virus personal internet security 2011

http://dk.pcthreat.com/parasitebyid-15841dk.html
Prøv at se i bunden af denne side. Her er beskrevet hvike exe filer der kører osv.
Når du har scannet med Malwarebytes har den så været fuldt opdateret? Versionen idag hedder 5547.

... og vi vil gerne se loggen fra nævnte MalwareBytes !!!

Win98, ME, W2000, XP, Vista, Win7, OS/2, Unix, Linux, ... ?

ja tak, har læst siden og prøvet at downloade "spyhunter" men det er et betalingsprogram, det er også men jeg tror ikke det kan mere end de 3-4 stykker jeg har prøvet.
ved du, hvordan jeg kommer ind i registrerings DB? tak for svaret
det er win7.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5549

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

18-01-2011 20:45:31
mbam-log-2011-01-18 (20-45-31).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 232459
Tid gået: 21 minut(ter), 30 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
dette er loggen kl. 2045 udgave 5549 malware

...bb crasher alligevel... ??? Hvad snakker du om her ?

---

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Frisk log fra HiJackThis...
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."

------------------

Ovenstående programmer skal du sansynligvis hente/downloade via en anden PC; overfør til passende andet medie (USB memorystick ell. lign.); og DERFRA køre/installere programmerne på den 'syge' PC ...

sorry, bb er min bærbare. efter velkommen genstarter den?
jeg har kørt ccleaner samme resultat.
hjt, har jeg ikke prøvet, kender det godt.

jeg har prøvet at køre htj men den kan ikke, jeg får besked om at Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:40, on 18-01-2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\cabr\Desktop\programmer\HiJackThis.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/burn4free/{9C89FB15-D4F2-4CAD-B5DA-C56843A7D09D}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll
R3 - URLSearchHook: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.50.127.5 google.com
O1 - Hosts: 74.50.127.5 google.com.au
O1 - Hosts: 74.50.127.5 www.google.com.au
O1 - Hosts: 74.50.127.5 google.be
O1 - Hosts: 74.50.127.5 www.google.be
O1 - Hosts: 74.50.127.5 google.com.br
O1 - Hosts: 74.50.127.5 www.google.com.br
O1 - Hosts: 74.50.127.5 google.ca
O1 - Hosts: 74.50.127.5 www.google.ca
O1 - Hosts: 74.50.127.5 google.ch
O1 - Hosts: 74.50.127.5 www.google.ch
O1 - Hosts: 74.50.127.5 google.de
O1 - Hosts: 74.50.127.5 www.google.de
O1 - Hosts: 74.50.127.5 google.dk
O1 - Hosts: 74.50.127.5 www.google.dk
O1 - Hosts: 74.50.127.5 google.fr
O1 - Hosts: 74.50.127.5 www.google.fr
O1 - Hosts: 74.50.127.5 google.ie
O1 - Hosts: 74.50.127.5 www.google.ie
O1 - Hosts: 74.50.127.5 google.it
O1 - Hosts: 74.50.127.5 www.google.it
O1 - Hosts: 74.50.127.5 google.co.jp
O1 - Hosts: 74.50.127.5 www.google.co.jp
O1 - Hosts: 74.50.127.5 google.nl
O1 - Hosts: 74.50.127.5 www.google.nl
O1 - Hosts: 74.50.127.5 google.no
O1 - Hosts: 74.50.127.5 www.google.no
O1 - Hosts: 74.50.127.5 google.co.nz
O1 - Hosts: 74.50.127.5 www.google.co.nz
O1 - Hosts: 74.50.127.5 google.pl
O1 - Hosts: 74.50.127.5 www.google.pl
O1 - Hosts: 74.50.127.5 google.se
O1 - Hosts: 74.50.127.5 www.google.se
O1 - Hosts: 74.50.127.5 google.co.uk
O1 - Hosts: 74.50.127.5 google.co.za
O1 - Hosts: 74.50.127.5 www.google.co.za
O1 - Hosts: 74.50.127.5 www.bing.com
O1 - Hosts: 74.50.127.5 search.yahoo.com
O1 - Hosts: 74.50.127.5 www.search.yahoo.com
O1 - Hosts: 74.50.127.5 uk.search.yahoo.com
O1 - Hosts: 74.50.127.5 ca.search.yahoo.com
O1 - Hosts: 74.50.127.5 de.search.yahoo.com
O1 - Hosts: 74.50.127.5 fr.search.yahoo.com
O1 - Hosts: 74.50.127.5 au.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbProd.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBGAFIARQBFAC0AVgA2AFoASgBBAC0AQgBOADIAWQBRAC0ARgAzAFYAUwBSAC0AVgBXAFMAUgA0AC0AVgBZADcATQBaAA"&"inst=NwA3AC0ANAA1ADQAOAA1ADYANgAyADAALQBYAE8AMwA2ACsAMQAtAE4AMQBEACsAMQAtAFAATAArADkALQBGAEwAKwA5AA"&"prod=90"&"ver=9.0.872
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [~Genoptagelse af profil - Computer] "C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe" "profilepath: C:\Users\cabr\AppData\Roaming\BullGuard\Antivirus\Profiles\~Genoptagelse af profil - Computer.xml"
O4 - HKCU\..\Run: [~Genoptagelse af profil - Computer.1] "C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe" "profilepath: C:\Users\cabr\AppData\Roaming\BullGuard\Antivirus\Profiles\~Genoptagelse af profil - Computer.1.xml"
O4 - HKCU\..\Run: [~Genoptagelse af profil - Profil 1] "C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe" "profilepath: C:\Users\cabr\AppData\Roaming\BullGuard\Antivirus\Profiles\~Genoptagelse af profil - Profil 1.xml"
O4 - HKCU\..\Run: [~Genoptagelse af profil - Computer.2] "C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe" "profilepath: C:\Users\cabr\AppData\Roaming\BullGuard\Antivirus\Profiles\~Genoptagelse af profil - Computer.2.xml"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B67C8737-2923-4EB7-8402-1357056CE4F3}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 13980 bytes
gå ind i sys32 etc.her er loggen, jeg kan ikke umiddelbart se noget galt

I 'guder' en masse 'skrammel' i din opstart - og det er endda 'Safe Mode' ...

Under alle omstændigheder så kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.50.127.5 google.com
O1 - Hosts: 74.50.127.5 google.com.au
O1 - Hosts: 74.50.127.5 www.google.com.au
O1 - Hosts: 74.50.127.5 google.be
O1 - Hosts: 74.50.127.5 www.google.be
O1 - Hosts: 74.50.127.5 google.com.br
O1 - Hosts: 74.50.127.5 www.google.com.br
O1 - Hosts: 74.50.127.5 google.ca
O1 - Hosts: 74.50.127.5 www.google.ca
O1 - Hosts: 74.50.127.5 google.ch
O1 - Hosts: 74.50.127.5 www.google.ch
O1 - Hosts: 74.50.127.5 google.de
O1 - Hosts: 74.50.127.5 www.google.de
O1 - Hosts: 74.50.127.5 google.dk
O1 - Hosts: 74.50.127.5 www.google.dk
O1 - Hosts: 74.50.127.5 google.fr
O1 - Hosts: 74.50.127.5 www.google.fr
O1 - Hosts: 74.50.127.5 google.ie
O1 - Hosts: 74.50.127.5 www.google.ie
O1 - Hosts: 74.50.127.5 google.it
O1 - Hosts: 74.50.127.5 www.google.it
O1 - Hosts: 74.50.127.5 google.co.jp
O1 - Hosts: 74.50.127.5 www.google.co.jp
O1 - Hosts: 74.50.127.5 google.nl
O1 - Hosts: 74.50.127.5 www.google.nl
O1 - Hosts: 74.50.127.5 google.no
O1 - Hosts: 74.50.127.5 www.google.no
O1 - Hosts: 74.50.127.5 google.co.nz
O1 - Hosts: 74.50.127.5 www.google.co.nz
O1 - Hosts: 74.50.127.5 google.pl
O1 - Hosts: 74.50.127.5 www.google.pl
O1 - Hosts: 74.50.127.5 google.se
O1 - Hosts: 74.50.127.5 www.google.se
O1 - Hosts: 74.50.127.5 google.co.uk
O1 - Hosts: 74.50.127.5 google.co.za
O1 - Hosts: 74.50.127.5 www.google.co.za
O1 - Hosts: 74.50.127.5 www.bing.com
O1 - Hosts: 74.50.127.5 search.yahoo.com
O1 - Hosts: 74.50.127.5 www.search.yahoo.com
O1 - Hosts: 74.50.127.5 uk.search.yahoo.com
O1 - Hosts: 74.50.127.5 ca.search.yahoo.com
O1 - Hosts: 74.50.127.5 de.search.yahoo.com
O1 - Hosts: 74.50.127.5 fr.search.yahoo.com
O1 - Hosts: 74.50.127.5 au.search.yahoo.com

Afinstall alt dette Toolbar halløj, som du (sansynligvis) ikke bruger direkte...
Eksempelvis [Ask Toolbar]...

---

Genstart normalt...

---

Andre må gerne bidrage derefter...

hø-hø, ja mildt sagt skrammel. går i gang nu og vender tilbage. forløbig tak

samme nedslående resultat. genintallering? snøft!!

Hent og gem ComboFix på dit skrivebord.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

øhh, hvilken fil snakker vi om??

Den fil du opretter, og navngiver CFScript

jeg aner ikke hvad jeg skal skrive i den fil

Killall::
Snapshot::

undskyld mig, men du bliver nødt til at bøje det i neon, jeg er helt stået af

Start Notesblok og  kopier det fremhævede ind.

Killall::
Snapshot::

Gem filen på dit Skrivebord som CFScript

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

jeg kunne ikke få dit link til at virke, men jeg fandt den på cnet og det fungerede.
danmark lammetæver algeriet mens min virus bliver myrdet, isandhed en fest, champagnepropperne springer.:-) tak for hjælpen. jeg er ny her kan man løbe tør for point? du har i hvert fald tjent dine!

...Indholdet af denne fil C:\Combofix.txt må du gerne lægge herind...

den er gal igen min bb crasher. har kørt hjt og combofix her er loggen for combofix
ComboFix 11-01-19.03 - cabr 20-01-2011  10:47:03.4.2 - x86 NETWORK
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.45.1030.18.3069.2464 [GMT 1:00]
Kører fra: c:\users\cabr\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((  Filer skabt fra 2010-12-20 til 2011-01-20  )))))))))))))))))))))))))))))))))))
.

2011-01-20 09:50 . 2011-01-20 09:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-01-19 20:22 . 2010-11-16 11:01    6273872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E20665B-7EDD-4981-B98D-C88FDD65CC2A}\mpengine.dll
2011-01-19 19:20 . 2011-01-19 19:20    71880    ----a-w-    c:\windows\system32\PxSecure.dll
2011-01-19 19:20 . 2011-01-19 19:22    26096    ----a-w-    c:\windows\system32\drivers\pxkbf.sys
2011-01-19 19:20 . 2011-01-19 19:20    76696    ----a-w-    c:\windows\system32\drivers\pxrts.sys
2011-01-19 19:20 . 2011-01-19 19:20    32008    ----a-w-    c:\windows\system32\drivers\pxscan.sys
2011-01-19 19:20 . 2011-01-19 19:20    --------    d-----w-    c:\program files\Prevx
2011-01-19 19:20 . 2011-01-19 19:22    --------    d-----w-    c:\programdata\PrevxCSI
2011-01-18 14:10 . 2011-01-18 14:10    --------    d-----w-    c:\program files\CCleaner
2011-01-18 11:12 . 2011-01-18 11:12    --------    d-----w-    c:\program files\Loaris
2011-01-17 21:29 . 2011-01-17 21:29    --------    d-----w-    c:\users\cabr\AppData\Roaming\Malwarebytes
2011-01-17 21:29 . 2011-01-17 21:29    --------    d-----w-    c:\programdata\Malwarebytes
2011-01-17 21:29 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-17 21:29 . 2011-01-17 21:29    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-01-17 21:29 . 2010-12-20 17:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-01-17 14:19 . 2011-01-17 14:19    --------    d-----w-    c:\users\cabr\AppData\Roaming\Software Inspection Library
2011-01-17 10:46 . 2011-01-17 10:46    --------    d-----w-    c:\program files\Enigma Software Group
2011-01-17 10:46 . 2011-01-18 14:22    --------    d-----w-    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-17 10:46 . 2011-01-17 10:46    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2011-01-17 08:29 . 2011-01-17 08:43    --------    d-----w-    c:\program files\GridinSoft Trojan Killer
2011-01-15 21:21 . 2011-01-15 21:21    --------    d-----w-    c:\users\cabr\AppData\Roaming\CheckPoint
2011-01-15 21:20 . 2010-05-15 15:30    461400    ----a-w-    c:\windows\system32\drivers\vsdatant.sys
2011-01-15 21:20 . 2011-01-15 21:20    --------    d-----w-    c:\program files\Zone Labs
2011-01-15 20:33 . 2011-01-20 09:35    --------    d-----w-    c:\windows\Internet Logs
2011-01-15 20:33 . 2011-01-15 20:33    --------    d-----w-    c:\programdata\CheckPoint
2011-01-15 09:04 . 2011-01-15 09:04    --------    d-sh--w-    c:\programdata\PIXXUIS
2011-01-15 09:04 . 2011-01-16 21:37    --------    d-sh--w-    c:\programdata\1e95a2
2011-01-13 14:50 . 2011-01-13 14:50    --------    d-----w-    c:\users\cabr\AppData\Local\Canon Easy-PhotoPrint EX
2011-01-13 14:50 . 2011-01-13 14:50    --------    d--h--w-    c:\programdata\CanonIJEPPEX
2011-01-13 14:47 . 2011-01-14 21:55    --------    d-----w-    c:\programdata\CanonIJPLM
2011-01-13 14:46 . 2011-01-13 14:46    --------    d--h--w-    c:\programdata\CanonIJSolutionMenuEX
2011-01-13 14:46 . 2011-01-13 14:46    --------    d--h--w-    c:\programdata\CanonEPP
2011-01-13 14:46 . 2011-01-13 14:46    --------    d--h--w-    c:\programdata\CanonIJMyPrinter
2011-01-13 14:42 . 2011-01-13 14:42    --------    d-----w-    c:\programdata\CanonIJMSetup
2011-01-13 14:41 . 2011-01-13 14:41    --------    d-----w-    c:\program files\Common Files\CANON
2011-01-13 14:41 . 2011-01-13 14:41    --------    d-----w-    c:\programdata\CanonIJWSpt
2011-01-13 14:32 . 2011-01-13 14:48    --------    d-----w-    c:\program files\Canon
2011-01-13 14:31 . 2011-01-13 14:31    --------    d--h--w-    c:\windows\system32\CanonIJ Uninstaller Information
2011-01-13 14:31 . 2011-01-13 14:31    --------    d--h--w-    c:\programdata\CanonBJ
2011-01-13 14:31 . 2010-08-25 04:00    73216    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAA.DLL
2011-01-13 14:31 . 2010-08-25 04:00    27648    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAA.DLL
2011-01-13 14:30 . 2010-08-25 04:00    290816    ----a-w-    c:\windows\system32\CNMLMAA.DLL
2011-01-13 14:30 . 2010-03-18 18:25    307200    ----a-w-    c:\windows\system32\CNC280L.dll
2011-01-13 14:30 . 2010-03-18 16:12    1335296    ----a-w-    c:\windows\system32\CNC280C.dll
2011-01-13 14:30 . 2010-03-18 16:12    114688    ----a-w-    c:\windows\system32\CNC280I.dll
2011-01-13 14:30 . 2010-03-18 16:11    106496    ----a-w-    c:\windows\system32\CNC280U.dll
2011-01-12 15:29 . 2011-01-12 15:29    --------    d-----w-    c:\users\cabr\.oces2
2011-01-11 16:22 . 2011-01-11 16:22    --------    d-----w-    c:\users\cabr\AppData\Local\Conduit
2011-01-11 16:22 . 2011-01-11 16:22    --------    d-----w-    c:\program files\Productivity_2.2
2011-01-11 14:32 . 2011-01-11 15:02    --------    d-----w-    c:\program files\Xvid
2011-01-11 14:32 . 2009-06-07 15:25    77824    ----a-w-    c:\windows\system32\xvid.ax
2011-01-11 14:32 . 2009-06-07 15:24    180224    ----a-w-    c:\windows\system32\xvidvfw.dll
2011-01-11 14:32 . 2009-06-07 15:16    819200    ----a-w-    c:\windows\system32\xvidcore.dll
2011-01-10 21:35 . 2011-01-15 08:52    47360    ----a-w-    c:\users\cabr\AppData\Roaming\pcouffin.sys
2011-01-10 21:35 . 2011-01-10 21:35    47360    ----a-w-    c:\windows\system32\drivers\pcouffin.sys
2011-01-10 21:35 . 2011-01-15 08:52    --------    d-----w-    c:\users\cabr\AppData\Roaming\Vso
2011-01-10 10:32 . 2011-01-10 10:32    --------    d-----w-    c:\programdata\Goland
2011-01-10 09:53 . 2008-02-28 12:26    1414440    ----a-w-    c:\windows\system32\ShellManager310E2D762.dll
2011-01-09 14:00 . 2011-01-09 14:00    --------    d-----w-    c:\program files\Smart Projects
2011-01-07 15:05 . 2011-01-07 15:32    --------    d-----w-    C:\mymovie
2010-12-27 15:59 . 2010-12-28 14:32    --------    d-----w-    c:\users\cabr\AppData\Local\Apple Computer
2010-12-27 15:59 . 2010-12-27 21:27    --------    d-----w-    c:\users\cabr\AppData\Roaming\Apple Computer
2010-12-27 15:58 . 2010-12-27 15:59    --------    d-----w-    c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-27 15:57 . 2010-12-27 15:57    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-22 16:53 . 2010-12-22 17:07    1409    ----a-w-    c:\windows\QTFont.for
2010-12-22 16:51 . 2010-12-22 17:06    --------    d-----w-    c:\programdata\QuickTime
2010-12-22 16:40 . 2010-12-22 17:07    --------    d-----w-    c:\program files\Ubisoft
2010-12-22 16:39 . 2004-10-22 01:16    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2010-11-18 18:58 . 2010-11-18 18:58    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\tmpidcrl.dll
2010-11-18 18:58 . 2009-08-18 10:30    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-18 18:58 . 2009-08-18 10:24    17816    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-12 17:53 . 2010-07-27 06:46    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-15 06:03    978944    ----a-w-    c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 06:03    44544    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 06:03    386048    ----a-w-    c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 06:03    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 05:22    351232    ----a-w-    c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 05:22    496128    ----a-w-    c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 05:22    305152    ----a-w-    c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 05:22    749056    ----a-w-    c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 05:22    192000    ----a-w-    c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 05:22    179712    ----a-w-    c:\windows\system32\schtasks.exe
2010-10-27 04:32 . 2010-12-15 05:24    2048    ----a-w-    c:\windows\system32\tzres.dll
.

(((((((((((((((((((((((((((((  SnapShot@2011-01-19_20.01.34  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-01-19 20:21    53296              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-02 07:11 . 2011-01-19 20:21    14552              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2582585493-2844099296-214694576-1000_UserData.bin
- 2010-01-01 09:27 . 2011-01-17 20:50    16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-01 09:27 . 2011-01-19 20:26    16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-01 09:27 . 2011-01-17 20:50    32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-01 09:27 . 2011-01-19 20:26    32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-01-17 20:50    16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-01-19 20:26    16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2011-01-19 20:21    79056              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-01-01 10:09 . 2011-01-15 21:04    16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-01 10:09 . 2011-01-19 21:10    16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-01 10:09 . 2011-01-15 21:04    16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-01 10:09 . 2011-01-19 21:10    16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-20 08:36 . 2011-01-20 08:42    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-18 22:08 . 2011-01-19 07:29    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-20 08:36 . 2011-01-20 08:42    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-18 22:08 . 2011-01-19 07:29    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-06 08:47 . 2010-10-19 09:41    222080              c:\windows\System32\MpSigStub.exe
+ 2010-08-17 06:17 . 2011-01-19 20:26    262144              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-08-17 06:17 . 2011-01-15 19:55    262144              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:47 . 2011-01-15 21:35    272264              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-01-19 21:58    272264              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-13 20:36 . 2011-01-15 21:35    273032              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2582585493-2844099296-214694576-1000-8192.dat
+ 2010-08-13 20:36 . 2011-01-19 21:58    273032              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2582585493-2844099296-214694576-1000-8192.dat
- 2009-07-14 02:03 . 2011-01-16 20:50    7077888              c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2011-01-19 21:52    7077888              c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 04:34 . 2011-01-13 07:36    4661362              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2011-01-19 20:21    4661362              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e84cc2c1-b722-48fc-a39c-edb8b525c777}"= "c:\program files\Productivity_2.2\prxtbProd.dll" [2011-01-03 175400]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 10:27    2735200    ----a-w-    c:\program files\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 10:17    1233288    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]
2011-01-03 09:16    175400    ----a-w-    c:\program files\Productivity_2.2\prxtbProd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
"{e84cc2c1-b722-48fc-a39c-edb8b525c777}"= "c:\program files\Productivity_2.2\prxtbProd.dll" [2011-01-03 175400]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
"{E84CC2C1-B722-48FC-A39C-EDB8B525C777}"= "c:\program files\Productivity_2.2\prxtbProd.dll" [2011-01-03 175400]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"TouchFreeze"="c:\program files\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-03-03 155648]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2011-01-11 53160]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-05 39408]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"KMCONFIG"="c:\program files\Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 738808]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-01-19 76696]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-01-19 6416120]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 488952]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard & Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
R3 BthAvrcp;Bluetooth AVRCP-profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2007-03-29 17024]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1343400]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2011-01-19 32008]
S3 netw5v32;Kortdriver til Intel(R) trådløs WiFi 5000 Series-forbindelse til Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-01-19 26096]

.
Indhold af mappen 'Planlagte Opgaver'

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 21:44]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 21:44]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{9C89FB15-D4F2-4CAD-B5DA-C56843A7D09D}
uInternet Settings,ProxyOverride = <local>
Trusted Zone: danid.dk
Trusted Zone: nordea.dk\www.netbank
Trusted Zone: danid.dk
TCP: {B67C8737-2923-4EB7-8402-1357056CE4F3} = 208.67.222.222,208.67.220.220
TCP: 752425D233430383 = 208.67.222.222,208.67.220.220
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2011-01-20  10:52:39
ComboFix-quarantined-files.txt  2011-01-20 09:52
ComboFix2.txt  2011-01-20 08:27
ComboFix3.txt  2011-01-20 08:02
ComboFix4.txt  2011-01-19 20:03

Pre-Kørsel: 86.622.810.112 byte ledig
Post-Kørsel: 86.556.553.216 byte ledig

- - End Of File - - 6399DA29D0F303C45C009041777AE330
jeg har også loggen for hjt

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
c:\program files\Ask.com
c:\program files\Productivity_2.2
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e84cc2c1-b722-48fc-a39c-edb8b525c777}"=-
[-HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{e84cc2c1-b722-48fc-a39c-edb8b525c777}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{E84CC2C1-B722-48FC-A39C-EDB8B525C777}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

det virker heller ikke. SUK!

ComboFix 11-01-19.03 - cabr 20-01-2011  14:15:06.6.2 - x86 NETWORK
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.45.1030.18.3069.2141 [GMT 1:00]
Kører fra: c:\users\cabr\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((  Filer skabt fra 2010-12-20 til 2011-01-20  )))))))))))))))))))))))))))))))))))
.

2011-01-20 13:19 . 2011-01-20 13:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-01-20 10:13 . 2011-01-20 10:13    388096    ----a-r-    c:\users\cabr\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-20 10:13 . 2011-01-20 10:13    --------    d-----w-    c:\program files\Trend Micro
2011-01-19 20:22 . 2010-11-16 11:01    6273872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E20665B-7EDD-4981-B98D-C88FDD65CC2A}\mpengine.dll
2011-01-19 19:20 . 2011-01-19 19:20    71880    ----a-w-    c:\windows\system32\PxSecure.dll
2011-01-19 19:20 . 2011-01-19 19:22    26096    ----a-w-    c:\windows\system32\drivers\pxkbf.sys
2011-01-19 19:20 . 2011-01-19 19:20    76696    ----a-w-    c:\windows\system32\drivers\pxrts.sys
2011-01-19 19:20 . 2011-01-19 19:20    32008    ----a-w-    c:\windows\system32\drivers\pxscan.sys
2011-01-19 19:20 . 2011-01-19 19:20    --------    d-----w-    c:\program files\Prevx
2011-01-19 19:20 . 2011-01-19 19:22    --------    d-----w-    c:\programdata\PrevxCSI
2011-01-18 14:10 . 2011-01-18 14:10    --------    d-----w-    c:\program files\CCleaner
2011-01-18 11:12 . 2011-01-18 11:12    --------    d-----w-    c:\program files\Loaris
2011-01-17 21:29 . 2011-01-17 21:29    --------    d-----w-    c:\users\cabr\AppData\Roaming\Malwarebytes
2011-01-17 21:29 . 2011-01-17 21:29    --------    d-----w-    c:\programdata\Malwarebytes
2011-01-17 21:29 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-17 21:29 . 2011-01-17 21:29    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-01-17 21:29 . 2010-12-20 17:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-01-17 14:19 . 2011-01-17 14:19    --------    d-----w-    c:\users\cabr\AppData\Roaming\Software Inspection Library
2011-01-17 10:46 . 2011-01-17 10:46    --------    d-----w-    c:\program files\Enigma Software Group
2011-01-17 10:46 . 2011-01-18 14:22    --------    d-----w-    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-17 10:46 . 2011-01-17 10:46    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2011-01-17 08:29 . 2011-01-17 08:43    --------    d-----w-    c:\program files\GridinSoft Trojan Killer
2011-01-15 21:21 . 2011-01-15 21:21    --------    d-----w-    c:\users\cabr\AppData\Roaming\CheckPoint
2011-01-15 21:20 . 2010-05-15 15:30    461400    ----a-w-    c:\windows\system32\drivers\vsdatant.sys
2011-01-15 21:20 . 2011-01-15 21:20    --------    d-----w-    c:\program files\Zone Labs
2011-01-15 20:33 . 2011-01-20 13:14    --------    d-----w-    c:\windows\Internet Logs
2011-01-15 20:33 . 2011-01-15 20:33    --------    d-----w-    c:\programdata\CheckPoint
2011-01-15 09:04 . 2011-01-15 09:04    --------    d-sh--w-    c:\programdata\PIXXUIS
2011-01-15 09:04 . 2011-01-16 21:37    --------    d-sh--w-    c:\programdata\1e95a2
2011-01-13 14:50 . 2011-01-13 14:50    --------    d-----w-    c:\users\cabr\AppData\Local\Canon Easy-PhotoPrint EX
2011-01-13 14:50 . 2011-01-13 14:50    --------    d--h--w-    c:\programdata\CanonIJEPPEX
2011-01-13 14:47 . 2011-01-14 21:55    --------    d-----w-    c:\programdata\CanonIJPLM
2011-01-13 14:46 . 2011-01-13 14:46    --------    d--h--w-    c:\programdata\CanonIJSolutionMenuEX
2011-01-13 14:46 . 2011-01-13 14:46    --------    d--h--w-    c:\programdata\CanonEPP
2011-01-13 14:46 . 2011-01-13 14:46    --------    d--h--w-    c:\programdata\CanonIJMyPrinter
2011-01-13 14:42 . 2011-01-13 14:42    --------    d-----w-    c:\programdata\CanonIJMSetup
2011-01-13 14:41 . 2011-01-13 14:41    --------    d-----w-    c:\program files\Common Files\CANON
2011-01-13 14:41 . 2011-01-13 14:41    --------    d-----w-    c:\programdata\CanonIJWSpt
2011-01-13 14:32 . 2011-01-13 14:48    --------    d-----w-    c:\program files\Canon
2011-01-13 14:31 . 2011-01-13 14:31    --------    d--h--w-    c:\windows\system32\CanonIJ Uninstaller Information
2011-01-13 14:31 . 2011-01-13 14:31    --------    d--h--w-    c:\programdata\CanonBJ
2011-01-13 14:31 . 2010-08-25 04:00    73216    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAA.DLL
2011-01-13 14:31 . 2010-08-25 04:00    27648    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAA.DLL
2011-01-13 14:30 . 2010-08-25 04:00    290816    ----a-w-    c:\windows\system32\CNMLMAA.DLL
2011-01-13 14:30 . 2010-03-18 18:25    307200    ----a-w-    c:\windows\system32\CNC280L.dll
2011-01-13 14:30 . 2010-03-18 16:12    1335296    ----a-w-    c:\windows\system32\CNC280C.dll
2011-01-13 14:30 . 2010-03-18 16:12    114688    ----a-w-    c:\windows\system32\CNC280I.dll
2011-01-13 14:30 . 2010-03-18 16:11    106496    ----a-w-    c:\windows\system32\CNC280U.dll
2011-01-12 15:29 . 2011-01-12 15:29    --------    d-----w-    c:\users\cabr\.oces2
2011-01-11 16:22 . 2011-01-11 16:22    --------    d-----w-    c:\users\cabr\AppData\Local\Conduit
2011-01-11 16:22 . 2011-01-11 16:22    --------    d-----w-    c:\program files\Productivity_2.2
2011-01-11 14:32 . 2011-01-11 15:02    --------    d-----w-    c:\program files\Xvid
2011-01-11 14:32 . 2009-06-07 15:25    77824    ----a-w-    c:\windows\system32\xvid.ax
2011-01-11 14:32 . 2009-06-07 15:24    180224    ----a-w-    c:\windows\system32\xvidvfw.dll
2011-01-11 14:32 . 2009-06-07 15:16    819200    ----a-w-    c:\windows\system32\xvidcore.dll
2011-01-10 21:35 . 2011-01-15 08:52    47360    ----a-w-    c:\users\cabr\AppData\Roaming\pcouffin.sys
2011-01-10 21:35 . 2011-01-10 21:35    47360    ----a-w-    c:\windows\system32\drivers\pcouffin.sys
2011-01-10 21:35 . 2011-01-15 08:52    --------    d-----w-    c:\users\cabr\AppData\Roaming\Vso
2011-01-10 10:32 . 2011-01-10 10:32    --------    d-----w-    c:\programdata\Goland
2011-01-10 09:53 . 2008-02-28 12:26    1414440    ----a-w-    c:\windows\system32\ShellManager310E2D762.dll
2011-01-09 14:00 . 2011-01-09 14:00    --------    d-----w-    c:\program files\Smart Projects
2011-01-07 15:05 . 2011-01-07 15:32    --------    d-----w-    C:\mymovie
2010-12-27 15:59 . 2010-12-28 14:32    --------    d-----w-    c:\users\cabr\AppData\Local\Apple Computer
2010-12-27 15:59 . 2010-12-27 21:27    --------    d-----w-    c:\users\cabr\AppData\Roaming\Apple Computer
2010-12-27 15:58 . 2010-12-27 15:59    --------    d-----w-    c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-27 15:57 . 2010-12-27 15:57    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-22 16:53 . 2010-12-22 17:07    1409    ----a-w-    c:\windows\QTFont.for
2010-12-22 16:51 . 2010-12-22 17:06    --------    d-----w-    c:\programdata\QuickTime
2010-12-22 16:40 . 2010-12-22 17:07    --------    d-----w-    c:\program files\Ubisoft
2010-12-22 16:39 . 2004-10-22 01:16    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2010-11-18 18:58 . 2010-11-18 18:58    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\tmpidcrl.dll
2010-11-18 18:58 . 2009-08-18 10:30    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-18 18:58 . 2009-08-18 10:24    17816    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-12 17:53 . 2010-07-27 06:46    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-15 06:03    978944    ----a-w-    c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 06:03    44544    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 06:03    386048    ----a-w-    c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 06:03    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 05:22    351232    ----a-w-    c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 05:22    496128    ----a-w-    c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 05:22    305152    ----a-w-    c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 05:22    749056    ----a-w-    c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 05:22    192000    ----a-w-    c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 05:22    179712    ----a-w-    c:\windows\system32\schtasks.exe
2010-10-27 04:32 . 2010-12-15 05:24    2048    ----a-w-    c:\windows\system32\tzres.dll
.

(((((((((((((((((((((((((((((  SnapShot@2011-01-19_20.01.34  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-01-19 20:21    53296              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-02 07:11 . 2011-01-19 20:21    14552              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2582585493-2844099296-214694576-1000_UserData.bin
- 2010-01-01 09:27 . 2011-01-17 20:50    16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-01 09:27 . 2011-01-19 20:26    16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-01 09:27 . 2011-01-17 20:50    32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-01 09:27 . 2011-01-19 20:26    32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-01-19 20:26    16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-01-17 20:50    16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2011-01-19 20:21    79056              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-01-01 10:09 . 2011-01-15 21:04    16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-01 10:09 . 2011-01-19 21:10    16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-01 10:09 . 2011-01-19 21:10    16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-01 10:09 . 2011-01-15 21:04    16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-20 08:36 . 2011-01-20 08:42    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-18 22:08 . 2011-01-19 07:29    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-20 08:36 . 2011-01-20 08:42    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-18 22:08 . 2011-01-19 07:29    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-06 08:47 . 2010-10-19 09:41    222080              c:\windows\System32\MpSigStub.exe
+ 2010-08-17 06:17 . 2011-01-19 20:26    262144              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-08-17 06:17 . 2011-01-15 19:55    262144              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:47 . 2011-01-15 21:35    272264              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-01-19 21:58    272264              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-13 20:36 . 2011-01-15 21:35    273032              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2582585493-2844099296-214694576-1000-8192.dat
+ 2010-08-13 20:36 . 2011-01-19 21:58    273032              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2582585493-2844099296-214694576-1000-8192.dat
- 2009-07-14 02:03 . 2011-01-16 20:50    7077888              c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2011-01-19 21:52    7077888              c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 04:34 . 2011-01-13 07:36    4661362              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2011-01-19 20:21    4661362              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-01-20 09:26 . 2011-01-20 09:26    1402880              c:\windows\Installer\541c5a.msi
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]
2011-01-03 09:16    175400    ----a-w-    c:\program files\Productivity_2.2\prxtbProd.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E84CC2C1-B722-48FC-A39C-EDB8B525C777}"= "c:\program files\Productivity_2.2\prxtbProd.dll" [2011-01-03 175400]

[HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-03-03 155648]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2011-01-11 53160]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-05 39408]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"KMCONFIG"="c:\program files\Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 738808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-01-19 76696]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-01-19 6416120]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 488952]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard & Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
R3 BthAvrcp;Bluetooth AVRCP-profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2007-03-29 17024]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1343400]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2011-01-19 32008]
S3 netw5v32;Kortdriver til Intel(R) trådløs WiFi 5000 Series-forbindelse til Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-01-19 26096]

.
Indhold af mappen 'Planlagte Opgaver'

2011-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 21:44]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 21:44]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/burn4free/{9C89FB15-D4F2-4CAD-B5DA-C56843A7D09D}
uInternet Settings,ProxyOverride = <local>
Trusted Zone: danid.dk
Trusted Zone: nordea.dk\www.netbank
Trusted Zone: danid.dk
TCP: {B67C8737-2923-4EB7-8402-1357056CE4F3} = 208.67.222.222,208.67.220.220
TCP: 752425D233430383 = 208.67.222.222,208.67.220.220
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2011-01-20  14:21:39
ComboFix-quarantined-files.txt  2011-01-20 13:21
ComboFix2.txt  2011-01-20 11:42
ComboFix3.txt  2011-01-20 09:52
ComboFix4.txt  2011-01-20 08:27
ComboFix5.txt  2011-01-20 13:14

Pre-Kørsel: 86.602.391.552 byte ledig
Post-Kørsel: 86.544.560.128 byte ledig

- - End Of File - - 3428BE0F3E9A034BB96889E6C00ACBF6
her er loggen for combofix. enjoy.

(Lad lige <Fromsej> vende tilbage...)

Hvor kikser det med at lave, og bruge, det CFScript fromsej lavede her?

http://www.eksperten.dk/spm/929311#reply_7720538

Du bruger det jo ikke!!

Har du opgivet, eller venter du på fromsej?

du har skrevet en kommentar men hvor er den?

Tast  <Windows> + <R> samtidig og kopier dette ind: Notepad
Tryk enter.

Kopier nedenstående med fed skrift ind i tekstdokumentet.

Killall::
Snapshot::
Folder::
c:\program files\Ask.com
c:\program files\Productivity_2.2
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e84cc2c1-b722-48fc-a39c-edb8b525c777}"=-
[-HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{e84cc2c1-b722-48fc-a39c-edb8b525c777}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{E84CC2C1-B722-48FC-A39C-EDB8B525C777}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{e84cc2c1-b722-48fc-a39c-edb8b525c777}]

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

JEG HAR PRØVET DET DU FORESLÅR, DET VIRKEDE IKKE OG DA JEG ER MEGET AFHÆNGIG AF MAIL GENINSTALLEREDE JEG. MEN JEG VIL GERNE VIDE, HVORDAN JEG KOMMER UD AF MIT SPØRGSMÅL OG FÅR DELT POINT UD

...Indholdet af denne fil må du gerne lægge herind. ... - det ville hjælpe hvis du havde lagt den fil her i tråden...

---

http://www.eksperten.dk/faq#faq-3 - og fremefter...

det mente jeg også jeg havde gjort. hvordan får jeg givet point og får lukket spørgsmålet?

http://www.eksperten.dk/faq#faq-3-5

kan du ikke lægge det ud du har skrevet som et svar så jeg kan give dig point og lukke mit spørgsmål?

Ping...
Dette er så et [svar] - skal deles med <f-arn> !

Du brugte ikke CFScript èn eneste gang, så jeg springer over.

ja, det kan du have ret i, men tjek f-arn's kommentar. men der vist ingen af jer der lider nød, hvad point angår.:-)
jeg talte med en der var her i anden anledning, han sagde at den kan have gravet sig så dybt ned at den eneste mulighed er taste ctrl+alt+del inden win7 starter op og ad den vej komme ind og slette den manuelt. det var måske en anden løsning?.

Det forstår jeg ikke hvad du mener med ?

DU SKREV Du brugte ikke CFScript èn eneste gang, så jeg springer over. VAR DET IKKE POINT DU MENTE?

Jo, men det du skriver, virker som et svar til en!!

NÅ FOR F... DET VAR BARE MENT SOM NOGET JEG VILLE OPLYSE OM, JEG VAR NEMLIG IKKE KLAR OVER DET:-)
OG IGEN EN OPLYSNING DIN IDÉ MED COMBOFIX HJALP SENERE SÅ TAK FOR DEN IDÉ