaphore, KeInitializeSemaphore, MmGetPhysicalAddress, RtlCompareMemory, RtlQueryRegistryValues, RtlStringFromGUID, RtlFreeUnicodeString, RtlInitUnicodeString, MmGetSystemRoutineAddress, ExAllocatePoolWithTag, IoWMIWriteEvent, ExFreePoolWithTag, KeGetCurrentThread, memcpy, _wcsicmp, memset
> scsiport.sys: ScsiPortInitialize

( 0 exports )
TrID  : File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
ssdeep: 12288:06UKc0ocedz2cqBzZuti0wY/NDvWTKeQzyMSBFfmSq4az:0jKcxcwyVBzZugI/NBz+DB5az
sigcheck: publisher....: Duplex Secure Ltd.
copyright....: Copyright (C) 2004
product......: SCSI Pass Through Direct
description..: SCSI Pass Through Direct Host
original name: sptd.sys
internal name: SPTD.SYS
file version.: 1.62.0.0 built by: WinDDK
comments.....: n/a
signers......: Duplex Secure Ltd
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 9:54 PM 10/11/2009
verified.....: -
PEiD  : -
RDS  : NSRL Reference Data Set
-

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy"


Hvad så nu? Hente ESafe, og køre det som a-virus? Det virker logisk,  ihvertfald. Eller, har du andre forslag i ærmet?

At tumpen beder dig uploade en legal fil, viser bare at han ikke aner hvad han har med at gøre, men held og lykke, forhåbentlig har du lavet backup, inden han smadrer din maskine helt.

>>Jeg bruger begge dele og har stadig en clean maskine<<
Hvor mange gange har vi renset den maskine, inden vi smed dig ud?

Det samme på Malwarecheck.dk, så stik du hellere piben ind mester!

la-jensen: tag dig ikke af det at fromsej skriver der har været noget ballade imellem os.

Men til orientering så er jeg selvuddannet. Men hvis at du mener at jeg smadre la-jensen's maskine er et få mere end velkommen til at overtage tråden eller har du bare det hele i din store fede kæft!!

Tjah - kønt er det jo ikke, men det er vel derfor det bliver kaldt "mudderkastning"...

Patrick14: Nu har du fået la-jensen til at fjerne lidt Google Toolbar, og så har du fået ham til at køre Combofix. Combofix slettede en ganske legal mappe, som bør gendannes og bringes på plads igen (Windows Update). Hvis du bliver ved, så skal brugeren vel også slette sptd.sys som er en del af Daemon Tools... Hvor er du på vej hen, og hvad forventer du egentlig at få ud af at famle rundt i la-jensens computer? Burde du ikke holde mens "legen er god" og la-jensen rent faktisk har en computer der virker - tilsyneladende uden problemer(?) I øjeblikket får denne tråd mig til at tænke på fyren fra Wupti reklamen - ham med stjerneskruetrækkeren inde i fjernsynet.

Kør du bare videre, på et eller andet tidspunkt har du vel fået scannet samtlige filer online, når man ikke engang gider bruge 2 min på google for at tjekke, så er man vist knap så dygtig som man påstår.

Jeg holder mig hos os selv, hvor vi har kontrol over de svar der kommer fra andre, hvilket giver en helt anden kvalitet i besvarelserne.

Desuden er du dybt utroværdig, og jeg tager væddemål ind på, at du stadig ikke har gennemskuet hvordan vi bustede dig.
At manipulere sine logs, fordi man ikke vil fatte budskabet, kræver at man kan læse logs, hvilket du også her beviser at du IKKE kan.

En grund mere til at jeg ikke rører den er uTorrent, ganz einfach.

Fromsej over and out.

Hm, okay, nu spidser det til...

Ja, der er sket noget med min google toolbar - pludselig er Ask.com kommet ind i billedet igen (rigtig irriterende program) - og jeg kan ikke slette det under tilføj/fjern programmer, eller se noget via HiJackThis, der er ellers en anden gut, med samme problem, der får løst dette via HiJackThis.

Jeg vil køre Windows repair, nu. Og så ellers lige stoppe, hvor legen er god (Hvis ellers min computer virker efter dette). Man skal åbenbart ikke tage alt for gode varer. Og ok, UTorrent må nok på hylden. Vil hellere have en computer, der virker!

Hvis der er nogen, der mener noget andet, så skriv, jeg venter med at køre Repair til i aften.

Jeg synes sgu, i skulle tage at blive enige. Fromsej har ret i, man arbejder bedst ud fra en fælles kvalitetsviden. Ellers ender det med, i skræmmer folk væk, herfra. Og indtil i dag, har jeg ellers altid synes, www.eksperten.dk har hævet sig over "pøbelen.". Tror jeg såmænd også stadig den gør. Ha' en god eftermiddag!

Hent og kør norton removal tool, er lidt i tvivl om at du bruger avast, du skal selvfølgelig kun kør toolet hvis at du ikke bruger norton/symantec. Kør toolet 2 gange for at få alt væk.
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/0/9a57cc9677c3957280256fe00051ba24?OpenDocument



Afinstaller Filesumit fra tilføj/fjern programmer



Åben mappen med combofix højreklik vælg nyt tekstdokument kald det CFScript åben dokumentet og kopier følgenede ind

Killall::
Snapshot::
File::
c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
c:\documents and settings\Lars Hovgaard Jensen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
Folder::
c:\programmer\FileSubmit



Upload følgende filer til jotti


c:\windows\system32\deploytk.dll

c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat

c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook\npfbplugin_1_0_3.dll

c:\windows\system32\xactengine3_6.dll

c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe

c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe

c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe

*SUK*
Appears to be legit, used for Nokia software installing and upgrading:

Nokia PCSW Process Controller

File: pcswpcsi.exe


Godt det ikke er min maskine.

fromsej, overtag tråden eller hold dig fra den.

la-jensen: sorry fejl script, her er det rigtige.

Killall::
Snapshot::
File::
c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
c:\documents and settings\Lars Hovgaard Jensen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
Folder::
c:\programmer\FileSubmit

Jeg supporter efter bedste evne!! Men jeg er forhelvede ikke uddannet!!

Hej igen, Patrick14

Jeg har besluttet at følge dine anvisninger 100%, så, alle andre, vær venlig kun at kommentere konstruktivt - og ikke negativt!

FileSumit (eller FileSubmit?) findes ikke i min liste af programmer under Tilføj/Fjern ?

Norton Removal tool er kørt 2 gange - og ja, jeg bruger Avast (Og ikke Norton Antivirus, som lige sneg sig ind, efter jeg havde været på PointShop på et tidspunkt, et form for Light program, der appellerede til, at man købte det...)


Jotti uploads:
Filename:     deploytk.dll
Status:    
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:      Tue 4 May 2010 21:47:32 (CET)

Filename:     FontCache3.0.0.0.dat
Status:    
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:      Tue 4 May 2010 21:49:03 (CET)

Filename:     npfbplugin_1_0_3.dll
Status:    
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:      Tue 4 May 2010 21:52:03 (CET)

Filename:     xactengine3_6.dll
Status:    
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:      Tue 4 May 2010 21:53:18 (CET)

Filename:     msxml6Exec.exe
Status:    
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:      Tue 4 May 2010 21:59:39 (CET)


Filename:     Sleep.exe
Status:    
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:      Tue 4 May 2010 22:03:40 (CET)

Filename:     vcredistExec.exe
Status:    
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:      Tue 4 May 2010 22:09:02 (CET)

Intet fundet - har du stadig mistanke om virus - og på hvilken formodning?

LHJ

Jeg vil gerne se combofix loggen efterfulgt af en malwarebytes og hijackthis log. Hvordan kører maskinen nu?

Husk at opdatere malwarebytes inden du scanner

Hm, i dag fik jeg så meddelelsen igen, så svaret til dit spørgsmål: Ikke helt godt nok.

Fra efter jeg selv kørte AntiMalware første gang, til lige i dag, har der godt nok ikke været noget - kan det være pga følgende
ændring:

For nylig afinstallerede jeg UTorrent, ud fra kommentarerne her - men, har nu reinstalleret det, jeg kender ikke andre programmer, der kan hente torrentfiler lige så effektivt. Og dette er altså, hvad jeg bruger. Det går så ud over sikkerheden, erkender jeg. Ved installation af Utorrent, bad programmet faktisk om en portåbningstilladelse af windows firewall'en, lagde jeg mærke til (og accepterede), kan det være denne åbning, der registreres under opstart?

Mindre detalje: Word skulle geninstallere sig selv, med noget ventetid, da jeg åbnede det, i dag - er det pga ændringer fra ComboFix, evt.? Nu åbner det fint, igen.

Malwarebytes opdateret! Comfix opdaterede sig selv. HiJackThis, der findes en 2.0.4 version (muligvis kun med fordele for Windows 7 brugere) - kan det betale sig at opgradere til denne?


Malwarebytes' Anti-Malware 1.46
Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07-05-2010 12:17:18
mbam-log-2010-05-07 (12-17-18).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 175332
Tid gået: 1 time(e), 34 minut(ter), 32 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

ComboFix loggen:
ComboFix 10-05-06.04 - Lars Hovgaard Jensen 07-05-2010  12:35:34.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2047.1542 [GMT 2:00]
Kører fra: d:\downloadd\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100507-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((  Filer skabt fra 2010-04-07 til 2010-05-07  )))))))))))))))))))))))))))))))))))
.

2010-05-07 08:18 . 2010-05-07 08:18    6153352    ----a-w-    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-03 19:07 . 2009-12-07 13:56    691696    ----a-w-    C:\sptd.sys
2010-05-01 16:11 . 2010-05-01 16:11    --------    d-----w-    c:\programmer\iPod
2010-05-01 16:11 . 2010-05-01 16:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-01 16:04 . 2010-05-01 16:04    --------    d-----w-    c:\programmer\Bonjour
2010-05-01 16:03 . 2010-05-01 16:03    73000    ----a-w-    c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 07:26 . 2010-04-29 07:26    52224    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-29 07:26 . 2010-04-29 07:26    117760    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-29 07:26 . 2010-04-29 07:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-29 07:25 . 2010-04-29 07:25    65024    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-04-29 07:25 . 2010-04-29 07:25    5120    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-04-29 07:25 . 2010-04-29 07:25    18944    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-04-29 07:25 . 2010-04-29 07:25    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\SUPERAntiSpyware.com
2010-04-29 07:25 . 2010-04-29 07:25    --------    d-----w-    c:\programmer\Fælles filer\Wise Installation Wizard
2010-04-25 15:48 . 2010-04-25 15:48    388096    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-22 19:15 . 2010-04-22 19:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\PhotoStitch
2010-04-15 14:02 . 2010-04-15 14:02    --------    d-----w-    c:\documents and settings\All Users\Application Data\F-Secure
2010-04-15 12:00 . 2010-04-15 12:02    --------    d-----w-    c:\programmer\Fælles filer\Adobe
2010-04-15 06:38 . 2010-04-15 06:39    --------    d-----w-    c:\programmer\QuickTime
2010-04-13 11:38 . 2010-03-25 09:27    1107264    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-04-08 11:20 . 2010-04-08 11:20    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2010-04-07 15:21 . 2010-04-07 15:21    --------    d-----w-    c:\programmer\DAEMON Tools Lite

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 10:30 . 2009-12-01 15:45    --------    d-----w-    c:\programmer\SPAMfighter
2010-05-07 07:37 . 2009-05-23 17:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-06 10:28 . 2009-06-06 10:22    0    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\temp.dat
2010-05-06 10:04 . 2009-05-23 16:12    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\uTorrent
2010-05-05 20:31 . 2003-07-30 15:02    2214912    ----a-w-    c:\windows\system32\logonuiX.exe
2010-05-05 20:23 . 2010-03-16 11:13    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\vlc
2010-05-02 17:42 . 2009-06-26 07:10    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Apple Computer
2010-05-01 16:11 . 2009-06-26 07:07    --------    d-----w-    c:\programmer\Fælles filer\Apple
2010-05-01 16:03 . 2010-02-18 15:44    24452    ---ha-w-    c:\windows\system32\mlfcache.dat
2010-04-29 13:39 . 2009-08-20 12:32    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-20 12:32    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-04-25 15:48 . 2009-08-19 10:34    --------    d-----w-    c:\programmer\Trend Micro
2010-04-22 19:56 . 2009-05-31 15:48    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\ZoomBrowser EX
2010-04-22 18:39 . 2009-05-31 15:47    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\CameraWindowDC
2010-04-15 22:14 . 2009-05-19 15:21    --------    d-----w-    c:\programmer\Google
2010-04-12 21:07 . 2010-01-17 17:12    50354    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook\uninstall.exe
2010-04-12 21:07 . 2010-01-17 17:12    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook
2010-04-07 15:21 . 2009-05-23 12:51    --------    d-----w-    c:\programmer\DAEMON Tools Toolbar
2010-03-31 08:25 . 2009-07-25 15:25    8854    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe
2010-03-31 08:25 . 2009-07-25 15:25    45056    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2010-03-31 08:25 . 2009-07-25 15:25    45056    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2010-03-31 08:25 . 2009-07-25 15:25    40960    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2010-03-31 08:25 . 2009-07-25 15:25    10134    ----a-r-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe
2010-03-31 08:24 . 2010-03-31 08:24    --------    d-----w-    c:\programmer\Fælles filer\Stardock
2010-03-31 08:22 . 2010-03-31 08:22    --------    d-----w-    c:\programmer\FileSubmit
2010-03-31 07:25 . 2009-08-23 06:15    --------    d-----w-    c:\documents and settings\All Users\Application Data\Norton
2010-03-31 07:21 . 2010-03-31 07:21    --------    d-----w-    c:\programmer\Fælles filer\Java
2010-03-31 07:21 . 2010-03-31 07:21    503808    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-513a1454-n\msvcp71.dll
2010-03-31 07:21 . 2010-03-31 07:21    499712    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-513a1454-n\jmc.dll
2010-03-31 07:21 . 2010-03-31 07:21    348160    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-513a1454-n\msvcr71.dll
2010-03-31 07:21 . 2010-03-31 07:21    61440    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-759f0271-n\decora-sse.dll
2010-03-31 07:21 . 2010-03-31 07:21    12800    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-759f0271-n\decora-d3d.dll
2010-03-31 07:21 . 2009-05-19 19:39    --------    d-----w-    c:\programmer\Java
2010-03-31 07:00 . 2009-05-19 20:56    29440    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-03-31 07:00 . 2010-03-31 07:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\Stardock
2010-03-31 07:00 . 2010-03-31 07:00    --------    d-----w-    c:\programmer\Stardock
2010-03-28 15:50 . 2003-07-30 15:10    447834    ----a-w-    c:\windows\system32\perfh006.dat
2010-03-28 15:50 . 2003-07-30 15:10    78192    ----a-w-    c:\windows\system32\perfc006.dat
2010-03-20 18:27 . 2009-05-19 13:55    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2010-03-13 19:13 . 2010-03-13 19:13    --------    d-----w-    c:\programmer\Fælles filer\PCSuite
2010-03-13 19:13 . 2009-07-17 09:07    --------    d-----w-    c:\programmer\Fælles filer\Nokia
2010-03-13 19:13 . 2009-05-22 09:20    --------    d-----w-    c:\programmer\Nokia
2010-03-13 19:13 . 2009-05-22 09:23    --------    d-----w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Nokia
2010-03-13 19:12 . 2010-03-13 19:12    --------    d-----w-    c:\programmer\PC Connectivity Solution
2010-03-13 19:11 . 2010-03-13 19:11    95232    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-13 19:11 . 2010-03-13 19:11    8192    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-13 19:11 . 2010-03-13 19:11    61440    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-13 19:11 . 2010-03-13 19:11    10240    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-13 19:08 . 2009-05-22 09:20    --------    d-----w-    c:\documents and settings\All Users\Application Data\Installations
2010-03-13 19:08 . 2010-03-13 19:11    34510000    ----a-w-    c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_dan.exe
2010-03-10 06:17 . 2003-07-30 15:17    420352    ----a-w-    c:\windows\system32\vbscript.dll
2010-03-09 09:07 . 2010-03-09 09:07    --------    d-----w-    c:\programmer\Microsoft IntelliType Pro
2010-03-09 02:28 . 2009-05-19 19:39    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-03-08 14:15 . 2010-02-02 12:43    451640    ----a-w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-03-06 05:30 . 2010-03-06 05:30    5582848    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-26 08:04 . 2010-02-14 18:54    91696    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 08:02 . 2010-02-26 08:02    13264416    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10    21979992    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 06:18 . 2003-07-30 15:19    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-07-30 15:04    455680    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 04:39 . 2010-02-23 22:19    52224    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAlert.dll
2010-02-19 04:39 . 2010-02-23 22:19    101376    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore.dll
2010-02-17 12:09 . 2003-07-30 15:08    2192512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2002-09-09 14:07    2069376    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 19:46    293376    ------w-    c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2003-07-30 14:54    100864    ----a-w-    c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-07-30 15:16    226880    ----a-w-    c:\windows\system32\drivers\tcpip6.sys
2009-06-02 09:36 . 2009-06-02 09:36    1234120    -c--a-w-    c:\programmer\wrar380.exe
2009-06-01 22:58 . 2009-06-01 22:58    13714760    ----a-w-    c:\programmer\winzip121.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19    94208    ----a-w-    c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]
"iLike"="c:\programmer\iLike\1.2.16\ilikesidebar.exe" [2008-09-10 63024]
"PC Suite Tray"="c:\programmer\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"DAEMON Tools Lite"="c:\programmer\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmer\Fælles filer\Nokia\MPlatform\NokiaMServer" [X]
"Apoint"="c:\programmer\Apoint\Apoint.exe" [2003-08-20 151552]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 335872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-05 114741]
"StorageGuard"="c:\programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" [2003-02-12 155648]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SPAMfighter Agent"="c:\programmer\SPAMfighter\SFAgent.exe" [2009-08-27 336520]
"itype"="c:\programmer\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"LogonStudio"="c:\programmer\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper"="d:\programmer\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Lars Hovgaard Jensen\Menuen Start\Programmer\Start\
Genvej til peerblock.lnk - d:\programmer\Peerblock\peerblock.exe [2010-3-8 1524824]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2009-6-21 809488]
Wireless Configuration Utility HW.15.lnk - c:\programmer\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe [2006-11-19 634880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21    548352    ----a-w-    d:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30    72208    ----a-w-    c:\programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Skyracer USB.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Skyracer USB.lnk
backup=c:\windows\pss\Skyracer USB.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lars Hovgaard Jensen^Menuen Start^Programmer^Start^Dropbox.lnk]
path=c:\documents and settings\Lars Hovgaard Jensen\Menuen Start\Programmer\Start\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06    142120    ----a-w-    d:\programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gupdate1c9e56cac377bc0"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmer\\uTorrent\\uTorrent.exe"=
"d:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Documents and Settings\\Lars Hovgaard Jensen\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
"d:\\Programmer\\SopCast\\adv\\SopAdver.exe"=
"d:\\Programmer\\SopCast\\SopCast.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20-05-2009 11:30 114768]
R1 SASDIFSV;SASDIFSV;d:\programmer\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;d:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [17-02-2010 11:15 61440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20-05-2009 11:30 20560]
R2 SECYPECP;SECYPECP;c:\windows\system32\drivers\SECYPECP.sys [16-02-2010 16:08 14032]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\programmer\SPAMfighter\sfus.exe [27-08-2009 10:24 189064]
R3 pbfilter;pbfilter;d:\programmer\Peerblock\pbfilter.sys [08-03-2010 11:03 14424]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23-05-2009 14:22 691696]
S2 gupdate1c9e56cac377bc0;Tjenesten Google Update (gupdate1c9e56cac377bc0);c:\programmer\Google\Update\GoogleUpdate.exe [05-06-2009 01:32 133104]
S3 SASENUM;SASENUM;d:\programmer\SUPERAntiSpyware\SASENUM.SYS [17-02-2010 11:15 12872]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - PBFILTER
.
Indhold af mappen 'Planlagte Opgaver'

2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-06-04 23:31]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-06-04 23:31]

2010-03-09 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\programmer\Microsoft IntelliType Pro\itype.exe [2009-11-11 17:04]

2010-05-07 c:\windows\Tasks\User_Feed_Synchronization-{E885D613-DBB6-4147-A0A5-DDF2AD197CBB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.facebook.com/home.php?
IE: E&ksporter til Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: danid.dk
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536667&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_EU&q=
FF - component: c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore.dll
FF - component: c:\programmer\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\Lars Hovgaard Jensen\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programmer\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmer\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\programmer\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programmer\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programmer\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 12:40
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1606980848-854245398-1004\Software\SecuROM\License information*]
"datasecu"=hex:44,12,16,cd,c8,a0,9d,ec,88,23,6e,29,b4,19,2b,5f,b9,99,87,1b,05,
  d3,4e,68,3e,7b,1d,bb,49,c4,de,e9,49,60,3d,44,21,28,95,04,0f,60,1c,2e,bb,71,\
"rkeysecu"=hex:43,5d,80,f7,5e,70,59,6f,2b,b1,da,5e,47,dd,1f,7f
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(668)
d:\programmer\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(560)
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\documents and settings\Lars Hovgaard Jensen\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Gennemført tid: 2010-05-07  12:43:28
ComboFix-quarantined-files.txt  2010-05-07 10:43
ComboFix2.txt  2010-05-03 08:51

Pre-Kørsel: 2.807.930.880 byte ledig
Post-Kørsel: 2.817.613.824 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - FA5233682E3B9D7BCC24F586D8946009

HiJackThisloggen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:46, on 07-05-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer.exe
C:\Programmer\Microsoft IntelliType Pro\itype.exe
C:\Programmer\Microsoft IntelliType Pro\dpupdchk.exe
D:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmer\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
D:\Programmer\Peerblock\peerblock.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Programmer\HiJack\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmer\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmer\Fælles filer\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [itype] "C:\Programmer\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [iLike] C:\Programmer\iLike\1.2.16\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Genvej til peerblock.lnk = D:\Programmer\Peerblock\peerblock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Programmer\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5723/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Tjenesten Google Update (gupdate1c9e56cac377bc0) (gupdate1c9e56cac377bc0) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe

--
End of file - 10115 bytes

Windows firewall slår du fra permanent på denne måde.



Start > Kør > Services.msc > find tjenesten windows firewall/deling af internetforbindelse > højreklik på den > egenskaber > stop og vælg starttype deaktiveret > genstart

Istedet for windows firewall, vil jeg anbefale online armor som at du finder her: http://www.spywarefri.dk/software/online-armor-free/

Og så windows defender som at du finder her: http://www.spywarefri.dk/software/windows-defender/

MEN: Fildeling og gratis antivirus er en meget dårlig kombination!! Så køb endten kaspersky internet security, kaspersky pure eller eset. HOLD dig LANGT væk fra bullguard, den sløver din maskine afhelvede til!!

Sikkerhedspakkerne finder du her: http://www.spywarefri-shop.dk/

Logsene er rene, jeg kan dog ikke se noget ask toolbar som at du nævner.

Hov, nej, Patrick14, det er rigtigt, det glemte jeg at fortælle dig; mht ask toolbar, jeg fandt ud af, man skulle slette det via Firefox's Tools; add-ons - og så vist også View; toolbars. Så det er væk nu, heldigvis. Ellers tak for opmærksomheden.

Vil følge dine råd med online armor, og defender - og måske også Kaspersky investeringen - skal lige se, hvor meget det koster.. Det må så være penge godt givet ud, i forhold til en gratis, digital "Blockbuster" direkte fra nettet (Ingen Bullguard, noteret.)

Tak for hjælpen. Send blot et svar, så sender jeg pointene. Jeg regner med, jeg godt kan kommentere efterfølgende, hvis jeg får et spørgsmål i forbindelse med firewall'sne og de anbefalede programmer. God weekend.

Lars H.J.

Velbekomme


Klik på START derefter Kør
Skriv/kopier: Combofix /Uninstall i boxen, og klik OK.

Bemærk mellemrum mellem X og /U, det skal være der.


Ovennævnte procedure vil:
Slette følgende:
ComboFix og tilhørende filer og mapper. 
Nulstille uret indstillinger.
Skjul filtypenavne, hvis det kræves.
Skjule System / Skjulte filer, hvis det kræves.

De andre programmer jeg har bedt dig om at installer må du afinstaller manuelt:D

Velbekomme :)

Tak til jer andre, der har kommenteret, rettet til, og giver feedback med på vejen.  Forevernewbie, du burde have haft halvdelen -  du startede op med hjælp, jo. Jeg kan oprette en anden tråd - hvis du ønsker 30 pts, også.  Ved ikke, om eller hvad i bruger pointsne til - men, jeg formoder, det er tilladt, og, jeg har nogle point at give ud af, endnu.

Att. Patrick14,Peerblock er et program, jeg har læst mig til, skulle beskytte, når man bruger Utorrent, bl.a., som jeg gør - men det konflikter tilsyneladende overfro Online Armor - computeren går nærmest i stå, i op til 10 min eller mere. Ved ikke, om du kender programmet? Er der en instilling, jeg evt. kan foretage på Online Armor, eller et sted, før de godkender hinanden? Eller overvejer jeg så bare lige at slette Peerblock.

Jeg sætter mig nok lige noget bedre ind i programmerne, senere - dette var bare, hvis du kendte til problemet..
God weekend.

Jeg interesserer mig ikke for pointene, men tak for tanken alligevel.

Det er bare i orden og selv tak.

En lidt kedelig udvikling denne tråd fik. Det sker desværre ofte her, hvor mange forskellige byder ind med hjælp, og hvor ikke alle er lige kompetente ;-). Men jeg tror at du har fået et par links til sites hvor du kan henvende dig, uden at det sker, og hvor hjælpen altid er 100% kompetent ;-)

Jeg vil stærkt anbefale dig at købe endten kaspersky hvis at du er lidt erfaren og eset hvis at du er mindre. Den løsning at jeg har givet dig kan ikke holde alt ude, jeg har flere gange set brugere at der har fået virus med denne kombination, men det er den stærkeste at man kan få når at det skal være gratis.

Hej igen. Jeg har nu noget problemer (igen) med min maskine, den er begyndt at låse,  under opstart - eller i det hele taget, bruge ekstrem lang tid, på at starte op -der er forskellige ting, der tyder på, det kan være Online Armor, idet jeg synes, der ikke er de samme problemer, hvis jeg slå denne fra.

Og, jeg får nogle gange en fejlmeddelelse, at filen oaui.exe er gået ned, og, som jeg kan google, er denne fil en del af Online Armor.

Har i nogle bud på, om hvad der kan være galt?

Nyt skan med malwarebytes, superantispyware og herefter hijackthis.

OBS: HUSK at opdater programmerne inden skanning.

Hej igen, Patrick14

På det seneste, har jeg ikke haft de store problemer - dog, når jeg skal hente videoklip på www.fifa.com (og hvem skal ikke det, i disse VM tider?) så kan styresystemet godt finde på at låse - med undtagelse af i dag, sjovt nok. (Måske er den bare glad for, England og Portugal er røget ud? Nå, spøg til side...)

Jeg fandt lige ud af, computeren brugte en masse hukommelse til at afvikle AshWebSV.exe - over 100 mb - og søgte så lidt på dette. Dette gav så en link til dette : http://forum.avast.com/index.php?topic=47689.0
med forslag om at fjerne Avast helt, under fejlsikret tilstand, og derefter genstarte og geninstallere en ny version - nu bruger jeg så 5 udgaven, i stedet for 4eren. Så det må siges at være en opdatering af, ihvertfald Avast Antivirus, jvf.din ovenstående anbefaling.


Nu prøver jeg lige med denne opdatering. For mig at se, virker eller virkede det som om, Online Armor og Avast konfliktede, på en måde - enten var det ene eller det andet program meget lang tid om at afvikles, under opstart. Jeg venter lige spændt, og ser, om jeg stadig får oaiu.exe fejl, eller lign. Ellers vender jeg tilbage med nye scans.

Iøvrigt ser det i hvertfald ud til at have hjulpet på memory problemet, om ikke andet...

God dag. Og stadig, tak for hjælpen, sidst.

Hey, Patrick14 og andre...

Stadig problemer med, at pc'eren næsten går helt død under opstart - er i hvertfald meget lang tid om at starte op, og være klar til programkørsel - tæt på 12- 15 minutter...

Kan der gøres noget (Ud over, måske at køre linux...)

Malwarebyte rapport her, resten følger (superantispyware, Hijackthis):

29-08-2010 20:11:17
mbam-log-2010-08-29 (20-11-17).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 204461
Tid gået: 1 time(e), 51 minut(ter), 53 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
D:\DownloadD\MyWebFaceSetup2.3.67.1.SA.HP.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

(Du skal lige have toppen af MalwareBytes med, så vi kan se/aflæse [Database version ?] ...)

Ups, min fejl! Men tak fordi, i tager det seriøst :-)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4500

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29-08-2010 20:11:17
mbam-log-2010-08-29 (20-11-17).txt

<patrick14>: Fortsætter du herfra ?

Skal jeg oprette en ny tråd, eventuelt? Den her kan jeg vel ikke give nogle point af, mere, eller hvad?

SuperAntiSpyWare rapport følger, programmet arbejder som en gal...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/29/2010 at 11:26 PM

Application Version : 4.42.1000

Core Rules Database Version : 5426
Trace Rules Database Version: 3238

Scan type      : Complete Scan
Total Scan Time : 01:01:26

Memory items scanned      : 563
Memory threats detected  : 0
Registry items scanned    : 7010
Registry threats detected : 0
File items scanned        : 20448
File threats detected    : 331

Adware.Tracking Cookie
    banners.securedataimages.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Macromedia\Flash Player\#SharedObjects\QDYT4PUA ]
    cdn5.specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Macromedia\Flash Player\#SharedObjects\QDYT4PUA ]
    ia.media-imdb.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Macromedia\Flash Player\#SharedObjects\QDYT4PUA ]
    media.mtvnservices.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Macromedia\Flash Player\#SharedObjects\QDYT4PUA ]
    msnbcmedia.msn.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Macromedia\Flash Player\#SharedObjects\QDYT4PUA ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Macromedia\Flash Player\#SharedObjects\QDYT4PUA ]
    adserver3.openadex.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .msnbc.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .msnportal.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    server.iad.liveperson.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    downloads.trymedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .downloads.trymedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .downloads.trymedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .edsa.122.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .dmtracker.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    s06.flagcounter.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    counter.hitslink.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    1xxx.cqcounter.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .server.cpmstar.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    adserver3.openadex.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .borsenrt.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .countercurrents.org [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .countercurrents.org [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .countercurrents.org [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .countercurrents.org [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    statse.webtrendslive.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .doubleclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adtech.de [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    eas.apm.emediate.eu [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .lfstmedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ehg-newscientist.hitbox.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ehg-newscientist.hitbox.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .hitbox.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .mywebsearch.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .mywebsearch.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .orgy-sex-parties.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .orgy-sex-parties.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    www.orgysexparties.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .orgysexparties.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .orgysexparties.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ad1.emediate.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    e2.emediate.se [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    adserver.adreactor.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .couplesretreatsoundtrack.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .couplesretreatsoundtrack.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adviva.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adviva.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .microsoftwllivemkt.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    cdn5.specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    cdn5.specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .bluestreak.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    partner.smartresponse-media.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ehg-fifa.hitbox.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .danskespil.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ext.trackingwiz.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ext.trackingwiz.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    stat.onestat.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    stat.onestat.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .eurosexparties.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .eurosexparties.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .apmebf.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .dsupermarked.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .estat.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .smartadserver.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .smartadserver.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .smartadserver.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .smartadserver.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    eas4.emediate.eu [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .svd.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .xfire.adbureau.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .bs.serving-sys.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .questionmarket.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .questionmarket.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .warnerbros.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    dr.adservinginternational.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    www.bannerbasen.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .doubleclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    adx.ibibo.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .steelhousemedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .steelhousemedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .healthgrades.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tacoda.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tacoda.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tacoda.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .yadro.ru [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .chitika.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .clicksor.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .clicksor.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .clicksor.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .clicksor.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .clicksor.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    eas8.emediate.eu [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    eas8.emediate.eu [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    eas8.emediate.eu [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adecn.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .bwincom.122.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .eyewonder.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .saxobfdk.122.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .valueclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .burstnet.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .viasatsatelliteservices.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ads.audience2media.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ads.audience2media.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .xiti.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    eas4.emediate.eu [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    eas4.emediate.eu [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    banner.nordvestnyt.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    banner.nordvestnyt.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .pro-market.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .burstnet.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    fynskemedieradmin.adservinginternational.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    ad1.emediate.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adtech.de [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    eas.apm.emediate.eu [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    eas.apm.emediate.eu [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ehg-foxmovies.hitbox.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .foxfilmedentertainment.122.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .hotlog.ru [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    banner.nordvestnyt.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    uberkant.adservinginternational.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .lfstmedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .network.realmedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adtech.de [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adtech.de [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adtech.de [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adtech.de [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adultadworld.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adultadworld.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .medhelpinternational.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .eaeacom.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    jsfp.coremetrics.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    stat.dealtime.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .sonofon.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .gyldendalbogklub.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .microsoftwindows.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .dansksupermarked.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .steelhousemedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .surveymonkey.122.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .hg1.hitbox.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .bestfishfinder.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .bestfishfinder.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .bestfishfinder.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .trygvesta.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .abbottlabs.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    in.getclicky.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    int.sitestat.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    int.sitestat.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .cbsdigitalmedia.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    www.etracker.de [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .msnaccountservices.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .dealtime.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .onlinediscountmart.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    analytics.intrepidstats.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    analytics.intrepidstats.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .statsforvaltning.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .statsforvaltning.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .ehg-zoomerang.hitbox.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    affilate.mikkelsenmedia.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    stat.coop.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .nhl.112.2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    creo-media-aps.clients.ubivox.com [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .tracking.iqmedier.dk [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    track.adform.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\Mozilla\Firefox\Profiles\5x8ob6ke.default\cookies.sqlite ]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:34:30, on 29-08-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Tall Emu\Online Armor\OAcat.exe
C:\Programmer\Tall Emu\Online Armor\oasrv.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Microsoft IntelliType Pro\itype.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmer\Tall Emu\Online Armor\oaui.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmer\Microsoft IntelliType Pro\dpupdchk.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Tall Emu\Online Armor\OAhlp.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programmer\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\notepad.exe
D:\DownloadD\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmer\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [itype] "C:\Programmer\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Programmer\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [iLike] C:\Programmer\iLike\1.2.16\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Genvej til peerblock.lnk = D:\Programmer\Peerblock\peerblock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Programmer\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Lars Hovgaard Jensen\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6018/mcfscan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Tjenesten Google Update (gupdate1c9e56cac377bc0) (gupdate1c9e56cac377bc0) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programmer\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Programmer\Tall Emu\Online Armor\OAcat.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Programmer\Tall Emu\Online Armor\oasrv.exe

--
End of file - 11390 bytes

Derudover har jeg et problem med at geninstallere Nokia PC Suite, således at jeg kan overføre billeder fra min Nokia telefon. Jeg valgte for nogle dage siden at opgrade det ellers udmærket fungerende "Suite" program, til endnu bedre synkroniseringsprogram - "OVI" - ihvertfald ifølge reklamen. Men i praksis fungerer det ikke, hvis man kun har en mobil, der kan overføre billeder vha infrarød. (Jeg har ikke bluetooth i min pc). Ergo, vil jeg så slette OVI programmet, og geninstallere den gamle Nokia Suite program. Nu kan programmet desværre ikke finde min telefon - og, jeg har set på forskellige forums, at dette tilsyneladende kan være et udfordring at få dette til at køre igen (Medmindre man geninstallerer Windows, og så frem, den vej). Hvis i kan se nogle "rester" fra OVI programmet - og i det hele taget også Suite programmet, ud fra disse logfiler - og kan hjælpe mig med at få disse rester slettet, er der også point at hente her. Eller tak, i det mindste! Mit håb er så, at geninstallere Suite programmet. Måske kræver det også søgninger i registreringsdatabasen? Søger et godt råd til dette problem :-)

Har i dag kørt Defragmentering en hel del gange. Der er filer, dette program ikke kan flytte, åbenbart. Dem prøver jeg så at slette, eller ignorere, alt efter vurdering af vigtigthed. Spændt på at se, om det ikke skulle give en hurtigere opstartstid...

Er stadig i tvivl om jeg skal oprette en ny tråd for ovenstående 2 problemer, således at der kan gives point for hjælp.

God dag.