5 virusser og 1 adware (begge screenshot af AVG rapport).

Hej    

Lad os tjekke ->

Hent Combofix, og gem den på dit skrivebord:
ComboFix

Luk alle andre vinduer ned.

Kør så combofix.exe, og følg anvisningerne.

Når du får denne besked:
http://img.photobucket.com/albums/v666/sUBs/RC_update.png

Svarer du enten Ja eller Nej. Det er tilrådeligt at du siger Ja. Uanset hvad du svarer, har det ingen indflydelse på combofix scanningen.

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix txt

Indholdet af denne fil må du gerne lægge herind

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

NB. Før du sender logfilerne, beder vi dig om at fjerne enhvert P2P/fildelings program, hvis du har nogen, og dette inkluderer Torrent software, før vi renser computeren.

Glemte at sige at jeg bruger VISTA 64-bit

Ok. Så bliver det hjælp til selvhjælp    

Opret en ny mappe på skrivebordet, og kald den SWF

Hent og kør Ccleaner: Herfra

Deaktiver dit antivirus-program kør en online scanning med ESET Online Scanner:
Her
Acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control har indlæst, vil det tage et par minutter for scanneren til at blive klar.
Dernæst skal du sætte flueben i følgende felter:
Remove found threats
Scan unwanted applications

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.
(hvis ikke, skal du gå til C: \ Programmer \ EsetOnlineScanner \ og åbne filen Log.txt).

Gem loggen i SWF mappen

Genstart computeren.

Hent Malwarebytes Anti-Malware: Herfra
Installer programmet - når det er gjort skal du lade programmet opdatere sig, tryk på Opdater fanen.
Herefter trykker du på Skanner fanen, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den i SWF mappen. Hvis Malwarebyte vil genstarte for at fuldføre rensningen, så lad den genstarte.

Hent og installer denne scanner:
SUPERAntiSpyware
Start superantispyware, klik på Check for updates.
Klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.
Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.
Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
———————————————————-
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, og gem den i SWF mappen.

Lad os høre hvordan tingene kører nu ?  Hvis problemet er løst skal vi ikke se nogen log filer.

ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2e9d463ad6d3ca4baf62311a98510e02
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-09-01 11:04:46
# local_time=2010-09-02 01:04:46 (+0100, Romance Daylight Time)
# country=“Denmark”
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 10360746 10360746 0 0
# compatibility_mode=1024 16777215 100 0 26055811 26055811 0 0
# compatibility_mode=5892 16776574 100 56 26175307 120900425 0 0
# compatibility_mode=8192 67108863 100 0 10587611 10587611 0 0
# scanned=280981
# found=1
# cleaned=1
# scan_time=5766
C:\Windows\$NtUninstallMTF1011$\mmx.dll   a variant of Win32/Adware.Lifze.N application (cleaned by deleting (after the next restart) - quarantined)  274947C53F16753C98396AB83FE2F1FA   C

Malwarebytes

Malwarebytes’ Anti-Malware 1.36
Database version: 1945
Windows 6.0.6002 Service Pack 2

02-09-2010 10:16:53
mbam-log-2010-09-02 (10-16-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 386464
Time elapsed: 1 hour(s), 12 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2010 at 12:19 PM

Application Version : 4.0.1154

Core Rules Database Version : 5444
Trace Rules Database Version: 3256

Scan type     : Complete Scan
Total Scan Time : 01:28:27

Memory items scanned     : 388
Memory threats detected   : 0
Registry items scanned   : 7120
Registry threats detected : 0
File items scanned     : 49591
File threats detected   : 20

Adware.Tracking Cookie
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@eas8.emediate[2].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@doubleclick[2].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@specificclick[1].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@adviva[1].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@track.adform[1].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@atdmt[1].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@ad.yieldmanager[1].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@adtech[1].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@content.yieldmanager[2].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@content.yieldmanager[3].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@doubleclick[1].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@ehg-eset.hitbox[2].txt
  C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Cookies\leif@tradedoubler[2].txt
  C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Cookies\tina@doubleclick[1].txt

Adware.Casino Games (Golden Palace Casino)
  C:\POKER\POKER AT BET365\CASINO.EXE
  C:\PROGRAM FILES\SUNPOKER\CASINO.EXE
  C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\POKER AT BET365\POKER AT BET365.LNK
  C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUNPOKER\SUNPOKER.LNK
  C:\USERS\PUBLIC\DESKTOP\POKER, SUNPOKER.LNK
  C:\USERS\PUBLIC\DESKTOP\POKER, BET365.LNK

Fejlmeddelelsen kommer stadigvæk ved start; men fanerne i browseren fungerer normalt nu (efter superantispyware).

Der var nogle ekstra opdateringer efter jeg havde kørt superantispyware, så jeg ved ikke om jeg skal køre den igen.

ESET ville ikke opdatere, skrev noget med firewall; men jeg fik den nyeste version alligevel.

Den sidste linie i ESET-rapporten er vist samme type som fejlmeddelelsen vedrører; de er dog ikke identiske.

ESET:
C:\Windows\$NtUninstallMTF1011$\mmx.dll   a variant of Win32/Adware.Lifze.N application (cleaned by deleting (after the next restart) - quarantined)  274947C53F16753C98396AB83FE2F1FA   C

Næh, det er ikke helt den samme. Men det er en ommer med malwarebyte, for du har ikke opdateret inden du kørte scanningen. Så opdater den, kør så en komplet scan.

Send så den nye log herind, sammen med DDS logfiler ->

Vi er nødt til at se hvad der kører på systemet ->

Hent DDS og gem programmet på dit Skrivebord:
Her
Dobbeltklik på DDS.scr og tillad programmet at køre.
Når programmet er færdig vil det åbne to logs/tekst-filer.
Gem begge filer på dit Skrivebord og kopier indholdet af txt filerne herind i dit næste indlæg.

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Før du sender logfilerne, beder vi dig om at fjerne enhvert P2P/fildelings program, hvis du har nogen, og dette inkluderer Torrent software, før vi renser computeren.

MalwareByte

Malwarebytes’ Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4529

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

02-09-2010 16:40:12
mbam-log-2010-09-02 (16-40-12).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 421837
Time elapsed: 1 hour(s), 31 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

DDS

DDS (Ver_10-03-17.01) - NTFSX64
Run by Leif at 16:48:07,46 on 02-09-2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.45.1033.18.4092.2449 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\splwow64.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Leif\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_dk&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_dk&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_dk&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
mRun: [DVDAgent] “c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe”
mRun: [TSMAgent] “c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe”
mRun: [CLMLServer for HP TouchSmart] “c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe”
mRun: [TVAgent] “c:\program files (x86)\hewlett-packard\media\tv\TVAgent.exe”
mRun: [UCam_Menu] “c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe” “c:\program files (x86)\hewlett-packard\media\webcam” update “software\hewlett-packard\media\Webcam”
mRun: [UpdateLBPShortCut] “c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe” “c:\program files (x86)\cyberlink\labelprint” updatewithcreateonce “software\cyberlink\labelprint\2.5”
mRun: [UpdatePSTShortCut] “c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe” “c:\program files (x86)\cyberlink\dvd suite” updatewithcreateonce “software\cyberlink\PowerStarter”
mRun: [DpAgent] c:\program files (x86)\digitalpersona\bin\dpagent.exe
mRun: [QlbCtrl.exe] “c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe” /Start
mRun: [UpdateP2GoShortCut] “c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe” “c:\program files (x86)\cyberlink\power2go” updatewithcreateonce “software\cyberlink\power2go\6.0”
mRun: [UpdatePDIRShortCut] “c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe” “c:\program files (x86)\cyberlink\powerdirector” updatewithcreateonce “software\cyberlink\powerdirector\7.0”
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] “c:\program files (x86)\quicktime\QTTask.exe” -atboottime
mRun: [WinampAgent] “c:\program files (x86)\winamp\winampa.exe”
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [Nikon Transfer Monitor] c:\program files (x86)\common files\nikon\monitor\NkMonitor.exe
mRun: [DivXUpdate] “c:\program files (x86)\divx\divx update\DivXUpdate.exe” /CHECKNOW
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter; til Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: E&xport; to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth; Device… - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth; Device… - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - “c:\program files (x86)\common files\lightscribe\LSRunOnce.exe”
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64:    WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\x64\3\e_fatiade.exe /f “c:\windows\temp\E_S4645.tmp” /EF “HKLM”
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun-x64: [CanonSolutionMenu] “c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe” /logon
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE-X64: {00000000-0000-0000-0000-000000000000} - c:\microgaming\poker\unibetpokermpp\MPPoker.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\leif\appdata\roaming\mozilla\firefox\profiles\xu1ev5oc.default\
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

——FIREFOX POLICIES——
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabled”, true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”,  1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.debug”,        false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”,    2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”,    1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”,  25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”,    5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref(“html5.enable”, false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref(“security.ssl3.rsa_seed_sha”, true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-8-10 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-8-10 35536]
R1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-8-10 317520]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2008-9-26 27632]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_58be29c0\AESTSr64.exe [2009-3-2 89600]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-17 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 27648]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 30520]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\postgresql\8.3\bin\pg_ctl.exe [2009-3-13 65536]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2008-10-27 365952]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-9-25 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-9-25 116096]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-9-16 719152]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\drivers\AVerAF15.sys [2009-1-22 306560]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-27 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 64000]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-8-7 143360]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-8-21 84512]
R3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101a.sys [2008-9-16 49968]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\SASDIFSV.SYS [2008-2-29 12872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;“c:\program files (x86)\norton internet security\engine\16.0.0.125\ccsvchst.exe” /s “norton internet security” /m “c:\program files (x86)\norton internet security\engine\16.0.0.125\dimaster.dll” /prefetch:1—> c:\program files (x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-21 3154432]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 108296]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 19720]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 144648]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 126216]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 123656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-12 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe “%1” %*

=============== Created Last 30 ================

2010-09-02 08:46:18   0   d——-w-  c:\program files (x86)\SUPERAntiSpyware
2010-09-02 08:45:28   0   d——-w-  c:\program files (x86)\common files\Wise Installation Wizard
2010-08-20 17:17:41   0   d——-w-  c:\users\leif\appdata\roaming\HEM Data
2010-08-19 08:08:37   3125812   ——a-w-  c:\windows\syswow64\PerfStringBackup.INI
2010-08-10 09:05:21   0   d—h—w-  c:\programdata\CanonIJEGV
2010-08-09 23:26:32   0   d——-w-  c:\program files\common files\CANON
2010-08-09 23:23:41   0   d——-w-  c:\program files\Canon
2010-08-09 23:22:18   0   d—h—w-  c:\programdata\CanonBJ
2010-08-09 23:21:18   92672   ——a-w-  c:\windows\system32\CNC550I.dll
2010-08-09 23:21:18   328192   ——a-w-  c:\windows\system32\CNC550L.dll
2010-08-09 23:21:18   303104   ——a-w-  c:\windows\syswow64\CNC550L.dll
2010-08-09 23:21:18   17920   ——a-w-  c:\windows\system32\CNHMCA6.dll
2010-08-09 23:21:18   15872   ——a-w-  c:\windows\syswow64\CNHMCA.dll
2010-08-09 23:21:18   1321984   ——a-w-  c:\windows\system32\CNC550C.dll
2010-08-09 23:21:18   12800   ——a-w-  c:\windows\syswow64\CNC173DD.TBL
2010-08-09 23:21:18   12800   ——a-w-  c:\windows\system32\CNC173DD.TBL
2010-08-09 23:21:18   106496   ——a-w-  c:\windows\syswow64\CNC550U.dll
2010-08-09 23:19:47   336896   ——a-w-  c:\windows\system32\CNMLM9Z.DLL
2010-08-09 23:19:41   104960   ——a-w-  c:\windows\system32\CNC550O.dll
2010-08-09 23:19:36   244736   ——a-w-  c:\windows\system32\CNMIU9Z.DLL
2010-08-09 23:19:23   0   d—h—w-  c:\program files\CanonBJ
2010-08-09 23:17:10   0   d——-w-  c:\program files (x86)\Canon
2010-08-09 22:15:41   0   d——-w-  c:\programdata\EPSON
2010-08-03 17:48:26   0   d——-w-  c:\program files\DivX
2010-08-03 17:45:50   0   d——-w-  c:\programdata\DivX

==================== Find3M ====================

2010-09-02 14:42:44   343802   ——a-w-  c:\programdata\nvModes.dat
2010-09-02 08:35:43   90414   ——a-w-  c:\windows\system32\perfc006.dat
2010-09-02 08:35:43   89710   ——a-w-  c:\windows\system32\perfc00B.dat
2010-09-02 08:35:43   84524   ——a-w-  c:\windows\system32\perfc014.dat
2010-09-02 08:35:43   607994   ——a-w-  c:\windows\system32\perfh01D.dat
2010-09-02 08:35:43   483898   ——a-w-  c:\windows\system32\perfh006.dat
2010-09-02 08:35:43   462766   ——a-w-  c:\windows\system32\perfh014.dat
2010-09-02 08:35:43   445686   ——a-w-  c:\windows\system32\perfh00B.dat
2010-09-02 08:35:43   125488   ——a-w-  c:\windows\system32\perfc01D.dat
2010-08-19 10:29:49   0   ——a-w-  c:\users\leif\temp.dat
2010-08-09 23:21:51   51200   ——a-w-  c:\windows\inf\infpub.dat
2010-08-09 23:21:51   143360   ——a-w-  c:\windows\inf\infstrng.dat
2010-08-09 23:21:48   86016   ——a-w-  c:\windows\inf\infstor.dat
2010-07-26 15:51:48   11584512   ——a-w-  c:\windows\syswow64\shell32.dll
2010-07-17 17:19:00   0   —-ha-w-  c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-07-17 17:18:47   0   —-ha-w-  c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-17 07:40:27   317520   ——a-w-  c:\windows\system32\drivers\avgtdia.sys
2010-07-17 07:40:26   13048   ——a-w-  c:\windows\system32\avgrssta.dll
2010-07-17 07:40:17   269904   ——a-w-  c:\windows\system32\drivers\avgldx64.sys
2010-07-16 13:04:14   19256   ——a-w-  c:\windows\system32\HPMDPCoInst11.dll
2010-07-16 13:04:04   30008   ——a-w-  c:\windows\system32\drivers\hpdskflt.sys
2010-07-16 13:03:58   30520   ——a-w-  c:\windows\system32\hpservice.exe
2010-07-16 13:03:54   20792   ——a-w-  c:\windows\system32\accelerometerdll.DLL
2010-07-16 13:03:48   43320   ——a-w-  c:\windows\system32\drivers\Accelerometer.sys
2010-07-01 08:50:28   20   —-h—w-  c:\programdata\PKP_DLdu.DAT
2010-07-01 08:22:14   106496   ——a-w-  c:\windows\syswow64\ATL71.DLL
2010-06-26 06:30:12   1147904   ——a-w-  c:\windows\system32\wininet.dll
2010-06-26 06:25:54   77312   ——a-w-  c:\windows\system32\iesetup.dll
2010-06-26 06:25:54   132096   ——a-w-  c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49   916480   ——a-w-  c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41   1210368   ——a-w-  c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40   206848   ——a-w-  c:\windows\syswow64\occache.dll
2010-06-26 06:03:22   611840   ——a-w-  c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04   5951488   ——a-w-  c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02   599040   ——a-w-  c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02   55296   ——a-w-  c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31   25600   ——a-w-  c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15   71680   ——a-w-  c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15   1986560   ——a-w-  c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15   164352   ——a-w-  c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15   109056   ——a-w-  c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14   55808   ——a-w-  c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14   184320   ——a-w-  c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14   11077120   ——a-w-  c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09   387584   ——a-w-  c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47   162816   ——a-w-  c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02   133632   ——a-w-  c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51   173056   ——a-w-  c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17   13312   ——a-w-  c:\windows\syswow64\msfeedssync.exe
2010-06-21 14:05:22   2752000   ——a-w-  c:\windows\system32\win32k.sys
2010-06-18 17:48:21   50688   ——a-w-  c:\windows\system32\rtutils.dll
2010-06-18 17:31:29   36864   ——a-w-  c:\windows\syswow64\rtutils.dll
2010-06-15 14:54:06   19256   ——a-w-  c:\windows\system32\HPMDPCoInst10.dll
2010-06-15 14:53:52   30520   ——a-w-  c:\windows\system32\SET667D.tmp
2010-06-15 14:53:48   19256   ——a-w-  c:\windows\system32\SET668F.tmp
2010-06-11 16:39:28   343040   ——a-w-  c:\windows\system32\schannel.dll
2010-06-11 16:38:10   1869824   ——a-w-  c:\windows\system32\msxml3.dll
2010-06-11 16:16:20   274944   ——a-w-  c:\windows\syswow64\schannel.dll
2010-06-11 16:15:06   1248768   ——a-w-  c:\windows\syswow64\msxml3.dll
2010-06-08 18:00:36   4697992   ——a-w-  c:\windows\system32\ntoskrnl.exe
2009-11-18 07:34:43   665600   ——a-w-  c:\windows\inf\drvindex.dat
2008-10-27 18:06:34   35978   ——a-w-  c:\windows\inf\perflib\041d\perfd.dat
2008-10-27 18:06:34   35978   ——a-w-  c:\windows\inf\perflib\041d\perfc.dat
2008-10-27 18:06:34   290490   ——a-w-  c:\windows\inf\perflib\041d\perfi.dat
2008-10-27 18:06:34   290490   ——a-w-  c:\windows\inf\perflib\041d\perfh.dat
2008-10-27 18:00:16   35166   ——a-w-  c:\windows\inf\perflib\0414\perfd.dat
2008-10-27 18:00:16   35166   ——a-w-  c:\windows\inf\perflib\0414\perfc.dat
2008-10-27 18:00:16   294254   ——a-w-  c:\windows\inf\perflib\0414\perfi.dat
2008-10-27 18:00:16   294254   ——a-w-  c:\windows\inf\perflib\0414\perfh.dat
2008-10-27 17:54:08   36790   ——a-w-  c:\windows\inf\perflib\040b\perfd.dat
2008-10-27 17:54:08   36790   ——a-w-  c:\windows\inf\perflib\040b\perfc.dat
2008-10-27 17:54:08   274158   ——a-w-  c:\windows\inf\perflib\040b\perfi.dat
2008-10-27 17:54:08   274158   ——a-w-  c:\windows\inf\perflib\040b\perfh.dat
2008-10-27 17:48:20   36364   ——a-w-  c:\windows\inf\perflib\0406\perfd.dat
2008-10-27 17:48:20   36364   ——a-w-  c:\windows\inf\perflib\0406\perfc.dat
2008-10-27 17:48:20   300302   ——a-w-  c:\windows\inf\perflib\0406\perfi.dat
2008-10-27 17:48:20   300302   ——a-w-  c:\windows\inf\perflib\0406\perfh.dat
2008-01-21 03:21:59   174   —sha-w-  c:\program files\desktop.ini
2008-01-21 03:21:59   174   —sha-w-  c:\program files (x86)\desktop.ini
2006-11-02 15:14:56   30674   ——a-w-  c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56   30674   ——a-w-  c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56   287440   ——a-w-  c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56   287440   ——a-w-  c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12   287440   ——a-w-  c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12   287440   ——a-w-  c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10   30674   ——a-w-  c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10   30674   ——a-w-  c:\windows\inf\perflib\0000\perfc.dat
2010-03-16 13:17:48   16384   —sha-w-  c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-16 13:17:48   16384   —sha-w-  c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-16 13:17:48   32768   —sha-w-  c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-06-04 01:02:50   16384   —sha-w-  c:\windows\syswow64\%appdata%\microsoft\windows\ietldcache\index.dat
2008-10-27 18:43:10   8192   —sha-w-  c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:49:48,57 ===============

DDS - Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 22-01-2009 10:36:56
System Uptime: 09-02-2010 16:41:52 (4920 hours ago)

Motherboard: Quanta |  | 361B
Processor: Intel(R) Core(TM)2 Duo CPU   P7450 @ 2.13GHz | CPU | 2133/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 285 GiB total, 91,876 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2,021 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1067: 02-09-2010 10:04:25 - Scheduled Checkpoint
RP1068: 02-09-2010 10:34:11 - Language Pack Removal
RP1069: 02-09-2010 10:46:02 - Installed SUPERAntiSpyware Free Edition
RP1070: 02-09-2010 13:12:23 - Language Pack Removal

==== Installed Programs ======================

Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AOL Toolbar 5.0
Apple Software Update
AVerMedia A309 (MiniCard, DVB-T) 1.0.64.45
AVG Free 9.0
Betsafe Poker
Camtasia Studio 6
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP550 series Brugerregistrering
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
Digital Signatur
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
EndNote X3
ESET Online Scanner v3
ESU for Microsoft Vista
Eurobet Poker
File Uploader
FLV Player 2.0 (build 25)
Fortune Poker
HijackThis 2.0.2
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 H2
HP Update
HP User Guides 0115
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java(TM) 6 Update 15
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller
Junk Mail filter update
LabelPrint
Leak Buster
LightScribe System Software 1.14.17.1
Lizard Safeguard - PDF Viewer 2.5.121
Malwarebytes’ Anti-Malware
MansionPoker
Mermaid Poker
Microsoft Choice Guard
Microsoft Office Live Add-in 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6)
MP3 Skype Recorder
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Nikon Message Center
Nikon Transfer
PartyPoker
PhotoNow!
Poker at bet365
PokerStove version 1.23
PostgreSQL 8.3
Power2Go
PowerDirector
QuickTime
Rainlendar2 (remove only)
Realtek 8169 8168 8101E 8102E Ethernet Driver
ResearchSoft Direct Export Helper
Scandic Bookmakers Poker
SecureW2 EAP Suite 1.0.6 for Windows
Skype web features
Skype™ 4.1
SPORE Creature Creator Trial Edition
SunPoker
SUPERAntiSpyware Free Edition
TableScan Turbo v0.50c (BETA)
TeamViewer 5
Unibet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 8.0 Runtime Setup Package (x64)
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin

==== Event Viewer Messages From Past Week ========

31-08-2010 20:05:52, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.34 for the Network Card with network address 00238B68B4C8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
31-08-2010 19:54:49, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 10.10.2.58 for the Network Card with network address 00216B5F5146 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
31-08-2010 12:49:58, Error: Service Control Manager [7034]  - The AVG Free E-mail Scanner service terminated unexpectedly.  It has done this 1 time(s).
31-08-2010 12:49:55, Error: Service Control Manager [7034]  - The TV Task Scheduler (TVTS) service terminated unexpectedly.  It has done this 1 time(s).
31-08-2010 12:27:34, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.33 for the Network Card with network address 00216B5F5146 has been denied by the DHCP server 10.10.1.4 (The DHCP Server sent a DHCPNACK message).
29-08-2010 22:16:03, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.34 for the Network Card with network address 00216B5F5146 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
28-08-2010 17:52:49, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 10.10.2.18 for the Network Card with network address 00216B5F5146 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
02-09-2010 16:44:12, Error: Service Control Manager [7000]  - The SASKUTIL service failed to start due to the following error:  The system cannot find the path specified.
02-09-2010 16:43:26, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASDIFSV SASKUTIL SRTSP SRTSPX
02-09-2010 16:43:26, Error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  This driver has been blocked from loading
02-09-2010 16:43:26, Error: Service Control Manager [7000]  - The Norton Internet Security service failed to start due to the following error:  The system cannot find the path specified.
02-09-2010 16:42:57, Error: Application Popup [1060]  - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
02-09-2010 13:13:06, Error: Microsoft-Windows-LanguagePackSetup [1003]  - CBS error 0x800f0825 reported while operating on UI Language Pack for sv-SE
02-09-2010 13:13:05, Error: Microsoft-Windows-LanguagePackSetup [1003]  - CBS error 0x800f0825 reported while operating on UI Language Pack for nb-NO
02-09-2010 13:13:02, Error: Microsoft-Windows-LanguagePackSetup [1003]  - CBS error 0x800f0825 reported while operating on UI Language Pack for fi-FI
02-09-2010 13:12:58, Error: Microsoft-Windows-LanguagePackSetup [1003]  - CBS error 0x800f0825 reported while operating on UI Language Pack for da-DK
02-09-2010 12:27:20, Error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  The system cannot find the path specified.
02-09-2010 12:25:31, Error: Service Control Manager [7000]  - The SASENUM service failed to start due to the following error:  The system cannot find the path specified.
02-09-2010 08:50:58, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
02-09-2010 08:50:12, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort0.
02-09-2010 07:51:47, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.33 for the Network Card with network address 00216B5F5146 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
01-09-2010 22:42:11, Error: Application Popup [1060]  - \??\C:\Users\Leif\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.S has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
01-09-2010 22:42:10, Error: Application Popup [1060]  - \??\C:\Users\Leif\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.s has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
01-09-2010 11:51:26, Error: Service Control Manager [7000]  - The Com4QLBEx service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
01-09-2010 11:51:26, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error “1053” attempting to start the service Com4QLBEx with arguments “” in order to run the server: {DB536E5D-10F7-4B34-B443-140161048E2E}
01-09-2010 11:51:23, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Com4QLBEx service to connect.
01-09-2010 10:39:36, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.33 for the Network Card with network address 00216B5F5146 has been denied by the DHCP server 130.226.142.82 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Nu lader det til at begge probler er løst

Fint    

Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.
Find og upload denne fil hos Virustotal:
c:\windows\system32\CNMIU9Z.DLL

http://www.virustotal.com/

Kopier resultatet herind i dit næste svar.

Vejledning ->
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=143&PN=1&TPN=1

Jeg har gjort hvad du skrev, og jeg kan se filen på egen computer via stifinder.

Men når jeg søger via virustotal “browse” er filen der ikke (som om dine foreslåede ændringer ikke er slået igennem når jeg bruger stifinder via hjemmesiden).

Filen lader dog til at være en “driver extension” til min nye printer.

Har vedhæftet “file details” som screenshot.

Ahh ok, så lader vi den være. Og computeren kører godt nok   ?

Den kører perfekt, problemerne er løst: tusind tak for hjælpen

Jeg lukker så her. Du er altid velkommen igen.

NB! Jeg sender din tak videre til Magic