Hent Ccleaner her:
http://www.piriform.com/ccleaner/download
Installer Ccleaner, husk at fjerne uønskede flueben.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.

Jeg bruger Ccleaner ret ofte. Har lige kørt, renset og checket for issues, men der er ingen.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind, sammen med loggen fra Malwarebytes.
Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

Skal jeg kopiere inholdet af de 2 logfiler, eller attache filerne?
Ser ikke ud til, at der er mulighed for det…Sikkerhed?

Kopier det, tak.

ComboFix 11-11-20.02 - Jerzy 21-11-2011 12:30:36.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1483 [GMT 1:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: c:\combofix\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
h:\documents and settings\Jerzy\WINDOWS
h:\windows\bwUnin-6.1.4.36-8876480L.exe
.
.
(((((((((((((((((((((((((  Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-20 22:35 . 2011-08-31 16:00   22216   ——a-w-  h:\windows\system32\drivers\mbam.sys
2011-11-20 22:35 . 2011-11-20 22:35   ————  d——-w-  h:\program files\Malwarebytes’ Anti-Malware
2011-11-03 12:42 . 2008-04-13 23:26   30592   -c—a-w-  h:\windows\system32\dllcache\rndismpx.sys
2011-11-03 12:42 . 2008-04-13 23:26   30592   ——a-w-  h:\windows\system32\drivers\rndismpx.sys
2011-11-03 12:42 . 2008-04-13 23:26   12800   -c—a-w-  h:\windows\system32\dllcache\usb8023x.sys
2011-11-03 12:42 . 2008-04-13 23:26   12800   ——a-w-  h:\windows\system32\drivers\usb8023x.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 08:49 . 2011-05-14 10:25   414368   ——a-w-  h:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 10:34 . 2011-01-29 15:19   40296   ——a-w-  h:\windows\system32\drivers\oahlp32.sys
2011-11-01 10:34 . 2009-11-16 23:37   29464   ——a-w-  h:\windows\system32\drivers\OAnet.sys
2011-11-01 10:34 . 2009-11-16 23:37   25192   ——a-w-  h:\windows\system32\drivers\OAmon.sys
2011-11-01 10:34 . 2009-11-16 23:37   205864   ——a-w-  h:\windows\system32\drivers\OADriver.sys
2011-10-20 10:10 . 2011-10-20 10:10   1700352   ——a-w-  h:\windows\system32\gdiplus.dll
2011-10-10 14:22 . 2009-11-16 20:41   692736   ——a-w-  h:\windows\system32\inetcomm.dll
2011-10-07 16:48 . 2011-10-07 16:48   97760   ——a-w-  h:\windows\system32\drivers\inspect.sys
2011-10-07 16:48 . 2011-10-07 16:48   492768   ——a-w-  h:\windows\system32\drivers\cmdGuard.sys
2011-10-07 16:48 . 2011-10-07 16:48   31704   ——a-w-  h:\windows\system32\drivers\cmdhlp.sys
2011-10-07 16:48 . 2011-10-07 16:48   18056   ——a-w-  h:\windows\system32\drivers\cmderd.sys
2011-10-07 16:47 . 2011-10-07 16:47   33984   ——a-w-  h:\windows\system32\cmdcsr.dll
2011-10-07 16:47 . 2011-10-07 16:47   300200   ——a-w-  h:\windows\system32\guard32.dll
2011-09-28 07:06 . 2008-04-14 12:00   599040   ——a-w-  h:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59   611328   ——a-w-  h:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00   220160   ——a-w-  h:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2008-04-14 12:00   20480   ——a-w-  h:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2008-04-14 12:00   1858944   ——a-w-  h:\windows\system32\win32k.sys
2011-11-09 19:11 . 2011-03-24 09:42   134104   ——a-w-  h:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “h:\program files\Winamp Toolbar\winamptb.dll” [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SUPERAntiSpyware”=“h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2011-11-13 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“@OnlineArmor GUI”=“h:\program files\Tall Emu\Online Armor\OAui.exe” [2011-11-01 2531104]
“SofonicaFolderSoldier”=“h:\windows\system32\FL\SofonicaFolderSoldier.exe” [2010-01-23 2342912]
“COMODO Internet Security”=“h:\program files\COMODO\COMODO Internet Security\cfp.exe” [2011-10-20 2497352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“h:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{4F07DA45-8170-4859-9B5F-037EF2970034}”= “h:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll” [2011-11-01 358840]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “h:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ——a-w-  h:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29   64592   ——a-w-  h:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=h:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=”“
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“h:\\Program Files\\Skype\\Phone\\Skype.exe”=
“h:\\Documents and Settings\\Jerzy\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe”=
.
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;h:\windows\system32\drivers\SI3112r.sys [29-08-2007 03:04 116264]
R1 cmderd;COMODO Internet Security Eradication Driver;h:\windows\system32\drivers\cmderd.sys [07-10-2011 17:48 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;h:\windows\system32\drivers\cmdGuard.sys [07-10-2011 17:48 492768]
R1 OADevice;OADriver;h:\windows\system32\drivers\OADriver.sys [17-11-2009 00:37 205864]
R1 oahlpXX;Online Armor helper driver;h:\windows\system32\drivers\oahlp32.sys [29-01-2011 16:19 40296]
R1 OAmon;OAmon;h:\windows\system32\drivers\OAmon.sys [17-11-2009 00:37 25192]
R1 OAnet;OAnet;h:\windows\system32\drivers\OAnet.sys [17-11-2009 00:37 29464]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [22-07-2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12-07-2011 22:55 67664]
R2 !SASCORE;SAS Core Service;h:\program files\SUPERAntiSpyware\SASCore.exe [12-08-2011 00:38 116608]
R2 CLPSLS;COMODO livePCsupport Service;h:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [26-05-2011 04:43 154424]
R2 LBeepKE;Logitech Beep Suppression Driver;h:\windows\system32\drivers\LBeepKE.sys [20-11-2009 18:00 10448]
R2 OAcat;Online Armor Helper Service;h:\program files\Tall Emu\Online Armor\oacat.exe [17-11-2009 00:37 207936]
R2 SvcOnlineArmor;Online Armor;h:\program files\Tall Emu\Online Armor\oasrv.exe [17-11-2009 00:37 4363040]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;h:\windows\system32\dllhost.exe [14-04-2008 13:00 5120]
R3 SymSnapService;SymSnapService;h:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20-12-2007 17:13 1562096]
S2 AviraUpgradeService;Avira Upgrade Service;“h:\windows\TEMP\AVSETUP_4e9ed515\avupgsvc.exe” /TEMPSTART:”“h:\windows\TEMP\AVSETUP_4e9ed515\setup.exe” /NOTEMPCLEANUP /CROSSUPGRADE”—> h:\windows\TEMP\AVSETUP_4e9ed515\avupgsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [18-11-2009 21:31 135664]
S3 gupdatem;Google Update Tjeneste (gupdatem);h:\program files\Google\Update\GoogleUpdate.exe [18-11-2009 21:31 135664]
S3 HTCAND32;HTC Device Driver;h:\windows\system32\drivers\ANDROIDUSB.sys [07-04-2011 21:12 24576]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);h:\windows\system32\drivers\WsAudio_DeviceS(1).sys [20-02-2010 06:41 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);h:\windows\system32\drivers\WsAudio_DeviceS(2).sys [20-02-2010 06:41 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);h:\windows\system32\drivers\WsAudio_DeviceS(3).sys [20-02-2010 06:42 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);h:\windows\system32\drivers\WsAudio_DeviceS(4).sys [20-02-2010 06:42 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);h:\windows\system32\drivers\WsAudio_DeviceS(5).sys [20-02-2010 06:43 25704]
.
Contents of the ‘Scheduled Tasks’ folder
.
2011-08-31 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-04-12 h:\windows\Tasks\expressburnShakeIcon.job
- h:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-07-27 17:23]
.
2011-11-20 h:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1606980848-507921405-1177238915-1004Core.job
- h:\documents and settings\Jerzy\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-29 12:18]
.
2011-11-21 h:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1606980848-507921405-1177238915-1004UA.job
- h:\documents and settings\Jerzy\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-29 12:18]
.
2011-11-21 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 20:31]
.
2011-11-21 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 20:31]
.
2011-11-20 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-507921405-1177238915-1004Core.job
- h:\documents and settings\Jerzy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-07 14:12]
.
2011-11-21 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-507921405-1177238915-1004UA.job
- h:\documents and settings\Jerzy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-07 14:12]
.
.
———- Supplementary Scan———-
.
uStart Page = about:blank
IE: &Save; Image to Folder - h:\program files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html
IE: &Save; Image to MyStuff - h:\program files\AskBar\bar\bin\askBar.dll/saveimages.html
IE: &Save; Link to Folder - h:\program files\AskBar\bar\bin\askBar.dll/saveltof.html
IE: &Save; Link to MyStuff - h:\program files\AskBar\bar\bin\askBar.dll/savelink.html
IE: &Save; Page to Folder… - h:\program files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
IE: &Save; this Page to MyStuff - h:\program files\AskBar\bar\bin\askBar.dll/savewebpage.html
IE: &Winamp; Search - h:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Evernote 4.0 - h:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver; - h:\windows\system32\GPhotos.scr/200
IE: E&ksporter; til Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport; to Microsoft Excel - h:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd; to OneNote - /105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://h:\program files\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll
DPF: {1D381386-B2F7-4A83-AE20-B9796A68397C} - hxxps://www.borgerblanketter.dk/bb/proXSign1.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.langtvedoghovedskou.dk/auth/controls/IlosoftImageUpload.dll
FF - ProfilePath - h:\documents and settings\Jerzy\Application Data\Mozilla\Firefox\Profiles\25owfq4p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query;=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=10168&locale=en_EU&apn_uid=3BFAD098-1BEE-4410-B63D-54181B495A0C&apn_ptnrs=GL&apn;_sauid=&apn_dtid=YYYYYYYYDK&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-21 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.

_____________________________________________________________________________________

Malwarebytes’ Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Database version: 8202

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21-11-2011 00:17:14
mbam-log-2011-11-21 (00-17-14).txt

Scan type: Full scan (C:\|D:\|E:\|H:\|I:\|)
Objects scanned: 231986
Time elapsed: 39 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Skal jeg gøre mere?

Ikke umiddelbart, hvordan kører maskinen?

Som før. Selv en post til jer inholdende mere end 100 tegn tager flere minutter. Jeg kan fx ikke genoptrykke annoncer på dba.dk der timeout’er, eller bare går i stå. Min mistanke er Avira, som jeg har skiftet ud med Comodo Antivirus fordi Avira ville have mig til at installere Ask som defult søgemaskine. Det har jeg så nægtet og skiftede til Comodo.
En anden mistanke er - selv om ikke er sikker på, at det er noget om snakken - mit netværk etableret til en notebook, som blev stjålet i Italien. Jeg kan naturligvis slette opkoblingen og tror ikke meget på at en envejs netværk i tomgang kan sløve forbindelsen. Bare en tanke. Nogle ideer?

Post til os, skal du ikke regne med, vi har haft kæmpeproblemer med forum, der først er blevet løst her til aften.

Der ligger en Service fra Avira, lad os prøve at pille den ud.

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
h:\windows\TEMP\AVSETUP_4e9ed515
Driver::
AviraUpgradeService

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

Her er logfilen. Der er ingen ændring i maskinens opførsel:

ComboFix 11-11-20.02 - Jerzy 24-11-2011 16:34:25.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1545 [GMT 1:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: c:\combofix\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
———-\Legacy_AVIRAUPGRADESERVICE
———-\Service_AviraUpgradeService
.
.
(((((((((((((((((((((((((  Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-20 22:35 . 2011-08-31 16:00   22216   ——a-w-  h:\windows\system32\drivers\mbam.sys
2011-11-20 22:35 . 2011-11-20 22:35   ————  d——-w-  h:\program files\Malwarebytes’ Anti-Malware
2011-11-03 12:42 . 2008-04-13 23:26   30592   -c—a-w-  h:\windows\system32\dllcache\rndismpx.sys
2011-11-03 12:42 . 2008-04-13 23:26   30592   ——a-w-  h:\windows\system32\drivers\rndismpx.sys
2011-11-03 12:42 . 2008-04-13 23:26   12800   -c—a-w-  h:\windows\system32\dllcache\usb8023x.sys
2011-11-03 12:42 . 2008-04-13 23:26   12800   ——a-w-  h:\windows\system32\drivers\usb8023x.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 08:49 . 2011-05-14 10:25   414368   ——a-w-  h:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 10:34 . 2011-01-29 15:19   40296   ——a-w-  h:\windows\system32\drivers\oahlp32.sys
2011-11-01 10:34 . 2009-11-16 23:37   29464   ——a-w-  h:\windows\system32\drivers\OAnet.sys
2011-11-01 10:34 . 2009-11-16 23:37   25192   ——a-w-  h:\windows\system32\drivers\OAmon.sys
2011-11-01 10:34 . 2009-11-16 23:37   205864   ——a-w-  h:\windows\system32\drivers\OADriver.sys
2011-10-20 10:10 . 2011-10-20 10:10   1700352   ——a-w-  h:\windows\system32\gdiplus.dll
2011-10-10 14:22 . 2009-11-16 20:41   692736   ——a-w-  h:\windows\system32\inetcomm.dll
2011-10-07 16:48 . 2011-10-07 16:48   97760   ——a-w-  h:\windows\system32\drivers\inspect.sys
2011-10-07 16:48 . 2011-10-07 16:48   492768   ——a-w-  h:\windows\system32\drivers\cmdGuard.sys
2011-10-07 16:48 . 2011-10-07 16:48   31704   ——a-w-  h:\windows\system32\drivers\cmdhlp.sys
2011-10-07 16:48 . 2011-10-07 16:48   18056   ——a-w-  h:\windows\system32\drivers\cmderd.sys
2011-10-07 16:47 . 2011-10-07 16:47   33984   ——a-w-  h:\windows\system32\cmdcsr.dll
2011-10-07 16:47 . 2011-10-07 16:47   300200   ——a-w-  h:\windows\system32\guard32.dll
2011-09-28 07:06 . 2008-04-14 12:00   599040   ——a-w-  h:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59   611328   ——a-w-  h:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00   220160   ——a-w-  h:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2008-04-14 12:00   20480   ——a-w-  h:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2008-04-14 12:00   1858944   ——a-w-  h:\windows\system32\win32k.sys
2011-11-09 19:11 . 2011-03-24 09:42   134104   ——a-w-  h:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “h:\program files\Winamp Toolbar\winamptb.dll” [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SUPERAntiSpyware”=“h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2011-11-13 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“@OnlineArmor GUI”=“h:\program files\Tall Emu\Online Armor\OAui.exe” [2011-11-01 2531104]
“SofonicaFolderSoldier”=“h:\windows\system32\FL\SofonicaFolderSoldier.exe” [2010-01-23 2342912]
“COMODO Internet Security”=“h:\program files\COMODO\COMODO Internet Security\cfp.exe” [2011-10-20 2497352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“h:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{4F07DA45-8170-4859-9B5F-037EF2970034}”= “h:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll” [2011-11-01 358840]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “h:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ——a-w-  h:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29   64592   ——a-w-  h:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=h:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=”“
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“h:\\Program Files\\Skype\\Phone\\Skype.exe”=
“h:\\Documents and Settings\\Jerzy\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe”=
.
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;h:\windows\system32\drivers\SI3112r.sys [29-08-2007 03:04 116264]
R1 cmderd;COMODO Internet Security Eradication Driver;h:\windows\system32\drivers\cmderd.sys [07-10-2011 17:48 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;h:\windows\system32\drivers\cmdGuard.sys [07-10-2011 17:48 492768]
R1 OADevice;OADriver;h:\windows\system32\drivers\OADriver.sys [17-11-2009 00:37 205864]
R1 oahlpXX;Online Armor helper driver;h:\windows\system32\drivers\oahlp32.sys [29-01-2011 16:19 40296]
R1 OAmon;OAmon;h:\windows\system32\drivers\OAmon.sys [17-11-2009 00:37 25192]
R1 OAnet;OAnet;h:\windows\system32\drivers\OAnet.sys [17-11-2009 00:37 29464]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [22-07-2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12-07-2011 22:55 67664]
R2 !SASCORE;SAS Core Service;h:\program files\SUPERAntiSpyware\SASCore.exe [12-08-2011 00:38 116608]
R2 CLPSLS;COMODO livePCsupport Service;h:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [26-05-2011 04:43 154424]
R2 LBeepKE;Logitech Beep Suppression Driver;h:\windows\system32\drivers\LBeepKE.sys [20-11-2009 18:00 10448]
R2 OAcat;Online Armor Helper Service;h:\program files\Tall Emu\Online Armor\oacat.exe [17-11-2009 00:37 207936]
R2 SvcOnlineArmor;Online Armor;h:\program files\Tall Emu\Online Armor\oasrv.exe [17-11-2009 00:37 4363040]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;h:\windows\system32\dllhost.exe [14-04-2008 13:00 5120]
R3 SymSnapService;SymSnapService;h:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20-12-2007 17:13 1562096]
S2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [18-11-2009 21:31 135664]
S3 gupdatem;Google Update Tjeneste (gupdatem);h:\program files\Google\Update\GoogleUpdate.exe [18-11-2009 21:31 135664]
S3 HTCAND32;HTC Device Driver;h:\windows\system32\drivers\ANDROIDUSB.sys [07-04-2011 21:12 24576]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);h:\windows\system32\drivers\WsAudio_DeviceS(1).sys [20-02-2010 06:41 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);h:\windows\system32\drivers\WsAudio_DeviceS(2).sys [20-02-2010 06:41 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);h:\windows\system32\drivers\WsAudio_DeviceS(3).sys [20-02-2010 06:42 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);h:\windows\system32\drivers\WsAudio_DeviceS(4).sys [20-02-2010 06:42 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);h:\windows\system32\drivers\WsAudio_DeviceS(5).sys [20-02-2010 06:43 25704]
.
Contents of the ‘Scheduled Tasks’ folder
.
2011-08-31 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-04-12 h:\windows\Tasks\expressburnShakeIcon.job
- h:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-07-27 17:23]
.
2011-11-23 h:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1606980848-507921405-1177238915-1004Core.job
- h:\documents and settings\Jerzy\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-29 12:18]
.
2011-11-23 h:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1606980848-507921405-1177238915-1004UA.job
- h:\documents and settings\Jerzy\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-29 12:18]
.
2011-11-24 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 20:31]
.
2011-11-24 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 20:31]
.
2011-11-23 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-507921405-1177238915-1004Core.job
- h:\documents and settings\Jerzy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-07 14:12]
.
2011-11-24 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-507921405-1177238915-1004UA.job
- h:\documents and settings\Jerzy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-07 14:12]
.
.
———- Supplementary Scan———-
.
uStart Page = about:blank
IE: &Save; Image to Folder - h:\program files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html
IE: &Save; Image to MyStuff - h:\program files\AskBar\bar\bin\askBar.dll/saveimages.html
IE: &Save; Link to Folder - h:\program files\AskBar\bar\bin\askBar.dll/saveltof.html
IE: &Save; Link to MyStuff - h:\program files\AskBar\bar\bin\askBar.dll/savelink.html
IE: &Save; Page to Folder… - h:\program files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
IE: &Save; this Page to MyStuff - h:\program files\AskBar\bar\bin\askBar.dll/savewebpage.html
IE: &Winamp; Search - h:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Evernote 4.0 - h:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver; - h:\windows\system32\GPhotos.scr/200
IE: E&ksporter; til Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport; to Microsoft Excel - h:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd; to OneNote - /105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://h:\program files\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll
DPF: {1D381386-B2F7-4A83-AE20-B9796A68397C} - hxxps://www.borgerblanketter.dk/bb/proXSign1.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.langtvedoghovedskou.dk/auth/controls/IlosoftImageUpload.dll
FF - ProfilePath - h:\documents and settings\Jerzy\Application Data\Mozilla\Firefox\Profiles\25owfq4p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query;=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=10168&locale=en_EU&apn_uid=3BFAD098-1BEE-4410-B63D-54181B495A0C&apn_ptnrs=GL&apn;_sauid=&apn_dtid=YYYYYYYYDK&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 16:49
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
——————————- LOCKED REGISTRY KEYS——————————-
.
[HKEY_USERS\S-1-5-21-1606980848-507921405-1177238915-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
——————————- DLLs Loaded Under Running Processes——————————-
.
- - - - - - - > ‘winlogon.exe’(448)
h:\program files\SUPERAntiSpyware\SASWINLO.DLL
h:\windows\system32\WININET.dll
h:\windows\system32\Ati2evxx.dll
h:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > ‘lsass.exe’(504)
h:\windows\system32\guard32.dll
.
- - - - - - - > ‘explorer.exe’(3960)
h:\windows\system32\WININET.dll
h:\windows\system32\guard32.dll
h:\windows\system32\ieframe.dll
h:\windows\system32\webcheck.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > ‘csrss.exe’(416)
h:\windows\system32\cmdcsr.dll
.
————————————Other Running Processes————————————
.
h:\windows\system32\Ati2evxx.exe
h:\program files\Java\jre6\bin\jqs.exe
h:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
h:\program files\Norton Ghost\Agent\VProSvc.exe
h:\windows\system32\msdtc.exe
h:\program files\Tall Emu\Online Armor\OAhlp.exe
.
**************************************************************************
.
Completion time: 2011-11-24 16:56:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-24 15:56
ComboFix2.txt 2011-11-21 12:01
ComboFix3.txt 2010-07-21 08:41
.
Pre-Run: 23.792.984.064 bytes free
Post-Run: 23.687.471.104 bytes free
.
- - End Of File - - 70B37F73B02D596A0D84B19F053B4410

Prøv at deaktivere din Firewall, se om det ændrer noget.

Risikerer jeg ikke at få noget snavs indendøre?

Jo, men med lidt fornuft, burde det gå.

Det har jeg ikke prøvet før? Hvordan gør man det? Der er kun on og of muligheder?