System tool

Genstart i "Fejlsikret med Netværk" (Tryk F8 flere gange under opstart)

Hent så disse filer.

Klik på dem flere gange, til en af dem virker.

Rkill.com - http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr - http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/iExplore.exe (Omdøbt rkill)
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe (Omdøbt rkill)
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe (Omdøbt rkill)

http://www.raktor.net/exeHelper/exeHelper.com
http://www.raktor.net/exeHelper/exeHelper.scr

------

Hent "Malwarebytes' Anti-Malware" her

Eller her

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "fuld systemskan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte", gem loggen og send den herind sammen med en log fra HiJackThis.


Kør HijackThis, klik på "Do a systemscan scan and save a logfile" kopier loggens tekst og send den herind.

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.

------

Hvis du mister Internetforbindelsen, så start HijackThis, klik på "do a system scan only" og tjek for linier der ligner de fremhævede.
Sæt flueben ved dem, hvis de findes.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25567 (Tallene kan variere)

Luk så alle andre vinduer og klik "fix checked"

Så fandt jeg den alligevel, jeg prøver at kæmpe mig igennem ;o)

Pyh ha da - jeg fik den vist detroniseret. Her er Hijack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:12, on 25-03-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Microsoft Security Client\msseces.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\DAEMON Tools Pro\DTAgent.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Fælles filer\Apple\Apple Application Support\distnoted.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\SyncServer.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Søren\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://danish.ilsc.org/da/index.php?rvs=hompag/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\MasterWriter 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe"                                                                                                                                                                                                               
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmer\Fælles filer\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Programmer\Fælles filer\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmer\Fælles filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Real\RealPlayer\update\realsched.exe"  -osboot                                                                                                                                                                                                           
O4 - HKLM\..\Run: [MSC] "C:\Programmer\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmer\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Føj linkdestinationen til en eksisterende PDF-fil - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Føj til en eksisterende PDF-fil - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Konverter linkdestinationen til en Adobe PDF-fil - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/70.11/uploader2.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270894954207
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Programmer\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Programmer\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmer\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/SREN~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.gif

--
End of file - 11196 bytes

Jeg bad også om loggen fra Malwarebytes' Anti-Malware

------

Hent og gem ComboFix på dit skrivebord.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Hvordan gemmer jeg som CFScript

klik på Filer-> Gem som, navngiv den CFScript, luk tekstdokumentet.

ComboFix 11-03-24.06 - Søren 25-03-2011  16:32:16.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1535.907 [GMT 1:00]
Kører fra: c:\documents and settings\Søren\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Søren\Skrivebord\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lene\Application Data\PriceGong
c:\documents and settings\Lene\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Lene\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Søren\Application Data\Microsoft\~DFK36f304.tmp
c:\documents and settings\Søren\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Søren\Application Data\Microsoft\engine_vx.dll
c:\documents and settings\Søren\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Søren\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Søren\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Søren\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Søren\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Søren\Application Data\PriceGong
c:\documents and settings\Søren\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Søren\Application Data\PriceGong\Data\z.xml
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\_000122_.tmp.dll
c:\windows\system32\msvcsv60.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-02-25 til 2011-03-25  )))))))))))))))))))))))))))))))))))
.
.
2011-03-25 15:22 . 2011-03-25 15:22    28752    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1747C6D-BB7A-4DD5-B2E8-C4F700403259}\MpKsl44e63cbb.sys
2011-03-25 15:22 . 2011-03-15 04:05    6792528    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1747C6D-BB7A-4DD5-B2E8-C4F700403259}\mpengine.dll
2011-03-25 14:12 . 2011-03-25 14:12    --------    d-----w-    c:\documents and settings\Søren\Application Data\Malwarebytes
2011-03-25 14:12 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 14:12 . 2011-03-25 14:12    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-25 14:12 . 2011-03-25 14:12    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2011-03-25 14:12 . 2010-12-20 17:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-03-25 09:44 . 2011-03-25 14:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\lLfMnFkGnGn25600
2011-03-25 06:15 . 2011-03-25 06:15    --------    d-----w-    c:\documents and settings\LocalService\Application Data\TuneUp Software
2011-03-24 20:34 . 2011-03-24 20:34    --------    d-----w-    c:\documents and settings\Lene\Application Data\TuneUp Software
2011-03-24 06:14 . 2011-03-04 16:28    29504    ----a-w-    c:\windows\system32\uxtuneup.dll
2011-03-24 06:08 . 2011-03-04 16:32    31552    ----a-w-    c:\windows\system32\TURegOpt.exe
2011-03-24 06:07 . 2011-03-24 06:07    --------    d-----w-    c:\documents and settings\Søren\Application Data\TuneUp Software
2011-03-24 06:07 . 2011-03-24 06:14    --------    d-----w-    c:\programmer\TuneUp Utilities 2011
2011-03-24 06:07 . 2011-03-24 06:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\TuneUp Software
2011-03-24 06:06 . 2011-03-24 06:06    --------    d-sh--w-    c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-07 08:26 . 2011-03-07 08:26    --------    dc----w-    c:\documents and settings\All Users\Application Data\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
2011-03-06 18:18 . 2011-03-06 18:18    --------    d-----w-    c:\windows\system32\wbem\Repository
2011-03-06 18:14 . 2011-03-06 18:14    --------    d-----w-    c:\programmer\iZotope
2011-03-06 18:14 . 2011-03-06 18:14    --------    d-----w-    c:\programmer\Sonic Foundry
2011-03-06 18:14 . 2011-03-06 18:14    --------    d-----w-    c:\programmer\NCH Swift Sound
2011-03-04 20:45 . 2011-03-04 20:45    --------    d-----w-    c:\documents and settings\Søren\Lokale indstillinger\Application Data\Innovative Solutions
2011-03-04 20:45 . 2011-03-04 20:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\Innovative Solutions
2011-03-04 19:54 . 2011-03-04 20:46    --------    d-----w-    c:\documents and settings\Søren\Lokale indstillinger\Application Data\AskToolbar
2011-03-04 19:53 . 2011-03-06 18:14    --------    d-----w-    c:\programmer\Ask.com
2011-03-04 19:53 . 2011-03-04 19:53    --------    d-----w-    c:\documents and settings\Søren\Application Data\DeviceDoctorSoftware
2011-03-04 18:50 . 2011-03-06 18:14    --------    d-----w-    c:\documents and settings\Søren\Application Data\Dropbox
2011-03-01 08:56 . 2011-03-02 10:40    130048    ----a-w-    c:\windows\Psynya.exe
2011-02-24 18:13 . 2011-02-24 18:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\MasterWriter 2.0
2011-02-24 18:13 . 2011-02-24 18:19    --------    d-----w-    c:\documents and settings\Søren\MasterWriter 2.0
2011-02-24 18:12 . 2011-03-07 08:23    --------    d-----w-    c:\programmer\MasterWriter 2.0
2011-02-24 10:07 . 2011-02-24 10:07    --------    d-----w-    c:\programmer\MediaFeed
2011-02-24 09:45 . 2011-03-24 06:25    --------    d-----w-    c:\programmer\VersePerfect
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-12-26 00:56    5943120    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-26 15:53    270848    ----a-w-    c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-26 15:53    186880    ----a-w-    c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-02-18 17:01    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-02-18 17:01    677888    ----a-w-    c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-26 15:53    439808    ----a-w-    c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-26 15:52    290048    ----a-w-    c:\windows\system32\atmfd.dll
2011-01-06 20:29 . 2011-01-06 20:18    218496    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2011-01-06 20:12 . 2011-01-06 20:12    138056    ----a-w-    c:\documents and settings\Søren\Application Data\PnkBstrK.sys
2010-12-31 14:03 . 2004-08-26 15:49    1854976    ----a-w-    c:\windows\system32\win32k.sys
2006-11-13 16:17 . 2006-11-13 16:17    224040    ----a-w-    c:\programmer\richink.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\programmer\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432]
"nwiz"="nwiz.exe" [2007-07-13 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Photo Downloader"="c:\programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"AdobeAAMUpdater-1.0"="c:\programmer\Fælles filer\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-12-01 497648]
"SwitchBoard"="c:\programmer\Fælles filer\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\programmer\Fælles filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"TkBellExe"="c:\programmer\Real\RealPlayer\update\realsched.exe" [2010-12-20 274608]
"MSC"="c:\programmer\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Lene\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\programmer\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\programmer\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Søren^Menuen Start^Programmer^Start^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Søren\Menuen Start\Programmer\Start\Picture Motion Browser Media Check Tool.lnk
backupExtension=.Startup
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 16:11    640440    ----a-w-    c:\programmer\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-01-30 23:36    38840    ----a-w-    c:\programmer\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37    932288    ----a-w-    c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-04-27 14:37    611712    ----a-w-    c:\programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41    49152    ----a-w-    c:\programmer\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16    421160    ----a-w-    c:\programmer\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38    421888    ----a-w-    c:\programmer\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43    248040    ----a-w-    c:\programmer\Fælles filer\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeBridge"=
"LKGGOPABUH"=c:\docume~1\SREN~1\LOKALE~1\Temp\Prd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmer\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programmer\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmer\\WM Recorder\\WMR90.exe"=
"c:\\Programmer\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmer\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Programmer\\MasterWriter 2.0\\jre6\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23-08-2010 19:14 697328]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [05-06-2010 20:22 11264]
R1 MpKsl44e63cbb;MpKsl44e63cbb;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1747C6D-BB7A-4DD5-B2E8-C4F700403259}\MpKsl44e63cbb.sys [25-03-2011 16:22 28752]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\programmer\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [06-09-2010 02:19 169408]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmer\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [04-03-2011 17:30 1523008]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [30-03-2010 15:43 31848]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmer\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07-10-2010 13:34 10064]
S0 engesc;engesc;c:\windows\system32\drivers\qktk.sys --> c:\windows\system32\drivers\qktk.sys [?]
S1 MpKslb9371d3f;MpKslb9371d3f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E06EB71A-F7F8-4400-8BE5-85F297FCC0DC}\MpKslb9371d3f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E06EB71A-F7F8-4400-8BE5-85F297FCC0DC}\MpKslb9371d3f.sys [?]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [11-04-2010 17:08 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmer\Fælles filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-08-2008 04:46 288112]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX2.sys --> c:\windows\system32\Drivers\L6UX2.sys [?]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [30-03-2010 15:43 31848]
S3 SwitchBoard;SwitchBoard;c:\programmer\Fælles filer\Adobe\SwitchBoard\SwitchBoard.exe [19-02-2010 12:37 517096]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [28-11-2010 10:28 41984]
S3 ysusb32;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb32.sys [11-06-2009 17:44 64968]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02    114688    ----a-w-    c:\programmer\PixiePack Codec Pack\InstallerHelper.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-04-11 16:08]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-04-11 16:08]
.
2011-03-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-03-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-117609710-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-03-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-117609710-839522115-1004.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-117609710-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-03-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-117609710-839522115-1004.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{65703C5B-C272-4E24-9AE9-35F84CDB7C8C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{9A9B5D13-F58C-4164-8C87-A63136B99D28}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://danish.ilsc.org/da/index.php?rvs=hompag/
uInternet Settings,ProxyServer =

uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Føj linkdestinationen til en eksisterende PDF-fil - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Føj til en eksisterende PDF-fil - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Konverter linkdestinationen til en Adobe PDF-fil - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Konverter til Adobe PDF - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
.
- - - - TOMME GENVEJE FJERNET - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 16:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'winlogon.exe'(1604)
c:\programmer\Fælles filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2884)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmer\Stardock\Fences\FencesMenu.dll
c:\programmer\stardock\fences\DesktopDock.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmer\Fælles filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\programmer\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\RunDll32.exe
c:\programmer\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmer\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Gennemført tid: 2011-03-25  16:52:27 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-03-25 15:52
.
Pre-Kørsel: 13.005.275.136 byte ledig
Post-Kørsel: 13.513.691.136 byte ledig
.
Current=1 Default=1 Failed=6 LastKnownGood=2 Sets=1,2,3,4,5,6
- - End Of File - - 71D2D584C6BED28DB902B107EE4009D6

Mangler der noget nu?

Loggen fra Malwarebytes' Anti-Malware

------

ComboFix fjernede noget, jeg ikke er sikker på skulle være fjernet.

Find og upload nedenstående hos Jotti eller Virustotal:

C:\Qoobox\C\windows\Downloaded Program Files\IDropPTB.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\msvcsv60.dll.vir

http://virusscan.jotti.org/ - http://www.virustotal.com/

Kopier resultatet herind som link, eller MD5 Checksum.

Du får lige link til Jotti og Virustotal igen.

Jotti - Virustotal

Fanden ta' ekspertens måde at vise link på!!!!!!!!!!

Jeg går lige i "madlavningsmode" men skal nok forsøge at klare det inden alt for længe ;o)

Den første af filerne er der ikke noget galt. Den anden fil er tom!

Hvis du vil ha' hjælp, må du gøre som jeg skriver!

Loggen fra Malwarebytes' Anti-Malware

Kopier resultatet herind som link, eller MD5 Checksum.

sorry - kan ikke lige hitte rede i det, men prøver

Er det denne?


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6168

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

25-03-2011 15:26:03
mbam-log-2011-03-25 (15-26-03).txt

Skanningstype: Hurtig skanning
Objekter skannet: 186673
Tid gået: 4 minut(ter), 58 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 1
Registreringsdatabasenøgler Inficeret: 35
Registreringsdatabaseværdier Inficeret: 2
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 2
Inficerede Filer: 4

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
c:\WINDOWS\system32\logarsh.dll (Spyware.Agent) -> Delete on reboot.

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\AppID\{A9722A0D-365F-47D2-B70B-37D046316D99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\18RH6WMFH2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LKGGOPABUH (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lLfMnFkGnGn25600 (Rogue.SystemTool) -> Value: lLfMnFkGnGn25600 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
c:\documents and settings\Lene\application data\smart-ads-solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
c:\documents and settings\Lene\application data\smart-ads-solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.

Inficerede Filer:
c:\WINDOWS\system32\logarsh.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\llfmnfkgngn25600\llfmnfkgngn25600.exe (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Søren\x.exe (Trojan.KillAV) -> Quarantined and deleted successfully.

Så mangler jeg bare link, eller MD5 Checksum ang. de to filer.

Hvordan gør jeg det?

Du kan se en vejledning til VirusTotal her:

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=143&title=virustotal-vejledning

Nederst står der en MD5 Checksum.

Jeg ved ikke om det her er rigtigt! det er fra denne fil: msvcsv60.dll.vir. Den anden fil viser åbenbart ikke noget!

AhnLab-V3 2011.03.26.00 2011.03.25 -
AntiVir 7.11.5.75 2011.03.25 -
Antiy-AVL 2.0.3.7 2011.03.25 -
Avast 4.8.1351.0 2011.03.25 -
Avast5 5.0.677.0 2011.03.25 -
AVG 10.0.0.1190 2011.03.25 -
BitDefender 7.2 2011.03.25 -
CAT-QuickHeal 11.00 2011.03.25 -
ClamAV 0.96.4.0 2011.03.25 -
Commtouch 5.2.11.5 2011.03.24 -
Comodo 8102 2011.03.25 -
DrWeb 5.0.2.03300 2011.03.25 -
Emsisoft 5.1.0.4 2011.03.25 -
eSafe 7.0.17.0 2011.03.24 -
eTrust-Vet 36.1.8235 2011.03.25 -
F-Prot 4.6.2.117 2011.03.25 -
F-Secure 9.0.16440.0 2011.03.23 -
Fortinet 4.2.254.0 2011.03.25 -
Ikarus T3.1.1.97.0 2011.03.25 -
Jiangmin 13.0.900 2011.03.25 -
K7AntiVirus 9.94.4211 2011.03.25 -
Kaspersky 7.0.0.125 2011.03.25 -
McAfee 5.400.0.1158 2011.03.25 -
McAfee-GW-Edition 2010.1C 2011.03.25 -
Microsoft 1.6702 2011.03.25 -
NOD32 5985 2011.03.25 -
Norman 6.07.03 2011.03.24 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.25 -
PCTools 7.0.3.5 2011.03.25 -
Prevx 3.0 2011.03.25 -
Rising 23.50.04.06 2011.03.25 -
Sophos 4.64.0 2011.03.25 -
SUPERAntiSpyware 4.40.0.1006 2011.03.25 -
Symantec 20101.3.0.103 2011.03.25 -
TheHacker 6.7.0.1.156 2011.03.25 -
TrendMicro 9.200.0.1012 2011.03.25 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.25 -
VBA32 3.12.14.3 2011.03.25 -
VIPRE 8816 2011.03.25 -
ViRobot 2011.3.25.4376 2011.03.25 -
VirusBuster 13.6.270.0 2011.03.25 -
Additional informationShow all 
MD5  : 4b22c5d3cec41db7352b6f16d0adec40
SHA1  : 0756874f63686349e42c340466ed50fb94a89d32
SHA256: d4653ce6df29f5ed91250709a74a0df6d58d2443a573cae7711362ed67fa47a3
ssdeep: 3:H4n8xLxEl8wVnM83et82Vklll816/80Vhyl87LxM86VnM8zH8wJo:YnMKHnMKKhMI6/bMGK1n
MOH8
File size : 192 bytes
First seen: 2011-03-25 16:56:39
Last seen : 2011-03-25 16:56:39
Magic: data
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: -
ExifTool:
-

Det er rigtigt nok  :-)

1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:filefind
IDropPTB.dll*
msvcsv60.dll*

3. Luk så alle andre vinduer og klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

SystemLook 04.09.10 by jpshortstuff
Log created at 22:48 on 25/03/2011 by Søren
Administrator - Elevation successful

========== filefind ==========

Searching for "IDropPTB.dll*"
C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\IDropPTB.dll.vir    --a--c- 0 bytes    [21:10 11/02/2007]    [21:10 11/02/2007] D41D8CD98F00B204E9800998ECF8427E

Searching for "msvcsv60.dll*"
C:\Qoobox\Quarantine\C\WINDOWS\system32\msvcsv60.dll.vir    --a---- 192 bytes    [14:37 21/08/2010]    [18:01 21/01/2011] 4B22C5D3CEC41DB7352B6F16D0ADEC40

-= EOF =-

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
File::
c:\windows\system32\drivers\qktk.sys
Filelook::
c:\programmer\richink.dll
c:\programmer\DAEMON Tools Pro\DTAgent.exe
Driver::
engesc
MpKslb9371d3f;MpKslb9371d3f

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

ComboFix 11-03-24.06 - Søren 26-03-2011  7:39.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1535.1015 [GMT 1:00]
Kører fra: c:\documents and settings\Søren\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Søren\Skrivebord\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
FILE ::
"c:\windows\system32\drivers\qktk.sys"
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_engesc
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-02-26 til 2011-03-26  )))))))))))))))))))))))))))))))))))
.
.
2011-03-26 06:24 . 2011-03-26 06:24    28752    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1805D5FE-B02F-4BF8-8B11-6E443BDA0F98}\MpKsl801907b3.sys
2011-03-25 15:56 . 2011-03-15 04:05    6792528    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1805D5FE-B02F-4BF8-8B11-6E443BDA0F98}\mpengine.dll
2011-03-25 14:12 . 2011-03-25 14:12    --------    d-----w-    c:\documents and settings\Søren\Application Data\Malwarebytes
2011-03-25 14:12 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 14:12 . 2011-03-25 14:12    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-25 14:12 . 2011-03-25 14:12    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2011-03-25 14:12 . 2010-12-20 17:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-03-25 09:44 . 2011-03-25 14:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\lLfMnFkGnGn25600
2011-03-25 06:15 . 2011-03-25 06:15    --------    d-----w-    c:\documents and settings\LocalService\Application Data\TuneUp Software
2011-03-24 20:34 . 2011-03-24 20:34    --------    d-----w-    c:\documents and settings\Lene\Application Data\TuneUp Software
2011-03-24 06:14 . 2011-03-04 16:28    29504    ----a-w-    c:\windows\system32\uxtuneup.dll
2011-03-24 06:08 . 2011-03-04 16:32    31552    ----a-w-    c:\windows\system32\TURegOpt.exe
2011-03-24 06:07 . 2011-03-24 06:07    --------    d-----w-    c:\documents and settings\Søren\Application Data\TuneUp Software
2011-03-24 06:07 . 2011-03-24 06:14    --------    d-----w-    c:\programmer\TuneUp Utilities 2011
2011-03-24 06:07 . 2011-03-24 06:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\TuneUp Software
2011-03-24 06:06 . 2011-03-24 06:06    --------    d-sh--w-    c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-07 08:26 . 2011-03-07 08:26    --------    dc----w-    c:\documents and settings\All Users\Application Data\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
2011-03-06 18:18 . 2011-03-06 18:18    --------    d-----w-    c:\windows\system32\wbem\Repository
2011-03-06 18:14 . 2011-03-06 18:14    --------    d-----w-    c:\programmer\iZotope
2011-03-06 18:14 . 2011-03-06 18:14    --------    d-----w-    c:\programmer\Sonic Foundry
2011-03-06 18:14 . 2011-03-06 18:14    --------    d-----w-    c:\programmer\NCH Swift Sound
2011-03-04 20:45 . 2011-03-04 20:45    --------    d-----w-    c:\documents and settings\Søren\Lokale indstillinger\Application Data\Innovative Solutions
2011-03-04 20:45 . 2011-03-04 20:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\Innovative Solutions
2011-03-04 19:54 . 2011-03-04 20:46    --------    d-----w-    c:\documents and settings\Søren\Lokale indstillinger\Application Data\AskToolbar
2011-03-04 19:53 . 2011-03-06 18:14    --------    d-----w-    c:\programmer\Ask.com
2011-03-04 19:53 . 2011-03-04 19:53    --------    d-----w-    c:\documents and settings\Søren\Application Data\DeviceDoctorSoftware
2011-03-04 18:50 . 2011-03-06 18:14    --------    d-----w-    c:\documents and settings\Søren\Application Data\Dropbox
2011-03-01 08:56 . 2011-03-02 10:40    130048    ----a-w-    c:\windows\Psynya.exe
2011-02-24 18:13 . 2011-02-24 18:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\MasterWriter 2.0
2011-02-24 18:13 . 2011-02-24 18:19    --------    d-----w-    c:\documents and settings\Søren\MasterWriter 2.0
2011-02-24 18:12 . 2011-03-07 08:23    --------    d-----w-    c:\programmer\MasterWriter 2.0
2011-02-24 10:07 . 2011-02-24 10:07    --------    d-----w-    c:\programmer\MediaFeed
2011-02-24 09:45 . 2011-03-24 06:25    --------    d-----w-    c:\programmer\VersePerfect
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-12-26 00:56    5943120    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2004-08-26 15:53    270848    ----a-w-    c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-26 15:53    186880    ----a-w-    c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-02-18 17:01    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-02-18 17:01    677888    ----a-w-    c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-26 15:53    439808    ----a-w-    c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-26 15:52    290048    ----a-w-    c:\windows\system32\atmfd.dll
2011-01-06 20:29 . 2011-01-06 20:18    218496    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2011-01-06 20:12 . 2011-01-06 20:12    138056    ----a-w-    c:\documents and settings\Søren\Application Data\PnkBstrK.sys
2010-12-31 14:03 . 2004-08-26 15:49    1854976    ----a-w-    c:\windows\system32\win32k.sys
2006-11-13 16:17 . 2006-11-13 16:17    224040    ----a-w-    c:\programmer\richink.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\programmer\DAEMON Tools Pro\DTAgent.exe ---
Company: DT Soft Ltd
File Description: DAEMON Tools Pro Agent
File Version: 4.36.0309.0160
Product Name: DAEMON Tools Pro
Copyright: © 2000-2010 DT Soft Ltd.
Original Filename: DTAgent.exe
File size: 427328
Created time: 2010-04-15 08:17
Modified time: 2010-04-15 08:17
MD5: 6DDA7FFADE9368945440DBEAE8587F45
SHA1: F7FF600DE2BA0BFF72164D3517DF854DBF5E6EE4
.
.
--- c:\programmer\richink.dll ---
Company: Microsoft Corporation
File Description: Windows CE Services Document Converter
File Version: 3.1.1.0
Product Name: Microsoft ActiveSync
Copyright: Copyright © 1995-2006 Microsoft Corp. Alle rettigheder forbeholdes.
Original Filename: RICHINK.DLL
File size: 224040
Created time: 2006-11-13 16:17
Modified time: 2006-11-13 16:17
MD5: CAE98259AD76890D7715A72A28914ED7
SHA1: D9ADF51E306F7D17BE081C6451B2E4BAC5E368DA
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\programmer\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432]
"nwiz"="nwiz.exe" [2007-07-13 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Photo Downloader"="c:\programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"AdobeAAMUpdater-1.0"="c:\programmer\Fælles filer\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-12-01 497648]
"SwitchBoard"="c:\programmer\Fælles filer\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\programmer\Fælles filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"TkBellExe"="c:\programmer\Real\RealPlayer\update\realsched.exe" [2010-12-20 274608]
"MSC"="c:\programmer\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Lene\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\programmer\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\programmer\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Søren^Menuen Start^Programmer^Start^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Søren\Menuen Start\Programmer\Start\Picture Motion Browser Media Check Tool.lnk
backupExtension=.Startup
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 16:11    640440    ----a-w-    c:\programmer\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-01-30 23:36    38840    ----a-w-    c:\programmer\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37    932288    ----a-w-    c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-04-27 14:37    611712    ----a-w-    c:\programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41    49152    ----a-w-    c:\programmer\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16    421160    ----a-w-    c:\programmer\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38    421888    ----a-w-    c:\programmer\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43    248040    ----a-w-    c:\programmer\Fælles filer\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeBridge"=
"LKGGOPABUH"=c:\docume~1\SREN~1\LOKALE~1\Temp\Prd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmer\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programmer\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmer\\WM Recorder\\WMR90.exe"=
"c:\\Programmer\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmer\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Programmer\\MasterWriter 2.0\\jre6\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23-08-2010 19:14 697328]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [05-06-2010 20:22 11264]
R1 MpKsl801907b3;MpKsl801907b3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1805D5FE-B02F-4BF8-8B11-6E443BDA0F98}\MpKsl801907b3.sys [26-03-2011 07:24 28752]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\programmer\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [06-09-2010 02:19 169408]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmer\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [04-03-2011 17:30 1523008]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [30-03-2010 15:43 31848]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmer\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07-10-2010 13:34 10064]
S1 MpKslb9371d3f;MpKslb9371d3f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E06EB71A-F7F8-4400-8BE5-85F297FCC0DC}\MpKslb9371d3f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E06EB71A-F7F8-4400-8BE5-85F297FCC0DC}\MpKslb9371d3f.sys [?]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [11-04-2010 17:08 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmer\Fælles filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-08-2008 04:46 288112]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX2.sys --> c:\windows\system32\Drivers\L6UX2.sys [?]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [30-03-2010 15:43 31848]
S3 SwitchBoard;SwitchBoard;c:\programmer\Fælles filer\Adobe\SwitchBoard\SwitchBoard.exe [19-02-2010 12:37 517096]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [28-11-2010 10:28 41984]
S3 ysusb32;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb32.sys [11-06-2009 17:44 64968]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02    114688    ----a-w-    c:\programmer\PixiePack Codec Pack\InstallerHelper.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-04-11 16:08]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-04-11 16:08]
.
2011-03-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-117609710-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-117609710-839522115-1004.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-03-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-117609710-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-03-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-117609710-839522115-1004.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-03-26 c:\windows\Tasks\User_Feed_Synchronization-{65703C5B-C272-4E24-9AE9-35F84CDB7C8C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-03-26 c:\windows\Tasks\User_Feed_Synchronization-{9A9B5D13-F58C-4164-8C87-A63136B99D28}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://danish.ilsc.org/da/index.php?rvs=hompag/
uInternet Settings,ProxyServer =

uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Føj linkdestinationen til en eksisterende PDF-fil - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Føj til en eksisterende PDF-fil - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Konverter linkdestinationen til en Adobe PDF-fil - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Konverter til Adobe PDF - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-26 07:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'winlogon.exe'(1604)
c:\programmer\Fælles filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmer\Stardock\Fences\FencesMenu.dll
c:\programmer\stardock\fences\DesktopDock.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmer\Fælles filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\programmer\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmer\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmer\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Gennemført tid: 2011-03-26  07:56:08 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-03-26 06:56
ComboFix2.txt  2011-03-25 15:52
.
Pre-Kørsel: 13.505.581.056 byte ledig
Post-Kørsel: 13.513.670.656 byte ledig
.
Current=1 Default=1 Failed=6 LastKnownGood=2 Sets=1,2,3,4,5,6
- - End Of File - - AFCCE128309015FA1CF73B615ABEADC1

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL
Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"

:Services
MpKslb9371d3f

:files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[ClearAllRestorePoints]
[EMPTYFLASH]
[Reboot]

Luk alle andre åbne vinduer og klik på "Run Fix"

Den laver en log, C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log som du gerne må kopiere herind

PS Hvordan kører PCen nu?

Den kører rigtig fint ;o)

All processes killed
========== SERVICES/DRIVERS ==========
Service MpKslb9371d3f stopped successfully!
Service MpKslb9371d3f deleted successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev tømt.
C:\Documents and Settings\Søren\Skrivebord\cmd.bat deleted successfully.
C:\Documents and Settings\Søren\Skrivebord\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Lene
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5571654 bytes
->Java cache emptied: 185013 bytes
->Flash cache emptied: 8509 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 2338 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Søren
->Temp folder emptied: 23782 bytes
->Temporary Internet Files folder emptied: 23169899 bytes
->Java cache emptied: 9085238 bytes
->Apple Safari cache emptied: 582656 bytes
->Flash cache emptied: 150324 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3233380 bytes
%systemroot%\System32 .tmp files removed: 4810340 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2480 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45,00 mb

Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Lene
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Søren
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03262011_083845

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

DeQuarantine::
C:\Qoobox\Quarantine\C\WINDOWS\system32\msvcsv60.dll.vir
Quit::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Den laver C:\DeQuarantine_log.txt som du gerne må kopiere herind.

C:\Qoobox\Quarantine\C\WINDOWS\system32\msvcsv60.dll.vir -> C:\WINDOWS\system32\msvcsv60.dll ( 192 bytes )

Fint  :-)

Tast  <Windows> + <R> samtidig og kopier dette ind: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

------

Start OTL og klik på CleanUp

Det vil fjerne OTL.

Er hermed klaret!