CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

tida Juniormester

28. januar 2012 - 16:22 Der er 34 kommentarer og
1 løsning

Hjælp til fjernelse af "Security shield"

Hej Eksperten

Min mand har netop fået virus på sin pc "security shield" bliver ved med at dukke op.

Har kørt CCcleaner og i fejlsikret tilstand kørt Malware og Hijack jvf. nedenfor, kan nogen hjælpe os af med skidtet?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:13, on 28-01-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Finn\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=14a41f9200000000000000197eda1864&tlver=1.4.19.19&ss=1&affID=17393
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer leveret af Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {704265ca-eb75-4044-899f-f4674807f8c5} - (no file)
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: (no name) - {704265ca-eb75-4044-899f-f4674807f8c5} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {704265ca-eb75-4044-899f-f4674807f8c5} - (no file)
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe -rem
O4 - HKCU\..\RunOnce: [jtddbzzcge] C:\Users\Finn\AppData\Local\jtddbzzcge.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETV�RKSTJENESTE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: S&end til OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Sammenk�dede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Sammenk�dede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Danske Spil Poker - {831FA997-206D-433e-9D9D-9F629D61ECA1} - C:\Users\Finn\Desktop\Danske Spil Poker.lnk
O9 - Extra 'Tools' menuitem: Danske Spil Poker - {831FA997-206D-433e-9D9D-9F629D61ECA1} - C:\Users\Finn\Desktop\Danske Spil Poker.lnk
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Google Desktop-administrator 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13355 bytes

Synes godt om

f-arn Guru

28. januar 2012 - 16:38 #1

Hej :)

Start hijackthis, klik på "do a system scan only" og sæt flueben ved følgende.

O4 - HKCU\..\RunOnce: [jtddbzzcge] C:\Users\Finn\AppData\Local\jtddbzzcge.exe

Luk så alle andre vinduer og klik "fix checked"

Genstart.

------

Hent "Malwarebytes' Anti-Malware" her

Eller her

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind.

Mht.: Vista og Windows 7 - højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på "Tjek for opdatering" til den skriver at der ikke er flere opdateringer.

Synes godt om

tida Juniormester

28. januar 2012 - 17:03 #2

Super tak for hjælp, her kommer log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Finn :: FINN-PC [administrator]

28-01-2012 16:53:27
mbam-log-2012-01-28 (16-53-27).txt

Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 174679
Tid gået: 5 minut(ter), 55 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 2
C:\Users\Finn\AppData\Local\Temp\lss.exe (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Finn\Documents\Windows\winhelp.exe (Trojan.Agent) -> Sat i karantæne og slettet succesfuldt.

(færdig)

Synes godt om

f-arn Guru

28. januar 2012 - 17:14 #3

Hent og gem ComboFix på dit skrivebord.

Kør så ComboFix.exe og følg anvisningerne.

Vigtigt--> Da ComboFix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her: C:\ComboFix.txt

Synes godt om

tida Juniormester

28. januar 2012 - 18:16 #4

Her kommer Combofix :

ComboFix 12-01-28.01 - Finn 28-01-2012 17:59:19.1.2 - x86
MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.45.1030.18.2038.1132 [GMT 1:00]
K¯rer fra: c:\users\Finn\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\SPL23DA.tmp
c:\programdata\SPL89D9.tmp
c:\programdata\SPL9A24.tmp
c:\programdata\SPLBE82.tmp
c:\programdata\SPLF131.tmp
c:\users\Finn\AppData\Local\jtddbzzcge.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-12-28 til 2012-01-28 )))))))))))))))))))))))))))))))))))
.
.
2012-01-28 17:07 . 2012-01-28 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-28 16:29 . 2012-01-28 16:29 -------- d-----w- c:\users\Finn\AppData\Roaming\AVG2012
2012-01-28 16:29 . 2012-01-28 16:29 -------- d--h--w- c:\programdata\Common Files
2012-01-28 16:26 . 2012-01-28 16:44 -------- d-----w- c:\programdata\AVG2012
2012-01-28 15:52 . 2012-01-28 15:52 -------- d-----w- c:\users\Finn\AppData\Roaming\Malwarebytes
2012-01-28 15:52 . 2012-01-28 15:52 -------- d-----w- c:\programdata\Malwarebytes
2012-01-28 15:52 . 2012-01-28 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-28 15:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 14:14 . 2012-01-28 14:14 -------- d-----w- c:\program files\Loaris
2012-01-28 09:20 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DA9566-B965-4EE4-9759-405113219133}\mpengine.dll
2012-01-20 19:47 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-20 19:47 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-20 19:47 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-20 19:47 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-20 19:47 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-20 19:47 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-18 19:50 . 2012-01-18 19:50 -------- d-----w- C:\NVIDIA
2012-01-18 19:45 . 2012-01-18 19:45 -------- d-----w- c:\programdata\NVIDIA
2012-01-18 19:02 . 2012-01-18 19:02 -------- d-----w- c:\program files\UBISOFT
2012-01-18 19:02 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-01-18 19:02 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-01-18 19:02 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-01-18 19:02 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-01-18 19:02 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-01-18 19:01 . 2012-01-18 19:01 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-01-18 19:01 . 2012-01-18 19:01 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-01-11 06:57 . 2012-01-11 06:57 -------- d-----w- c:\program files\Common Files\Citrix
2012-01-11 06:51 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:51 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:51 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:51 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:51 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:51 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 06:51 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:51 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-01 19:48 . 2012-01-01 19:48 -------- d-----w- c:\users\Finn\AppData\Roaming\Mozilla-Cache
2012-01-01 19:46 . 2012-01-01 19:46 -------- d-----w- C:\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 09:08 . 2010-11-28 10:36 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-27 12:37 . 2011-11-27 12:37 404496 ----a-w- c:\windows\system32\FTBSaver.scr
2011-11-23 13:37 . 2011-12-14 21:26 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-14 21:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 16:10 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 16:09 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 16:10 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 16:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*BemÊrk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files\Family Toolbar\mhxpcomi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-04 312200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"Family Tree Builder Update"="c:\myheritage\Bin\FTBCheckUpdates.exe" [2011-11-27 229376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-11 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.189\SSScheduler.exe [2010-9-2 255536]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-11 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: S&end til OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{831FA997-206D-433e-9D9D-9F629D61ECA1} - c:\users\Finn\Desktop\Danske Spil Poker.lnk
TCP: DhcpNameServer = 192.168.1.1
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{704265ca-eb75-4044-899f-f4674807f8c5} - (no file)
BHO-{704265ca-eb75-4044-899f-f4674807f8c5} - (no file)
Toolbar-{704265ca-eb75-4044-899f-f4674807f8c5} - (no file)
WebBrowser-{704265CA-EB75-4044-899F-F4674807F8C5} - (no file)
WebBrowser-{DD662A0C-12FE-4B38-BA53-247F7EC82F46} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 18:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanner skjulte filer ...
.
scanning gennemf¯rt med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- L≈STE REGISTRERINGS NÿGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemf¯rt tid: 2012-01-28 18:12:27
ComboFix-quarantined-files.txt 2012-01-28 17:12
.
Pre-K¯rsel: 3.022.008.320 byte ledig
Post-K¯rsel: 2.653.229.056 byte ledig
.
- - End Of File - - 5DCD98FDC33BB020F6AE8746BE166289

Synes godt om

f-arn Guru

28. januar 2012 - 19:18 #5

K¯rer fra: c:\users\Finn\Downloads\ComboFix.exe
Hvorfor læser du ikke hvad jeg skriver ???
Jeg skriver den skal ligge på Skrivebordet, så slet den ComboFix.

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter: kun dem
Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
Enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste indlæg.

Synes godt om

tida Juniormester

28. januar 2012 - 23:10 #6

.....det er fordi jeg er rebelsk af natur !

Her er Eset loggen :

C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\Program Files\LIMBO\limbo_lang.exe a variant of Win32/Kryptik.EIF trojan
C:\Program Files\Loaris\Trojan Remover 1.2\ltr12.exe a variant of Win32/1AntiVirus application
C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\jtddbzzcge.exe.vir a variant of Win32/Kryptik.ZPR trojan
C:\Users\Finn\Desktop\loaris1246-setup.exe a variant of Win32/1AntiVirus application
C:\Users\Finn\Documents\Finn\AppData\Local\Temp\kknF557.tmp Win32/Adware.Mirar application
C:\Users\Finn\Documents\Finn\AppData\Local\Temp\tqeC2C1.tmp multiple threats
C:\Users\Finn\Documents\Finn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1c54f7d3-52ced9ca probably a variant of Java/TrojanDownloader.Agent.AB trojan
C:\Users\Finn\Documents\Finn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\6738e363-6d1e8c0d probably a variant of Java/TrojanDownloader.Agent.AB trojan
C:\Users\Finn\Documents\Program Files\Kwanzy\kwanzy.exe a variant of Win32/Adware.OneStep.AB application
C:\Users\Finn\Documents\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\889IJBLW\upgrade[1].cab multiple threats
C:\Users\Finn\Documents\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\889IJBLW\upgrade[2].cab multiple threats
C:\Users\Finn\Documents\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\889IJBLW\upgrade[3].cab multiple threats
C:\Users\Finn\Documents\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\889IJBLW\upgrade[4].cab Win32/Adware.OneStep application
C:\Users\Finn\Documents\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B91SN7SZ\upgrade[1].cab multiple threats
C:\Users\Finn\Documents\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B91SN7SZ\upgrade[2].cab Win32/Adware.OneStep application
C:\Users\Finn\Documents\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPOZ60BQ\upgrade[1].cab multiple threats
C:\Users\Finn\Documents\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPOZ60BQ\upgrade[2].cab Win32/Adware.OneStep application
C:\Users\Finn\Documents\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPOZ60BQ\upgrade[3].cab multiple threats
C:\Users\Finn\Documents\Windows\Temp\KWA3409.tmp\upgrade.exe Win32/Adware.OneStep application
C:\Users\Finn\Documents\Windows\Temp\KWACF40.tmp\upgrade.exe Win32/Adware.OneStep application
C:\Users\Finn\Downloads\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application
Operating memory probably a variant of Win32/Toolbar.Babylon application

Synes godt om

f-arn Guru

29. januar 2012 - 04:45 #7

.....det er fordi jeg er rebelsk af natur !

Det må du så selv om. Over and out

Synes godt om

tida Juniormester

29. januar 2012 - 11:32 #8

Rolig nu...havde selvfølgelig lagt det på skrivebordet hvis jeg ikke havde været så forvirret, du skal have tak for hjælpen :-)....og også have point....jeg får en anden til at hjælpe mig med det sidste.
Smid mig et svar

Synes godt om

f-arn Guru

29. januar 2012 - 11:51 #9

OK - vi fortsætter.

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Øverst sætter du flueben i "Scan All Users"

I boksen "Custom Scans/Fixes" kopierer du det fremhævede ind.

set /c
%SYSTEMDRIVE%\*.*
C:\Users\Finn\Downloads\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\*. /mp /s
%USERPROFILE%\..|smtmp;true;true;true /FP
%systemroot%\System32\config\*.sav
%programfiles%\*.
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Luk alle åbne vinduer og klik på "Quick Scan" øverst til venstre og lad programmet køre. Scanningen kan tage 5-10 minutter.

Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt.

Så kopier følgende ind i dit næste indlæg (i rækkefølge):

indholdet af OTL.txt
indholdet af Extras.txt

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Synes godt om

tida Juniormester

29. januar 2012 - 13:44 #10

De OTL logfile created on: 29-01-2012 12:43:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Finn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,60% Memory free
4,22 Gb Paging File | 3,27 Gb Available in Paging File | 77,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 3,81 Gb Free Space | 2,78% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,29 Gb Free Space | 62,86% Space Free | Partition Type: NTFS

Computer Name: FINN-PC | User Name: Finn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-01-29 12:41:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Desktop\OTL.exe
PRC - [2011-12-22 11:37:54 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Programmer\Citrix\ICA Client\wfcrun32.exe
PRC - [2011-12-22 11:36:50 | 000,362,432 | ---- | M] (Citrix Systems, Inc.) -- C:\Programmer\Citrix\ICA Client\concentr.exe
PRC - [2011-12-19 14:57:48 | 001,136,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Programmer\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2011-12-19 12:35:16 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Programmer\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2011-04-22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011-04-22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010-11-07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Programmer\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
PRC - [2010-09-02 21:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programmer\McAfee Security Scan\2.0.189\SSScheduler.exe
PRC - [2010-04-08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Programmer\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010-04-08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Programmer\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010-04-08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Programmer\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007-05-02 18:16:54 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programmer\Dell\MediaDirect\PCMService.exe
PRC - [2007-02-20 13:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Programmer\Dell\QuickSet\quickset.exe
PRC - [2007-02-08 06:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007-01-12 20:57:28 | 000,292,336 | ---- | M] () -- C:\Programmer\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006-11-04 02:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006-11-04 02:04:42 | 000,304,008 | ---- | M] () -- C:\Programmer\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006-11-03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006-11-03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Programmer\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (No Company Name) ==========

MOD - [2011-12-27 03:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011-11-13 17:36:02 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011-11-13 17:35:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011-06-24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programmer\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programmer\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-03-29 11:53:25 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programmer\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009-03-30 05:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009-03-30 05:42:18 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009-03-30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2007-02-20 13:01:18 | 000,105,184 | ---- | M] () -- C:\Programmer\Dell\QuickSet\dadkeyb.dll
MOD - [2007-01-12 20:57:28 | 000,292,336 | ---- | M] () -- C:\Programmer\Dell Photo AIO Printer 926\dlcxmon.exe
MOD - [2006-11-28 00:09:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2006-11-15 19:08:02 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006-11-15 19:07:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
MOD - [2006-11-04 02:04:42 | 000,304,008 | ---- | M] () -- C:\Programmer\Dell Photo AIO Printer 926\memcard.exe
MOD - [2006-11-03 17:46:24 | 000,126,976 | ---- | M] () -- C:\Programmer\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006-11-03 17:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006-09-06 14:13:14 | 000,073,728 | ---- | M] () -- C:\Programmer\Dell Photo AIO Printer 926\DLCXcfg.dll
MOD - [2006-08-08 23:54:18 | 000,278,528 | ---- | M] () -- C:\Programmer\Dell Photo AIO Printer 926\dlcxscw.dll
MOD - [2006-03-15 01:38:24 | 000,143,360 | ---- | M] () -- C:\Programmer\Dell Photo AIO Printer 926\dlcxdrec.dll

========== Win32 Services (SafeList) ==========

SRV - [2011-06-12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011-04-22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010-09-02 21:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010-04-08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010-04-08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010-04-08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006-11-04 02:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)

========== Driver Services (SafeList) ==========

DRV - [2011-06-29 05:18:16 | 000,066,776 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2011-05-10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2007-03-12 05:49:54 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007-02-08 06:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006-11-20 20:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-20 20:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006-11-20 20:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006-11-12 00:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006-11-02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006-11-02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Driver til Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {704265ca-eb75-4044-899f-f4674807f8c5} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 C2 3C B7 AA D0 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Programmer\Family Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

[2010-04-18 12:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\Extensions
[2010-04-18 12:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010-01-03 21:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Finn\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011-05-07 16:16:31 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
[2011-06-19 19:07:02 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=14a41f9200000000000000197eda1864&tlver=1.4.19.19&ss=1&affID=17393
CHR - default_search_provider: suggest_url =
CHR - Extension: YouTube = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Babylon Chrome OCR = C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2012-01-28 18:07:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Programmer\Family Toolbar\tbcore3.dll ()
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programmer\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmer\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmer\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Programmer\Family Toolbar\mhxpcomi.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programmer\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programmer\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programmer\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Programmer\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programmer\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Programmer\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programmer\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: S&end til OneNote - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Danske Spil Poker - {831FA997-206D-433e-9D9D-9F629D61ECA1} - C:\Users\Finn\Desktop\Danske Spil Poker.lnk ()
O9 - Extra 'Tools' menuitem : Danske Spil Poker - {831FA997-206D-433e-9D9D-9F629D61ECA1} - C:\Users\Finn\Desktop\Danske Spil Poker.lnk ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokalt intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokalt intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9608D42D-B389-4D8D-8244-8B70C68920EB}: DhcpNameServer = 62.44.166.197 62.44.166.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B2F6282-FE35-4C98-8A32-88D2BF5F4A7A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4EB215A-ECD3-45A4-8458-41AA390EBDEF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programmer\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Programmer\Family Toolbar\mhxpcomi.dll ()
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programmer\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programmer\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programmer\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Programmer\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Finn\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivebordsbaggrund med Windows Billedgalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Finn\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivebordsbaggrund med Windows Billedgalleri.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmer\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*kommer lige i nogle omgange.

Synes godt om

tida Juniormester

29. januar 2012 - 13:45 #11

Her kommer resten af den første:

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-01-29 12:41:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Finn\Desktop\OTL.exe
[2012-01-29 12:08:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-01-29 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\AVG
[2012-01-29 11:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012-01-28 18:12:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-01-28 18:07:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-01-28 17:54:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-01-28 17:54:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-01-28 17:54:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-01-28 17:53:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-01-28 17:53:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-01-28 17:29:56 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\AVG2012
[2012-01-28 17:29:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012-01-28 17:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012-01-28 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Malwarebytes
[2012-01-28 16:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-01-28 16:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-01-28 16:52:09 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-01-28 16:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-01-28 16:40:37 | 000,000,000 | ---D | C] -- C:\Users\Finn\Desktop\backups
[2012-01-28 15:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover
[2012-01-28 15:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2012-01-28 14:53:25 | 021,911,145 | ---- | C] (Loaris, Inc. ) -- C:\Users\Finn\Desktop\loaris1246-setup.exe
[2012-01-28 14:21:58 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Finn\Desktop\HiJackThis.exe
[2012-01-18 20:50:21 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012-01-18 20:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012-01-18 20:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBISOFT
[2012-01-18 20:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\UBISOFT
[2012-01-11 07:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix
[2012-01-02 20:56:43 | 000,000,000 | ---D | C] -- C:\Users\Finn\Desktop\DanskeSpilPoker_Installer
[2012-01-01 21:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Danske Spil Poker
[2012-01-01 20:48:32 | 000,000,000 | ---D | C] -- C:\Users\Finn\AppData\Roaming\Mozilla-Cache
[2012-01-01 20:46:58 | 000,000,000 | ---D | C] -- C:\Programs
[2010-03-17 19:52:52 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2007-08-12 02:58:17 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2007-08-12 02:58:17 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2007-08-12 02:58:17 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2007-08-12 02:58:17 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2007-08-12 02:58:17 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2007-08-12 02:58:17 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2007-08-12 02:58:17 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2007-08-12 02:58:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2007-08-12 02:58:17 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2007-08-12 02:58:16 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2007-08-12 02:58:16 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2007-08-12 02:58:16 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2007-08-12 02:58:16 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2007-08-12 02:58:16 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Finn\AppData\Local\*.tmp files -> C:\Users\Finn\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-01-29 12:41:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Desktop\OTL.exe
[2012-01-29 12:27:52 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-01-29 12:27:52 | 000,467,578 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2012-01-29 12:27:52 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-01-29 12:27:52 | 000,079,412 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2012-01-29 12:20:18 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-01-29 12:20:18 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-01-29 12:20:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-01-29 12:20:05 | 2137,460,736 | -HS- | M] () -- C:\hiberfil.sys
[2012-01-28 18:07:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-01-28 16:52:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-01-28 15:15:45 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
[2012-01-28 15:13:53 | 000,004,892 | ---- | M] () -- C:\Users\Finn\AppData\Local\d3d9caps.dat
[2012-01-28 14:49:30 | 021,911,145 | ---- | M] (Loaris, Inc. ) -- C:\Users\Finn\Desktop\loaris1246-setup.exe
[2012-01-28 14:19:46 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Finn\Desktop\HiJackThis.exe
[2012-01-25 18:05:52 | 000,072,188 | ---- | M] () -- C:\Users\Finn\Desktop\Snefro love.jpg
[2012-01-23 22:05:48 | 000,000,168 | ---- | M] () -- C:\Users\Finn\LAViewer.properties
[2012-01-23 22:01:03 | 000,184,612 | ---- | M] () -- C:\Users\Finn\Desktop\data_kirkeboeger1892_270_3_051_0138a-FK Sonja Solveig
[2012-01-23 21:50:13 | 000,393,364 | ---- | M] () -- C:\Users\Finn\Desktop\data_kirkeboeger1892_270_3_061_0090a-FM Tonny
[2012-01-18 20:23:33 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Myst IV - Revelation.lnk
[2012-01-15 11:10:37 | 000,000,612 | ---- | M] () -- C:\Windows\MyHeritage.INI
[2012-01-15 11:02:57 | 000,203,776 | ---- | M] () -- C:\Users\Finn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-15 11:02:11 | 000,000,670 | ---- | M] () -- C:\Users\Finn\Desktop\MyHeritage Family Tree Builder.lnk
[2012-01-04 21:11:54 | 000,007,112 | ---- | M] () -- C:\Users\Finn\Desktop\mail billede 1.jpg
[2012-01-02 20:56:44 | 000,000,611 | ---- | M] () -- C:\Users\Finn\Desktop\Installation af Danske Spil Poker.lnk
[2012-01-01 21:04:29 | 000,001,675 | ---- | M] () -- C:\Users\Finn\Application Data\Microsoft\Internet Explorer\Quick Launch\Danske Spil Poker.lnk
[2012-01-01 21:04:29 | 000,001,651 | ---- | M] () -- C:\Users\Finn\Desktop\Danske Spil Poker.lnk
[2012-01-01 19:32:45 | 000,039,076 | ---- | M] () -- C:\Users\Finn\Desktop\2012_NP_kalender, speedway.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Finn\AppData\Local\*.tmp files -> C:\Users\Finn\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-01-28 17:54:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-01-28 17:54:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-01-28 17:54:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-01-28 17:54:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-01-28 17:54:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-01-28 16:52:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-01-28 16:41:23 | 2137,460,736 | -HS- | C] () -- C:\hiberfil.sys
[2012-01-28 15:15:45 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
[2012-01-25 18:06:14 | 000,072,188 | ---- | C] () -- C:\Users\Finn\Desktop\Snefro love.jpg
[2012-01-23 22:01:03 | 000,184,612 | ---- | C] () -- C:\Users\Finn\Desktop\data_kirkeboeger1892_270_3_051_0138a-FK Sonja Solveig
[2012-01-23 21:50:13 | 000,393,364 | ---- | C] () -- C:\Users\Finn\Desktop\data_kirkeboeger1892_270_3_061_0090a-FM Tonny
[2012-01-18 20:23:33 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Myst IV - Revelation.lnk
[2012-01-11 08:00:36 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2012-01-04 21:07:38 | 000,007,112 | ---- | C] () -- C:\Users\Finn\Desktop\mail billede 1.jpg
[2012-01-02 20:56:44 | 000,000,611 | ---- | C] () -- C:\Users\Finn\Desktop\Installation af Danske Spil Poker.lnk
[2012-01-01 20:47:41 | 000,001,675 | ---- | C] () -- C:\Users\Finn\Application Data\Microsoft\Internet Explorer\Quick Launch\Danske Spil Poker.lnk
[2012-01-01 20:47:41 | 000,001,651 | ---- | C] () -- C:\Users\Finn\Desktop\Danske Spil Poker.lnk
[2012-01-01 19:32:45 | 000,039,076 | ---- | C] () -- C:\Users\Finn\Desktop\2012_NP_kalender, speedway.pdf
[2011-07-11 20:59:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-06-18 14:32:21 | 000,000,000 | ---- | C] () -- C:\Users\Finn\AppData\Local\{FB26029C-F33F-46EA-9646-CEEF9D2D345E}
[2011-03-19 12:23:15 | 000,000,660 | ---- | C] () -- C:\Users\Finn\AppData\Roaming\wklnhst.dat
[2010-12-16 22:40:15 | 000,000,078 | ---- | C] () -- C:\Windows\st_affiliate.ini
[2010-10-25 20:59:19 | 000,000,612 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010-10-25 20:56:46 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2010-05-20 21:42:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010-05-20 18:27:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010-05-20 18:27:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010-05-13 14:51:53 | 000,004,892 | ---- | C] () -- C:\Users\Finn\AppData\Local\d3d9caps.dat
[2010-03-17 19:54:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2010-03-17 19:54:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2010-03-17 19:52:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2009-11-23 22:38:46 | 000,203,776 | ---- | C] () -- C:\Users\Finn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-08-12 03:06:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007-08-12 03:06:51 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007-08-12 03:06:51 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007-08-12 03:06:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007-08-12 03:06:35 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007-08-12 03:06:32 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2007-08-12 03:06:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2007-08-12 03:06:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2007-08-12 03:06:32 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2007-08-12 03:06:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007-08-12 02:58:18 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2007-08-12 02:58:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2007-08-12 02:58:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2007-08-12 02:58:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2007-08-12 02:58:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007-08-12 02:58:16 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2007-08-12 02:58:16 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2007-08-12 02:58:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2007-08-12 02:58:16 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2007-08-12 02:58:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2007-08-12 02:58:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2007-08-11 19:31:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007-08-11 19:31:19 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007-08-11 19:13:44 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006-12-07 13:06:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006-11-21 05:49:42 | 000,467,578 | ---- | C] () -- C:\Windows\System32\perfh006.dat
[2006-11-21 05:49:42 | 000,300,302 | ---- | C] () -- C:\Windows\System32\perfi006.dat
[2006-11-21 05:49:42 | 000,079,412 | ---- | C] () -- C:\Windows\System32\perfc006.dat
[2006-11-21 05:49:42 | 000,036,364 | ---- | C] () -- C:\Windows\System32\perfd006.dat
[2006-11-07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006-11-03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006-11-02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 13:47:37 | 000,419,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 11:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 11:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006-11-02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-09-16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006-09-16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006-02-13 08:56:04 | 000,000,438 | ---- | C] () -- C:\Windows\System32\dlcxplc.ini
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999-08-30 16:46:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2012-01-29 11:50:18 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\AVG
[2012-01-28 17:29:56 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\AVG2012
[2010-05-03 20:24:33 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers
[2010-07-15 15:48:37 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\HandBrake
[2011-07-11 20:29:13 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\ICAClient
[2010-10-26 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\MyHeritage
[2011-11-23 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Spotify
[2011-03-19 12:23:17 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\Template
[2010-10-25 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010-04-18 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\Finn\AppData\Roaming\TomTom
[2012-01-29 12:12:51 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Finn\AppData\Roaming
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FINN-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Finn
LOCALAPPDATA=C:\Users\Finn\AppData\Local
LOGONSERVER=\\FINN-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Finn\AppData\Local\Temp
TMP=C:\Users\Finn\AppData\Local\Temp
USERDOMAIN=Finn-PC
USERNAME=Finn
USERPROFILE=C:\Users\Finn
windir=C:\Windows

< %SYSTEMDRIVE%\*.* >
[2006-09-18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-04-11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006-12-07 13:00:58 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006-09-18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010-12-12 19:45:56 | 000,346,322 | ---- | M] () -- C:\cybdefauth_i.log
[2010-12-16 22:50:15 | 000,029,700 | ---- | M] () -- C:\CybDefInstallInfo.log
[2010-12-12 19:44:54 | 000,000,114 | ---- | M] () -- C:\CybDefWebInstaller.log
[2007-08-12 03:06:58 | 000,004,228 | RH-- | M] () -- C:\dell.sdr
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012-01-29 12:20:05 | 2137,460,736 | -HS- | M] () -- C:\hiberfil.sys
[2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012-01-29 12:20:02 | 2451,267,584 | -HS- | M] () -- C:\pagefile.sys
[2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< C:\Users\Finn\Downloads\*.* >
[2011-05-24 15:56:21 | 000,082,048 | ---- | M] () -- C:\Users\Finn\Downloads\Bekendtgørelse.pdf
[2011-07-11 20:41:36 | 012,510,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\Finn\Downloads\CitrixOnlinePluginWeb.exe
[2012-01-28 17:50:38 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Users\Finn\Downloads\cnet2_ComboFix_exe.exe
[2012-01-28 17:54:12 | 004,392,905 | R--- | M] (Swearware) -- C:\Users\Finn\Downloads\ComboFix.exe
[2009-11-23 22:33:42 | 000,000,282 | -HS- | M] () -- C:\Users\Finn\Downloads\desktop.ini
[2011-05-24 15:55:22 | 000,034,816 | ---- | M] () -- C:\Users\Finn\Downloads\fordelingskriterier.doc
[2012-01-04 21:04:58 | 000,771,356 | ---- | M] () -- C:\Users\Finn\Downloads\image.jpeg
[2011-07-11 20:41:52 | 000,002,017 | ---- | M] () -- C:\Users\Finn\Downloads\launch.ica
[2012-01-14 20:05:47 | 000,041,472 | ---- | M] () -- C:\Users\Finn\Downloads\MK 31 Turneringsplan for sæsonen 2012.xls
[2011-11-20 19:36:33 | 000,120,320 | ---- | M] () -- C:\Users\Finn\Downloads\NaturGeo (1).doc
[2011-11-20 19:34:57 | 000,120,320 | ---- | M] () -- C:\Users\Finn\Downloads\NaturGeo.doc
[2011-12-29 20:05:40 | 000,002,903 | ---- | M] () -- C:\Users\Finn\Downloads\noname
[2012-01-29 12:30:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Downloads\OTL (1).exe
[2012-01-29 12:28:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Finn\Downloads\OTL.exe
[2010-01-05 20:53:12 | 005,615,104 | ---- | M] () -- C:\Users\Finn\Downloads\REJSEHOLDET___60-dages_regel_NY.xls
[2011-11-14 09:45:57 | 000,153,364 | ---- | M] () -- C:\Users\Finn\Downloads\Scorecard Golf.xlsx
[2011-07-22 09:17:03 | 000,014,147 | ---- | M] () -- C:\Users\Finn\Downloads\Telmore.pdf
[2011-03-02 21:54:51 | 000,283,463 | ---- | M] () -- C:\Users\Finn\Downloads\Træning med videre.exe

< %systemroot%\system32\*.dll /lockedfiles >
[2006-11-28 00:09:16 | 000,065,536 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\*. /mp /s >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\System32\config\*.sav >
[2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006-11-02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006-11-02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006-11-02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %programfiles%\*. >
[2007-08-11 19:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012-01-29 12:24:15 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011-06-19 19:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\BabylonToolbar
[2007-08-11 19:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\BAE
[2011-10-14 19:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010-03-10 18:39:58 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012-01-11 08:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012-01-28 18:03:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010-03-10 18:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007-08-11 19:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2007-08-11 19:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010-03-17 19:55:18 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010-03-17 19:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\Dell PC Fax
[2010-03-17 19:55:18 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Photo AIO Printer 926
[2007-08-11 19:31:10 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2012-01-21 13:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\Dl_cats
[2010-05-03 20:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010-11-28 13:18:29 | 000,000,000 | ---D | M] -- C:\Program Files\Family Toolbar
[2009-11-23 22:27:48 | 000,000,000 | -HSD | M] -- C:\Program Files\Fælles filer
[2012-01-08 13:59:24 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010-07-15 15:48:11 | 000,000,000 | ---D | M] -- C:\Program Files\Handbrake
[2012-01-18 20:02:55 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011-12-15 22:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010-05-03 19:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011-12-15 20:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011-08-10 20:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011-12-26 17:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\LIMBO
[2012-01-28 15:14:49 | 000,000,000 | ---D | M] -- C:\Program Files\Loaris
[2012-01-28 16:52:12 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-04-30 19:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2011-11-13 17:22:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2006-11-02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011-11-13 17:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011-10-12 21:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011-11-13 17:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011-11-13 17:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011-11-13 17:27:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2011-11-13 17:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010-08-21 22:28:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011-11-13 17:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007-08-11 19:30:42 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010-08-12 23:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011-06-19 19:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011-11-13 17:29:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009-11-24 09:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007-08-11 19:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2011-11-09 21:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006-11-02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007-08-11 19:37:01 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011-11-30 21:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2007-08-11 19:28:39 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2011-06-19 19:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2007-08-12 03:06:27 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011-12-26 17:39:46 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010-04-18 12:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010-04-18 12:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2012-01-18 20:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\UBISOFT
[2006-11-02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010-05-22 21:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2011-08-20 14:28:09 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007-08-11 19:32:19 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2010-08-08 21:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010-08-08 21:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010-08-08 21:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011-05-30 21:15:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows iLivid Toolbar
[2010-08-08 21:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010-05-16 20:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2012-01-14 12:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010-10-16 09:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009-11-23 22:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010-08-08 21:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010-08-09 21:24:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012-01-29 12:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011-08-20 14:10:25 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-28 09:20:41

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Synes godt om

tida Juniormester

29. januar 2012 - 13:46 #12

og her kommer extras :-)

OTL Extras logfile created on: 29-01-2012 12:43:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Finn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,60% Memory free
4,22 Gb Paging File | 3,27 Gb Available in Paging File | 77,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 3,81 Gb Free Space | 2,78% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,29 Gb Free Space | 62,86% Space Free | Partition Type: NTFS

Computer Name: FINN-PC | User Name: Finn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00960EBE-2255-499B-A81D-F6EC7FEC29D8}" = rport=138 | protocol=17 | dir=out | app=system |
"{03382B6B-3A71-47D1-8C35-88D291038B9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B0FD947-E991-4A27-9B87-68C9BBB11FB2}" = lport=137 | protocol=17 | dir=in | app=system |
"{2EC9857F-D326-4CBA-A7AE-DBF203431546}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3D7701C8-7811-4BBA-BFDE-E627CE46AC47}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D8AFA45-DF9D-4B51-8EAA-152F416D1030}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{552C5382-5D21-4759-B3C5-7B95B675C785}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61DBB8C4-6C38-4B69-916E-B44D88D3BA78}" = lport=139 | protocol=6 | dir=in | app=system |
"{6DD802DD-7E28-45C2-9344-CBB16CCAB5B0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EBFBF03-8138-4D69-AE05-BE4A1D11B51D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F3AE875-B48A-4496-8CE8-CA8B9CFDAFA0}" = rport=139 | protocol=6 | dir=out | app=system |
"{6FC0061D-D887-4D26-AD9F-E97953866C1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{899D607A-7FF2-44E3-A567-F3966A99C94C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9F0A3406-B013-4E18-BD52-D7434CDB482B}" = rport=137 | protocol=17 | dir=out | app=system |
"{B4055F59-DB6C-4F27-8A85-9389E5550414}" = lport=445 | protocol=6 | dir=in | app=system |
"{C0B7CBE7-F0BD-443E-AC70-64071DE62365}" = lport=138 | protocol=17 | dir=in | app=system |
"{D3015ACA-5F96-4265-B51E-B97BE9459E2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8937E51-A0D2-446F-B8ED-8A923E3DDCB9}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC494A87-0FB5-4467-B62D-D7DDE96F49CF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C52531-7F60-4F3B-BA7D-4BA1A456A9C2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{027B18B0-20A6-4619-9F8D-67D6C64B4217}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0AF89786-F6ED-4C9B-84FF-7D0F8B44C066}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D114F95-43EA-43D0-82CA-B7BCB88F07F5}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{1704572D-3F7E-4D5F-A329-42C730659C54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{17572690-3A54-4710-A2F9-8AA050D80103}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1A17F397-B47F-44F3-A115-511CFAD5B309}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{2D6D986B-2DE7-4B4A-B214-F775A14C3249}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{3828C413-CA49-433A-AF3D-0B44EAFA3667}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4E5F9E48-9DC2-4B58-B5E8-6BC24D4D6DE9}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{4F6FD20A-E839-4FE3-8606-DA21F6B3069B}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{52235C66-1F06-4A0C-B2A8-2EBC497ABD64}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{52D0EC6D-3BB5-4C46-AE98-EC281C86DF05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{82897929-1517-4D0C-BE09-A57F60B4E2BE}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{8401BC8B-6B63-4F7B-B78E-36136BF0FDA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A3D32EDB-2E28-4963-B687-0B6173B05796}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A67EC70E-3E40-47D4-B467-2FD1FCAB37D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC57AE9D-A26E-4F1E-AAFD-2B4E2D5EB73A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B74E692D-585A-4762-8BD2-1C35F6EF25D7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D53F393B-AA2B-4AA4-BDC1-4E881F93093B}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{E678E63C-FEC9-4CE7-8F70-E0E0DD1CA8F7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F99AC53E-6337-4F13-9E94-84F93A7062C7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{23B4237E-6648-4E65-97E8-8261818F969C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{3D374FAB-FFE4-4CFA-AB8E-13761BE4EDA5}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{C31DB695-5608-490E-A1A1-EED8D17740F2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F78B66ED-732A-409D-A297-70AC058CF1E6}C:\users\finn\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\finn\appdata\roaming\spotify\spotify.exe |
"UDP Query User{0A5F6A12-47FA-4A1C-A2E3-72C895CA0059}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{322F52E0-9673-433B-A6FA-EEBA139BD537}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8306C41E-701C-491C-BAC8-23BB8DF3FD31}C:\users\finn\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\finn\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B66D37F8-416F-41F0-A688-6788091CE1E2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0FA7B858-E0E1-400B-B5C0-1285F7D6FE5E}" = 926plv32
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Overførselsværktøj til Windows Live
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{246CB06B-308C-4CAE-AD1C-CB8409274261}" = Citrix Receiver(Aero)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{655C5545-7974-443F-882F-D745607EBB08}" = Citrix Receiver(DV)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6F9DF109-4D98-46e1-BCE8-8EB6AA1DBF35}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6D0C-CA8D-4955-8E3D-58D1847327AC}" = Online Plug-in
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2010
"{90140000-0015-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2010
"{90140000-0016-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2010
"{90140000-0018-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2010
"{90140000-0019-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2010
"{90140000-001A-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2010
"{90140000-001B-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{59BCA417-5095-450B-931A-AE6194728386}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.PROPLUSR_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2010
"{90140000-002C-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{EC231F64-29AF-4FBD-85B8-EAFFFAE8B7A5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2010
"{90140000-0044-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2010
"{90140000-006E-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{63CDEDB9-50F5-4C35-9219-72C4F31A61FE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2010
"{90140000-00A1-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2010
"{90140000-00BA-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}" = Myst IV - Revelation
"{991057FA-3CA7-42B0-94B6-5B1B2535FBD3}" = Citrix Receiver Inside
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A113003E-8271-4485-ABC1-83FB96BFFF52}" = Citrix Receiver(USB)
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B69349AE-2D41-3708-8BA4-4DC22645CA04}" = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BC728724-882E-4E2D-B3EE-E2C7332DC2F2}" = Citrix Receiver (HDX Flash Redirection)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F605992E-FD5B-46D7-AFDA-FDB1AB00F829}" = Self-service Plug-in
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BabylonToolbar" = Babylon toolbar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DanskeSpilPoker" = Danske Spil Poker
"Dell PC Fax" = Dell Pc-fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Family Toolbar" = Family Toolbar
"Family Tree Builder" = MyHeritage Family Tree Builder
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Google Desktop" = Google Desktop
"Handbrake" = Handbrake 0.9.4
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - dan" = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professionel Plus 2010
"SopCast" = SopCast 3.4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Synes godt om

f-arn Guru

29. januar 2012 - 15:40 #13

Afinstaller Babylon Toolbar og McAfee Security Scan.

------

Hent og installer ERUNT: http://www.derfisch.de/lars/erunt-setup.exe

Start den og lad den lave en Backup af Registreringsdatabasen.

------

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"

:processes

:OTL
IE - HKLM\..\URLSearchHook: {704265ca-eb75-4044-899f-f4674807f8c5} - No CLSID value found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programmer\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programmer\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)

:files
C:\Program Files\BabylonToolbar
C:\Programmer\BabylonToolbar
C:\Program Files\LIMBO\limbo_lang.exe
C:\Program Files\Loaris\Trojan Remover 1.2\ltr12.exe
C:\Users\Finn\Desktop\loaris1246-setup.exe
C:\Users\Finn\Downloads\cnet2_ComboFix_exe.exe
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[emptytemp]
[Reboot]

Luk alle andre åbne vinduer og klik på "Run Fix"

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

PS Deaktiver dine Sikkerheds programmer, mens "Fixet" kører.

------

Hent og gem ComboFix på dit skrivebord. <- Vigtigt

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

tida Juniormester

29. januar 2012 - 18:28 #14

ComboFix 12-01-29.01 - Finn 29-01-2012 16:16:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.2038.1184 [GMT 1:00]
Kører fra: c:\users\Finn\AppData\Roaming\Microsoft\Windows\Network Shortcuts\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-12-28 til 2012-01-29 )))))))))))))))))))))))))))))))))))
.
.
2012-01-29 15:26 . 2012-01-29 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 15:12 . 2012-01-29 15:12 4393247 ------r- c:\users\Finn\AppData\Roaming\Microsoft\Windows\Network Shortcuts\ComboFix.exe
2012-01-29 15:05 . 2012-01-29 15:05 -------- d-----w- C:\_OTL
2012-01-29 15:01 . 2012-01-29 15:01 -------- d-----w- c:\program files\ERUNT
2012-01-29 10:49 . 2012-01-29 10:50 -------- d-----w- c:\users\Finn\AppData\Roaming\AVG
2012-01-28 16:29 . 2012-01-28 16:29 -------- d--h--w- c:\programdata\Common Files
2012-01-28 16:26 . 2012-01-29 11:20 -------- d-----w- c:\programdata\AVG2012
2012-01-28 15:52 . 2012-01-28 15:52 -------- d-----w- c:\users\Finn\AppData\Roaming\Malwarebytes
2012-01-28 15:52 . 2012-01-28 15:52 -------- d-----w- c:\programdata\Malwarebytes
2012-01-28 15:52 . 2012-01-28 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-28 15:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 14:14 . 2012-01-28 14:14 -------- d-----w- c:\program files\Loaris
2012-01-28 09:20 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DA9566-B965-4EE4-9759-405113219133}\mpengine.dll
2012-01-20 19:47 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-20 19:47 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-20 19:47 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-20 19:47 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-20 19:47 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-20 19:47 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-18 19:50 . 2012-01-18 19:50 -------- d-----w- C:\NVIDIA
2012-01-18 19:45 . 2012-01-18 19:45 -------- d-----w- c:\programdata\NVIDIA
2012-01-18 19:02 . 2012-01-18 19:02 -------- d-----w- c:\program files\UBISOFT
2012-01-18 19:02 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-01-18 19:02 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-01-18 19:02 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-01-18 19:02 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-01-18 19:02 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-01-18 19:01 . 2012-01-18 19:01 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-01-18 19:01 . 2012-01-18 19:01 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-01-11 06:57 . 2012-01-11 06:57 -------- d-----w- c:\program files\Common Files\Citrix
2012-01-11 06:51 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:51 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:51 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:51 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:51 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:51 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 06:51 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:51 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-01 19:48 . 2012-01-01 19:48 -------- d-----w- c:\users\Finn\AppData\Roaming\Mozilla-Cache
2012-01-01 19:46 . 2012-01-01 19:46 -------- d-----w- C:\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 09:08 . 2010-11-28 10:36 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-27 12:37 . 2011-11-27 12:37 404496 ----a-w- c:\windows\system32\FTBSaver.scr
2011-11-23 13:37 . 2011-12-14 21:26 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-14 21:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 16:10 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 16:09 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 16:10 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 16:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files\Family Toolbar\mhxpcomi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-04 312200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"Family Tree Builder Update"="c:\myheritage\Bin\FTBCheckUpdates.exe" [2011-11-27 229376]
.
c:\users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-11 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-11 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: S&end til OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{831FA997-206D-433e-9D9D-9F629D61ECA1} - c:\users\Finn\Desktop\Danske Spil Poker.lnk
TCP: DhcpNameServer = 192.168.1.1
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 16:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2012-01-29 16:29:21
ComboFix-quarantined-files.txt 2012-01-29 15:29
.
Pre-Kørsel: 2.355.720.192 byte ledig
Post-Kørsel: 2.326.323.200 byte ledig
.
- - End Of File - - BAF400D31BF1E0938BF1523A13B35A68

Synes godt om

f-arn Guru

29. januar 2012 - 18:36 #15

Hvor er loggen fra OTL?

Kører fra: c:\users\Finn\AppData\Roaming\Microsoft\Windows\Network Shortcuts\ComboFix.exe?????????????

Synes godt om

tida Juniormester

29. januar 2012 - 19:34 #16

Hmm :-( ved ikke hvad jeg har gjort forkert, men den kan jeg ikke finde! Der er tilsyneladende ikke nogen log fra OTL efter den 12:48:03 - og det burde der vel være? Hvad kan jeg gøre? Skal jeg prøve noget igen eller..?

Synes godt om

tida Juniormester

29. januar 2012 - 19:48 #17

Til gengæld har jeg 2 af OTL loggen fra 12:48 - selvom det jo er en ringe trøst....

Synes godt om

f-arn Guru

29. januar 2012 - 20:04 #18

Prøv at se i C:\_OTL\MovedFiles\

Hvorfor kører du ikke ComboFix fra Skriveborder og med det CFScript du bliver bedt om?

Synes godt om

tida Juniormester

29. januar 2012 - 20:11 #19

Jeg er jo ikke så skarp til dette som dig :-) - og du havde ret, den er her!

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{704265ca-eb75-4044-899f-f4674807f8c5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704265ca-eb75-4044-899f-f4674807f8c5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
File C:\Programmer\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Programmer\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe not found.
========== FILES ==========
File\Folder C:\Program Files\BabylonToolbar not found.
File\Folder C:\Programmer\BabylonToolbar not found.
C:\Program Files\LIMBO\limbo_lang.exe moved successfully.
C:\Program Files\Loaris\Trojan Remover 1.2\ltr12.exe moved successfully.
C:\Users\Finn\Desktop\loaris1246-setup.exe moved successfully.
C:\Users\Finn\Downloads\cnet2_ComboFix_exe.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Finn\Desktop\cmd.bat deleted successfully.
C:\Users\Finn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Finn
->Flash cache emptied: 664 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Finn
->Temp folder emptied: 208636 bytes
->Temporary Internet Files folder emptied: 90832588 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6422126 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 3959690 bytes

Total Files Cleaned = 97,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01292012_160547

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Synes godt om

f-arn Guru

29. januar 2012 - 22:40 #20

Det gik da udemærket med at placere OTL på Skrivebordet, så bare gør det samme med ComboFix.

Start Notesblok, og kopier nedenstående (med fed ind.
Gem filen på Skrivebordet somCFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

tida Juniormester

30. januar 2012 - 21:02 #21

Det burde være denne her :-)

ComboFix 12-01-29.01 - Finn 30-01-2012 20:39:16.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.2038.950 [GMT 1:00]
Kører fra: c:\users\Finn\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Finn\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-12-28 til 2012-01-30 )))))))))))))))))))))))))))))))))))
.
.
2012-01-30 19:47 . 2012-01-30 19:49 -------- d-----w- c:\users\Finn\AppData\Local\temp
2012-01-30 19:47 . 2012-01-30 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 15:12 . 2012-01-29 15:12 4393247 ------r- c:\users\Finn\AppData\Roaming\Microsoft\Windows\Network Shortcuts\ComboFix.exe
2012-01-29 15:05 . 2012-01-29 15:05 -------- d-----w- C:\_OTL
2012-01-29 15:01 . 2012-01-29 15:01 -------- d-----w- c:\program files\ERUNT
2012-01-29 10:49 . 2012-01-29 10:50 -------- d-----w- c:\users\Finn\AppData\Roaming\AVG
2012-01-28 16:29 . 2012-01-28 16:29 -------- d--h--w- c:\programdata\Common Files
2012-01-28 16:26 . 2012-01-29 11:20 -------- d-----w- c:\programdata\AVG2012
2012-01-28 15:52 . 2012-01-28 15:52 -------- d-----w- c:\users\Finn\AppData\Roaming\Malwarebytes
2012-01-28 15:52 . 2012-01-28 15:52 -------- d-----w- c:\programdata\Malwarebytes
2012-01-28 15:52 . 2012-01-28 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-28 15:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 14:14 . 2012-01-28 14:14 -------- d-----w- c:\program files\Loaris
2012-01-28 09:20 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DA9566-B965-4EE4-9759-405113219133}\mpengine.dll
2012-01-20 19:47 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-20 19:47 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-20 19:47 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-20 19:47 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-20 19:47 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-20 19:47 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-18 19:50 . 2012-01-18 19:50 -------- d-----w- C:\NVIDIA
2012-01-18 19:45 . 2012-01-18 19:45 -------- d-----w- c:\programdata\NVIDIA
2012-01-18 19:02 . 2012-01-18 19:02 -------- d-----w- c:\program files\UBISOFT
2012-01-18 19:02 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-01-18 19:02 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-01-18 19:02 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-01-18 19:02 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-01-18 19:02 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-01-18 19:01 . 2012-01-18 19:01 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-01-18 19:01 . 2012-01-18 19:01 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-01-11 06:57 . 2012-01-11 06:57 -------- d-----w- c:\program files\Common Files\Citrix
2012-01-11 06:51 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:51 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:51 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:51 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:51 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:51 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 06:51 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:51 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-01 19:48 . 2012-01-01 19:48 -------- d-----w- c:\users\Finn\AppData\Roaming\Mozilla-Cache
2012-01-01 19:46 . 2012-01-01 19:46 -------- d-----w- C:\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 09:08 . 2010-11-28 10:36 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-27 12:37 . 2011-11-27 12:37 404496 ----a-w- c:\windows\system32\FTBSaver.scr
2011-11-23 13:37 . 2011-12-14 21:26 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-14 21:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 16:10 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 16:09 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 16:10 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 16:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files\Family Toolbar\mhxpcomi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-04 312200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"Family Tree Builder Update"="c:\myheritage\Bin\FTBCheckUpdates.exe" [2011-11-27 229376]
.
c:\users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-11 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-11 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Finn\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: S&end til OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{831FA997-206D-433e-9D9D-9F629D61ECA1} - c:\users\Finn\Desktop\Danske Spil Poker.lnk
TCP: DhcpNameServer = 192.168.1.1
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-30 20:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'Explorer.exe'(3852)
c:\windows\system32\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Gennemført tid: 2012-01-30 20:56:27 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-01-30 19:56
ComboFix2.txt 2012-01-29 16:13
ComboFix3.txt 2012-01-29 15:29
.
Pre-Kørsel: 1.226.964.992 byte ledig
Post-Kørsel: 1.192.742.912 byte ledig
.
- - End Of File - - BCBDDE0251764A1FAC041809A47B142B

Synes godt om

f-arn Guru

31. januar 2012 - 06:16 #22

Der er noget der undrer mig, så hent og kør DDS.

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af begge herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet.

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

Synes godt om

tida Juniormester

31. januar 2012 - 17:12 #23

dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Finn at 17:05:43 on 2012-01-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.2038.930 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ERUNT\AUTOBACK.EXE
C:\Program Files\ERUNT\ERUNT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - c:\program files\family toolbar\mhxpcomi.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Family Tree Builder Update] c:\myheritage\bin\FTBCheckUpdates.exe
StartupFolder: c:\users\finn\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\finn\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: S&end til OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {831FA997-206D-433e-9D9D-9F629D61ECA1} - c:\users\finn\desktop\Danske Spil Poker.lnk
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9608D42D-B389-4D8D-8244-8B70C68920EB} : DhcpNameServer = 62.44.166.197 62.44.166.69
TCP: Interfaces\{9B2F6282-FE35-4C98-8A32-88D2BF5F4A7A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C4EB215A-ECD3-45A4-8458-41AA390EBDEF} : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\family toolbar\mhxpcomi.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-6-29 66776]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-28 21504]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
S3 GoogleDesktopManager-051210-111108;Google Desktop-administrator 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-11 30192]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2011-5-10 42496]
.
=============== Created Last 30 ================
.
2012-01-31 15:55:03 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8f653704-8bf2-4f54-ac83-e6629efaa2e3}\offreg.dll
2012-01-31 15:39:09 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8f653704-8bf2-4f54-ac83-e6629efaa2e3}\mpengine.dll
2012-01-30 19:56:31 -------- d-----w- c:\users\finn\appdata\local\temp
2012-01-30 19:54:58 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-30 19:37:02 -------- d-----w- C:\ComboFix
2012-01-29 15:12:16 4393247 ------r- c:\users\finn\appdata\roaming\microsoft\windows\network shortcuts\ComboFix.exe
2012-01-29 15:05:47 -------- d-----w- C:\_OTL
2012-01-29 10:49:52 -------- d-----w- c:\users\finn\appdata\roaming\AVG
2012-01-28 16:54:53 98816 ----a-w- c:\windows\sed.exe
2012-01-28 16:54:53 518144 ----a-w- c:\windows\SWREG.exe
2012-01-28 16:54:53 256000 ----a-w- c:\windows\PEV.exe
2012-01-28 16:54:53 208896 ----a-w- c:\windows\MBR.exe
2012-01-28 16:29:56 -------- d-----w- c:\users\finn\appdata\roaming\AVG2012
2012-01-28 16:29:07 -------- d--h--w- c:\programdata\Common Files
2012-01-28 16:26:31 -------- d-----w- c:\programdata\AVG2012
2012-01-28 15:52:20 -------- d-----w- c:\users\finn\appdata\roaming\Malwarebytes
2012-01-28 15:52:10 -------- d-----w- c:\programdata\Malwarebytes
2012-01-28 15:52:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 15:52:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-28 14:14:49 -------- d-----w- c:\program files\Loaris
2012-01-20 19:47:07 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-20 19:47:06 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-20 19:47:06 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-20 19:47:06 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-20 19:47:06 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-20 19:47:06 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 19:50:21 -------- d-----w- C:\NVIDIA
2012-01-18 19:02:06 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-01-18 19:02:06 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-01-18 19:02:06 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-01-18 19:02:06 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-01-18 19:02:06 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-01-18 19:01:53 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-01-18 19:01:52 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-01-11 06:57:56 -------- d-----w- c:\program files\common files\Citrix
2012-01-11 06:51:15 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:51:15 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:51:13 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:51:11 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:51:10 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:51:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 06:51:04 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 06:51:04 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-01 19:48:32 -------- d-----w- c:\users\finn\appdata\roaming\Mozilla-Cache
2012-01-01 19:46:58 -------- d-----w- C:\Programs
.
==================== Find3M ====================
.
2011-12-07 09:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-27 12:37:18 404496 ----a-w- c:\windows\system32\FTBSaver.scr
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:06:09,40 ===============

Synes godt om

tida Juniormester

31. januar 2012 - 17:14 #24

Attach :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11-08-2007 20:14:23
System Uptime: 31-01-2012 16:32:07 (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Genuine Intel(R) CPU T2130 @ 1.86GHz | Microprocessor | 1867/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 1,698 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6,286 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
926plv32
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Apple Application Support
Apple Mobile Device Support
AVSDK5
Bonjour
CCleaner
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Conexant HDA D110 MDC V.92 Modem
Danske Spil Poker
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Pc-fax
Dell Photo AIO Printer 926
Dell Wireless WLAN Card
Digital Line Detect
ERUNT 1.1j
Family Toolbar
Free Audio CD Burner version 1.2
Free YouTube to MP3 Converter version 3.3
Google Desktop
Google Toolbar for Internet Explorer
Handbrake 0.9.4
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6
Loaris Trojan Remover 1.2
Malwarebytes Anti-Malware version 1.60.0.1800
MediaDirect
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Danish) 2010
Microsoft Office Excel MUI (Danish) 2010
Microsoft Office Groove MUI (Danish) 2010
Microsoft Office InfoPath MUI (Danish) 2010
Microsoft Office OneNote MUI (Danish) 2010
Microsoft Office Outlook MUI (Danish) 2010
Microsoft Office PowerPoint MUI (Danish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professionel Plus 2010
Microsoft Office Proof (Danish) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (Danish) 2010
Microsoft Office Publisher MUI (Danish) 2010
Microsoft Office Shared MUI (Danish) 2010
Microsoft Office Word MUI (Danish) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
Myst IV - Revelation
NetWaiting
Online Plug-in
OutlookAddinSetup
Overførselsværktøj til Windows Live
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Self-service Plug-in
SigmaTel Audio
Sonic Activation Module
SopCast 3.4.0
Spotify
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
URL Assistant
User's Guides
Veetle TV 0.9.17
VLC media player 1.1.11
WIDCOMM Bluetooth Software 6.0.1.3100
WinRAR 4.01 (32-bit)
.
==== End Of File ===========================

Synes godt om

f-arn Guru

31. januar 2012 - 18:16 #25

Det ser faktisk fint ud, men hvordan kører PCen ?

------

Hent Security Check af screen317
Start den og følg instruktionerne.
Kopier loggen herind.

Synes godt om

tida Juniormester

31. januar 2012 - 18:39 #26

Den kører faktisk ok synes jeg - men der kommer nogle "fejlbokse" når jeg starter op. Men når de er klikket væk (tror der er 4-5 stykker)så kører det.

Synes godt om

f-arn Guru

31. januar 2012 - 18:58 #27

Kan du ikke lige fortælle hvad de fejlmeddelser siger.

Kør Security Check af screen317

Synes godt om

tida Juniormester

31. januar 2012 - 19:38 #28

Spøjst - nu er fejlboksene væk :-)! Jeg har lige genstartet et par gange, men de kommer ikke.

Det ser egentlig fint ud!.

Jeg vedhæfter lige checkup -loggen.

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Loaris Trojan Remover 1.2
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6
Java version out of date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Common Files Authentium AntiVirus5 vsedsps.exe
Common Files Authentium AntiVirus5 vseamps.exe
Common Files Authentium AntiVirus5 vseqrts.exe
``````````End of Log````````````

Synes godt om

f-arn Guru

31. januar 2012 - 19:55 #29

Afinstaller Loaris Trojan Remover 1.2

------

I Kontrolpanelet skal du afinstallere alt Java.

Hent en ny her.
http://www.java.com/en/download/index.jsp (husk at fraklikke Toolbars og andet skrammel)

Du skal også afinstallere Adobe Flash Player

Hent en ny her.
http://get.adobe.com/flashplayer/ (husk at fraklikke Toolbars og andet skrammel)

------

Er fejlmeddelelserne kommet tilbage?

Synes godt om

tida Juniormester

31. januar 2012 - 20:28 #30

Ok, nu har jeg gjort som beskrevet - og nej, der er stadig ingen fejlbokse :-)

Synes godt om

f-arn Guru

31. januar 2012 - 20:37 #31

Fint :-)

------

Tast <Windows> + <R> samtidig og kopier dette ind: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

------

Start OTL og klik på CleanUp

Det vil fjerne OTL, og andre værktøjer vi har brugt.

Hvis der efterlades noget, må du slette det manuelt.

Synes godt om

tida Juniormester

31. januar 2012 - 21:33 #32

Det er hermed gjort. Så er vi måske ved at være i mål?

Synes godt om

f-arn Guru

31. januar 2012 - 21:44 #33

Så er vi måske ved at være i mål?

Jeg har ikke mere *S*

Synes godt om

tida Juniormester

31. januar 2012 - 22:00 #34

Tusind tak for hjælpen :-). Super sejt styret igennem!

Synes godt om

f-arn Guru

01. februar 2012 - 09:04 #35

Velbekomme :-)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53
Total AV Af Malm i Virus	10	16/01/202516:48	17/01/202520:47
pop up black friday Af Malm i Virus	12	22/11/202420:49	03/12/202411:04

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

07:55

Trump melder ud: Har fire mulige købere til TikTok

07:20

Netcompany-direktør: Derfor er det så vigtigt, at vi kommer ud af USA's teknologiske klør

06:40

Morgen-briefing: Skats robot har ved en fejl taget penge fra boligejere / Dansker til vejrs i Crayon Group / AI-drevet Siri forsinkes / Google sejrer i monopol-sag / Digitalt topmøde i Dansk Erhverv

12:00

Ugen i tech: Volvo ES90 er mange biler på en gang - resultatet er nydeligt / Kameraet kan vist ikke blive bedre på denne mobil

07/03

Test: Knaldhurtig budget-Volvo er nok mere legesyg end godt er

07/03

Nørgaard: Trump'eterne gjalder og verden står for fald - så jeg vil forsøge at skabe lidt lys og latter i denne klumme

07/03

Massiv kovending: Endnu en tech-gigant dropper inklusionsmål efter Trump-ordre

07/03

Statens It har siden 2019 haft en pc med OpenOffice som alternativ til Microsoft – men ingen gider bruge den

07/03

Nye tal afslører: Så mange danske VMware-servere er i akut fare - indeholder kritisk sårbarhed

07/03

Jeg rejste til USA sammen med Salesforce: Her er seks vigtige pointer, som jeg især bed mærke i

07/03

HPE i frit fald: Vil skære 3.000 medarbejdere fra efter skuffende regnskab

Vis flere artikler

IT-JOB

Sydbank

IT Drift-specialist

SDC A/S

Senior Business Developer for Self-Service Automation (banking)

Christensen Kjærulff

Serviceminded og udadvendt IT-supporter

Københavns Universitet

To IT-Projektledere til understøttelse af forskningen på Københavns Universitet

Sahva A/S

Dataspecialist søges (hybridarbejde)

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 19:22	Ugyldigt telefonnummer Af AnneB i Mobiltelefoner
I går 12:09	Bitwarden Af mort1 i Andet software
I går 02:09	Problem med verificering på hjemmesider Af akse0435 i Internetforbindelser
08/0310:08	Internet driller Af Lykkemark i PC
08/0309:53	Problemer med Catcha Af Asky i PHP