Virus genstarter Computer

Velkommen til E. ...

Start op i [Fejlsikker tilstand] og DERFRA bruge [Systemgendannelse] og vælge et punkt/tidspunkt FØR denne "Tune-up" ting...

---

(*) [Fejlsikker tilstand] -> Tryk (evt flere gange)  [F8]  lige efter PowerOn ...

http://support.kaspersky.com/dk/images/support_new/kis2011_493_01_dk.png

Hej igen, det viser sig at min computer ikke har nogle Gendannelses punkter overhovedet, min Security essentials har dog ryddet lidt op i det over natten så er blevet kvit med den der genstarter min computer.

Nu er der kun den med min firewall

Lige en indskydelse.

Min firewall er ikke slået helt fra, den bruger bare ikke de anbefalede indstillinger, og man kan ikke aktivere eller gendanne standart indstillingerne pga den tidligere nævnte fejlkode.

Hent Malwarebytes Anti-Malware herfra:
http://www.filehippo.com/download_malwarebytes_anti_malware/

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind i denne tråd.

Vigtigt: Du skal, inden du klikker på "Skan" knappen i Malwarebytes Anti-Malware  gå op i fanen "Opdater", klik på "Tjek for opdatering", bliv ved til den skriver du har nyeste database, (DET SKAL UDFØRES).

Malwarebytes Anti-Malware (Prøveversion) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rasmus :: RASMUS-SUPERPC [administrator]

Beskyttelse: Slået til

02-08-2012 11:52:18
mbam-log-2012-08-02 (11-52-18).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|F:\|)
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 356990
Tid gået: 1 time(e), 57 minut(ter), 31 sekund(er)

Hukommelses Processorer Inficeret: 1
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 3172 -> Ingen handling valgt.

Hukommelses Moduler Inficeret: 1
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Ingen handling valgt.

Registreringsdatabasenøgler Inficeret: 62
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Ingen handling valgt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Ingen handling valgt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Ingen handling valgt.
HKCR\ironsource.searchyaHlpr.1 (PUP.SearchYa) -> Ingen handling valgt.
HKCR\ironsource.searchyaHlpr (PUP.SearchYa) -> Ingen handling valgt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Ingen handling valgt.
HKCR\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Ingen handling valgt.
HKCR\ironsource.searchyadskBnd.1 (PUP.SearchYa) -> Ingen handling valgt.
HKCR\ironsource.searchyadskBnd (PUP.SearchYa) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Ingen handling valgt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Ingen handling valgt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Ingen handling valgt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Ingen handling valgt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Ingen handling valgt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Ingen handling valgt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Ingen handling valgt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Ingen handling valgt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Ingen handling valgt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Ingen handling valgt.
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.ShoppingReports2) -> Sat i karantæne og slettet succesfuldt.
HKCR\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKCR\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Sat i karantæne og slettet succesfuldt.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Sat i karantæne og slettet succesfuldt.

Registreringsdatabaseværdier Inficeret: 12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Data: C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej -> Ingen handling valgt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Data: SearchYa Toolbar -> Ingen handling valgt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Data:  -> Ingen handling valgt.
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Ingen handling valgt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Ingen handling valgt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Data:  -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Data: 1 -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Data:  -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Data: 2 -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.682.0\firefox\extensions -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Data: C:\Program Files (x86)\QuestScan\questscan.dll -> Sat i karantæne og slettet succesfuldt.

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 14
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Ingen handling valgt.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Rasmus\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.682.0 (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.682.0\firefox (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.682.0\firefox\extensions (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.682.0\firefox\extensions\plugins (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ShoppingReport2 (Adware.ShoppingReport2) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ShoppingReport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.

Inficerede Filer: 26
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\bh\searchya.dll (PUP.SearchYa) -> Ingen handling valgt.
C:\Program Files (x86)\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (PUP.SearchYa) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Ingen handling valgt.
C:\Users\Rasmus\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Ingen handling valgt.
C:\Program Files (x86)\ShoppingReport2\Uninst.exe (Adware.ShoppingReports2) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\Installer\{78be74c8-885a-8b35-f07d-94df5f099a68}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.682.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Sat i karantæne og slettet succesfuldt.

(færdig)

Hent combofix og gem den på skrivebordet.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Vigtigt-> Deaktiver dit antivirus/antispyware program. Da det/de kan "forstyrre" og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. 

Klik med højre-musetast på Combofix.exe > Vælg "Kør som administrator" (hvis du har den mulighed)
Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Den kan også findes her - > C:\ combofix txt

Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

Vær tålmodig, der kan gå op til 30 min inden logfilen åbner.

ComboFix 12-07-31.03 - Rasmus 02-08-2012  17:00:15.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.45.1030.18.3959.1458 [GMT 2:00]
Kører fra: c:\users\Rasmus\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\BCHelper.exe
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\sqlite3.dll
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\Ironsource\searchya\1.5.13.0\bh\seARchya.dll
c:\program files (x86)\Ironsource\searchya\1.5.13.0\seARchyatlbr.dll
c:\users\Rasmus\PartyPokerSetup.exe
c:\windows\s.bat
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-07-02 til 2012-08-02  )))))))))))))))))))))))))))))))))))
.
.
2012-08-02 15:07 . 2012-08-02 15:07    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-08-02 09:51 . 2012-08-02 09:51    --------    d-----w-    c:\users\Rasmus\AppData\Roaming\Malwarebytes
2012-08-02 09:51 . 2012-08-02 09:51    --------    d-----w-    c:\programdata\Malwarebytes
2012-08-02 09:51 . 2012-08-02 09:51    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-02 09:51 . 2012-07-03 11:46    24904    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-08-01 20:19 . 2012-08-01 20:19    328704    ----a-w-    c:\windows\system32\services.exe.A2FB9168178B07F3
2012-08-01 20:16 . 2012-08-01 20:16    328704    ----a-w-    c:\windows\system32\services.exe.25BA3BDAE5DE9BE1
2012-08-01 20:13 . 2012-08-01 20:13    328704    ----a-w-    c:\windows\system32\services.exe.E041B7B5D98764DD
2012-08-01 20:10 . 2012-08-01 20:10    328704    ----a-w-    c:\windows\system32\services.exe.7828FE2589D0248F
2012-08-01 20:07 . 2012-08-01 20:07    328704    ----a-w-    c:\windows\system32\services.exe.32BD16703C16A0D0
2012-08-01 20:03 . 2012-08-01 20:03    328704    ----a-w-    c:\windows\system32\services.exe.3952A3C9B725201F
2012-08-01 19:55 . 2012-02-09 12:17    927800    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35C6FDBC-4422-45A7-AE48-32E80F410B00}\gapaengine.dll
2012-08-01 19:55 . 2012-07-16 00:40    9133488    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88D1FFE7-567D-4C24-B7C7-5C6E55C78197}\mpengine.dll
2012-08-01 19:54 . 2012-08-01 19:54    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2012-08-01 19:54 . 2012-08-01 19:54    --------    d-----w-    c:\program files\Microsoft Security Client
2012-08-01 19:46 . 2012-08-01 19:46    --------    d-----w-    c:\users\Rasmus\AppData\Local\{AAB17403-AA50-4257-9A63-7BD4DF9F9E3A}
2012-08-01 12:58 . 2012-08-01 12:58    --------    d-----w-    c:\users\Rasmus\AppData\Roaming\TuneUp Software
2012-08-01 12:58 . 2012-08-01 12:58    --------    d-----w-    c:\programdata\TuneUp Software
2012-08-01 12:58 . 2012-08-01 12:58    --------    d-sh--w-    c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-01 12:58 . 2012-08-01 12:58    --------    d--h--w-    c:\programdata\Common Files
2012-08-01 12:53 . 2012-08-02 11:59    --------    d-----w-    c:\program files (x86)\World of Warcraft
2012-07-27 16:09 . 2012-08-02 13:48    --------    d-----w-    c:\users\Rasmus\AppData\Roaming\Spotify
2012-07-27 16:09 . 2012-08-02 11:58    --------    d-----w-    c:\users\Rasmus\AppData\Local\Spotify
2012-07-24 18:30 . 2012-07-24 18:31    --------    d-----w-    c:\program files (x86)\Ventrilo
2012-07-24 18:29 . 2012-07-24 18:29    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-20 15:45 . 2012-08-01 20:02    --------    d-----w-    c:\users\UpdatusUser
2012-07-20 15:45 . 2012-07-20 15:45    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
2012-07-20 15:43 . 2012-05-15 10:48    68928    ----a-w-    c:\windows\system32\OpenCL.dll
2012-07-20 15:43 . 2012-05-15 10:48    61248    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2012-07-20 15:42 . 2012-07-20 15:42    --------    d-----w-    c:\programdata\NVIDIA Corporation
2012-07-20 15:39 . 2012-07-20 15:39    --------    d-----w-    C:\NVIDIA
2012-07-20 13:47 . 2012-07-20 16:04    --------    d-----w-    c:\program files (x86)\Diablo III
2012-07-20 13:45 . 2012-07-20 13:46    --------    d-----w-    c:\programdata\Battle.net
2012-07-11 14:36 . 2012-06-12 03:08    3148800    ----a-w-    c:\windows\system32\win32k.sys
2012-07-11 06:45 . 2012-06-06 06:06    2004480    ----a-w-    c:\windows\system32\msxml6.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 20:22 . 2009-07-13 23:19    328704    ----a-w-    c:\windows\system32\services.exe
2012-07-11 14:33 . 2011-03-27 12:48    59701280    ----a-w-    c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 07:42    38424    ----a-w-    c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 07:42    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 07:42    44056    ----a-w-    c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 07:42    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 07:42    701976    ----a-w-    c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 07:42    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 07:42    99840    ----a-w-    c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 07:42    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 07:42    36864    ----a-w-    c:\windows\system32\wuapp.exe
2012-05-18 20:52 . 2012-05-18 20:52    476960    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2012-05-18 20:52 . 2011-06-03 10:51    472864    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-05-15 10:48 . 2010-08-11 21:09    8105280    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2010-08-11 21:09    15322432    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2010-08-11 21:09    10194752    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2010-08-11 21:09    2741568    ----a-w-    c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2010-05-07 10:58    889664    ----a-w-    c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-05-07 10:58    433984    ----a-w-    c:\windows\SysWow64\oemdspif.dll
2012-05-15 09:29 . 2010-05-07 10:58    63296    ----a-w-    c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-05-07 10:58    2561856    ----a-w-    c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-05-07 10:58    118080    ----a-w-    c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-05-07 10:58    3149632    ----a-w-    c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-05-07 10:58    6151488    ----a-w-    c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21    423744    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2012-05-11 22:27 . 2011-10-22 21:12    414368    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-23 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-11 1242448]
"Spotify"="c:\users\Rasmus\AppData\Roaming\Spotify\Spotify.exe" [2012-07-27 7601880]
"Spotify Web Helper"="c:\users\Rasmus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-27 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2009-12-22 167008]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 136176]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Netværksinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-06-24 167816]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-03-18 215168]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
--- Andre Services/Drivers i Hukommelsen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs    REG_MULTI_SZ      ReadyComm.DirectRouter PS_MDP
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 18:16]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 18:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.facebook.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{15105F6B-80FF-40d3-B239-AEC9E0E93ACD} - c:\program files (x86)\PokerStars.DK\PokerStarsUpdate.exe
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
FF - ProfilePath - c:\users\Rasmus\AppData\Roaming\Mozilla\Firefox\Profiles\d5f7owb6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Gennemført tid: 2012-08-02  17:26:37 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2012-08-02 15:26
.
Pre-Kørsel: 171.103.887.360 byte ledig
Post-Kørsel: 171.119.480.832 byte ledig
.
- - End Of File - - D5CB0712D746D448830CC1D5A5C0689C

Okay nu er jeg helt ny herinde så ved ikke hvordan pointgivning og det fungere, men siden jeg kom med to problemer og de begge er blevet løst er jeg meget tilfreds..

Tusind tak for hjælpen !

Vi er ikke færdig endnu, men får først tid til at lægge en ny vejledning ind i morgen?.

Download  OTL fra dette link, gem den på skrivebordet.
http://oldtimer.geekstogo.com/OTL.com

PS.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator." på de programfiler hvis du har den mulighed.

Kør OTL > Kopier teksten med fed skrift ind under "Custom Scans/Fixes"
Nede til højre, sætter du fluben ved, "LOP Check" og "Purity Check", marker Scan All Users,
Klik på "Run Scan". Din computer vil nu blive scannet og efter et stykke tid vil 2 logs åbne sig, gem dem.


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
atapi.sys
services.exe
/md5stop


Der åbnes 2 notesblok vinduer  OTL.txt og Extras.Txt  kopier teksten fra dem herind.