Hej  

Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

Den er helt legal, så ingen grund til bekymring der, for den hører til ->
“Client Service for NetWare”.

Men vi kan lige tage et tjek ->

Hent og installer Ccleaner: Her
Klik på Download Latest Version

Fjern flueben ved -  Installer Yahoo toolbar

Når du åbner programmet for første gang, vil der være flueben i alle felter.
Hvis du ønsker at bevare cookies, kan du fjerne dette flueben.

Klik på Kør Cleaner, for at få renset din computer.

Du vil nu få en advarsel, om at disse filer slettes fuldstændigt fra dit system, og om du ønsker at fortsætte. Klik på Ok for at svare ja til det. Sæt flueben ved ->  Vis mig ikke denne besked igen.

Genstart.

Hent Malwarebytes Anti-Malware herfra:
http://www.spywarefri.dk/downloads1/mbam-setup.exe

Eller her ->
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

Installer programmet - når det er gjort skal du lade programmet opdatere sig.
Tryk på Opdater fanen.
Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.

NB Hvis Malwarebytes Anti-Malware vil genstarte computeren for at fuldføre rensningen så lad den genstarte.

Send malwarebyte loggen herind, sammen med DDS log filer ->

Hent DDS og gem programmet på dit Skrivebord:
Her
Dobbeltklik på DDS.scr og tillad programmet at køre.
Når programmet er færdig vil det åbne to logs/tekst-filer.
Gem begge filer på dit Skrivebord og kopier indholdet af txt filerne herind i dit næste indlæg.

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Før du sender logfilerne, beder vi dig om at fjerne enhvert P2P/fildelings program, hvis du har nogen, og dette inkluderer Torrent software, før vi renser computeren.

Puha det var en ordentlig omgang, men her er Malwarebyte loggen, og de 2 DDS logs:

Malwarebytes’ Anti-Malware 1.44
Database version: 3870
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15-03-2010 20:03:43
mbam-log-2010-03-15 (20-03-43).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|L:\|)
Objekter skannet: 511904
Tid tilbagelagt: 3 hour(s), 59 minute(s), 53 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 3
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lxui (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\system32\drivers\xcceiote.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
L:\Dokumenter\emulefiler\CS3\Crack\XF-AdobeMasterCS3-KG.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 17-09-2005 11:34:05
System Uptime: 15-03-2010 20:05:19 (0 hours ago)

Motherboard: FUJITSU SIEMENS |  | GA-8S649MF
Processor:          Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3214/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 142,821 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 466 GiB total, 360,569 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Fujitsu Siemens Computers WLAN 802.11b/g D1705/D1706
Device ID: USB\VID_0BF8&PID;_100F\5&154C0453;&0&7
Manufacturer: Fujitsu Siemens Computers
Name: Fujitsu Siemens Computers WLAN 802.11b/g D1705/D1706
PNP Device ID: USB\VID_0BF8&PID;_100F\5&154C0453;&0&7
Service: SIS163u

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: vsdatant
Device ID: ROOT\LEGACY_VSDATANT\0000
Manufacturer:
Name: vsdatant
PNP Device ID: ROOT\LEGACY_VSDATANT\0000
Service: vsdatant

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1: 11-03-2010 13:56:30 - Systemkontrolpunkt
RP2: 12-03-2010 14:44:25 - Software Distribution Service 3.0
RP3: 13-03-2010 20:03:52 - Systemkontrolpunkt
RP4: 14-03-2010 20:25:05 - Systemkontrolpunkt

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.7 - CPSID_50029
Adobe Acrobat 8.1.7 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe MPEG Encoder
Adobe PageMaker 7.0
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Elements 4.0
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.1.2 - Dansk
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced RealMedia Export Plug-in for Premiere 6.0
AHV content for Acrobat and Flash
AIO_Scan
Alt CDA to MP3 Converter 7.0
AO Værktøj
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
µTorrent
AutoUpdate
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Bluesoleil2.6.0.9 Release 070606
BufferChm
C5200
C5200_Help
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.0.9.322
Copy
Core FTP LE 2.1
CorelDRAW(R) Graphics Suite X4
CoverPro
CreativeProjects
CreativeProjectsTemplates
csp
CueTour
CustomerResearchQFolder
CuteFTP 7 Professional
DAEMON Tools
Day of Defeat: Source
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Signatur
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
DVD Shrink 3.2
eSupportQFolder
F-Secure PSC Prerequisites
Faneopdelt søgning (Windows Live Toolbar)
Fax
Feed Detector (Windows Live Toolbar)
Fighter Ace Anniversary Edition
Fujitsu Siemens Computers WLAN 802.11b/g D1705/D1706
GameSpy Arcade
getPlus(R) Download Manager for Corel
Google Earth
GPBaseService
Guitar Pro 5.0
H.264 Decoder
High Definition Audio - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB952287)
Hotfix til Windows XP (KB961118)
Hotfix til Windows XP (KB970653-v3)
Hotfix til Windows XP (KB976098-v2)
Hotfix til Windows XP (KB979306)
HotKey
HP Customer Participation Program 10.0
HP Deskjet 6800
HP Imaging Device Functions 10.0
HP Photo & Imaging 4.1
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSystemDiagnostics
IKEA Home Planner
ImageMixer
InstantShare
InterVideo WinDVD
iVideoMAX Video Converter 1.1
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_12
Java(TM) 6 Update 17
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 5.2.0
Logitech Desktop Messenger
Logitech QuickCam-software
Magic Image Resizer 1.0 (remove only)
Magic Video Converter Trial Version (English) 8.0.2.18
Malwarebytes’ Anti-Malware
MarketingReg
MarketResearch
Mathcad 13
Mathcad 14.0 M020
Mathcad 14.0 M020 Help
Mathcad 14.0 M020 Resource Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Danish) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MicroStaff WINASPI
MKV Splitter
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MyDSC2
NCT ALF2 CD Audio Codec
Nero BurnRights
OCR Software by I.R.I.S. 10.0
OGA Notifier 1.7.0105.35.0
Opdatering til Windows Internet Explorer 8 (KB971180)
Opdatering til Windows Internet Explorer 8 (KB976662)
Opdatering til Windows Internet Explorer 8 (KB976749)
Opdatering til Windows XP (KB951072-v2)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955759)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB967715)
Opdatering til Windows XP (KB968389)
Opdatering til Windows XP (KB971737)
Opdatering til Windows XP (KB973687)
Opdatering til Windows XP (KB973815)
Overland
PanoStandAlone
PDF Settings
Pdf995
Photo Story 3 for Windows
PhotoGallery
PixiePack Codec Pack
PrintScreen
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QFolder
QuickProjects
QuickTime
Replay Video Capture
Revo Uninstaller 1.34
Roxio Express Labeler 3
SafeCast Shared Components
Savage
Scan
Search Settings 1.2
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sektornet VPN Client
Signature995
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB969897)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB972260)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB974455)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player (KB954155)
Sikkerhedsopdatering til Windows Media Player (KB968816)
Sikkerhedsopdatering til Windows Media Player (KB973540)
Sikkerhedsopdatering til Windows Media Player 10 (KB911565)
Sikkerhedsopdatering til Windows Media Player 10 (KB917734)
Sikkerhedsopdatering til Windows Media Player 10 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows XP (KB923561)
Sikkerhedsopdatering til Windows XP (KB923689)
Sikkerhedsopdatering til Windows XP (KB938464-v2)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951376)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952004)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB953839)
Sikkerhedsopdatering til Windows XP (KB954211)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956391)
Sikkerhedsopdatering til Windows XP (KB956572)
Sikkerhedsopdatering til Windows XP (KB956744)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956841)
Sikkerhedsopdatering til Windows XP (KB956844)
Sikkerhedsopdatering til Windows XP (KB957095)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB958690)
Sikkerhedsopdatering til Windows XP (KB958869)
Sikkerhedsopdatering til Windows XP (KB959426)
Sikkerhedsopdatering til Windows XP (KB960225)
Sikkerhedsopdatering til Windows XP (KB960715)
Sikkerhedsopdatering til Windows XP (KB960803)
Sikkerhedsopdatering til Windows XP (KB960859)
Sikkerhedsopdatering til Windows XP (KB961371)
Sikkerhedsopdatering til Windows XP (KB961373)
Sikkerhedsopdatering til Windows XP (KB961501)
Sikkerhedsopdatering til Windows XP (KB968537)
Sikkerhedsopdatering til Windows XP (KB969059)
Sikkerhedsopdatering til Windows XP (KB969898)
Sikkerhedsopdatering til Windows XP (KB969947)
Sikkerhedsopdatering til Windows XP (KB970238)
Sikkerhedsopdatering til Windows XP (KB970430)
Sikkerhedsopdatering til Windows XP (KB971468)
Sikkerhedsopdatering til Windows XP (KB971486)
Sikkerhedsopdatering til Windows XP (KB971557)
Sikkerhedsopdatering til Windows XP (KB971633)
Sikkerhedsopdatering til Windows XP (KB971657)
Sikkerhedsopdatering til Windows XP (KB972270)
Sikkerhedsopdatering til Windows XP (KB973346)
Sikkerhedsopdatering til Windows XP (KB973354)
Sikkerhedsopdatering til Windows XP (KB973507)
Sikkerhedsopdatering til Windows XP (KB973525)
Sikkerhedsopdatering til Windows XP (KB973869)
Sikkerhedsopdatering til Windows XP (KB973904)
Sikkerhedsopdatering til Windows XP (KB974112)
Sikkerhedsopdatering til Windows XP (KB974318)
Sikkerhedsopdatering til Windows XP (KB974392)
Sikkerhedsopdatering til Windows XP (KB974571)
Sikkerhedsopdatering til Windows XP (KB975025)
Sikkerhedsopdatering til Windows XP (KB975467)
Sikkerhedsopdatering til Windows XP (KB975560)
Sikkerhedsopdatering til Windows XP (KB975561)
Sikkerhedsopdatering til Windows XP (KB975713)
Sikkerhedsopdatering til Windows XP (KB977165)
Sikkerhedsopdatering til Windows XP (KB977914)
Sikkerhedsopdatering til Windows XP (KB978037)
Sikkerhedsopdatering til Windows XP (KB978251)
Sikkerhedsopdatering til Windows XP (KB978262)
Sikkerhedsopdatering til Windows XP (KB978706)
SkinsHP1
SkoleKom FirstClass Client 8.3.26
SkoleKom FirstClass® Client
Smarte menuer (Windows Live Toolbar)
SmartWebPrintingOC
SolutionCenter
Status
Steam(TM)
Streaming Media Recorder (VMware ThinApp)
Syncrosoft’s License Control
SyncroSoft Emu (Remove only)
TDC CSP
TDC Digital Signatur CSP
TDC Netsupport
TDC Sikkerhedspakke
Tilmeldingsassistent til Windows Live
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
TTS_Technology
TubeHunter Ultra
Tunebite
TVUPlayer 2.5.0.1
Udvidelser (Windows Live Toolbar)
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
URL Snooper v2.26.01
VC80CRTRedist - 8.0.50727.4053
VDownloader 0.83
VideoToolkit01
Vigtig opdatering til Windows Media Player 11 (KB959772)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VLC media player 0.9.8a
WebFldrs XP
WebReg
Win-Family 6.0
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 11
Windows Messenger 5.1
Windows XP Service Pack 3
winpcap-nmap 4.02
WinRAR archiver
YouTube Downloader 2.5.3
AAC Decoder

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Harry at 20:15:32,12 on 15-03-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1474 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)  {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: TDC Sikkerhedspakke 9.01 *On-access scanning enabled* (Updated)  {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: TDC Sikkerhedspakke 9.01 *enabled*  {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Sektornet VPN\cvpnd.exe
C:\Programmer\TDCSikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\TDCSikkerhedspakke\Common\FSMA32.EXE
C:\Programmer\TDCSikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\TDCSikkerhedspakke\Common\FSHDLL32.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmer\TDCSikkerhedspakke\FWES\Program\fsdfwd.exe
C:\Programmer\TDCSikkerhedspakke\Anti-Virus\fssm32.exe
C:\Programmer\TDCSikkerhedspakke\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmer\TDCSikkerhedspakke\Common\FSM32.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Harry\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ld.dk/Default.aspx?ID=686
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;localhost;*.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\programmer\search settings\kb127\SearchSettings.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmer\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\programmer\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - Groove GFS Browser Helper
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\programmer\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\programmer\tdcsikkerhedspakke\nrs\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\programmer\search settings\kb127\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\programmer\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\programmer\tdcsikkerhedspakke\nrs\iescript\baselitmus.dll
TB: &Yahoo;! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: FirstClass®: {2a947d7c-8b9f-457d-95b6-5d76cc1b7804} - c:\windows\downloaded program files\fcplugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] “c:\programmer\tomtom home 2\TomTomHOMERunner.exe”
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ATIPTA] c:\programmer\ati technologies\ati control panel\atiptaxx.exe
mRun: [HP Software Update] c:\programmer\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] “c:\programmer\quicktime\qttask.exe” -atboottime
mRun: [hpqSRMon] c:\programmer\hp\digital imaging\bin\hpqSRMon.exe
mRun: [GrooveMonitor] “c:\programmer\microsoft office\office12\GrooveMonitor.exe”
mRun: [Adobe Reader Speed Launcher] “c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe”
mRun: [Acrobat Assistant 8.0] “c:\programmer\adobe\acrobat 8.0\acrobat\Acrotray.exe”
mRun: [<NO NAME>]
mRun: [F-Secure Manager] “c:\programmer\tdcsikkerhedspakke\common\FSM32.EXE” /splash
mRun: [F-Secure TNB] “c:\programmer\tdcsikkerhedspakke\fsgui\TNBUtil.exe” /CHECKALL /WAITFORSW
mRun: [Adobe ARM] “c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe”
mRun: [SunJavaUpdateSched] “c:\programmer\java\jre6\bin\jusched.exe”
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
IE: &Google; Search
IE: &Translate; English Word
IE: &Windows; Live Search - c:\programmer\windows live toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links
IE: Cached Snapshot of Page
IE: Convert link target to Adobe PDF - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmer\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter; til Microsoft Excel
IE: Google Sidewiki ... - c:\programmer\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Similar Pages
IE: Translate Page into English
IE: Åbn på ny baggrundsfane - c:\programmer\windows live toolbar\components\da-dk\msntabres.dll.mui/229?8c060afbc4ff446d9bb42cdd46d17fcb
IE: Åbn på ny forgrundsfane - c:\programmer\windows live toolbar\components\da-dk\msntabres.dll.mui/230?8c060afbc4ff446d9bb42cdd46d17fcb
IE: {0AD5A451-967F-46BD-9F5E-39247D7FC77F}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - {2A947D7C-8B9F-457d-95B6-5D76CC1B7804} - c:\windows\downloaded program files\fcplugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\programmer\tdcsikkerhedspakke\fsps\program\FSLSP.DLL
Trusted Zone: danid.dk
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
Trusted Zone: danid.dk
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01111C00-3E00-11D2-8470-0060089874ED} - hxxp://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
DPF: {01111E00-3E00-11D2-8470-0060089874ED} - hxxp://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.geograf.com/viewer/mgaxctrl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140353444734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C196458-4145-46AF-8A77-1506878DFECA} - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {A3675EFC-76BD-4812-9CFC-E3B4DCA1C31D} = 208.67.222.222,208.67.220.220
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmer\hp\hpcoretech\comp\hpuiprot.dll
Handler: fcp - {B3133379-8789-4d3c-9593-C205D7297501} - c:\windows\downloaded program files\fcplugin.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmer\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fllesf~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - Groove GFS Stub Execution Hook
mASetup: {9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E} - c:\windows\system32\msiexec.exe /fup {9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E} /q
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\programmer\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\harry\applic~1\mozilla\firefox\profiles\wp06j11p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lynghoej.dk/
FF - component: c:\programmer\mozilla firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - component: c:\programmer\tdcsikkerhedspakke\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\documents and settings\harry\application data\mozilla\firefox\profiles\wp06j11p.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmer\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmer\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmer\mozilla firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\programmer\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmer\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2005-10-21 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2005-10-21 5248]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2008-12-29 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-10-1 80000]
R0 REDLIGHT;REDLIGHT;c:\windows\system32\drivers\redlight.sys [2007-9-11 2243328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-19 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-19 27784]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmer\tdcsikkerhedspakke\hips\drivers\fshs.sys [2009-10-1 68064]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\programmer\tdcsikkerhedspakke\anti-virus\fsgk32st.exe [2009-10-1 215648]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmer\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-8-23 799744]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmer\tdcsikkerhedspakke\anti-virus\minifilter\fsgk.sys [2009-10-1 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmer\tdcsikkerhedspakke\orsp client\fsorsp.exe [2009-10-1 55992]
S1 SASDIFSV;SASDIFSV;\??\c:\programmer\superantispyware\sasdifsv.sys—> c:\programmer\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\programmer\superantispyware\saskutil.sys—> c:\programmer\superantispyware\SASKUTIL.sys [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe—> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 BITS_Untrusted_BZ;Tjenesten Background Intelligent Transfer_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\svchost.exe -k netsvcs—> c:\virtual\untrusted\c_\windows\system32\svchost.exe [?]
S2 BufferZoneSvc;BufferZone Service;c:\programmer\bufferzone\clntsvc.exe—> c:\programmer\bufferzone\CLNTSVC.EXE [?]
S2 BZDcomLaunch;BufferZone DCOM Helper;c:\programmer\bufferzone\bzdcomlaunch.exe—> c:\programmer\bufferzone\BZDCOMLAUNCH.EXE [?]
S2 BZRpcSs;BufferZone RPC Helper;c:\programmer\bufferzone\bzrpcss.exe—> c:\programmer\bufferzone\BZRPCSS.EXE [?]
S2 LUIRGAGE;LUIRGAGE;\??\c:\windows\system32\luirgage.tqu—> c:\windows\system32\luirgage.tqu [?]
S2 MDM_Untrusted_BZ;Machine Debug Manager_Untrusted_BZ;“c:\virtual\untrusted\c_\programmer\fælles filer\microsoft shared\vs7debug\mdm.exe”—> c:\virtual\untrusted\c_\programmer\fælles filer\microsoft shared\vs7debug\MDM.EXE [?]
S2 SENS_Untrusted_BZ;System Event Notification_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\svchost.exe -k netsvcs—> c:\virtual\untrusted\c_\windows\system32\svchost.exe [?]
S2 ShellHWDetection_Untrusted_BZ;Hardwaregenkendelse på brugergrænsefladen_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\svchost.exe -k netsvcs—> c:\virtual\untrusted\c_\windows\system32\svchost.exe [?]
S2 StiSvc_Untrusted_BZ;Windows-billedscanning_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\svchost.exe -k imgsvc—> c:\virtual\untrusted\c_\windows\system32\svchost.exe [?]
S2 winmgmt_Untrusted_BZ;Windows Management Instrumentation_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\svchost.exe -k netsvcs—> c:\virtual\untrusted\c_\windows\system32\svchost.exe [?]
S2 wuauserv_Untrusted_BZ;Automatiske opdateringer_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\svchost.exe -k netsvcs—> c:\virtual\untrusted\c_\windows\system32\svchost.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-6-27 16512]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-1-18 23096]
S3 DrmRVideo;DrmRVideo;c:\windows\system32\drivers\DrmRVideo.sys [2009-1-18 3768]
S3 EventSystem_Untrusted_BZ;COM+-hændelsessystem_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\svchost.exe -k netsvcs—> c:\virtual\untrusted\c_\windows\system32\svchost.exe [?]
S3 HP Port Resolver_Untrusted_BZ;HP Port Resolver_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\hpbpro.exe—> c:\virtual\untrusted\c_\windows\system32\hpbpro.exe [?]
S3 HP Status Server_Untrusted_BZ;HP Status Server_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\hpboid.exe—> c:\virtual\untrusted\c_\windows\system32\hpboid.exe [?]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\jakndis.sys—> c:\windows\system32\drivers\JakNDis.sys [?]
S3 MSIServer_Untrusted_BZ;Windows Installer_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\msiexec.exe /v—> c:\virtual\untrusted\c_\windows\system32\msiexec.exe [?]
S3 netman_Untrusted_BZ;Netværksforbindelser_Untrusted_BZ;c:\virtual\untrusted\c_\windows\system32\svchost.exe -k netsvcs—> c:\virtual\untrusted\c_\windows\system32\svchost.exe [?]
S3 PEBXREFCC;PEBXREFCC;c:\docume~1\harry\lokale~1\temp\pebxrefcc.exe—> c:\docume~1\harry\lokale~1\temp\PEBXREFCC.exe [?]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2005-11-13 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2005-11-13 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2005-11-13 21081]
S3 SASENUM;SASENUM;\??\c:\programmer\superantispyware\sasenum.sys—> c:\programmer\superantispyware\SASENUM.SYS [?]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2005-8-23 215040]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmer\tdcsikkerhedspakke\anti-virus\win2k\fsfilter.sys [2009-10-1 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmer\tdcsikkerhedspakke\anti-virus\win2k\fsrec.sys [2009-10-1 25184]
S4 Net_ume;Net_ume; [x]
S4 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2010-03-15 14:45:54   0   d——-w-  c:\programmer\CCleaner
2010-03-12 13:21:07   293376   ———w-  c:\windows\system32\browserchoice.exe
2010-03-11 12:05:20   3558912   -c——w-  c:\windows\system32\dllcache\moviemk.exe
2010-03-09 07:13:06   0   d——-w-  C:\Virtual
2010-02-22 14:18:46   87608   ——a-w-  c:\docume~1\harry\applic~1\inst.exe
2010-02-22 14:18:30   102439   ——a-w-  c:\windows\system32\sipr3260.dll
2010-02-22 14:18:29   65602   ——a-w-  c:\windows\system32\cook3260.dll
2010-02-22 14:18:29   217127   ——a-w-  c:\windows\system32\drv43260.dll
2010-02-22 14:18:29   208935   ——a-w-  c:\windows\system32\drv33260.dll
2010-02-22 14:18:29   176165   ——a-w-  c:\windows\system32\drv23260.dll
2010-02-22 14:18:28   626688   ——a-w-  c:\windows\system32\vp7vfw.dll
2010-02-22 14:18:28   1184984   ——a-w-  c:\windows\system32\wvc1dmod.dll
2010-02-22 14:18:24   0   d——-w-  c:\programmer\VSO
2010-02-18 11:40:16   0   ——a-w-  c:\documents and settings\harry\ŸPŸP
2010-02-16 09:24:48   0   d——-w-  c:\programmer\DanID

==================== Find3M ====================

2010-03-08 17:22:15   0   ——a-w-  c:\documents and settings\harry\temp.dat
2010-02-22 14:18:48   47360   ——a-w-  c:\windows\system32\drivers\pcouffin.sys
2010-02-22 14:18:48   47360   ——a-w-  c:\docume~1\harry\applic~1\pcouffin.sys
2009-12-29 23:07:23   3766   —sha-w-  c:\windows\system32\KGyGaAvL.sys
2009-12-21 19:08:01   916480   ——a-w-  c:\windows\system32\wininet.dll
2009-12-17 07:41:56   344576   ——a-w-  c:\windows\system32\mspaint.exe
2008-10-08 06:51:38   451   ——a-w-  c:\programmer\Genvej til Corel.lnk
2008-11-14 17:10:50   23   —sha-w-  c:\windows\system32\bafdfbacac8_d.dll
2008-09-10 07:13:37   32768   -csha-w-  c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008091020080911\index.dat

============= FINISH: 20:17:52,51 ===============

mvh

Harry

Så kom der mere skrammel til syne  

Hent Combofix, og gem den på dit skrivebord, som alg.exe:
ComboFix

Luk alle andre vinduer ned.

Kør så combofix.exe, og følg anvisningerne.

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix txt

Indholdet af denne fil må du gerne lægge herind

Ja det tog da også lige lidt tid, men her er COMBOFIX loggen:

ComboFix 10-03-15.04 - Harry 16-03-2010   9:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1568 [GMT 1:00]
Kører fra: c:\documents and settings\Harry\Skrivebord\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: TDC Sikkerhedspakke 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: TDC Sikkerhedspakke 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Harry\Application Data\inst.exe
c:\programmer\Search Settings
c:\programmer\Search Settings\kb127\SearchSettings.dll
c:\programmer\Search Settings\kb127\SearchSettingsRes409.dll
c:\programmer\Search Settings\SearchSettings.exe
c:\recycler\S-1-5-21-1046910337-2535226797-4202637058-1003
C:\Thumbs.db
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\SOCKETX.DLL
c:\windows\system32\SrchSTS.exe
c:\windows\system32\uniq.tll

——- BITS: Mulige inficerede internetsteder——-

hxxp://j+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv000-7760-000000000003}
.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-02-16 til 2010-03-16 )))))))))))))))))))))))))))))))))))
.

2010-03-15 14:45 . 2010-03-15 14:45   ————  d——-w-  c:\programmer\CCleaner
2010-03-12 13:21 . 2010-02-12 10:03   293376   ———w-  c:\windows\system32\browserchoice.exe
2010-03-11 12:27 . 2010-03-11 12:27   ————  d-sh—w-  c:\documents and settings\Default User\IETldCache
2010-03-11 12:05 . 2009-10-23 15:28   3558912   -c——w-  c:\windows\system32\dllcache\moviemk.exe
2010-03-09 07:13 . 2010-03-09 07:13   ————  d——-w-  C:\Virtual
2010-02-22 14:18 . 2009-09-02 20:58   102439   ——a-w-  c:\windows\system32\sipr3260.dll
2010-02-22 14:18 . 2009-09-02 20:58   65602   ——a-w-  c:\windows\system32\cook3260.dll
2010-02-22 14:18 . 2009-09-02 20:58   217127   ——a-w-  c:\windows\system32\drv43260.dll
2010-02-22 14:18 . 2009-09-02 20:58   208935   ——a-w-  c:\windows\system32\drv33260.dll
2010-02-22 14:18 . 2009-09-02 20:58   176165   ——a-w-  c:\windows\system32\drv23260.dll
2010-02-22 14:18 . 2009-09-02 20:58   626688   ——a-w-  c:\windows\system32\vp7vfw.dll
2010-02-22 14:18 . 2009-09-02 20:57   1184984   ——a-w-  c:\windows\system32\wvc1dmod.dll
2010-02-22 14:18 . 2010-02-22 14:18   ————  d——-w-  c:\programmer\VSO
2010-02-16 09:24 . 2010-02-16 09:24   ————  dc-h—w-  c:\documents and settings\Harry\Lokale indstillinger\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-02-16 09:24 . 2010-02-16 09:24   ————  d——-w-  c:\programmer\DanID
2010-02-16 09:21 . 2010-02-16 09:21   ————  d——-w-  c:\documents and settings\Harry\Lokale indstillinger\Application Data\PackageAware

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 15:00 . 2009-01-21 14:28   ————  d——-w-  c:\programmer\Malware
2010-03-13 17:45 . 2008-12-15 13:12   ————  d——-w-  c:\documents and settings\Harry\Application Data\Vso
2010-03-13 17:40 . 2009-07-04 09:56   ————  d——-w-  c:\documents and settings\Harry\Application Data\eMule
2010-03-13 17:40 . 2008-01-03 12:40   ————  d——-w-  c:\programmer\Lynyrd
2010-03-11 12:31 . 2007-10-09 14:59   ————  d——-w-  c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 17:22 . 2008-11-14 12:50   0   ——a-w-  c:\documents and settings\Harry\temp.dat
2010-03-08 14:24 . 2006-02-27 20:06   ————  d——-w-  c:\documents and settings\Harry\Application Data\uTorrent
2010-02-22 14:18 . 2008-12-15 13:12   47360   ——a-w-  c:\windows\system32\drivers\pcouffin.sys
2010-02-22 14:18 . 2008-12-15 13:12   47360   ——a-w-  c:\documents and settings\Harry\Application Data\pcouffin.sys
2010-02-22 14:18 . 2008-12-15 13:12   47360   ——a-w-  c:\documents and settings\Harry\Application Data\pcouffin.sys
2010-02-16 09:02 . 2009-10-19 14:29   ————  d——-w-  c:\documents and settings\All Users\Application Data\NOS
2010-02-16 09:00 . 2006-02-09 09:58   ————  d——-w-  c:\programmer\Google
2010-02-16 07:46 . 2010-02-16 07:46   1975408   ——a-w-  c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-02-14 21:24 . 2010-01-12 16:38   ————  d——-w-  c:\programmer\Streaming Media Recorder (VMware ThinApp)
2010-02-07 15:02 . 2010-02-07 15:02   ————  d——-w-  c:\documents and settings\All Users\Application Data\TVU Networks
2010-02-07 15:02 . 2010-02-07 15:01   ————  d——-w-  c:\programmer\TVUPlayer
2010-01-20 19:11 . 2009-07-30 09:30   ————  d——-w-  c:\programmer\Microsoft Silverlight
2010-01-20 06:59 . 2007-06-20 07:32   ————  d——-w-  c:\documents and settings\All Users\Application Data\pdf995
2010-01-20 06:59 . 2006-09-15 10:41   60   ——a-w-  c:\windows\wpd99.drv
2010-01-20 06:01 . 2008-12-29 12:34   ————  d——-w-  c:\programmer\TDCSikkerhedspakke
2010-01-15 22:42 . 2009-02-10 10:50   ————  d——-w-  c:\programmer\Sektornet VPN
2010-01-15 20:10 . 2009-12-16 21:36   ————  d——-w-  c:\programmer\URLSnooper2
2010-01-07 15:07 . 2008-12-16 08:38   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-12-16 08:38   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2005-08-23 09:42   353792   ——a-w-  c:\windows\system32\drivers\srv.sys
2009-12-29 23:07 . 2008-11-12 07:30   3766   —sha-w-  c:\windows\system32\KGyGaAvL.sys
2009-12-29 23:07 . 2008-11-12 07:30   56   —sh—r-  c:\windows\system32\FE7A594B61.sys
2009-12-27 16:21 . 2009-12-27 16:21   152576   ——a-w-  c:\documents and settings\Harry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-27 16:20 . 2009-12-27 16:20   79488   ——a-w-  c:\documents and settings\Harry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 19:08 . 2005-08-23 09:42   916480   ——a-w-  c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2006-10-09 09:38   344576   ——a-w-  c:\windows\system32\mspaint.exe
2009-12-16 21:37 . 2009-12-16 21:37   46   ——a-w-  c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat
2009-12-16 20:39 . 2005-09-17 11:41   80280   ——a-w-  c:\documents and settings\Frederik\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2008-10-08 06:51 . 2008-10-08 06:51   451   ——a-w-  c:\programmer\Genvej til Corel.lnk
2009-09-25 16:41 . 2009-09-25 16:41   1044480   ——a-w-  c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41   200704   ——a-w-  c:\programmer\mozilla firefox\plugins\ssldivx.dll
2008-11-14 17:10 . 2008-11-14 17:10   23   —sha-w-  c:\windows\system32\bafdfbacac8_d.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@=”{F594B094-8768-4632-8143-12852EBBD688}”
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2007-09-11 15:26   1212928   ——a-w-  c:\windows\system32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@=”{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}”
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2007-09-11 15:26   1212928   ——a-w-  c:\windows\system32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@=”{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}”
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2007-09-11 15:26   1212928   ——a-w-  c:\windows\system32\RlShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“TomTomHOME.exe”=“c:\programmer\TomTom HOME 2\TomTomHOMERunner.exe” [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2005-06-20 77824]
“ATIPTA”=“c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-06-07 344064]
“HP Software Update”=“c:\programmer\HP\HP Software Update\HPWuSchd2.exe” [2007-10-14 49152]
“QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2005-11-17 155648]
“hpqSRMon”=“c:\programmer\HP\Digital Imaging\bin\hpqSRMon.exe” [2007-08-22 80896]
“GrooveMonitor”=“c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 33648]
“Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“Acrobat Assistant 8.0”=“c:\programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe” [2008-10-14 623992]
“F-Secure Manager”=“c:\programmer\TDCSikkerhedspakke\Common\FSM32.EXE” [2009-08-05 199264]
“F-Secure TNB”=“c:\programmer\TDCSikkerhedspakke\FSGUI\TNBUtil.exe” [2009-08-05 2349664]
“Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]
“SunJavaUpdateSched”=“c:\programmer\Java\jre6\bin\jusched.exe” [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-2-10 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 09:42   11952   ——a-w-  c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@=“Service”

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Image Zone Hurtig start.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HP Image Zone Hurtig start.lnk
backup=c:\windows\pss\HP Image Zone Hurtig start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03   293376   ———w-  c:\windows\system32\browserchoice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 15:05   81920   ——a-w-  c:\programmer\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcenter]
2005-04-08 11:38   1757184   ——a-w-  c:\programmer\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18   241664   ———w-  c:\programmer\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-06-26 00:32   172032   ——a-w-  c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\\Programmer\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe”=
“c:\\Programmer\\DNA\\btdna.exe”=
“c:\\WINDOWS\\system32\\sessmgr.exe”=
“c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpiscnapp.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Programmer\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\livecall.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\Support.com\\bin\\tgcmd.exe”=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [21-10-2005 11:09 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [21-10-2005 11:09 5248]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [29-12-2008 13:51 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [01-10-2009 17:58 80000]
R0 REDLIGHT;REDLIGHT;c:\windows\system32\drivers\redlight.sys [11-09-2007 16:13 2243328]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmer\TDCSikkerhedspakke\HIPS\drivers\fshs.sys [01-10-2009 17:58 68064]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [01-06-2008 08:13 34064]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmer\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [23-08-2005 10:45 799744]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmer\TDCSikkerhedspakke\Anti-Virus\minifilter\fsgk.sys [01-10-2009 17:57 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmer\TDCSikkerhedspakke\ORSP Client\fsorsp.exe [01-10-2009 17:58 55992]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19-01-2009 23:12 325896]
S1 SASDIFSV;SASDIFSV;\??\c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS—> c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\programmer\SUPERAntiSpyware\SASKUTIL.sys—> c:\programmer\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 BITS_Untrusted_BZ;Tjenesten Background Intelligent Transfer_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S2 BufferZoneSvc;BufferZone Service;c:\programmer\BufferZone\CLNTSVC.EXE—> c:\programmer\BufferZone\CLNTSVC.EXE [?]
S2 BZDcomLaunch;BufferZone DCOM Helper;c:\programmer\BufferZone\BZDCOMLAUNCH.EXE—> c:\programmer\BufferZone\BZDCOMLAUNCH.EXE [?]
S2 BZRpcSs;BufferZone RPC Helper;c:\programmer\BufferZone\BZRPCSS.EXE—> c:\programmer\BufferZone\BZRPCSS.EXE [?]
S2 LUIRGAGE;LUIRGAGE;\??\c:\windows\system32\luirgage.tqu—> c:\windows\system32\luirgage.tqu [?]
S2 MDM_Untrusted_BZ;Machine Debug Manager_Untrusted_BZ;“c:\virtual\Untrusted\C_\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE”—> c:\virtual\Untrusted\C_\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE [?]
S2 SENS_Untrusted_BZ;System Event Notification_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S2 ShellHWDetection_Untrusted_BZ;Hardwaregenkendelse på brugergrænsefladen_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe [?]
S2 StiSvc_Untrusted_BZ;Windows-billedscanning_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S2 winmgmt_Untrusted_BZ;Windows Management Instrumentation_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S2 wuauserv_Untrusted_BZ;Automatiske opdateringer_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [27-06-2008 10:24 16512]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [18-01-2009 23:42 23096]
S3 DrmRVideo;DrmRVideo;c:\windows\system32\drivers\DrmRVideo.sys [18-01-2009 23:42 3768]
S3 EventSystem_Untrusted_BZ;COM+-hændelsessystem_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S3 HP Port Resolver_Untrusted_BZ;HP Port Resolver_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\hpbpro.exe—> c:\virtual\Untrusted\C_\WINDOWS\system32\hpbpro.exe [?]
S3 HP Status Server_Untrusted_BZ;HP Status Server_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\hpboid.exe—> c:\virtual\Untrusted\C_\WINDOWS\system32\hpboid.exe [?]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys—> c:\windows\system32\DRIVERS\JakNDis.sys [?]
S3 MSIServer_Untrusted_BZ;Windows Installer_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\msiexec.exe /V—> c:\virtual\Untrusted\C_\WINDOWS\system32\msiexec.exe [?]
S3 netman_Untrusted_BZ;Netværksforbindelser_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe [?]
S3 PEBXREFCC;PEBXREFCC;c:\docume~1\Harry\LOKALE~1\Temp\PEBXREFCC.exe—> c:\docume~1\Harry\LOKALE~1\Temp\PEBXREFCC.exe [?]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [13-11-2005 22:43 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [13-11-2005 22:44 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [13-11-2005 22:44 21081]
S3 SASENUM;SASENUM;\??\c:\programmer\SUPERAntiSpyware\SASENUM.SYS—> c:\programmer\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [23-08-2005 10:45 215040]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe—> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmer\TDCSikkerhedspakke\Anti-Virus\win2k\fsfilter.sys [01-10-2009 17:57 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmer\TDCSikkerhedspakke\Anti-Virus\win2k\fsrec.sys [01-10-2009 17:57 25184]
S4 Net_ume;Net_ume; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ     p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
getPlusHelper   REG_MULTI_SZ     getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E}]
2008-04-14 16:05   78848   ——a-w-  c:\windows\system32\msiexec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04   8192   ——a-w-  c:\programmer\PixiePack Codec Pack\InstallerHelper.exe
.
Indhold af mappen ‘Planlagte Opgaver’

2008-07-17 c:\windows\Tasks\HP DArC Task 2004-05-12 09:44ewlett-Packard2004-05-12 09:44P Deskjet 6800 Series0C415CBA1D36E12EF1F94B5BB45ACEE2494FF64E126953688.job
- c:\programmer\HP\hpcoretech\comp\hpdarc.exe [2004-05-12 13:18]

2010-03-11 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\TDCSIK~1\ANTI-V~1\fsav.exe [2009-10-01 15:56]

2010-03-15 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.ld.dk/Default.aspx?ID=686
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;localhost;*.local
IE: &Google; Search
IE: &Translate; English Word
IE: &Windows; Live Search - c:\programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links
IE: Cached Snapshot of Page
IE: Convert link target to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter; til Microsoft Excel
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Similar Pages
IE: Translate Page into English
IE: Åbn på ny baggrundsfane - c:\programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?8c060afbc4ff446d9bb42cdd46d17fcb
IE: Åbn på ny forgrundsfane - c:\programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?8c060afbc4ff446d9bb42cdd46d17fcb
IE: {{0AD5A451-967F-46BD-9F5E-39247D7FC77F}
LSP: c:\programmer\TDCSikkerhedspakke\FSPS\program\FSLSP.DLL
Trusted Zone: danid.dk
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
Trusted Zone: danid.dk
TCP: {A3675EFC-76BD-4812-9CFC-E3B4DCA1C31D} = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {9C196458-4145-46AF-8A77-1506878DFECA} - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\Harry\Application Data\Mozilla\Firefox\Profiles\wp06j11p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lynghoej.dk/
FF - component: c:\programmer\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - component: c:\programmer\TDCSikkerhedspakke\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\documents and settings\Harry\Application Data\Mozilla\Firefox\Profiles\wp06j11p.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmer\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmer\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-SearchSettings - c:\programmer\Search Settings\SearchSettings.exe
MSConfigStartUp-SUPERAntiSpyware - c:\programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
AddRemove-uTorrent - c:\programmer\uTorrent\uTorrent.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 09:52
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A5713D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x8a5713d0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS:  -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LUIRGAGE]
“ImagePath”=”\??\c:\windows\system32\luirgage.tqu”
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-3337596392-3457308344-3651559544-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@=“FlashProp Class”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Control]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\EnableFullPage]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Implemented Categories]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
“VRegSpecialValueName”=dword:000000aa
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9b.ocx”
“ThreadingModel”=“Apartment”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\MiscStatus]
“VRegSpecialValueName”=dword:000000aa
@=“0”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ProgID]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Programmable]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ToolboxBitmap32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\TypeLib]
“VRegSpecialValueName”=dword:000000aa
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Version]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\VersionIndependentProgID]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe,-101”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
“VRegSpecialValueName”=dword:000000aa

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
“VRegSpecialValueName”=dword:000000aa
@=“Shockwave Flash”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Control\Print\Printers]
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Hardware Profiles\Current]
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-3337596392-3457308344-3651559544-1006\software\Classes]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-3337596392-3457308344-3651559544-1007\SOFTWARE\Classes]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-3337596392-3457308344-3651559544-1010\software\Classes]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(1232)
c:\windows\system32\Ati2evxx.dll
c:\programmer\tdcsikkerhedspakke\hips\fshook32.dll

- - - - - - - > ‘lsass.exe’(1292)
c:\programmer\TDCSikkerhedspakke\FSPS\program\FSLSP.DLL
c:\programmer\tdcsikkerhedspakke\hips\fshook32.dll

- - - - - - - > ‘explorer.exe’(2136)
c:\programmer\tdcsikkerhedspakke\hips\fshook32.dll
c:\programmer\TDCSikkerhedspakke\Spam Control\fsscoepl.dll
c:\windows\system32\RlShellExt.dll
c:\windows\system32\AM.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmer\Sektornet VPN\cvpnd.exe
c:\programmer\TDCSikkerhedspakke\Anti-Virus\fsgk32st.exe
c:\programmer\TDCSikkerhedspakke\Common\FSMA32.EXE
c:\programmer\TDCSikkerhedspakke\Anti-Virus\FSGK32.EXE
c:\programmer\TDCSikkerhedspakke\Common\FSHDLL32.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\SOUNDMAN.EXE
c:\programmer\TDCSikkerhedspakke\FWES\Program\fsdfwd.exe
c:\programmer\TDCSikkerhedspakke\Anti-Virus\fssm32.exe
c:\programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\programmer\TDCSikkerhedspakke\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-16 10:03:53 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-16 09:03
ComboFix2.txt 2008-01-02 13:35

Pre-Kørsel: 153.412.210.688 byte ledig
Post-Kørsel: 154.438.955.008 byte ledig

- - End Of File - - 851E2F29FAC87309E3BC4CB57900C3DC

Årsagen til dine infektioner finder du her:

L:\Dokumenter\emulefiler\CS3\Crack\XF-AdobeMasterCS3-KG.exe (Trojan.Agent.CK)

Fildeling og cracks, slet det og afinstaller hvad du måtte have af crackede programmer.

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
c:\documents and settings\Harry\Application Data\eMule
c:\documents and settings\Harry\Application Data\uTorrent
c:\Programmer\DNA
c:\Programmer\eMule
c:\Programmer\uTorrent
Driver::
AvgLdx86
avg8wd
Net_ume

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Ja så kan lære det kan han

Et eller andet stoppede før tid, der fremkom ihvertlad ikke nogen log, så jeg er nok nødt til at starte forfra med en alm. combofixlog. Den følger her:

ComboFix 10-03-15.06 - Harry 16-03-2010 20:26:30.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1531 [GMT 1:00]
Kører fra: c:\documents and settings\Harry\Skrivebord\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: TDC Sikkerhedspakke 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: TDC Sikkerhedspakke 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

(((((((((((((((((((((((((((((  Filer skabt fra 2010-02-16 til 2010-03-16 )))))))))))))))))))))))))))))))))))
.

2010-03-15 14:45 . 2010-03-15 14:45   ————  d——-w-  c:\programmer\CCleaner
2010-03-12 13:21 . 2010-02-12 10:03   293376   ———w-  c:\windows\system32\browserchoice.exe
2010-03-11 12:27 . 2010-03-11 12:27   ————  d-sh—w-  c:\documents and settings\Default User\IETldCache
2010-03-11 12:05 . 2009-10-23 15:28   3558912   -c——w-  c:\windows\system32\dllcache\moviemk.exe
2010-03-09 07:13 . 2010-03-09 07:13   ————  d——-w-  C:\Virtual
2010-02-22 14:18 . 2009-09-02 20:58   102439   ——a-w-  c:\windows\system32\sipr3260.dll
2010-02-22 14:18 . 2009-09-02 20:58   65602   ——a-w-  c:\windows\system32\cook3260.dll
2010-02-22 14:18 . 2009-09-02 20:58   217127   ——a-w-  c:\windows\system32\drv43260.dll
2010-02-22 14:18 . 2009-09-02 20:58   208935   ——a-w-  c:\windows\system32\drv33260.dll
2010-02-22 14:18 . 2009-09-02 20:58   176165   ——a-w-  c:\windows\system32\drv23260.dll
2010-02-22 14:18 . 2009-09-02 20:58   626688   ——a-w-  c:\windows\system32\vp7vfw.dll
2010-02-22 14:18 . 2009-09-02 20:57   1184984   ——a-w-  c:\windows\system32\wvc1dmod.dll
2010-02-22 14:18 . 2010-02-22 14:18   ————  d——-w-  c:\programmer\VSO
2010-02-16 09:24 . 2010-02-16 09:24   ————  dc-h—w-  c:\documents and settings\Harry\Lokale indstillinger\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-02-16 09:24 . 2010-02-16 09:24   ————  d——-w-  c:\programmer\DanID
2010-02-16 09:21 . 2010-02-16 09:21   ————  d——-w-  c:\documents and settings\Harry\Lokale indstillinger\Application Data\PackageAware

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 15:00 . 2009-01-21 14:28   ————  d——-w-  c:\programmer\Malware
2010-03-13 17:45 . 2008-12-15 13:12   ————  d——-w-  c:\documents and settings\Harry\Application Data\Vso
2010-03-13 17:40 . 2009-07-04 09:56   ————  d——-w-  c:\documents and settings\Harry\Application Data\eMule
2010-03-13 17:40 . 2008-01-03 12:40   ————  d——-w-  c:\programmer\Lynyrd
2010-03-11 12:31 . 2007-10-09 14:59   ————  d——-w-  c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 17:22 . 2008-11-14 12:50   0   ——a-w-  c:\documents and settings\Harry\temp.dat
2010-03-08 14:24 . 2006-02-27 20:06   ————  d——-w-  c:\documents and settings\Harry\Application Data\uTorrent
2010-02-22 14:18 . 2008-12-15 13:12   47360   ——a-w-  c:\windows\system32\drivers\pcouffin.sys
2010-02-22 14:18 . 2008-12-15 13:12   47360   ——a-w-  c:\documents and settings\Harry\Application Data\pcouffin.sys
2010-02-22 14:18 . 2008-12-15 13:12   47360   ——a-w-  c:\documents and settings\Harry\Application Data\pcouffin.sys
2010-02-16 09:02 . 2009-10-19 14:29   ————  d——-w-  c:\documents and settings\All Users\Application Data\NOS
2010-02-16 09:00 . 2006-02-09 09:58   ————  d——-w-  c:\programmer\Google
2010-02-16 07:46 . 2010-02-16 07:46   1975408   ——a-w-  c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-02-14 21:24 . 2010-01-12 16:38   ————  d——-w-  c:\programmer\Streaming Media Recorder (VMware ThinApp)
2010-02-07 15:02 . 2010-02-07 15:02   ————  d——-w-  c:\documents and settings\All Users\Application Data\TVU Networks
2010-02-07 15:02 . 2010-02-07 15:01   ————  d——-w-  c:\programmer\TVUPlayer
2010-01-20 19:11 . 2009-07-30 09:30   ————  d——-w-  c:\programmer\Microsoft Silverlight
2010-01-20 06:59 . 2007-06-20 07:32   ————  d——-w-  c:\documents and settings\All Users\Application Data\pdf995
2010-01-20 06:59 . 2006-09-15 10:41   60   ——a-w-  c:\windows\wpd99.drv
2010-01-20 06:01 . 2008-12-29 12:34   ————  d——-w-  c:\programmer\TDCSikkerhedspakke
2010-01-15 22:42 . 2009-02-10 10:50   ————  d——-w-  c:\programmer\Sektornet VPN
2010-01-15 20:10 . 2009-12-16 21:36   ————  d——-w-  c:\programmer\URLSnooper2
2010-01-07 15:07 . 2008-12-16 08:38   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-12-16 08:38   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2005-08-23 09:42   353792   ——a-w-  c:\windows\system32\drivers\srv.sys
2009-12-29 23:07 . 2008-11-12 07:30   3766   —sha-w-  c:\windows\system32\KGyGaAvL.sys
2009-12-29 23:07 . 2008-11-12 07:30   56   —sh—r-  c:\windows\system32\FE7A594B61.sys
2009-12-27 16:21 . 2009-12-27 16:21   152576   ——a-w-  c:\documents and settings\Harry\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-27 16:20 . 2009-12-27 16:20   79488   ——a-w-  c:\documents and settings\Harry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 19:08 . 2005-08-23 09:42   916480   ———w-  c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2006-10-09 09:38   344576   ——a-w-  c:\windows\system32\mspaint.exe
2009-12-16 21:37 . 2009-12-16 21:37   46   ——a-w-  c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat
2009-12-16 20:39 . 2005-09-17 11:41   80280   ——a-w-  c:\documents and settings\Frederik\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2008-10-08 06:51 . 2008-10-08 06:51   451   ——a-w-  c:\programmer\Genvej til Corel.lnk
2009-09-25 16:41 . 2009-09-25 16:41   1044480   ——a-w-  c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41   200704   ——a-w-  c:\programmer\mozilla firefox\plugins\ssldivx.dll
2008-11-14 17:10 . 2008-11-14 17:10   23   —sha-w-  c:\windows\system32\bafdfbacac8_d.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@=”{F594B094-8768-4632-8143-12852EBBD688}”
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2007-09-11 15:26   1212928   ——a-w-  c:\windows\system32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@=”{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}”
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2007-09-11 15:26   1212928   ——a-w-  c:\windows\system32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@=”{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}”
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2007-09-11 15:26   1212928   ——a-w-  c:\windows\system32\RlShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“TomTomHOME.exe”=“c:\programmer\TomTom HOME 2\TomTomHOMERunner.exe” [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2005-06-20 77824]
“ATIPTA”=“c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-06-07 344064]
“HP Software Update”=“c:\programmer\HP\HP Software Update\HPWuSchd2.exe” [2007-10-14 49152]
“QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2005-11-17 155648]
“hpqSRMon”=“c:\programmer\HP\Digital Imaging\bin\hpqSRMon.exe” [2007-08-22 80896]
“GrooveMonitor”=“c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 33648]
“Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“Acrobat Assistant 8.0”=“c:\programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe” [2008-10-14 623992]
“F-Secure Manager”=“c:\programmer\TDCSikkerhedspakke\Common\FSM32.EXE” [2009-08-05 199264]
“F-Secure TNB”=“c:\programmer\TDCSikkerhedspakke\FSGUI\TNBUtil.exe” [2009-08-05 2349664]
“Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]
“SunJavaUpdateSched”=“c:\programmer\Java\jre6\bin\jusched.exe” [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-2-10 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 09:42   11952   ——a-w-  c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@=“Service”

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Image Zone Hurtig start.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\HP Image Zone Hurtig start.lnk
backup=c:\windows\pss\HP Image Zone Hurtig start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03   293376   ———w-  c:\windows\system32\browserchoice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 15:05   81920   ——a-w-  c:\programmer\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcenter]
2005-04-08 11:38   1757184   ——a-w-  c:\programmer\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18   241664   ———w-  c:\programmer\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-06-26 00:32   172032   ——a-w-  c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\\Programmer\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe”=
“c:\\Programmer\\DNA\\btdna.exe”=
“c:\\WINDOWS\\system32\\sessmgr.exe”=
“c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpiscnapp.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Programmer\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\livecall.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\Support.com\\bin\\tgcmd.exe”=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [21-10-2005 11:09 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [21-10-2005 11:09 5248]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [29-12-2008 13:51 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [01-10-2009 17:58 80000]
R0 REDLIGHT;REDLIGHT;c:\windows\system32\drivers\redlight.sys [11-09-2007 16:13 2243328]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmer\TDCSikkerhedspakke\HIPS\drivers\fshs.sys [01-10-2009 17:58 68064]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [01-06-2008 08:13 34064]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmer\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [23-08-2005 10:45 799744]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmer\TDCSikkerhedspakke\Anti-Virus\minifilter\fsgk.sys [01-10-2009 17:57 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmer\TDCSikkerhedspakke\ORSP Client\fsorsp.exe [01-10-2009 17:58 55992]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19-01-2009 23:12 325896]
S1 SASDIFSV;SASDIFSV;\??\c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS—> c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\programmer\SUPERAntiSpyware\SASKUTIL.sys—> c:\programmer\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 BITS_Untrusted_BZ;Tjenesten Background Intelligent Transfer_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S2 BufferZoneSvc;BufferZone Service;c:\programmer\BufferZone\CLNTSVC.EXE—> c:\programmer\BufferZone\CLNTSVC.EXE [?]
S2 BZDcomLaunch;BufferZone DCOM Helper;c:\programmer\BufferZone\BZDCOMLAUNCH.EXE—> c:\programmer\BufferZone\BZDCOMLAUNCH.EXE [?]
S2 BZRpcSs;BufferZone RPC Helper;c:\programmer\BufferZone\BZRPCSS.EXE—> c:\programmer\BufferZone\BZRPCSS.EXE [?]
S2 LUIRGAGE;LUIRGAGE;\??\c:\windows\system32\luirgage.tqu—> c:\windows\system32\luirgage.tqu [?]
S2 MDM_Untrusted_BZ;Machine Debug Manager_Untrusted_BZ;“c:\virtual\Untrusted\C_\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE”—> c:\virtual\Untrusted\C_\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE [?]
S2 SENS_Untrusted_BZ;System Event Notification_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S2 ShellHWDetection_Untrusted_BZ;Hardwaregenkendelse på brugergrænsefladen_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe [?]
S2 StiSvc_Untrusted_BZ;Windows-billedscanning_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S2 winmgmt_Untrusted_BZ;Windows Management Instrumentation_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S2 wuauserv_Untrusted_BZ;Automatiske opdateringer_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [27-06-2008 10:24 16512]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [18-01-2009 23:42 23096]
S3 DrmRVideo;DrmRVideo;c:\windows\system32\drivers\DrmRVideo.sys [18-01-2009 23:42 3768]
S3 EventSystem_Untrusted_BZ;COM+-hændelsessystem_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?]
S3 HP Port Resolver_Untrusted_BZ;HP Port Resolver_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\hpbpro.exe—> c:\virtual\Untrusted\C_\WINDOWS\system32\hpbpro.exe [?]
S3 HP Status Server_Untrusted_BZ;HP Status Server_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\hpboid.exe—> c:\virtual\Untrusted\C_\WINDOWS\system32\hpboid.exe [?]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys—> c:\windows\system32\DRIVERS\JakNDis.sys [?]
S3 MSIServer_Untrusted_BZ;Windows Installer_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\msiexec.exe /V—> c:\virtual\Untrusted\C_\WINDOWS\system32\msiexec.exe [?]
S3 netman_Untrusted_BZ;Netværksforbindelser_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs—> c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe [?]
S3 PEBXREFCC;PEBXREFCC;c:\docume~1\Harry\LOKALE~1\Temp\PEBXREFCC.exe—> c:\docume~1\Harry\LOKALE~1\Temp\PEBXREFCC.exe [?]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [13-11-2005 22:43 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [13-11-2005 22:44 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [13-11-2005 22:44 21081]
S3 SASENUM;SASENUM;\??\c:\programmer\SUPERAntiSpyware\SASENUM.SYS—> c:\programmer\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [23-08-2005 10:45 215040]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe—> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmer\TDCSikkerhedspakke\Anti-Virus\win2k\fsfilter.sys [01-10-2009 17:57 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmer\TDCSikkerhedspakke\Anti-Virus\win2k\fsrec.sys [01-10-2009 17:57 25184]
S4 Net_ume;Net_ume; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ     p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
getPlusHelper   REG_MULTI_SZ     getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E}]
2008-04-14 16:05   78848   ——a-w-  c:\windows\system32\msiexec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04   8192   ——a-w-  c:\programmer\PixiePack Codec Pack\InstallerHelper.exe
.
Indhold af mappen ‘Planlagte Opgaver’

2008-07-17 c:\windows\Tasks\HP DArC Task 2004-05-12 09:44ewlett-Packard2004-05-12 09:44P Deskjet 6800 Series0C415CBA1D36E12EF1F94B5BB45ACEE2494FF64E126953688.job
- c:\programmer\HP\hpcoretech\comp\hpdarc.exe [2004-05-12 13:18]

2010-03-11 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\TDCSIK~1\ANTI-V~1\fsav.exe [2009-10-01 15:56]

2010-03-16 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.ld.dk/Default.aspx?ID=686
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;localhost;*.local
IE: &Google; Search
IE: &Translate; English Word
IE: &Windows; Live Search - c:\programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links
IE: Cached Snapshot of Page
IE: Convert link target to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter; til Microsoft Excel
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Similar Pages
IE: Translate Page into English
IE: Åbn på ny baggrundsfane - c:\programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?8c060afbc4ff446d9bb42cdd46d17fcb
IE: Åbn på ny forgrundsfane - c:\programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?8c060afbc4ff446d9bb42cdd46d17fcb
IE: {{0AD5A451-967F-46BD-9F5E-39247D7FC77F}
LSP: c:\programmer\TDCSikkerhedspakke\FSPS\program\FSLSP.DLL
Trusted Zone: danid.dk
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
Trusted Zone: danid.dk
TCP: {A3675EFC-76BD-4812-9CFC-E3B4DCA1C31D} = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {9C196458-4145-46AF-8A77-1506878DFECA} - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\documents and settings\Harry\Application Data\Mozilla\Firefox\Profiles\wp06j11p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lynghoej.dk/
FF - component: c:\programmer\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - component: c:\programmer\TDCSikkerhedspakke\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 20:50
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A3377C0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x8a3377c0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: SiS191 1000/100/10 Ethernet Device -> SendCompleteHandler -> NDIS.SYS @ 0xba3cfbb0
PacketIndicateHandler -> NDIS.SYS @ 0xba3dca21
SendHandler -> NDIS.SYS @ 0xba3ba87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LUIRGAGE]
“ImagePath”=”\??\c:\windows\system32\luirgage.tqu”
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-3337596392-3457308344-3651559544-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@=“FlashProp Class”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Control]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\EnableFullPage]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Implemented Categories]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
“VRegSpecialValueName”=dword:000000aa
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9b.ocx”
“ThreadingModel”=“Apartment”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\MiscStatus]
“VRegSpecialValueName”=dword:000000aa
@=“0”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ProgID]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Programmable]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ToolboxBitmap32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\TypeLib]
“VRegSpecialValueName”=dword:000000aa
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Version]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\VersionIndependentProgID]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe,-101”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\ClsID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
“VRegSpecialValueName”=dword:000000aa

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
“VRegSpecialValueName”=dword:000000aa
@=“Shockwave Flash”

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
“VRegSpecialValueName”=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Control\Print\Printers]
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Hardware Profiles\Current]
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-3337596392-3457308344-3651559544-1006\software\Classes]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-3337596392-3457308344-3651559544-1007\SOFTWARE\Classes]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-3337596392-3457308344-3651559544-1010\software\Classes]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(1628)
c:\windows\system32\Ati2evxx.dll
c:\programmer\tdcsikkerhedspakke\hips\fshook32.dll

- - - - - - - > ‘lsass.exe’(1684)
c:\programmer\TDCSikkerhedspakke\FSPS\program\FSLSP.DLL
c:\programmer\tdcsikkerhedspakke\hips\fshook32.dll

- - - - - - - > ‘explorer.exe’(2200)
c:\programmer\tdcsikkerhedspakke\hips\fshook32.dll
c:\programmer\TDCSikkerhedspakke\Spam Control\fsscoepl.dll
c:\windows\system32\RlShellExt.dll
c:\windows\system32\AM.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmer\Sektornet VPN\cvpnd.exe
c:\programmer\TDCSikkerhedspakke\Anti-Virus\fsgk32st.exe
c:\programmer\TDCSikkerhedspakke\Common\FSMA32.EXE
c:\programmer\TDCSikkerhedspakke\Anti-Virus\FSGK32.EXE
c:\programmer\TDCSikkerhedspakke\Common\FSHDLL32.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\programmer\TDCSikkerhedspakke\FWES\Program\fsdfwd.exe
c:\programmer\TDCSikkerhedspakke\Anti-Virus\fssm32.exe
c:\programmer\TDCSikkerhedspakke\Anti-Virus\fsav32.exe
c:\windows\SOUNDMAN.EXE
c:\programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-16 21:01:57 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-16 20:01
ComboFix2.txt 2010-03-16 09:03
ComboFix3.txt 2008-01-02 13:35

Pre-Kørsel: 154.342.522.880 byte ledig
Post-Kørsel: 154.391.695.360 byte ledig

- - End Of File - - 673E381B3DD910817FC0436EEE7AE848

Et eller andet stoppede før tid, der fremkom ihvertlad ikke nogen log, så jeg er nok nødt til at starte forfra med en alm. combofixlog. Den følger her:

Ok. Så prøver vi på en anden måde, for der er en del skrammel i den log.

Download Lop S&D by Eric_71 og gem det på dit Skrivebord.
http://eric.71.mespages.googlepages.com/lop.sd.en
Klik på - Download knappen til venstre

—Kør LopSD. Tast e - for Engelsk. Tryk Enter.
Tast så 2 = (Fix + Hosts)
Tryk Enter. Så kører scanningen.
Lad programmet gennemføre en rensning.

Når scanningen er færdig, ligger der en log fil her C:lopR txt, som du godt må kopiere ind i dit næste svar.

Her følger lopSD loggen:

—-\\  Lop S&D 4.2.5-0   XP/Vista

  Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
  X86-based PC ( Multiprocessor Free :          Intel(R) Pentium(R) 4 CPU 3.20GHz )
  BIOS : Award Modular BIOS v6.00PG
  USER : Harry ( Administrator )
  BOOT : Normal boot
  Antivirus : TDC Sikkerhedspakke 9.01 9.01 (Activated)
  Firewall : TDC Sikkerhedspakke 9.01 9.01 (Activated)
  C:\ (Local Disk) - NTFS - Total:232 Go (Free:144 Go)
  D:\ (CD or DVD)
  E:\ (CD or DVD)
  G:\ (USB)
  H:\ (USB)
  I:\ (USB)
  J:\ (USB)
  K:\ (USB)
  L:\ (Local Disk) - NTFS - Total:465 Go (Free:363 Go)

  “C:\Lop SD” ( MAJ : 19-12-2008|23:40 )
  Option : [2] ( 17-03-2010|19:37 )

  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

  ——————————\\  Listing folders in APPLIC~1

  [01-08-2009|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
  [23-08-2005|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
  [31-07-2009|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
  [17-11-2005|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
  [04-06-2009|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
  [22-10-2007|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
  [19-12-2007|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
  [19-10-2009|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
  [19-09-2005|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
  [16-12-2009|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DonationCoder
  [07-02-2009|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
  [02-01-2008|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eMule
  [08-01-2008|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FirstClass
  [31-07-2009|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
  [01-10-2009|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\f-secure
  [01-10-2009|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
  [02-01-2008|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
  [05-01-2009|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
  [05-01-2009|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
  [05-01-2009|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
  [11-12-2005|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
  [19-01-2008|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
  [16-12-2008|09:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
  [20-03-2009|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
  [19-09-2006|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
  [11-03-2010|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
  [30-12-2009|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
  [30-12-2009|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
  [16-02-2010|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
  [15-01-2007|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
  [08-02-2009|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
  [20-01-2010|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pdf995
  [29-11-2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RapidSolution
  [06-01-2007|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
  [19-01-2007|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
  [05-07-2007|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
  [12-01-2010|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Thinstall
  [22-09-2009|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
  [07-02-2010|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
  [05-01-2009|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
  [14-11-2005|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
  [13-09-2006|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
  [27-06-2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
  [0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
  [45|mappe(r)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledig

  [23-08-2005|19:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
  [23-08-2005|20:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
  [4|mappe(r)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledig

  [05-08-2009|15:14] C:\DOCUME~1\Frederik\APPLIC~1\Adobe
  [08-01-2006|10:25] C:\DOCUME~1\Frederik\APPLIC~1\AdobeAUM
  [21-03-2007|18:14] C:\DOCUME~1\Frederik\APPLIC~1\AdobeUM
  [19-05-2006|18:58] C:\DOCUME~1\Frederik\APPLIC~1\Apple Computer
  [25-12-2005|09:31] C:\DOCUME~1\Frederik\APPLIC~1\Atari
  [14-08-2009|08:54] C:\DOCUME~1\Frederik\APPLIC~1\ATI
  [30-10-2006|15:13] C:\DOCUME~1\Frederik\APPLIC~1\CyberLink
  [02-09-2007|14:28] C:\DOCUME~1\Frederik\APPLIC~1\DivX
  [11-12-2005|12:03] C:\DOCUME~1\Frederik\APPLIC~1\GlobalSCAPE
  [28-08-2006|17:56] C:\DOCUME~1\Frederik\APPLIC~1\Google
  [02-01-2008|20:42] C:\DOCUME~1\Frederik\APPLIC~1\Grisoft
  [11-03-2006|18:19] C:\DOCUME~1\Frederik\APPLIC~1\Help
  [25-02-2009|21:33] C:\DOCUME~1\Frederik\APPLIC~1\HP
  [09-03-2009|22:59] C:\DOCUME~1\Frederik\APPLIC~1\HPAppData
  [23-08-2005|19:36] C:\DOCUME~1\Frederik\APPLIC~1\Identities
  [17-09-2005|12:50] C:\DOCUME~1\Frederik\APPLIC~1\InterVideo
  [18-02-2006|18:01] C:\DOCUME~1\Frederik\APPLIC~1\Jasc Software Inc
  [11-04-2007|11:18] C:\DOCUME~1\Frederik\APPLIC~1\LEGO Company
  [03-12-2005|13:18] C:\DOCUME~1\Frederik\APPLIC~1\Macromedia
  [19-01-2008|18:41] C:\DOCUME~1\Frederik\APPLIC~1\Mathsoft
  [16-08-2009|21:36] C:\DOCUME~1\Frederik\APPLIC~1\Microsoft
  [22-02-2006|13:24] C:\DOCUME~1\Frederik\APPLIC~1\Microsoft Games
  [09-03-2009|22:53] C:\DOCUME~1\Frederik\APPLIC~1\Search Settings
  [05-07-2007|18:33] C:\DOCUME~1\Frederik\APPLIC~1\Seven Zip
  [21-02-2006|12:58] C:\DOCUME~1\Frederik\APPLIC~1\SlySoft
  [02-03-2006|16:11] C:\DOCUME~1\Frederik\APPLIC~1\Sun
  [17-02-2006|17:58] C:\DOCUME~1\Frederik\APPLIC~1\ubi.com
  [0|fil(er)] C:\DOCUME~1\Frederik\APPLIC~1\byte
  [29|mappe(r)] C:\DOCUME~1\Frederik\APPLIC~1\byte ledig

  [23-08-2005|19:36] C:\DOCUME~1\GST~1\APPLIC~1\Identities
  [29-09-2005|14:16] C:\DOCUME~1\GST~1\APPLIC~1\Macromedia
  [04-06-2009|21:47] C:\DOCUME~1\GST~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\GST~1\APPLIC~1\byte
  [5|mappe(r)] C:\DOCUME~1\GST~1\APPLIC~1\byte ledig

  [23-10-2009|11:31] C:\DOCUME~1\Harry\APPLIC~1\Adobe
  [03-01-2006|12:06] C:\DOCUME~1\Harry\APPLIC~1\AdobeAUM
  [12-01-2007|19:04] C:\DOCUME~1\Harry\APPLIC~1\AdobeUM
  [18-01-2009|21:58] C:\DOCUME~1\Harry\APPLIC~1\Ahead
  [21-02-2006|09:41] C:\DOCUME~1\Harry\APPLIC~1\AOHackers
  [17-11-2005|16:41] C:\DOCUME~1\Harry\APPLIC~1\Apple Computer
  [05-07-2007|18:06] C:\DOCUME~1\Harry\APPLIC~1\Atari
  [14-08-2009|08:54] C:\DOCUME~1\Harry\APPLIC~1\ATI
  [18-11-2009|08:14] C:\DOCUME~1\Harry\APPLIC~1\CoreFTP
  [19-10-2009|20:39] C:\DOCUME~1\Harry\APPLIC~1\Corel
  [19-10-2005|09:52] C:\DOCUME~1\Harry\APPLIC~1\Cryptomathic
  [19-09-2005|22:25] C:\DOCUME~1\Harry\APPLIC~1\CyberLink
  [05-02-2009|23:09] C:\DOCUME~1\Harry\APPLIC~1\DivX
  [11-11-2008|20:12] C:\DOCUME~1\Harry\APPLIC~1\DNA
  [16-12-2009|22:37] C:\DOCUME~1\Harry\APPLIC~1\DonationCoder
  [08-09-2009|09:43] C:\DOCUME~1\Harry\APPLIC~1\dvdcss
  [08-01-2008|09:10] C:\DOCUME~1\Harry\APPLIC~1\FirstClass
  [25-12-2009|00:00] C:\DOCUME~1\Harry\APPLIC~1\f-secure
  [28-05-2008|15:35] C:\DOCUME~1\Harry\APPLIC~1\GARMIN
  [27-01-2007|14:17] C:\DOCUME~1\Harry\APPLIC~1\GenJ
  [12-01-2010|08:48] C:\DOCUME~1\Harry\APPLIC~1\GetRightToGo
  [27-11-2005|15:35] C:\DOCUME~1\Harry\APPLIC~1\GlobalSCAPE
  [09-02-2006|11:07] C:\DOCUME~1\Harry\APPLIC~1\Google
  [12-08-2008|17:42] C:\DOCUME~1\Harry\APPLIC~1\Help
  [05-01-2009|20:34] C:\DOCUME~1\Harry\APPLIC~1\HP
  [21-03-2009|14:45] C:\DOCUME~1\Harry\APPLIC~1\HPAppData
  [23-08-2005|19:36] C:\DOCUME~1\Harry\APPLIC~1\Identities
  [10-09-2007|13:16] C:\DOCUME~1\Harry\APPLIC~1\InstallShield
  [19-09-2005|18:32] C:\DOCUME~1\Harry\APPLIC~1\InterVideo
  [02-08-2009|16:13] C:\DOCUME~1\Harry\APPLIC~1\J River
  [11-12-2005|11:16] C:\DOCUME~1\Harry\APPLIC~1\Jasc
  [05-04-2009|18:18] C:\DOCUME~1\Harry\APPLIC~1\Jasc Software Inc
  [14-06-2007|09:12] C:\DOCUME~1\Harry\APPLIC~1\Joost
  [27-11-2005|20:49] C:\DOCUME~1\Harry\APPLIC~1\Macromedia
  [14-11-2008|19:48] C:\DOCUME~1\Harry\APPLIC~1\MailWasherPro
  [16-12-2008|09:38] C:\DOCUME~1\Harry\APPLIC~1\Malwarebytes
  [28-01-2008|20:18] C:\DOCUME~1\Harry\APPLIC~1\Mathsoft
  [16-06-2009|16:16] C:\DOCUME~1\Harry\APPLIC~1\Microsoft
  [22-02-2006|11:51] C:\DOCUME~1\Harry\APPLIC~1\Microsoft Games
  [29-05-2008|10:48] C:\DOCUME~1\Harry\APPLIC~1\Mozilla
  [30-12-2009|12:07] C:\DOCUME~1\Harry\APPLIC~1\NCH Software
  [07-10-2008|07:16] C:\DOCUME~1\Harry\APPLIC~1\OpenOffice.org2
  [22-04-2006|22:07] C:\DOCUME~1\Harry\APPLIC~1\Opera
  [20-06-2007|09:00] C:\DOCUME~1\Harry\APPLIC~1\pdf995
  [27-10-2009|13:00] C:\DOCUME~1\Harry\APPLIC~1\Real
  [10-09-2008|09:13] C:\DOCUME~1\Harry\APPLIC~1\RTPlayer
  [05-02-2009|23:53] C:\DOCUME~1\Harry\APPLIC~1\Search Settings
  [08-01-2007|20:55] C:\DOCUME~1\Harry\APPLIC~1\Seven Zip
  [19-09-2008|13:03] C:\DOCUME~1\Harry\APPLIC~1\Skype
  [18-11-2005|13:08] C:\DOCUME~1\Harry\APPLIC~1\SlySoft
  [14-11-2008|12:25] C:\DOCUME~1\Harry\APPLIC~1\Steinberg
  [28-02-2006|15:10] C:\DOCUME~1\Harry\APPLIC~1\Sun
  [29-06-2006|20:14] C:\DOCUME~1\Harry\APPLIC~1\SUPERAntiSpyware.com
  [30-09-2006|00:54] C:\DOCUME~1\Harry\APPLIC~1\Talkback
  [17-09-2005|12:27] C:\DOCUME~1\Harry\APPLIC~1\Template
  [06-09-2007|14:57] C:\DOCUME~1\Harry\APPLIC~1\TomTom
  [21-11-2008|23:42] C:\DOCUME~1\Harry\APPLIC~1\tunebite
  [17-02-2006|07:37] C:\DOCUME~1\Harry\APPLIC~1\ubi.com
  [16-12-2008|09:10] C:\DOCUME~1\Harry\APPLIC~1\Uniblue
  [21-03-2009|14:44] C:\DOCUME~1\Harry\APPLIC~1\vlc
  [13-03-2010|18:45] C:\DOCUME~1\Harry\APPLIC~1\Vso
  [06-08-2007|14:27] C:\DOCUME~1\Harry\APPLIC~1\VSRevoGroup
  [0|fil(er)] C:\DOCUME~1\Harry\APPLIC~1\byte
  [64|mappe(r)] C:\DOCUME~1\Harry\APPLIC~1\byte ledig

  [10-05-2008|10:23] C:\DOCUME~1\Kristian\APPLIC~1\Adobe
  [03-12-2005|14:46] C:\DOCUME~1\Kristian\APPLIC~1\AdobeUM
  [03-08-2006|19:11] C:\DOCUME~1\Kristian\APPLIC~1\Apple Computer
  [28-12-2005|00:06] C:\DOCUME~1\Kristian\APPLIC~1\Atari
  [14-08-2009|08:54] C:\DOCUME~1\Kristian\APPLIC~1\ATI
  [28-11-2005|18:51] C:\DOCUME~1\Kristian\APPLIC~1\GlobalSCAPE
  [23-08-2006|22:18] C:\DOCUME~1\Kristian\APPLIC~1\Google
  [24-01-2008|21:14] C:\DOCUME~1\Kristian\APPLIC~1\Grisoft
  [23-10-2005|17:55] C:\DOCUME~1\Kristian\APPLIC~1\Help
  [23-08-2005|19:36] C:\DOCUME~1\Kristian\APPLIC~1\Identities
  [16-12-2005|14:43] C:\DOCUME~1\Kristian\APPLIC~1\Jasc Software Inc
  [17-10-2005|19:46] C:\DOCUME~1\Kristian\APPLIC~1\Macromedia
  [17-05-2009|21:51] C:\DOCUME~1\Kristian\APPLIC~1\Microsoft
  [11-03-2006|20:00] C:\DOCUME~1\Kristian\APPLIC~1\Microsoft Games
  [30-09-2006|10:42] C:\DOCUME~1\Kristian\APPLIC~1\Mozilla
  [04-07-2006|19:25] C:\DOCUME~1\Kristian\APPLIC~1\NFT
  [24-11-2005|17:59] C:\DOCUME~1\Kristian\APPLIC~1\SlySoft
  [31-07-2006|14:55] C:\DOCUME~1\Kristian\APPLIC~1\Sun
  [24-12-2006|21:52] C:\DOCUME~1\Kristian\APPLIC~1\Talkback
  [29-11-2006|19:21] C:\DOCUME~1\Kristian\APPLIC~1\Template
  [0|fil(er)] C:\DOCUME~1\Kristian\APPLIC~1\byte
  [22|mappe(r)] C:\DOCUME~1\Kristian\APPLIC~1\byte ledig

  [04-11-2006|17:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
  [04-03-2006|13:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
  [10-02-2007|12:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
  [04-06-2009|21:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
  [6|mappe(r)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledig

  [04-06-2009|21:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
  [3|mappe(r)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledig

  ——————————\\  Scheduled Tasks located in C:\WINDOWS\Tasks

  [12-03-2010 00:57][—a———] C:\WINDOWS\tasks\Scheduled scanning task.job
  [17-03-2010 19:24][—a———] C:\WINDOWS\tasks\Søg efter opdateringer til Windows Live Toolbar.job
  [17-07-2008 11:57][—a———] C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#HP Deskjet 6800 Series#1126953688.job
  [17-03-2010 17:27][—ah——-] C:\WINDOWS\tasks\SA.DAT
  [27-08-2004 13:00][-r-h——-] C:\WINDOWS\tasks\desktop.ini

  ——————————\\  Listing Folders in C:\Programmer

  [09-02-2006|10:30] C:\Programmer\3D-FTP
  [17-09-2005|14:38] C:\Programmer\3DO
  [03-01-2006|17:09] C:\Programmer\A4Proxy
  [22-04-2006|13:18] C:\Programmer\Activision
  [11-08-2009|18:52] C:\Programmer\Adobe
  [13-11-2005|22:31] C:\Programmer\Adobe Premiere
  [08-02-2009|17:21] C:\Programmer\Ahead
  [27-06-2008|10:24] C:\Programmer\Alt CDA to MP3 Converter
  [28-07-2006|22:53] C:\Programmer\AOHackers
  [24-06-2006|21:12] C:\Programmer\Atari
  [03-01-2007|21:35] C:\Programmer\ATI Technologies
  [11-11-2008|20:12] C:\Programmer\BearShare Applications
  [01-01-2004|17:09] C:\Programmer\Bethesda Softworks
  [20-01-2007|11:18] C:\Programmer\Billy Blade and the Temple of Time
  [05-07-2007|18:33] C:\Programmer\Blaze Media Pro
  [31-07-2009|15:19] C:\Programmer\Bonjour
  [20-11-2008|07:54] C:\Programmer\Cain
  [15-03-2010|15:45] C:\Programmer\CCleaner
  [11-02-2006|19:56] C:\Programmer\ComPlus Applications
  [21-07-2008|10:35] C:\Programmer\Conduit
  [22-09-2009|12:27] C:\Programmer\CoreFTP
  [19-10-2009|16:36] C:\Programmer\Corel
  [28-12-2005|12:05] C:\Programmer\CoverPro
  [03-01-2008|21:29] C:\Programmer\Cucusoft
  [09-10-2007|15:50] C:\Programmer\Daemon-Tools-3.47
  [16-02-2010|10:24] C:\Programmer\DanID
  [13-10-2006|17:27] C:\Programmer\DigitalJesters
  [14-11-2005|19:39] C:\Programmer\directx
  [26-10-2009|12:02] C:\Programmer\DivX
  [30-12-2009|12:10] C:\Programmer\DJ Music Mixer
  [09-10-2007|15:50] C:\Programmer\D-Tools
  [07-02-2009|22:42] C:\Programmer\DVD Shrink
  [03-11-2008|21:19] C:\Programmer\EA GAMES
  [11-06-2006|16:46] C:\Programmer\Eidos
  [19-01-2009|10:58] C:\Programmer\Elaborate Bytes
  [29-06-2006|12:41] C:\Programmer\ewido
  [07-01-2009|23:22] C:\Programmer\FDRLab
  [31-08-2009|18:53] C:\Programmer\Fighter Ace Anniversary Edition
  [08-10-2005|17:18] C:\Programmer\filesubmit
  [21-04-2006|16:56] C:\Programmer\Firefly Studios
  [10-02-2009|11:01] C:\Programmer\Free Easy Burner
  [16-03-2010|20:34] C:\Programmer\Fælles filer
  [19-11-2008|10:09] C:\Programmer\GameSpy Arcade
  [30-12-2007|13:23] C:\Programmer\GenealogyJ
  [27-11-2005|15:35] C:\Programmer\GlobalSCAPE
  [16-02-2010|10:00] C:\Programmer\Google
  [02-07-2006|20:03] C:\Programmer\Guitar Pro 5
  [05-01-2009|17:12] C:\Programmer\Hewlett-Packard
  [05-01-2009|17:06] C:\Programmer\HP
  [14-11-2008|11:05] C:\Programmer\IKEA HomePlanner
  [27-09-2005|14:11] C:\Programmer\Image reziser
  [17-12-2005|14:36] C:\Programmer\IMSI
  [21-09-2009|10:05] C:\Programmer\InstallShield Installation Information
  [01-02-2010|18:50] C:\Programmer\Internet Explorer
  [23-08-2005|20:05] C:\Programmer\InterVideo
  [28-09-2005|12:13] C:\Programmer\iVideoMAX Video Converter
  [22-10-2007|13:33] C:\Programmer\IVT Corporation
  [05-04-2009|18:20] C:\Programmer\Jasc Software Inc
  [27-12-2009|17:22] C:\Programmer\Java
  [26-10-2009|11:59] C:\Programmer\K-Lite Codec Pack
  [11-04-2007|11:18] C:\Programmer\LEGO Company
  [17-10-2005|07:18] C:\Programmer\LEGO Media
  [24-12-2005|23:06] C:\Programmer\Logitech
  [13-03-2010|18:40] C:\Programmer\Lynyrd
  [25-11-2005|16:44] C:\Programmer\Magic Image Resizer
  [21-09-2009|12:19] C:\Programmer\Magic Video Converter
  [15-03-2010|16:00] C:\Programmer\Malware
  [30-10-2009|09:18] C:\Programmer\Mathcad
  [19-01-2008|18:37] C:\Programmer\Mathsoft
  [19-11-2008|10:10] C:\Programmer\Messenger
  [11-05-2007|12:00] C:\Programmer\Microsoft CAPICOM 2.1.0.2
  [23-08-2005|19:33] C:\Programmer\microsoft frontpage
  [03-08-2007|18:59] C:\Programmer\Microsoft Games
  [20-03-2009|14:08] C:\Programmer\Microsoft Office
  [20-01-2010|20:11] C:\Programmer\Microsoft Silverlight
  [18-09-2005|09:53] C:\Programmer\Microsoft Visual Studio
  [20-03-2009|14:03] C:\Programmer\Microsoft Visual Studio 8
  [26-10-2009|09:55] C:\Programmer\Microsoft Windows 7 Upgrade Advisor
  [11-12-2009|14:04] C:\Programmer\Microsoft Works
  [18-09-2005|09:52] C:\Programmer\Microsoft.NET
  [17-10-2005|17:51] C:\Programmer\Monte Cristo
  [11-03-2010|13:32] C:\Programmer\Movie Maker
  [16-02-2010|10:12] C:\Programmer\Mozilla Firefox
  [14-11-2005|11:18] C:\Programmer\MP3 Remix
  [20-03-2009|14:08] C:\Programmer\MSBuild
  [01-08-2009|10:16] C:\Programmer\MSECache
  [23-08-2005|19:31] C:\Programmer\MSN Gaming Zone
  [14-10-2006|13:28] C:\Programmer\MSXML 4.0
  [30-12-2009|12:06] C:\Programmer\NCH Software
  [24-09-2005|12:22] C:\Programmer\NCT
  [29-07-2009|11:21] C:\Programmer\Neoretix
  [10-09-2008|07:56] C:\Programmer\NetMeeting
  [19-10-2009|15:29] C:\Programmer\NOS
  [06-10-2006|10:43] C:\Programmer\OfficeUpdate11
  [23-08-2005|19:32] C:\Programmer\Onlinetjenester
  [06-10-2006|12:21] C:\Programmer\OpenOffice.org 2.0
  [14-08-2009|20:04] C:\Programmer\Outlook Express
  [21-09-2009|10:48] C:\Programmer\Photo Story 3 for Windows
  [13-11-2005|22:43] C:\Programmer\PIXELA
  [23-11-2008|14:31] C:\Programmer\PixiePack Codec Pack
  [17-09-2005|10:34] C:\Programmer\Programgenveje
  [03-01-2006|19:45] C:\Programmer\ProxyWay
  [17-11-2005|16:40] C:\Programmer\QuickTime
  [21-11-2008|23:46] C:\Programmer\RapidSolution
  [07-02-2009|22:26] C:\Programmer\Reference Assemblies
  [13-01-2010|08:02] C:\Programmer\Replay Video Capture
  [05-01-2009|17:35] C:\Programmer\Roxio
  [15-01-2010|23:42] C:\Programmer\Sektornet VPN
  [28-01-2006|10:45] C:\Programmer\SIMS2
  [09-03-2009|21:27] C:\Programmer\skolekom
  [06-01-2007|17:40] C:\Programmer\Skype
  [18-11-2005|13:05] C:\Programmer\SlySoft
  [16-12-2009|21:43] C:\Programmer\Steam
  [14-10-2005|09:49] C:\Programmer\Strategy First
  [14-02-2010|22:24] C:\Programmer\Streaming Media Recorder (VMware ThinApp)
  [12-01-2010|17:13] C:\Programmer\StreamingStar
  [02-03-2007|10:59] C:\Programmer\SummaSummarum
  [20-01-2009|22:40] C:\Programmer\SUPERAntiSpyware
  [19-11-2007|19:47] C:\Programmer\Support.com
  [19-11-2007|19:39] C:\Programmer\SupportSoft
  [14-11-2008|12:05] C:\Programmer\Syncrosoft
  [10-05-2006|23:11] C:\Programmer\TDC
  [24-12-2008|00:31] C:\Programmer\TDCpakke
  [17-03-2010|17:33] C:\Programmer\TDCSikkerhedspakke
  [30-04-2007|18:23] C:\Programmer\TEXTware
  [10-09-2007|13:40] C:\Programmer\TomTom DesktopSuite
  [21-09-2009|10:05] C:\Programmer\TomTom HOME
  [21-09-2009|09:52] C:\Programmer\TomTom HOME 2
  [22-09-2009|13:13] C:\Programmer\TomTom International B.V
  [07-01-2006|13:22] C:\Programmer\TSW
  [29-11-2008|12:27] C:\Programmer\Tunbite
  [01-01-2010|18:04] C:\Programmer\tunebite
  [07-02-2010|16:02] C:\Programmer\TVUPlayer
  [19-01-2007|14:43] C:\Programmer\Ubisoft
  [23-08-2005|19:36] C:\Programmer\Uninstall Information
  [15-01-2010|21:10] C:\Programmer\URLSnooper2
  [18-09-2005|13:00] C:\Programmer\Valve
  [29-07-2009|11:08] C:\Programmer\VDOWNLOADER
  [21-03-2009|14:42] C:\Programmer\VideoLAN
  [28-08-2007|19:39] C:\Programmer\VS Revo Group
  [22-02-2010|15:18] C:\Programmer\VSO
  [25-11-2008|09:37] C:\Programmer\Winamp
  [01-08-2009|10:17] C:\Programmer\Windows Installer Clean Up
  [27-06-2008|17:03] C:\Programmer\Windows Live
  [19-11-2008|10:10] C:\Programmer\Windows Live Toolbar
  [19-11-2008|10:10] C:\Programmer\Windows Media Connect 2
  [13-02-2010|23:08] C:\Programmer\Windows Media Player
  [10-09-2008|07:56] C:\Programmer\Windows NT
  [23-08-2005|19:32] C:\Programmer\WindowsUpdate
  [26-10-2005|19:39] C:\Programmer\Winfamily
  [09-02-2007|12:47] C:\Programmer\winFTbasen
  [09-02-2007|12:47] C:\Programmer\winged
  [29-07-2009|11:21] C:\Programmer\WinPcap
  [08-01-2008|08:39] C:\Programmer\WinRAR
  [23-08-2005|19:33] C:\Programmer\xerox
  [26-10-2009|11:53] C:\Programmer\XviD
  [09-09-2006|20:13] C:\Programmer\Yahoo!
  [27-07-2009|22:16] C:\Programmer\YouTube Downloader
  [0|fil(er)] C:\Programmer\byte
  [160|mappe(r)] C:\Programmer\byte ledig

  ——————————\\  Listing Folders in C:\Programmer\Fælles filer

  [17-09-2005|14:38] C:\Programmer\Fælles filer\3DO Shared
  [19-10-2009|15:21] C:\Programmer\Fælles filer\Adobe
  [08-02-2009|17:20] C:\Programmer\Fælles filer\Ahead
  [19-01-2009|00:01] C:\Programmer\Fælles filer\BitCtrl
  [31-07-2009|16:28] C:\Programmer\Fælles filer\Control Panels
  [19-10-2009|16:37] C:\Programmer\Fælles filer\Corel
  [18-09-2005|09:54] C:\Programmer\Fælles filer\DESIGNER
  [10-02-2009|11:51] C:\Programmer\Fælles filer\Deterministic Networks
  [26-10-2009|12:02] C:\Programmer\Fælles filer\DivX Shared
  [05-01-2009|17:05] C:\Programmer\Fælles filer\Hewlett-Packard
  [17-09-2005|11:40] C:\Programmer\Fælles filer\HP
  [19-01-2008|18:40] C:\Programmer\Fælles filer\InstallShield
  [11-12-2005|11:12] C:\Programmer\Fælles filer\InstallShield_OLD
  [05-04-2009|18:18] C:\Programmer\Fælles filer\Jasc Software Inc
  [28-07-2006|23:20] C:\Programmer\Fælles filer\Java
  [11-11-2008|20:12] C:\Programmer\Fælles filer\Logitech
  [31-07-2009|15:08] C:\Programmer\Fælles filer\Macrovision Shared
  [11-12-2009|14:05] C:\Programmer\Fælles filer\Microsoft Shared
  [23-08-2005|19:32] C:\Programmer\Fælles filer\MSSoap
  [23-08-2005|21:28] C:\Programmer\Fælles filer\ODBC
  [30-12-2009|12:10] C:\Programmer\Fælles filer\Program4Pc
  [01-10-2008|08:12] C:\Programmer\Fælles filer\Protexis
  [06-01-2007|17:40] C:\Programmer\Fælles filer\Skype
  [23-08-2005|21:28] C:\Programmer\Fælles filer\SpeechEngines
  [05-01-2009|17:35] C:\Programmer\Fælles filer\SureThing Shared
  [20-03-2009|14:02] C:\Programmer\Fælles filer\System
  [23-08-2005|19:32] C:\Programmer\Fælles filer\Tjenester
  [27-06-2008|17:03] C:\Programmer\Fælles filer\WindowsLiveInstaller
  [20-01-2009|22:40] C:\Programmer\Fælles filer\Wise Installation Wizard
  [0|fil(er)] C:\Programmer\Fælles filer\byte
  [31|mappe(r)] C:\Programmer\Fælles filer\byte ledig

  ——————————\\  Process

  ( 52 Processes )

  ... OK !

  ——————————\\  Searching with S_Lop

  No Lop folder found !

  ——————————\\  Searching for Lop Files - Folders

  No Lop folder found !

  ——————————\\  Searching within the Registry

  ..... OK !

  ——————————\\  Checking the Hosts file

  Hosts file CLEAN

  ——————————\\  Searching for hidden files with Catchme

  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2010-03-17 19:49:45
  Windows 5.1.2600 Service Pack 3 NTFS
  scanning hidden processes ...
  scanning hidden files ...
  scan completed successfully
  hidden processes: 0
  hidden files: 0

  ——————————\\  Searching for other infections

  No other infections found !

  [F:3][D:3]-> C:\DOCUME~1\Harry\LOKALE~1\Temp
  [F:64][D:0]-> C:\DOCUME~1\Harry\Cookies
  [F:2064][D:8]-> C:\DOCUME~1\Harry\LOKALE~1\TEMPOR~1\content.IE5

  1 - “C:\Lop SD\LopR_1.txt” - 22-01-2009|17:07 - Option : [2]
  2 - “C:\Lop SD\LopR_2.txt” - 17-03-2010|19:08 - Option : [2]
  3 - “C:\Lop SD\LopR_3.txt” - 17-03-2010|19:33 - Option : [2]
  4 - “C:\Lop SD\LopR_4.txt” - 17-03-2010|19:52 - Option : [2]

  ——————————\\  Scan completed at 19:52:27

Kør LopSd igen, vælg Nr. 4 - Lopscript.

Et tomt Notesblok vindue åbner. Der kopierer du følgende ind:
c:\documents and settings\Harry\Application Data\eMule
c:\documents and settings\Harry\Application Data\uTorrent
c:\Programmer\DNA
c:\Programmer\eMule
c:\Programmer\uTorrent
C:\DOCUME~1\Harry\APPLIC~1\DNA

Luk så og gem som, sig ja til at overskrive - den gemmer det automatisk med navnet “LopR.txt” i C: Lop SD mappen.

Kopier den nyeste LopR.txt herind

Den følger her:

——————————\\  Lop S&D 4.2.5-0   XP/Vista

  Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
  X86-based PC ( Multiprocessor Free :          Intel(R) Pentium(R) 4 CPU 3.20GHz )
  BIOS : Award Modular BIOS v6.00PG
  USER : Harry ( Administrator )
  BOOT : Normal boot
  Antivirus : TDC Sikkerhedspakke 9.01 9.01 (Activated)
  Firewall : TDC Sikkerhedspakke 9.01 9.01 (Activated)
  C:\ (Local Disk) - NTFS - Total:232 Go (Free:144 Go)
  D:\ (CD or DVD)
  E:\ (CD or DVD)
  F:\ (USB) - FAT - Total:1911 Mo (Free:1 Go)
  G:\ (USB)
  H:\ (USB)
  I:\ (USB)
  J:\ (USB)
  K:\ (USB)
  L:\ (Local Disk) - NTFS - Total:465 Go (Free:363 Go)

  “C:\Lop SD” ( MAJ : 19-12-2008|23:40 )
  Option : [4] ( 19-03-2010| 8:08 )

  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

  c:\documents and settings\Harry\Application Data\eMule
  c:\documents and settings\Harry\Application Data\uTorrent
  c:\Programmer\DNA
  c:\Programmer\eMule
  c:\Programmer\uTorrent
  C:\DOCUME~1\Harry\APPLIC~1\DNA

  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

  ... c:\documents and settings\Harry\Application Data\eMule -> does not exist !
  ... c:\documents and settings\Harry\Application Data\uTorrent -> does not exist !
  ... c:\Programmer\DNA -> does not exist !
  ... c:\Programmer\eMule -> does not exist !
  ... c:\Programmer\uTorrent -> does not exist !
  Deleted! - C:\DOCUME~1\Harry\APPLIC~1\DNA

  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

  ——————————\\  Listing folders in APPLIC~1

  [01-08-2009|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
  [23-08-2005|20:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
  [31-07-2009|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
  [17-11-2005|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
  [22-10-2007|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
  [19-12-2007|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
  [19-10-2009|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
  [19-09-2005|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
  [16-12-2009|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DonationCoder
  [07-02-2009|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
  [08-01-2008|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FirstClass
  [18-03-2010|16:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
  [01-10-2009|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\f-secure
  [01-10-2009|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
  [02-01-2008|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
  [05-01-2009|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
  [05-01-2009|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
  [05-01-2009|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
  [11-12-2005|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
  [19-01-2008|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
  [16-12-2008|09:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
  [20-03-2009|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
  [19-09-2006|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
  [11-03-2010|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
  [30-12-2009|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
  [30-12-2009|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
  [16-02-2010|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
  [15-01-2007|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
  [08-02-2009|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
  [20-01-2010|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pdf995
  [29-11-2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RapidSolution
  [06-01-2007|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
  [19-01-2007|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
  [05-07-2007|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
  [12-01-2010|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Thinstall
  [22-09-2009|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
  [07-02-2010|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
  [05-01-2009|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
  [14-11-2005|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
  [13-09-2006|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
  [27-06-2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
  [0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
  [43|mappe(r)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledig

  [23-08-2005|19:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
  [23-08-2005|20:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
  [4|mappe(r)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledig

  [05-08-2009|15:14] C:\DOCUME~1\Frederik\APPLIC~1\Adobe
  [08-01-2006|10:25] C:\DOCUME~1\Frederik\APPLIC~1\AdobeAUM
  [21-03-2007|18:14] C:\DOCUME~1\Frederik\APPLIC~1\AdobeUM
  [19-05-2006|18:58] C:\DOCUME~1\Frederik\APPLIC~1\Apple Computer
  [25-12-2005|09:31] C:\DOCUME~1\Frederik\APPLIC~1\Atari
  [14-08-2009|08:54] C:\DOCUME~1\Frederik\APPLIC~1\ATI
  [30-10-2006|15:13] C:\DOCUME~1\Frederik\APPLIC~1\CyberLink
  [02-09-2007|14:28] C:\DOCUME~1\Frederik\APPLIC~1\DivX
  [11-12-2005|12:03] C:\DOCUME~1\Frederik\APPLIC~1\GlobalSCAPE
  [28-08-2006|17:56] C:\DOCUME~1\Frederik\APPLIC~1\Google
  [02-01-2008|20:42] C:\DOCUME~1\Frederik\APPLIC~1\Grisoft
  [11-03-2006|18:19] C:\DOCUME~1\Frederik\APPLIC~1\Help
  [25-02-2009|21:33] C:\DOCUME~1\Frederik\APPLIC~1\HP
  [09-03-2009|22:59] C:\DOCUME~1\Frederik\APPLIC~1\HPAppData
  [23-08-2005|19:36] C:\DOCUME~1\Frederik\APPLIC~1\Identities
  [17-09-2005|12:50] C:\DOCUME~1\Frederik\APPLIC~1\InterVideo
  [18-02-2006|18:01] C:\DOCUME~1\Frederik\APPLIC~1\Jasc Software Inc
  [11-04-2007|11:18] C:\DOCUME~1\Frederik\APPLIC~1\LEGO Company
  [03-12-2005|13:18] C:\DOCUME~1\Frederik\APPLIC~1\Macromedia
  [19-01-2008|18:41] C:\DOCUME~1\Frederik\APPLIC~1\Mathsoft
  [16-08-2009|21:36] C:\DOCUME~1\Frederik\APPLIC~1\Microsoft
  [22-02-2006|13:24] C:\DOCUME~1\Frederik\APPLIC~1\Microsoft Games
  [09-03-2009|22:53] C:\DOCUME~1\Frederik\APPLIC~1\Search Settings
  [05-07-2007|18:33] C:\DOCUME~1\Frederik\APPLIC~1\Seven Zip
  [21-02-2006|12:58] C:\DOCUME~1\Frederik\APPLIC~1\SlySoft
  [02-03-2006|16:11] C:\DOCUME~1\Frederik\APPLIC~1\Sun
  [17-02-2006|17:58] C:\DOCUME~1\Frederik\APPLIC~1\ubi.com
  [0|fil(er)] C:\DOCUME~1\Frederik\APPLIC~1\byte
  [29|mappe(r)] C:\DOCUME~1\Frederik\APPLIC~1\byte ledig

  [23-08-2005|19:36] C:\DOCUME~1\GST~1\APPLIC~1\Identities
  [29-09-2005|14:16] C:\DOCUME~1\GST~1\APPLIC~1\Macromedia
  [04-06-2009|21:47] C:\DOCUME~1\GST~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\GST~1\APPLIC~1\byte
  [5|mappe(r)] C:\DOCUME~1\GST~1\APPLIC~1\byte ledig

  [23-10-2009|11:31] C:\DOCUME~1\Harry\APPLIC~1\Adobe
  [03-01-2006|12:06] C:\DOCUME~1\Harry\APPLIC~1\AdobeAUM
  [12-01-2007|19:04] C:\DOCUME~1\Harry\APPLIC~1\AdobeUM
  [18-01-2009|21:58] C:\DOCUME~1\Harry\APPLIC~1\Ahead
  [21-02-2006|09:41] C:\DOCUME~1\Harry\APPLIC~1\AOHackers
  [17-11-2005|16:41] C:\DOCUME~1\Harry\APPLIC~1\Apple Computer
  [05-07-2007|18:06] C:\DOCUME~1\Harry\APPLIC~1\Atari
  [14-08-2009|08:54] C:\DOCUME~1\Harry\APPLIC~1\ATI
  [18-11-2009|08:14] C:\DOCUME~1\Harry\APPLIC~1\CoreFTP
  [19-10-2009|20:39] C:\DOCUME~1\Harry\APPLIC~1\Corel
  [19-10-2005|09:52] C:\DOCUME~1\Harry\APPLIC~1\Cryptomathic
  [19-09-2005|22:25] C:\DOCUME~1\Harry\APPLIC~1\CyberLink
  [05-02-2009|23:09] C:\DOCUME~1\Harry\APPLIC~1\DivX
  [16-12-2009|22:37] C:\DOCUME~1\Harry\APPLIC~1\DonationCoder
  [08-09-2009|09:43] C:\DOCUME~1\Harry\APPLIC~1\dvdcss
  [08-01-2008|09:10] C:\DOCUME~1\Harry\APPLIC~1\FirstClass
  [25-12-2009|00:00] C:\DOCUME~1\Harry\APPLIC~1\f-secure
  [28-05-2008|15:35] C:\DOCUME~1\Harry\APPLIC~1\GARMIN
  [27-01-2007|14:17] C:\DOCUME~1\Harry\APPLIC~1\GenJ
  [12-01-2010|08:48] C:\DOCUME~1\Harry\APPLIC~1\GetRightToGo
  [27-11-2005|15:35] C:\DOCUME~1\Harry\APPLIC~1\GlobalSCAPE
  [09-02-2006|11:07] C:\DOCUME~1\Harry\APPLIC~1\Google
  [12-08-2008|17:42] C:\DOCUME~1\Harry\APPLIC~1\Help
  [05-01-2009|20:34] C:\DOCUME~1\Harry\APPLIC~1\HP
  [21-03-2009|14:45] C:\DOCUME~1\Harry\APPLIC~1\HPAppData
  [23-08-2005|19:36] C:\DOCUME~1\Harry\APPLIC~1\Identities
  [10-09-2007|13:16] C:\DOCUME~1\Harry\APPLIC~1\InstallShield
  [19-09-2005|18:32] C:\DOCUME~1\Harry\APPLIC~1\InterVideo
  [02-08-2009|16:13] C:\DOCUME~1\Harry\APPLIC~1\J River
  [11-12-2005|11:16] C:\DOCUME~1\Harry\APPLIC~1\Jasc
  [05-04-2009|18:18] C:\DOCUME~1\Harry\APPLIC~1\Jasc Software Inc
  [14-06-2007|09:12] C:\DOCUME~1\Harry\APPLIC~1\Joost
  [27-11-2005|20:49] C:\DOCUME~1\Harry\APPLIC~1\Macromedia
  [14-11-2008|19:48] C:\DOCUME~1\Harry\APPLIC~1\MailWasherPro
  [16-12-2008|09:38] C:\DOCUME~1\Harry\APPLIC~1\Malwarebytes
  [28-01-2008|20:18] C:\DOCUME~1\Harry\APPLIC~1\Mathsoft
  [16-06-2009|16:16] C:\DOCUME~1\Harry\APPLIC~1\Microsoft
  [22-02-2006|11:51] C:\DOCUME~1\Harry\APPLIC~1\Microsoft Games
  [29-05-2008|10:48] C:\DOCUME~1\Harry\APPLIC~1\Mozilla
  [30-12-2009|12:07] C:\DOCUME~1\Harry\APPLIC~1\NCH Software
  [07-10-2008|07:16] C:\DOCUME~1\Harry\APPLIC~1\OpenOffice.org2
  [22-04-2006|22:07] C:\DOCUME~1\Harry\APPLIC~1\Opera
  [20-06-2007|09:00] C:\DOCUME~1\Harry\APPLIC~1\pdf995
  [27-10-2009|13:00] C:\DOCUME~1\Harry\APPLIC~1\Real
  [10-09-2008|09:13] C:\DOCUME~1\Harry\APPLIC~1\RTPlayer
  [05-02-2009|23:53] C:\DOCUME~1\Harry\APPLIC~1\Search Settings
  [08-01-2007|20:55] C:\DOCUME~1\Harry\APPLIC~1\Seven Zip
  [19-09-2008|13:03] C:\DOCUME~1\Harry\APPLIC~1\Skype
  [18-11-2005|13:08] C:\DOCUME~1\Harry\APPLIC~1\SlySoft
  [14-11-2008|12:25] C:\DOCUME~1\Harry\APPLIC~1\Steinberg
  [28-02-2006|15:10] C:\DOCUME~1\Harry\APPLIC~1\Sun
  [29-06-2006|20:14] C:\DOCUME~1\Harry\APPLIC~1\SUPERAntiSpyware.com
  [30-09-2006|00:54] C:\DOCUME~1\Harry\APPLIC~1\Talkback
  [17-09-2005|12:27] C:\DOCUME~1\Harry\APPLIC~1\Template
  [06-09-2007|14:57] C:\DOCUME~1\Harry\APPLIC~1\TomTom
  [21-11-2008|23:42] C:\DOCUME~1\Harry\APPLIC~1\tunebite
  [17-02-2006|07:37] C:\DOCUME~1\Harry\APPLIC~1\ubi.com
  [16-12-2008|09:10] C:\DOCUME~1\Harry\APPLIC~1\Uniblue
  [21-03-2009|14:44] C:\DOCUME~1\Harry\APPLIC~1\vlc
  [13-03-2010|18:45] C:\DOCUME~1\Harry\APPLIC~1\Vso
  [06-08-2007|14:27] C:\DOCUME~1\Harry\APPLIC~1\VSRevoGroup
  [0|fil(er)] C:\DOCUME~1\Harry\APPLIC~1\byte
  [63|mappe(r)] C:\DOCUME~1\Harry\APPLIC~1\byte ledig

  [10-05-2008|10:23] C:\DOCUME~1\Kristian\APPLIC~1\Adobe
  [03-12-2005|14:46] C:\DOCUME~1\Kristian\APPLIC~1\AdobeUM
  [03-08-2006|19:11] C:\DOCUME~1\Kristian\APPLIC~1\Apple Computer
  [28-12-2005|00:06] C:\DOCUME~1\Kristian\APPLIC~1\Atari
  [14-08-2009|08:54] C:\DOCUME~1\Kristian\APPLIC~1\ATI
  [28-11-2005|18:51] C:\DOCUME~1\Kristian\APPLIC~1\GlobalSCAPE
  [23-08-2006|22:18] C:\DOCUME~1\Kristian\APPLIC~1\Google
  [24-01-2008|21:14] C:\DOCUME~1\Kristian\APPLIC~1\Grisoft
  [23-10-2005|17:55] C:\DOCUME~1\Kristian\APPLIC~1\Help
  [23-08-2005|19:36] C:\DOCUME~1\Kristian\APPLIC~1\Identities
  [16-12-2005|14:43] C:\DOCUME~1\Kristian\APPLIC~1\Jasc Software Inc
  [17-10-2005|19:46] C:\DOCUME~1\Kristian\APPLIC~1\Macromedia
  [17-05-2009|21:51] C:\DOCUME~1\Kristian\APPLIC~1\Microsoft
  [11-03-2006|20:00] C:\DOCUME~1\Kristian\APPLIC~1\Microsoft Games
  [30-09-2006|10:42] C:\DOCUME~1\Kristian\APPLIC~1\Mozilla
  [04-07-2006|19:25] C:\DOCUME~1\Kristian\APPLIC~1\NFT
  [24-11-2005|17:59] C:\DOCUME~1\Kristian\APPLIC~1\SlySoft
  [31-07-2006|14:55] C:\DOCUME~1\Kristian\APPLIC~1\Sun
  [24-12-2006|21:52] C:\DOCUME~1\Kristian\APPLIC~1\Talkback
  [29-11-2006|19:21] C:\DOCUME~1\Kristian\APPLIC~1\Template
  [0|fil(er)] C:\DOCUME~1\Kristian\APPLIC~1\byte
  [22|mappe(r)] C:\DOCUME~1\Kristian\APPLIC~1\byte ledig

  [04-11-2006|17:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
  [04-03-2006|13:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
  [10-02-2007|12:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
  [04-06-2009|21:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
  [6|mappe(r)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledig

  [04-06-2009|21:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
  [0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
  [3|mappe(r)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledig

  ——————————\\  Scheduled Tasks located in C:\WINDOWS\Tasks

  [12-03-2010 00:57][—a———] C:\WINDOWS\tasks\Scheduled scanning task.job
  [19-03-2010 07:24][—a———] C:\WINDOWS\tasks\Søg efter opdateringer til Windows Live Toolbar.job
  [17-07-2008 11:57][—a———] C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#HP Deskjet 6800 Series#1126953688.job
  [19-03-2010 07:12][—ah——-] C:\WINDOWS\tasks\SA.DAT
  [27-08-2004 13:00][-r-h——-] C:\WINDOWS\tasks\desktop.ini

  ——————————\\  Listing Folders in C:\Programmer

  [09-02-2006|10:30] C:\Programmer\3D-FTP
  [17-09-2005|14:38] C:\Programmer\3DO
  [03-01-2006|17:09] C:\Programmer\A4Proxy
  [22-04-2006|13:18] C:\Programmer\Activision
  [11-08-2009|18:52] C:\Programmer\Adobe
  [13-11-2005|22:31] C:\Programmer\Adobe Premiere
  [08-02-2009|17:21] C:\Programmer\Ahead
  [27-06-2008|10:24] C:\Programmer\Alt CDA to MP3 Converter
  [28-07-2006|22:53] C:\Programmer\AOHackers
  [24-06-2006|21:12] C:\Programmer\Atari
  [03-01-2007|21:35] C:\Programmer\ATI Technologies
  [11-11-2008|20:12] C:\Programmer\BearShare Applications
  [01-01-2004|17:09] C:\Programmer\Bethesda Softworks
  [20-01-2007|11:18] C:\Programmer\Billy Blade and the Temple of Time
  [05-07-2007|18:33] C:\Programmer\Blaze Media Pro
  [31-07-2009|15:19] C:\Programmer\Bonjour
  [20-11-2008|07:54] C:\Programmer\Cain
  [15-03-2010|15:45] C:\Programmer\CCleaner
  [11-02-2006|19:56] C:\Programmer\ComPlus Applications
  [21-07-2008|10:35] C:\Programmer\Conduit
  [22-09-2009|12:27] C:\Programmer\CoreFTP
  [19-10-2009|16:36] C:\Programmer\Corel
  [28-12-2005|12:05] C:\Programmer\CoverPro
  [03-01-2008|21:29] C:\Programmer\Cucusoft
  [09-10-2007|15:50] C:\Programmer\Daemon-Tools-3.47
  [16-02-2010|10:24] C:\Programmer\DanID
  [13-10-2006|17:27] C:\Programmer\DigitalJesters
  [14-11-2005|19:39] C:\Programmer\directx
  [26-10-2009|12:02] C:\Programmer\DivX
  [30-12-2009|12:10] C:\Programmer\DJ Music Mixer
  [09-10-2007|15:50] C:\Programmer\D-Tools
  [07-02-2009|22:42] C:\Programmer\DVD Shrink
  [03-11-2008|21:19] C:\Programmer\EA GAMES
  [11-06-2006|16:46] C:\Programmer\Eidos
  [19-01-2009|10:58] C:\Programmer\Elaborate Bytes
  [29-06-2006|12:41] C:\Programmer\ewido
  [07-01-2009|23:22] C:\Programmer\FDRLab
  [31-08-2009|18:53] C:\Programmer\Fighter Ace Anniversary Edition
  [08-10-2005|17:18] C:\Programmer\filesubmit
  [21-04-2006|16:56] C:\Programmer\Firefly Studios
  [10-02-2009|11:01] C:\Programmer\Free Easy Burner
  [16-03-2010|20:34] C:\Programmer\Fælles filer
  [19-11-2008|10:09] C:\Programmer\GameSpy Arcade
  [30-12-2007|13:23] C:\Programmer\GenealogyJ
  [27-11-2005|15:35] C:\Programmer\GlobalSCAPE
  [16-02-2010|10:00] C:\Programmer\Google
  [02-07-2006|20:03] C:\Programmer\Guitar Pro 5
  [05-01-2009|17:12] C:\Programmer\Hewlett-Packard
  [05-01-2009|17:06] C:\Programmer\HP
  [14-11-2008|11:05] C:\Programmer\IKEA HomePlanner
  [27-09-2005|14:11] C:\Programmer\Image reziser
  [17-12-2005|14:36] C:\Programmer\IMSI
  [21-09-2009|10:05] C:\Programmer\InstallShield Installation Information
  [01-02-2010|18:50] C:\Programmer\Internet Explorer
  [23-08-2005|20:05] C:\Programmer\InterVideo
  [28-09-2005|12:13] C:\Programmer\iVideoMAX Video Converter
  [22-10-2007|13:33] C:\Programmer\IVT Corporation
  [05-04-2009|18:20] C:\Programmer\Jasc Software Inc
  [27-12-2009|17:22] C:\Programmer\Java
  [26-10-2009|11:59] C:\Programmer\K-Lite Codec Pack
  [11-04-2007|11:18] C:\Programmer\LEGO Company
  [17-10-2005|07:18] C:\Programmer\LEGO Media
  [24-12-2005|23:06] C:\Programmer\Logitech
  [13-03-2010|18:40] C:\Programmer\Lynyrd
  [25-11-2005|16:44] C:\Programmer\Magic Image Resizer
  [21-09-2009|12:19] C:\Programmer\Magic Video Converter
  [15-03-2010|16:00] C:\Programmer\Malware
  [30-10-2009|09:18] C:\Programmer\Mathcad
  [19-01-2008|18:37] C:\Programmer\Mathsoft
  [19-11-2008|10:10] C:\Programmer\Messenger
  [11-05-2007|12:00] C:\Programmer\Microsoft CAPICOM 2.1.0.2
  [23-08-2005|19:33] C:\Programmer\microsoft frontpage
  [03-08-2007|18:59] C:\Programmer\Microsoft Games
  [20-03-2009|14:08] C:\Programmer\Microsoft Office
  [20-01-2010|20:11] C:\Programmer\Microsoft Silverlight
  [18-09-2005|09:53] C:\Programmer\Microsoft Visual Studio
  [20-03-2009|14:03] C:\Programmer\Microsoft Visual Studio 8
  [26-10-2009|09:55] C:\Programmer\Microsoft Windows 7 Upgrade Advisor
  [11-12-2009|14:04] C:\Programmer\Microsoft Works
  [18-09-2005|09:52] C:\Programmer\Microsoft.NET
  [17-10-2005|17:51] C:\Programmer\Monte Cristo
  [11-03-2010|13:32] C:\Programmer\Movie Maker
  [16-02-2010|10:12] C:\Programmer\Mozilla Firefox
  [14-11-2005|11:18] C:\Programmer\MP3 Remix
  [20-03-2009|14:08] C:\Programmer\MSBuild
  [01-08-2009|10:16] C:\Programmer\MSECache
  [23-08-2005|19:31] C:\Programmer\MSN Gaming Zone
  [14-10-2006|13:28] C:\Programmer\MSXML 4.0
  [30-12-2009|12:06] C:\Programmer\NCH Software
  [24-09-2005|12:22] C:\Programmer\NCT
  [29-07-2009|11:21] C:\Programmer\Neoretix
  [10-09-2008|07:56] C:\Programmer\NetMeeting
  [19-10-2009|15:29] C:\Programmer\NOS
  [06-10-2006|10:43] C:\Programmer\OfficeUpdate11
  [23-08-2005|19:32] C:\Programmer\Onlinetjenester
  [06-10-2006|12:21] C:\Programmer\OpenOffice.org 2.0
  [14-08-2009|20:04] C:\Programmer\Outlook Express
  [21-09-2009|10:48] C:\Programmer\Photo Story 3 for Windows
  [13-11-2005|22:43] C:\Programmer\PIXELA
  [23-11-2008|14:31] C:\Programmer\PixiePack Codec Pack
  [17-09-2005|10:34] C:\Programmer\Programgenveje
  [03-01-2006|19:45] C:\Programmer\ProxyWay
  [17-11-2005|16:40] C:\Programmer\QuickTime
  [21-11-2008|23:46] C:\Programmer\RapidSolution
  [07-02-2009|22:26] C:\Programmer\Reference Assemblies
  [13-01-2010|08:02] C:\Programmer\Replay Video Capture
  [05-01-2009|17:35] C:\Programmer\Roxio
  [15-01-2010|23:42] C:\Programmer\Sektornet VPN
  [28-01-2006|10:45] C:\Programmer\SIMS2
  [09-03-2009|21:27] C:\Programmer\skolekom
  [06-01-2007|17:40] C:\Programmer\Skype
  [18-11-2005|13:05] C:\Programmer\SlySoft
  [16-12-2009|21:43] C:\Programmer\Steam
  [14-10-2005|09:49] C:\Programmer\Strategy First
  [14-02-2010|22:24] C:\Programmer\Streaming Media Recorder (VMware ThinApp)
  [12-01-2010|17:13] C:\Programmer\StreamingStar
  [02-03-2007|10:59] C:\Programmer\SummaSummarum
  [20-01-2009|22:40] C:\Programmer\SUPERAntiSpyware
  [19-11-2007|19:47] C:\Programmer\Support.com
  [19-11-2007|19:39] C:\Programmer\SupportSoft
  [14-11-2008|12:05] C:\Programmer\Syncrosoft
  [10-05-2006|23:11] C:\Programmer\TDC
  [24-12-2008|00:31] C:\Programmer\TDCpakke
  [17-03-2010|17:33] C:\Programmer\TDCSikkerhedspakke
  [30-04-2007|18:23] C:\Programmer\TEXTware
  [10-09-2007|13:40] C:\Programmer\TomTom DesktopSuite
  [21-09-2009|10:05] C:\Programmer\TomTom HOME
  [21-09-2009|09:52] C:\Programmer\TomTom HOME 2
  [22-09-2009|13:13] C:\Programmer\TomTom International B.V
  [07-01-2006|13:22] C:\Programmer\TSW
  [29-11-2008|12:27] C:\Programmer\Tunbite
  [01-01-2010|18:04] C:\Programmer\tunebite
  [07-02-2010|16:02] C:\Programmer\TVUPlayer
  [19-01-2007|14:43] C:\Programmer\Ubisoft
  [23-08-2005|19:36] C:\Programmer\Uninstall Information
  [15-01-2010|21:10] C:\Programmer\URLSnooper2
  [18-09-2005|13:00] C:\Programmer\Valve
  [29-07-2009|11:08] C:\Programmer\VDOWNLOADER
  [21-03-2009|14:42] C:\Programmer\VideoLAN
  [28-08-2007|19:39] C:\Programmer\VS Revo Group
  [22-02-2010|15:18] C:\Programmer\VSO
  [25-11-2008|09:37] C:\Programmer\Winamp
  [01-08-2009|10:17] C:\Programmer\Windows Installer Clean Up
  [27-06-2008|17:03] C:\Programmer\Windows Live
  [19-11-2008|10:10] C:\Programmer\Windows Live Toolbar
  [19-11-2008|10:10] C:\Programmer\Windows Media Connect 2
  [13-02-2010|23:08] C:\Programmer\Windows Media Player
  [10-09-2008|07:56] C:\Programmer\Windows NT
  [23-08-2005|19:32] C:\Programmer\WindowsUpdate
  [26-10-2005|19:39] C:\Programmer\Winfamily
  [09-02-2007|12:47] C:\Programmer\winFTbasen
  [09-02-2007|12:47] C:\Programmer\winged
  [29-07-2009|11:21] C:\Programmer\WinPcap
  [08-01-2008|08:39] C:\Programmer\WinRAR
  [23-08-2005|19:33] C:\Programmer\xerox
  [26-10-2009|11:53] C:\Programmer\XviD
  [09-09-2006|20:13] C:\Programmer\Yahoo!
  [27-07-2009|22:16] C:\Programmer\YouTube Downloader
  [0|fil(er)] C:\Programmer\byte
  [160|mappe(r)] C:\Programmer\byte ledig

  ——————————\\  Listing Folders in C:\Programmer\Fælles filer

  [17-09-2005|14:38] C:\Programmer\Fælles filer\3DO Shared
  [19-10-2009|15:21] C:\Programmer\Fælles filer\Adobe
  [08-02-2009|17:20] C:\Programmer\Fælles filer\Ahead
  [19-01-2009|00:01] C:\Programmer\Fælles filer\BitCtrl
  [31-07-2009|16:28] C:\Programmer\Fælles filer\Control Panels
  [19-10-2009|16:37] C:\Programmer\Fælles filer\Corel
  [18-09-2005|09:54] C:\Programmer\Fælles filer\DESIGNER
  [10-02-2009|11:51] C:\Programmer\Fælles filer\Deterministic Networks
  [26-10-2009|12:02] C:\Programmer\Fælles filer\DivX Shared
  [05-01-2009|17:05] C:\Programmer\Fælles filer\Hewlett-Packard
  [17-09-2005|11:40] C:\Programmer\Fælles filer\HP
  [19-01-2008|18:40] C:\Programmer\Fælles filer\InstallShield
  [11-12-2005|11:12] C:\Programmer\Fælles filer\InstallShield_OLD
  [05-04-2009|18:18] C:\Programmer\Fælles filer\Jasc Software Inc
  [28-07-2006|23:20] C:\Programmer\Fælles filer\Java
  [11-11-2008|20:12] C:\Programmer\Fælles filer\Logitech
  [31-07-2009|15:08] C:\Programmer\Fælles filer\Macrovision Shared
  [11-12-2009|14:05] C:\Programmer\Fælles filer\Microsoft Shared
  [23-08-2005|19:32] C:\Programmer\Fælles filer\MSSoap
  [23-08-2005|21:28] C:\Programmer\Fælles filer\ODBC
  [30-12-2009|12:10] C:\Programmer\Fælles filer\Program4Pc
  [01-10-2008|08:12] C:\Programmer\Fælles filer\Protexis
  [06-01-2007|17:40] C:\Programmer\Fælles filer\Skype
  [23-08-2005|21:28] C:\Programmer\Fælles filer\SpeechEngines
  [05-01-2009|17:35] C:\Programmer\Fælles filer\SureThing Shared
  [20-03-2009|14:02] C:\Programmer\Fælles filer\System
  [23-08-2005|19:32] C:\Programmer\Fælles filer\Tjenester
  [27-06-2008|17:03] C:\Programmer\Fælles filer\WindowsLiveInstaller
  [20-01-2009|22:40] C:\Programmer\Fælles filer\Wise Installation Wizard
  [0|fil(er)] C:\Programmer\Fælles filer\byte
  [31|mappe(r)] C:\Programmer\Fælles filer\byte ledig

  ——————————\\  Process

  ( 53 Processes )

  ... OK !

  ——————————\\  Searching with S_Lop

  No Lop folder found !

  ——————————\\  Searching for Lop Files - Folders

  No Lop folder found !

  ——————————\\  Searching within the Registry

  ..... OK !

  ——————————\\  Checking the Hosts file

  Hosts file CLEAN

  ——————————\\  Searching for hidden files with Catchme

  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2010-03-19 08:21:25
  Windows 5.1.2600 Service Pack 3 NTFS
  scanning hidden processes ...
  scanning hidden files ...
  scan completed successfully
  hidden processes: 0
  hidden files: 0

  ——————————\\  Searching for other infections

  No other infections found !

  [F:16][D:7]-> C:\DOCUME~1\Harry\LOKALE~1\Temp
  [F:106][D:0]-> C:\DOCUME~1\Harry\Cookies
  [F:3541][D:8]-> C:\DOCUME~1\Harry\LOKALE~1\TEMPOR~1\content.IE5

  1 - “C:\Lop SD\LopR_1.txt” - 22-01-2009|17:07 - Option : [2]
  2 - “C:\Lop SD\LopR_2.txt” - 17-03-2010|19:08 - Option : [2]
  3 - “C:\Lop SD\LopR_3.txt” - 17-03-2010|19:33 - Option : [2]
  4 - “C:\Lop SD\LopR_4.txt” - 17-03-2010|19:52 - Option : [2]
  5 - “C:\Lop SD\LopR_5.txt” - 19-03-2010| 8:24 - Option : [4]

  ——————————\\  Scan completed at 8:24:33

Så er der ikke rigtigt mere at komme efter. Fortæl lige hvordan situationen er nu ?

Den kører rigtig fint nu!

Tusind tak! Jeg må jo nok til donationskassen denne gang!

Lige et tillægsspørgsmål? Explorer 8 er meget langsom til at starte up første gang. Kan man afhjælpe det?

Mvh

Harry

Tid til oprydning

Slet mappen c:\Lop SD og ikonet ”LopSD.exe” på skrivebordet.

Klik på START derefter Kør

Skriv/kopier: Combofix /Uninstall i boxen, og klik OK.

Bemærk mellemrum mellem X og /Uninstall, det skal være der.

Ovennævnte procedure vil:
Slette følgende:
ComboFix og tilhørende filer og mapper.
Nulstille uret indstillinger.
Skjule filtypenavne, hvis det kræves.
Skjule System / Skjulte filer, hvis det kræves.

De andre programmer vi har bedt dig om at installer må du afinstaller manuelt

Du bør oprette et nyt gendannelsespunkt for at fjerne eventuelle infektioner fra et gammelt gendannelsespunkt.
Den nemmeste og sikreste måde at gøre dette på er:

Gå til Start> Alle programmer> Tilbehør> Systemværktøjer> Systemgendannelse
Vælg Opret et gendannelsespunkt, og tryk Ok.

Næste, skal du gå til Start> Kør og skriv cleanmgr
Vælg drev c og lad den søge
Vælg Flere indstillinger, fanen
Vælg Systemgendannelse - Ryd op og tryk OK.
Dette vil fjerne alle gendannelsespunkter, undtagen det nye du lige har oprettet.

God fornøjelse

Jeg lukker tråden, du er velkommen igen.

Jeg vil på vegne af hele Spywarefri takke dig for din støtte, du vil kunne se dit navn på listen, når støtten er nået frem:
http://www.spywarefri.dk/forum/viewthread/75439/