Hijack This

Altså oprindeligt -> www.eksperten.dk/spm/942775 ?

---

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [BCSSync] "C:\Programmer\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Programmer\Microsoft Office\Office14\MSOSYNC.EXE"

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present


O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

O24 - Desktop Component 0: (no name) - (no file)

Genstart normalt...

---

Hvordan kører PC'en så nu ?

Ja men det spørgsmål er jo lukket!

...Jeg har måske "opryddet" lidt kraftigt, ved det ikke... - bare for at have 'historien' bag ... Fint nok ...

#2 !!

Så er det fixet, og computer kører bedre.
Problemet med at installere fra CD-drev er der stadig. Når jeg forsøger kommer følgende meddelse:

Windows kunne ikke få adgang til den angivne enhed, sti eller fil. Du har muligvis ikke...osv.

Når jeg klikker OK på denne kommer denne meddelse:

Error
Could not execute the external program
C:\DOCUME~1\SRN~1\LOKALE~1\TEMP\GLF9TM~.EXE.

... er det sådan med alle slags CD'er ?

Har lige prøvet et par andre uden problemer, så måske den jeg prøvede ikke duer!

Jeg har tidligere i dag prøvet at åbne Windows XP installationsprogrammet, men fik samme besked, så jeg satte comp til at boote fra den, så lykkedes det

Jeg har også stadig problemet med at komme i enhedshåndtering samt f.eks sikkerhedsindstillinger, hvor jeg får den samme besked:
"Windows kunne ikke få adgang til den angivne enhed, sti eller fil. Du har muligvis ikke...osv"

Hmmm...

Sæt Windows cd'en i drevet > når den popper-op så luk den ned oppe i det røde X i højre hjørne.
Gå i Start > Kør > Skriv:
SFC.exe    /scannow > ENTER
Der kommer en bjælke så længe scanningen køre - og når den er færdig forsvinder den igen og du får ikke andre meldinger.
Indsæt din Windows CD/DVD, hvis du bliver bedt om det.
Efter scanningen > Genstart...

Kan heller ikke komme i forbindelse med min skanner/printer samt andre programmer!

Der kommer kun et "blink" og ingen bjælke!

#8 !!!

Ingen bud?

#8 ?

Skal det tolkes som et svar, og i givet fald hvilket?

Gennemfør proceduren som nævnt i #8 ->

Sæt Windows cd'en i drevet > når den popper-op så luk den ned oppe i det røde X i højre hjørne.
Gå i Start > Kør > Skriv:
SFC.exe    /scannow > ENTER
Der kommer en bjælke så længe scanningen køre - og når den er færdig forsvinder den igen og du får ikke andre meldinger.
Indsæt din Windows CD/DVD, hvis du bliver bedt om det.
Efter scanningen > Genstart...

Er prøvet, der kommer kun et kortvarigt blink, og så sker der ellers ikke mere!

Jeg tror du skriver et eller andet forkert ?

Gå i Start > Kør > Skriv:
CMD    > ENTER
I boxen skriver du

SFC.exe    /scannow    > ENTER

Der kommer en bjælke så længe scanningen køre - og når den er færdig forsvinder den igen og du får ikke andre meldinger.
Indsæt din Windows CD/DVD, hvis du bliver bedt om det.
Efter scanningen > Genstart...

Det lykkedes denne gang - min fejl! Men desværre kan jeg stadig ikke komme ind i bla. printer - enhedshåndtering - firewall osv.

Hmmm...

Stik mig lige en frisk log fra HiJackThis ... har en mistanke...

Kommer her:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:20, on 12-07-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Creative\Shared Files\CTDevSrv.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmer\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Fælles filer\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft Office\Office14\MSOSYNC.EXE
C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmer\Microsoft Office\Office14\OUTLOOK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\FlashGet Network\FlashGet 3\Flashget3.exe
I:\Dokumenter Søren\Div. programmer\Sikkerhed\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10206&bi=400
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://danish.ilsc.org/da/index.php?rvs=hompag/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10206&bi=400
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmer\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Søren\Application Data\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSC] "C:\Programmer\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BCSSync] "C:\Programmer\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Programmer\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Søren\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Søren\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Føj linkdestinationen til en eksisterende PDF-fil - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Føj til en eksisterende PDF-fil - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter linkdestinationen til en Adobe PDF-fil - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: S&end til OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://software.kuaiche.com
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/70.11/uploader2.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270894954207
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Programmer\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programmer\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Programmer\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmer\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Programmer\Fælles filer\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\SwitchBoard\SwitchBoard.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 12420 bytes

Disse SKAL 'fixes' i HiJackThis ->

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

--- og/eller ---

Hent Dial-a-fix på dette link, og gem det på skrivebordet.
http://djlizard.net/Dial-a-fix-2006-09-19.exe

[Polices] - [Remove] ...

Er hermed gjort!

... og er omtalte linier væk fra en frisk Log fra HiJackThis ???

De er væk, men stadig ingen adgang...

Lige en hurtig ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

NB: Du må ikke døbe den Combofix.exe, men eksempelvis BANAN.exe

-- Kør så combofix.exe (BANAN.exe), som du hentede tidligere, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Så er der noget at kikke på - det er vist nok for i dag!

ComboFix 11-07-12.09 - Søren 12-07-2011  22:59:09.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1535.964 [GMT 2:00]
Kører fra: c:\documents and settings\Søren\Skrivebord\Bananfix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmer\AutocompletePro
c:\programmer\AutocompletePro\64\AutocompletePro64.dll
c:\programmer\AutocompletePro\AutocompletePro.dll
c:\programmer\AutocompletePro\chrome\autocompleteprochrome.crx
c:\programmer\AutocompletePro\ChromeSetSearchInBrowser.exe
c:\programmer\AutocompletePro\FireFoxExtension.exe
c:\programmer\AutocompletePro\InstTracker.exe
c:\programmer\AutocompletePro\support@predictad.com\chrome.manifest
c:\programmer\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\programmer\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\programmer\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\programmer\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\programmer\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\programmer\AutocompletePro\support@predictad.com\install.rdf
c:\programmer\AutocompletePro\unins000.dat
c:\programmer\AutocompletePro\unins000.exe
c:\windows\system32\Drivers\Kopi af afd.sys
E:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-06-12 til 2011-07-12  )))))))))))))))))))))))))))))))))))
.
.
2011-07-12 21:12 . 2011-07-12 21:12    28752    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46D0B63D-9215-4E33-9440-64D70B4655BF}\MpKslebd2e48a.sys
2011-07-12 20:26 . 2011-07-12 20:26    --------    d-----w-    c:\documents and settings\Søren\Lokale indstillinger\Application Data\antiphishing-radarsync1_0dn
2011-07-12 20:26 . 2011-07-12 20:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2011-07-12 15:49 . 2001-10-04 15:07    110621    -c--a-w-    c:\windows\system32\dllcache\digirlpt.dll
2011-07-12 15:48 . 2001-10-04 15:07    91264    -c--a-w-    c:\windows\system32\dllcache\cirrus.dll
2011-07-12 15:47 . 2001-10-04 15:07    41472    -c--a-w-    c:\windows\system32\dllcache\brmfusb.dll
2011-07-12 15:46 . 2001-08-17 20:07    101888    -c--a-w-    c:\windows\system32\dllcache\adpu160m.sys
2011-07-12 14:56 . 2011-07-12 15:21    --------    d-----w-    c:\documents and settings\Søren\Application Data\Registry Mechanic
2011-07-12 14:49 . 2010-09-16 10:26    37336    ----a-w-    c:\windows\system32\CleanMFT32.exe
2011-07-12 14:49 . 2008-04-02 14:54    1101824    ----a-w-    c:\windows\system32\UniBox210.ocx
2011-07-12 14:49 . 2008-04-02 14:53    212992    ----a-w-    c:\windows\system32\UniBoxVB12.ocx
2011-07-12 14:49 . 2008-04-02 14:53    880640    ----a-w-    c:\windows\system32\UniBox10.ocx
2011-07-12 11:14 . 2011-07-12 16:39    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2011-07-12 11:13 . 2011-07-12 14:48    --------    d-----w-    c:\programmer\Fælles filer\PC Tools
2011-07-12 11:09 . 2011-07-12 11:12    --------    d-----w-    c:\documents and settings\Søren\Application Data\GetRightToGo
2011-07-12 11:09 . 2011-07-12 11:11    --------    d-----w-    c:\programmer\Weeny Free Cleaner
2011-07-12 11:04 . 2011-06-07 15:55    7074640    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46D0B63D-9215-4E33-9440-64D70B4655BF}\mpengine.dll
2011-07-12 10:48 . 2011-07-12 10:48    --------    d-----w-    c:\windows\system32\wbem\Repository
2011-07-12 10:46 . 2011-07-12 10:46    --------    d-----w-    c:\programmer\Hewlett-Packard
2011-07-12 10:46 . 2011-07-12 10:46    --------    d-----w-    c:\programmer\HP
2011-07-10 14:37 . 2011-07-10 14:37    --------    d-----w-    c:\documents and settings\Søren\Application Data\VS Revo Group
2011-07-10 14:37 . 2011-07-10 14:37    --------    d-----w-    c:\programmer\AnswersThatWork
2011-07-07 11:53 . 2011-07-07 11:53    --------    d-----w-    c:\documents and settings\Søren\Lokale indstillinger\Application Data\VS Revo Group
2011-07-07 11:53 . 2009-12-30 09:20    27064    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2011-07-07 11:53 . 2011-07-07 11:53    --------    d-----w-    c:\programmer\VS Revo Group
2011-07-07 10:21 . 2011-07-07 10:21    --------    d-----w-    c:\documents and settings\Søren\Application Data\Auslogics
2011-07-07 10:11 . 2011-07-07 10:11    --------    d-----w-    c:\programmer\Auslogics
2011-07-07 09:16 . 2011-07-07 09:32    2436    ----a-w-    c:\windows\system32\ASOROSet.bin
2011-07-07 09:04 . 2011-07-07 09:04    --------    d-----w-    c:\documents and settings\Søren\Application Data\Systweak
2011-07-07 09:03 . 2011-06-16 11:24    17280    ----a-w-    c:\windows\system32\roboot.exe
2011-07-07 09:03 . 2011-07-10 14:37    --------    d-----w-    c:\programmer\RegClean Pro
2011-06-30 15:08 . 2011-07-10 21:29    150528    ----a-w-    c:\windows\Psynyb.exe
2011-06-24 04:54 . 2011-06-24 04:55    --------    d-----w-    c:\programmer\Parrot Software Update Tool
2011-06-22 15:46 . 2011-06-22 15:46    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2011-06-21 09:25 . 2011-06-21 09:25    --------    d-----w-    c:\documents and settings\Søren\Lokale indstillinger\Application Data\Xara Online Dreamweaver Cache
2011-06-21 09:09 . 2003-10-02 14:09    180224    ----a-w-    c:\windows\system32\xwsindex.exe
2011-06-21 09:08 . 2011-06-21 09:08    --------    d-----w-    c:\documents and settings\Søren\Application Data\Xara
2011-06-21 09:07 . 2000-05-21 21:00    115920    ----a-w-    c:\windows\system32\MSINET.OCX
2011-06-21 09:05 . 2011-06-21 09:05    --------    d-----w-    c:\windows\system32\Xara
2011-06-21 09:05 . 2003-11-13 10:13    118784    ----a-w-    c:\windows\system32\XMUpload.dll
2011-06-21 09:05 . 2003-10-17 12:03    126976    ----a-w-    c:\windows\system32\TemplMan.dll
2011-06-21 09:05 . 2003-10-14 13:49    253952    ----a-w-    c:\windows\system32\TemplOp.dll
2011-06-21 09:05 . 2003-10-06 12:45    23552    ----a-w-    c:\windows\system32\XFontMan.dll
2011-06-21 09:05 . 2003-10-01 12:49    131072    ----a-w-    c:\windows\system32\BmpImporter.dll
2011-06-21 09:05 . 2003-05-19 14:18    86016    ----a-w-    c:\windows\system32\BinCoder.dll
2011-06-21 09:05 . 2002-01-10 01:01    110592    ----a-w-    c:\windows\system32\tsccvid.dll
2011-06-21 08:49 . 2011-06-21 08:49    --------    d-----w-    c:\documents and settings\Søren\Lokale indstillinger\Application Data\XaraX
2011-06-21 08:49 . 2011-06-21 09:07    --------    d-----w-    c:\programmer\Xara
2011-06-19 06:15 . 2011-06-19 06:15    --------    d-----w-    c:\programmer\iPod
2011-06-19 06:15 . 2011-06-19 06:17    --------    d-----w-    c:\programmer\iTunes
2011-06-16 23:10 . 2011-06-17 03:59    --------    d-----w-    c:\windows\SxsCaPendDel
2011-06-13 07:42 . 2011-07-12 20:28    --------    d-----w-    c:\documents and settings\Søren\Application Data\BITS
2011-06-13 07:42 . 2011-06-13 07:42    --------    d-----w-    c:\documents and settings\Søren\Application Data\FlashGet
2011-06-13 07:42 . 2011-06-13 07:42    --------    d-----w-    c:\programmer\FlashGet Network
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2010-12-26 00:56    7074640    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 07:11 . 2011-04-10 06:38    39984    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-04-10 06:38    22712    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-05-24 15:14 . 2011-05-24 15:14    387600    ----a-w-    c:\windows\system32\FTBSaver.scr
2011-05-10 06:06 . 2011-05-10 10:32    4517664    ----a-w-    c:\windows\system32\usbaaplrc.dll
2011-05-10 06:06 . 2011-05-10 10:32    42496    ----a-w-    c:\windows\system32\drivers\usbaapl.sys
2011-05-02 15:32 . 2009-02-18 17:03    692736    ------w-    c:\windows\system32\inetcomm.dll
2011-05-01 19:10 . 2011-05-01 19:10    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2011-05-01 19:10 . 2010-04-24 07:25    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-05-01 07:58 . 2011-05-01 07:58    53248    ----a-r-    c:\documents and settings\Søren\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-01 07:53 . 2011-05-01 07:53    16400    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2011-04-29 17:25 . 2004-08-26 15:53    151552    ----a-w-    c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-03 21:15    456320    ------w-    c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2004-08-26 15:53    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2011-04-25 16:05 . 2004-08-26 15:53    916480    ----a-w-    c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2004-08-26 15:53    43520    ------w-    c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-26 15:48    385024    ------w-    c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-03 21:15    105472    ------w-    c:\windows\system32\drivers\mup.sys
2011-04-13 22:40 . 2011-04-13 22:40    4284416    ----a-w-    c:\windows\system32\GPhotos.scr
2006-11-13 16:17 . 2006-11-13 16:17    224040    ----a-w-    c:\programmer\richink.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\programmer\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"CTSyncU.exe"="c:\programmer\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"MSC"="c:\programmer\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"BCSSync"="c:\programmer\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2011-01-07 253672]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-11-29 421888]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-01-31 232104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\programmer\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Søren^Menuen Start^Programmer^Start^Picture Motion Browser Media Check Tool.lnk]
backupExtension=.Startup
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 16:11    640440    ----a-w-    c:\programmer\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-06-07 18:54    40376    ----a-w-    c:\programmer\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59    937920    ----a-w-    c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-04-27 14:37    611712    ----a-w-    c:\programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41    49152    ----a-w-    c:\programmer\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51    421160    ----a-w-    c:\programmer\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38    421888    ----a-w-    c:\programmer\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12    253672    ----a-w-    c:\programmer\Fælles filer\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmer\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programmer\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Programmer\\WM Recorder\\WMR90.exe"=
"c:\\Programmer\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmer\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmer\\FileZilla FTP Client\\filezilla.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmer\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23-08-2010 20:14 697328]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [05-06-2010 21:22 11264]
R1 MpKslebd2e48a;MpKslebd2e48a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46D0B63D-9215-4E33-9440-64D70B4655BF}\MpKslebd2e48a.sys [12-07-2011 23:12 28752]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [01-05-2011 09:52 10448]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programmer\Fælles filer\PC Tools\sMonitor\StartManSvc.exe [12-07-2011 16:48 632792]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [30-03-2010 16:43 31848]
S1 MpKsl0f7c1b21;MpKsl0f7c1b21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46D0B63D-9215-4E33-9440-64D70B4655BF}\MpKsl0f7c1b21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{46D0B63D-9215-4E33-9440-64D70B4655BF}\MpKsl0f7c1b21.sys [?]
S1 MpKsl908d6de4;MpKsl908d6de4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88D59E9B-5572-47CD-8AF8-684E5871EFFC}\MpKsl908d6de4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88D59E9B-5572-47CD-8AF8-684E5871EFFC}\MpKsl908d6de4.sys [?]
S1 MpKslca8cba4c;MpKslca8cba4c; [x]
S1 MpKsle975802e;MpKsle975802e; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [11-04-2010 18:08 135664]
S2 Secunia Update Agent;Secunia Update Agent; [x]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmer\Fælles filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-08-2008 05:46 288112]
S3 CTUPnPSv;Creative Centrale Media Server;c:\programmer\Creative\Creative Centrale\CTUPnPSv.exe [21-05-2008 13:42 64000]
S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\Google\Update\GoogleUpdate.exe [11-04-2010 18:08 135664]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX2.sys --> c:\windows\system32\Drivers\L6UX2.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10-04-2011 08:38 39984]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmer\Microsoft Office\Office14\GROOVE.EXE [25-03-2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09-01-2010 21:37 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [07-07-2011 13:53 27064]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [30-03-2010 16:43 31848]
S3 SwitchBoard;SwitchBoard;c:\programmer\Fælles filer\Adobe\SwitchBoard\SwitchBoard.exe [19-02-2010 13:37 517096]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [10-05-2011 12:32 42496]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
S3 ysusb32;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb32.sys [11-06-2009 18:44 64968]
.
--- Andre Services/Drivers i Hukommelsen ---
.
*NewlyCreated* - MPKSLEBD2E48A
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02    114688    ----a-w-    c:\programmer\PixiePack Codec Pack\InstallerHelper.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-04-11 16:08]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-04-11 16:08]
.
2011-07-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-117609710-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-117609710-839522115-1004.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-117609710-839522115-1007.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-117609710-839522115-1003.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-117609710-839522115-1004.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-117609710-839522115-1007.job
- c:\programmer\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-12 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\programmer\RegClean Pro\RegCleanPro.exe [2011-07-07 11:24]
.
2011-07-07 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\programmer\RegClean Pro\RegCleanPro.exe [2011-07-07 11:24]
.
2011-07-12 c:\windows\Tasks\RMSchedule.job
- c:\programmer\Registry Mechanic\RegMech.exe [2011-07-12 11:11]
.
2011-07-12 c:\windows\Tasks\RMSmartUpdate.job
- c:\programmer\Registry Mechanic\Update.exe [2011-07-12 12:23]
.
2011-07-12 c:\windows\Tasks\User_Feed_Synchronization-{0833A407-F207-48A5-BD05-7F2C006B4FC9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-07-12 c:\windows\Tasks\User_Feed_Synchronization-{65703C5B-C272-4E24-9AE9-35F84CDB7C8C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2011-07-12 c:\windows\Tasks\User_Feed_Synchronization-{9A9B5D13-F58C-4164-8C87-A63136B99D28}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/ig?hl=da&source=iglk
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10206&bi=400
mStart Page = hxxp://danish.ilsc.org/da/index.php?rvs=hompag/
uInternet Settings,ProxyServer =

uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\documents and settings\Søren\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Søren\Application Data\FlashGetBHO\GetUrl.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Føj linkdestinationen til en eksisterende PDF-fil - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Føj til en eksisterende PDF-fil - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki ...
IE: Konverter linkdestinationen til en Adobe PDF-fil - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Konverter til Adobe PDF - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: S&end til OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: danid.dk
Trusted Zone: kuaiche.com\software
Trusted Zone: danid.dk
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
.
.
------- Fil Associationer -------
.
.scr=DWGTrueViewScriptFile
.
- - - - TOMME GENVEJE FJERNET - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - (no file)
HKCU-Run-vProt - c:\programmer\GameBox\vprot.exe
AddRemove-AutocompletePro3_is1 - c:\programmer\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 23:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'winlogon.exe'(1632)
c:\programmer\Fælles filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2564)
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\progra~1\FLLESF~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1030\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmer\Stardock\Fences\FencesMenu.dll
c:\programmer\stardock\fences\DesktopDock.dll
c:\programmer\Fælles filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\programmer\Creative\Shared Files\CTDevSrv.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmer\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Gennemført tid: 2011-07-12  23:20:30 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-07-12 21:20
.
Pre-Kørsel: 68.219.019.264 byte ledig
Post-Kørsel: 68.819.148.800 byte ledig
.
Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 7D021CFED4FE56644DD60F6C313C9FEC

Under alle omstændigheder så bør/skal du slette alle de *.JOB der findes ved
C:\windows\Tasks\

---

Hvis dit problem (Ref #9) stadig er aktuelt -> "Andre i denne tråd ?"

Kommer nok ikke videre med problemet desværre!