Hej.

Den ser noget rodet ud den log      

Download CKScanner herfra: http://downloads.malwareremoval.com/CKScanner.exe

Vigtigt - Gem den på dit skrivebord.
Dobbeltklik på CKScanner.exe og klik på Search for files.
Efter kort tid, når markøren timeglas forsvinder klik på Gem til fil.

Dobbeltklik på CKFiles.txt ikonet på dit skrivebord og kopier indholdet i dit næste svar.

Vi er nødt til at se hvad der kører på systemet ->

Hent DDS og gem programmet på dit Skrivebord:
Her
Dobbeltklik på DDS.scr og tillad programmet at køre.
Når programmet er færdig vil det åbne to logs/tekst-filer.
Gem begge filer på dit Skrivebord og kopier indholdet af txt filerne herind i dit næste indlæg.

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Før du sender logfilerne, beder vi dig om at fjerne enhvert P2P/fildelings program, hvis du har nogen, og dette inkluderer Torrent software, før vi renser computeren.

Hej Magic

Tak for din hjælp

Her er ckscanner log:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\owner\desktop\internet business promoter-arelis v9.7.1 (ibp)wcrack\internet business promoter v9.7.1 multilingual incl keymaker-acme\acme.nfo
c:\documents and settings\owner\desktop\internet business promoter-arelis v9.7.1 (ibp)wcrack\internet business promoter v9.7.1 multilingual incl keymaker-acme\internet business promoter ibp-arelis v9.7.1.exe
c:\documents and settings\owner\desktop\internet business promoter-arelis v9.7.1 (ibp)wcrack\internet business promoter v9.7.1 multilingual incl keymaker-acme\keymaker\arelis-keygen.exe
c:\documents and settings\owner\desktop\internet business promoter-arelis v9.7.1 (ibp)wcrack\internet business promoter v9.7.1 multilingual incl keymaker-acme\keymaker\ibp-keygen.exe
c:\documents and settings\owner\desktop\internet business promoter-arelis v9.7.1 (ibp)wcrack\internet business promoter v9.7.1 multilingual incl keymaker-acme\promote your website\lynx install info.mht
c:\documents and settings\owner\desktop\internet business promoter-arelis v9.7.1 (ibp)wcrack\internet business promoter v9.7.1 multilingual incl keymaker-acme\promote your website\macintosh\lynxbar.xpi
c:\documents and settings\owner\desktop\internet business promoter-arelis v9.7.1 (ibp)wcrack\internet business promoter v9.7.1 multilingual incl keymaker-acme\promote your website\windows\lynxbar.exe
c:\documents and settings\owner\favorites\servers with cracked in name, playing call of duty 4   server   player search   game - monitor . com.url
c:\documents and settings\owner\favorites\unsorted bookmarks\download file keygen.rar - keygen for all adobe products. photoshop, premier, finereader e.t.c.url
c:\documents and settings\owner\my documents\my pictures\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cd4f.001
c:\documents and settings\owner\my documents\my pictures\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cd4f.sfv
c:\documents and settings\owner\my documents\my pictures\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cod4.nfo
c:\documents and settings\owner\my documents\my pictures\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cd4f\iw3sp.exe
c:\program files\electronic arts\battlefield bad company 2\crack\bfbc2game.exe
c:\program files\electronic arts\battlefield bad company 2\crack\jabberwocky.txt
c:\program files\electronic arts\battlefield bad company 2\crack\pitoni.txt
c:\program files\electronic arts\battlefield bad company 2\crack\rld.dll
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 hl2rcv.adobe.com
hosts 127.0.0.1           activate.adobe.com
hosts 127.0.0.1           practivate.adobe.com
hosts 127.0.0.1           ereg.adobe.com
hosts 127.0.0.1           activate.wip3.adobe.com
hosts 127.0.0.1           wip3.adobe.com
hosts 127.0.0.1           3dns-3.adobe.com
hosts 127.0.0.1           3dns-2.adobe.com
hosts 127.0.0.1           adobe-dns.adobe.com
hosts 127.0.0.1           adobe-dns-2.adobe.com
hosts 127.0.0.1           adobe-dns-3.adobe.com
hosts 127.0.0.1           ereg.wip3.adobe.com
hosts 127.0.0.1           activate-sea.adobe.com
hosts 127.0.0.1           wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1           activate-sjc0.adobe.com
hosts 127.0.0.1                     adobe.activate.com
hosts 127.0.0.1                     wwis-dubc1-vip60.adobe.com      
hosts 127.0.0.1                     hl2rcv.adobe.com
scanner sequence 3.ZZ.11.RLNAQT
——- EOF——-

Og her dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Owner at 8:13:02 on 2012-01-14
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.2047.626 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.igoogle.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {ad55c869-668e-457c-b270-0cfb2f61116f} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VoipBuster] “c:\program files\voipbuster.com\voipbuster\VoipBuster.exe” -nosplash -minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] “c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe”
uRun: [DAEMON Tools Lite] “c:\program files\daemon tools lite\DTLite.exe” -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HP Component Manager] “c:\program files\hp\hpcoretech\hpcmpmgr.exe”
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [StartCCC] “c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe” MSRun
mRun: [egui] “c:\program files\eset\eset smart security\egui.exe” /hide /waitservice
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [ATICustomerCare] “c:\program files\ati\aticustomercare\ATICustomerCare.exe”
mRun: [Adobe Reader Speed Launcher] “c:\program files\adobe\reader 9.0\reader\Reader_sl.exe”
mRun: [Adobe ARM] “c:\program files\common files\adobe\arm\1.0\AdobeARM.exe”
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSN Toolbar] “c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe”
mRun: [Microsoft Default Manager] “c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe” -resume
mRun: [APSDaemon] “c:\program files\common files\apple\apple application support\APSDaemon.exe”
mRun: [Ad-Aware Browsing Protection] “c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe”
mRun: [QuickTime Task] “c:\program files\quicktime\QTTask.exe” -atboottime
mRun: [MSIAfterburner] “c:\program files\msi afterburner\MSIAfterburner.exe” /s
mRun: [Malwarebytes’ Anti-Malware] “c:\program files\malwarebytes’ anti-malware\mbamgui.exe” /starttray
mRun: [<NO NAME>]
mRun: [RTHDCPL] RTHDCPL.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport; to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
TCP: DhcpNameServer = 62.94.0.1 62.94.0.2
TCP: Interfaces\{FB91BF8E-4383-4764-8CA4-FCA38827B246} : DhcpNameServer = 62.94.0.1 62.94.0.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: Antiwpa - antiwpa.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1   http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - http://www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-8 64512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 114984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-11 116608]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-12-16 806000]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-27 2152152]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-9-21 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes’ anti-malware\mbamservice.exe [2009-11-9 652872]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-10-27 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-9 20464]
R3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2005-5-25 4608]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-30 1691480]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2011-11-17 16640]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-12-4 101904]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\owner\locals~1\temp\dmskssrh.sys—> c:\docume~1\owner\locals~1\temp\DMSKSSRh.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 MuVoNXr;Creative NOMAD MuVo NX Control Driver (Windows NT);c:\windows\system32\drivers\muvonxr.sys—> c:\windows\system32\drivers\MuVoNXr.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys—> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-01-12 06:33:33   388096   ——a-r-  c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-12 06:33:30   ————  d——-w-  c:\program files\Trend Micro
2012-01-11 10:54:38   23040   ———w-  c:\windows\system32\dllcache\mciseq.dll
2012-01-11 10:54:38   176128   ———w-  c:\windows\system32\dllcache\winmm.dll
2012-01-09 16:17:40   64616   ——a-w-  c:\windows\system32\RtkCoInstIIXP.dll
2012-01-09 16:17:40   11368   ——a-w-  c:\windows\system32\RtkCoLDRXP.dll
2012-01-09 16:17:39   21736   ——a-w-  c:\windows\system32\drivers\RTAIODAT.DAT
2012-01-09 14:37:22   ————  d——-w-  c:\program files\common files\Spigot
2012-01-09 14:34:39   ————  d——-w-  c:\program files\IObit
2012-01-09 14:34:39   ————  d——-w-  c:\documents and settings\all users\application data\IObit
2012-01-03 07:22:02   103864   ——a-w-  c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 07:22:02   103864   ——a-w-  c:\program files\internet explorer\plugins\nppdf32.dll
2012-01-02 08:05:53   20992   ——a-w-  c:\windows\jestertb.dll
2011-12-27 09:05:48   ————  d——-w-  c:\program files\Call of Duty- Modern Warfare 3
2011-12-21 07:29:44   ————  d——-w-  c:\documents and settings\owner\application data\OpenCandy
2011-12-21 07:29:28   ————  d——-w-  c:\program files\DAEMON Tools Lite
.
==================== Find3M ====================
.
2012-01-13 18:01:04   138160   ——a-w-  c:\windows\system32\drivers\PnkBstrK.sys
2012-01-13 18:00:41   271200   ——a-w-  c:\windows\system32\PnkBstrB.xtr
2012-01-13 18:00:41   271200   ——a-w-  c:\windows\system32\PnkBstrB.exe
2012-01-13 16:09:11   271200   ——a-w-  c:\windows\system32\PnkBstrB.ex0
2011-12-21 07:29:40   428088   ——a-w-  c:\windows\system32\drivers\sptd.sys
2011-12-15 04:39:42   42392   ——a-w-  c:\windows\system32\xfcodec.dll
2011-12-13 17:27:30   7069288   ——a-w-  c:\windows\system32\drivers\RtkHDAud.sys
2011-12-13 10:01:00   1698408   ——a-w-  c:\windows\RtlExUpd.dll
2011-12-10 14:24:06   20464   ——a-w-  c:\windows\system32\drivers\mbam.sys
2011-12-05 14:49:12   20065384   ——a-w-  c:\windows\RTHDCPL.EXE
2011-11-25 21:57:19   293376   ——a-w-  c:\windows\system32\winsrv.dll
2011-11-23 13:25:32   1859584   ——a-w-  c:\windows\system32\win32k.sys
2011-11-16 14:21:44   354816   ——a-w-  c:\windows\system32\winhttp.dll
2011-11-16 14:21:44   152064   ——a-w-  c:\windows\system32\schannel.dll
2011-11-04 19:20:51   916992   ——a-w-  c:\windows\system32\wininet.dll
2011-11-04 19:20:51   43520   ——a-w-  c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51   1469440   ——a-w-  c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59   385024   ——a-w-  c:\windows\system32\html.iec
2011-11-03 15:28:36   386048   ——a-w-  c:\windows\system32\qdvd.dll
2011-11-03 15:28:36   1292288   ——a-w-  c:\windows\system32\quartz.dll
2011-11-01 16:07:10   1288704   ——a-w-  c:\windows\system32\ole32.dll
2011-10-28 15:32:02   16432   ——a-w-  c:\windows\system32\lsdelete.exe
2011-10-28 05:31:48   33280   ——a-w-  c:\windows\system32\csrsrv.dll
2011-10-27 14:03:28   64512   ——a-w-  c:\windows\system32\drivers\Lbd.sys
2011-10-25 13:37:08   2148864   ——a-w-  c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02   2027008   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2011-10-24 13:29:02   94208   ——a-w-  c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02   69632   ——a-w-  c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22   186880   ——a-w-  c:\windows\system32\encdec.dll
.
============= FINISH:  8:13:34,71 ===============

no 2
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23-04-2008 21:06:00
System Uptime: 13-01-2012 11:02:13 (21 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | 945P-S3
Processor: Genuine Intel(R) CPU         2160 @ 1.80GHz | Socket 775 | 1808/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 145,37 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V9
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider V9
Name: TAP-Win32 Adapter V9
PNP Device ID: ROOT\NET\0000
Service: tap0901
.
==== System Restore Points ===================
.
RP1166: 22-10-2011 18:52:11 - System Checkpoint
RP1167: 23-10-2011 09:24:51 - Software Distribution Service 3.0
RP1168: 23-10-2011 09:53:41 - Software Distribution Service 3.0
RP1169: 24-10-2011 09:55:48 - System Checkpoint
RP1170: 25-10-2011 10:43:49 - System Checkpoint
RP1171: 26-10-2011 11:41:03 - System Checkpoint
RP1172: 27-10-2011 13:06:32 - System Checkpoint
RP1173: 28-10-2011 13:22:04 - System Checkpoint
RP1174: 28-10-2011 17:26:41 - Installed Ad-Aware
RP1175: 28-10-2011 17:28:23 - Installed Ad-Aware
RP1176: 30-10-2011 12:53:51 - System Checkpoint
RP1177: 31-10-2011 13:14:00 - System Checkpoint
RP1178: 01-11-2011 13:57:56 - System Checkpoint
RP1179: 02-11-2011 14:32:23 - System Checkpoint
RP1180: 03-11-2011 16:22:49 - System Checkpoint
RP1181: 05-11-2011 09:21:29 - System Checkpoint
RP1182: 06-11-2011 14:06:06 - System Checkpoint
RP1183: 07-11-2011 14:39:27 - System Checkpoint
RP1184: 08-11-2011 15:18:44 - System Checkpoint
RP1185: 09-11-2011 08:48:28 - Software Distribution Service 3.0
RP1186: 10-11-2011 08:57:40 - System Checkpoint
RP1187: 11-11-2011 08:55:56 - Software Distribution Service 3.0
RP1188: 12-11-2011 10:45:40 - System Checkpoint
RP1189: 13-11-2011 11:03:57 - System Checkpoint
RP1190: 14-11-2011 13:38:50 - System Checkpoint
RP1191: 15-11-2011 14:32:02 - System Checkpoint
RP1192: 16-11-2011 17:11:14 - System Checkpoint
RP1193: 18-11-2011 13:44:17 - System Checkpoint
RP1194: 21-11-2011 13:46:27 - System Checkpoint
RP1195: 22-11-2011 13:53:18 - System Checkpoint
RP1196: 23-11-2011 15:34:10 - System Checkpoint
RP1197: 24-11-2011 15:48:56 - System Checkpoint
RP1198: 26-11-2011 08:12:19 - System Checkpoint
RP1199: 27-11-2011 08:32:43 - System Checkpoint
RP1200: 28-11-2011 10:45:18 - System Checkpoint
RP1201: 29-11-2011 12:18:10 - System Checkpoint
RP1202: 30-11-2011 12:37:27 - System Checkpoint
RP1203: 01-12-2011 12:55:05 - System Checkpoint
RP1204: 02-12-2011 14:27:05 - System Checkpoint
RP1205: 03-12-2011 17:34:22 - Restore Operation
RP1206: 04-12-2011 18:12:42 - System Checkpoint
RP1207: 06-12-2011 09:30:56 - System Checkpoint
RP1208: 07-12-2011 11:13:36 - System Checkpoint
RP1209: 08-12-2011 14:09:03 - System Checkpoint
RP1210: 09-12-2011 14:10:49 - System Checkpoint
RP1211: 10-12-2011 14:20:04 - System Checkpoint
RP1212: 11-12-2011 14:53:03 - System Checkpoint
RP1213: 13-12-2011 06:00:09 - Removed HydraVision
RP1214: 13-12-2011 06:01:53 - Fjernede iTunes
RP1215: 14-12-2011 09:41:07 - Software Distribution Service 3.0
RP1216: 15-12-2011 13:13:26 - System Checkpoint
RP1217: 16-12-2011 21:29:38 - System Checkpoint
RP1218: 17-12-2011 22:10:47 - System Checkpoint
RP1219: 18-12-2011 22:15:49 - System Checkpoint
RP1220: 19-12-2011 22:26:09 - System Checkpoint
RP1221: 21-12-2011 08:29:40 - SPTD setup V1.79
RP1222: 22-12-2011 22:22:29 - System Checkpoint
RP1223: 23-12-2011 23:08:25 - System Checkpoint
RP1224: 24-12-2011 23:45:44 - System Checkpoint
RP1225: 26-12-2011 00:13:09 - System Checkpoint
RP1226: 27-12-2011 01:13:08 - System Checkpoint
RP1227: 28-12-2011 10:17:00 - System Checkpoint
RP1228: 29-12-2011 13:44:47 - System Checkpoint
RP1229: 30-12-2011 14:19:23 - System Checkpoint
RP1230: 31-12-2011 14:42:49 - System Checkpoint
RP1231: 31-12-2011 17:50:00 - Software Distribution Service 3.0
RP1232: 01-01-2012 21:03:13 - System Checkpoint
RP1233: 02-01-2012 21:09:32 - System Checkpoint
RP1234: 04-01-2012 07:08:34 - System Checkpoint
RP1235: 05-01-2012 11:42:14 - System Checkpoint
RP1236: 06-01-2012 22:06:03 - System Checkpoint
RP1237: 07-01-2012 22:41:59 - System Checkpoint
RP1238: 08-01-2012 23:06:15 - System Checkpoint
RP1239: 09-01-2012 16:14:18 - Installeret REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP1240: 09-01-2012 17:17:34 - Installeret Realtek High Definition Audio Driver
RP1241: 11-01-2012 21:35:05 - System Checkpoint
RP1242: 12-01-2012 03:00:26 - Software Distribution Service 3.0
RP1243: 12-01-2012 07:33:29 - Installed HiJackThis
RP1244: 13-01-2012 03:00:18 - Software Distribution Service 3.0
RP1245: 14-01-2012 03:06:20 - System Checkpoint
.
==== Installed Programs ======================
.
2350
2350_Help
2350Trb
32 Bit HP CIO Components Installer
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Color Common Settings
Adobe Community Help
Adobe Download Manager
Adobe Dreamweaver CS5
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 8.1.4
Adobe Reader 9.3.4
Adobe Reader 9.5.0
Adobe Setup
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Parental Control & Encoder
ATI Stream SDK v2 Developer
AVIcodec (remove only)
B110
Bonjour
BufferChm
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
Conduit Engine
ConvertXtoDVD 4.1.19.365
Copy
CreativeProjects
CreativeProjectsTemplates
CueTour
DAEMON Tools Lite
Destinations
DeviceDiscovery
DocProc
DocumentViewer
Dream Aquarium 1.234
eDocPrinter PDF Pro Ver 6.42
ESET Online Scanner v3
Fax
FileZilla Client 3.5.2
Game Booster 3
Google Update Helper
Google Updater
GPBaseService2
HiJackThis
Hitman Blood Money
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Customer Participation Program 14.0
HP Image Zone 4.2
HP Imaging Device Functions 14.0
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
HP PSC & OfficeJet 4.2
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPDiagnosticAlert
HPProductAssistant
HPSystemDiagnostics
IBP & ARELIS 9.7.1
ImgBurn
InstantShare
InstantShareAlert
Internet Explorer Developer Toolbar
Java Auto Updater
Java(TM) 6 Update 22
K-Lite Codec Pack 6.6.0 (Basic)
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint 6.15
Macromedia Extension Manager
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DAN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DAN
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - dan
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Migrazione Archivi
Mozilla Firefox (3.6.15)
Mozilla Firefox 10.0 (x86 nb-NO)
MSI Afterburner 2.1.0
MSI Kombustor 2.0.0
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
Network
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
NotePad++ 3.6
NVIDIA Drivers
Opera 11.60
Overland
PDF Settings CS5
PhotoGallery
PowerDVD
PrintScreen
ProductContext
PS_AIO_07_B110_SW_Min
PunkBuster Services
QFolder
QuickProjects
QuickTime
QuickTransfer
Readme
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
SkinsHP1
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Sprogpakke til Microsoft .NET Framework 3.5 - dansk
Spybot - Search & Destroy
Status
Steam
Stone’s SummaSummarum 3.5.2
SummaSummarum 3.7
SUPERAntiSpyware Free Edition
TeamSpeak 3 Client
The Lord of the Rings FREE Trial
TlqJ3 Banca di Roma
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Vista Codec Package
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
VoipBuster
WebReg
Windows 7 Upgrade Advisor
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
XML Paper Specification Shared Components Language Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
13-01-2012 10:59:07, error: Service Control Manager [7022]  - The ESET Service service hung on starting.
07-01-2012 07:38:25, error: Service Control Manager [7000]  - The PfModNT service failed to start due to the following error:  The system cannot find the file specified.
07-01-2012 07:38:25, error: Service Control Manager [7000]  - The CT Device Query service service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================

Ved ikke om du er klar over det, men sønnike har altså en hel masse ulovlige/crackede/keygen spil/antivirus programmer på computeren. De VIL blive fjernet, hvis han ikke er interesseret i det, så stopper vi her !

Hej Magic

jeg havde sgu en mistanke. prøver lige at slette skidtet.. mange tak

Hej Magic

så prøver jeg igen, er nu ikke helt klar over om jeg har fat i alt.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Owner at 8:57:05 on 2012-01-14
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.2047.1101 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.igoogle.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {ad55c869-668e-457c-b270-0cfb2f61116f} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VoipBuster] “c:\program files\voipbuster.com\voipbuster\VoipBuster.exe” -nosplash -minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] “c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe”
uRun: [DAEMON Tools Lite] “c:\program files\daemon tools lite\DTLite.exe” -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HP Component Manager] “c:\program files\hp\hpcoretech\hpcmpmgr.exe”
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [StartCCC] “c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe” MSRun
mRun: [egui] “c:\program files\eset\eset smart security\egui.exe” /hide /waitservice
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [ATICustomerCare] “c:\program files\ati\aticustomercare\ATICustomerCare.exe”
mRun: [Adobe Reader Speed Launcher] “c:\program files\adobe\reader 9.0\reader\Reader_sl.exe”
mRun: [Adobe ARM] “c:\program files\common files\adobe\arm\1.0\AdobeARM.exe”
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSN Toolbar] “c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe”
mRun: [Microsoft Default Manager] “c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe” -resume
mRun: [APSDaemon] “c:\program files\common files\apple\apple application support\APSDaemon.exe”
mRun: [Ad-Aware Browsing Protection] “c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe”
mRun: [QuickTime Task] “c:\program files\quicktime\QTTask.exe” -atboottime
mRun: [MSIAfterburner] “c:\program files\msi afterburner\MSIAfterburner.exe” /s
mRun: [Malwarebytes’ Anti-Malware] “c:\program files\malwarebytes’ anti-malware\mbamgui.exe” /starttray
mRun: [<NO NAME>]
mRun: [RTHDCPL] RTHDCPL.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport; to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
TCP: DhcpNameServer = 62.94.0.1 62.94.0.2
TCP: Interfaces\{FB91BF8E-4383-4764-8CA4-FCA38827B246} : DhcpNameServer = 62.94.0.1 62.94.0.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: Antiwpa - antiwpa.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1   http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - http://www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\joemc8r8.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-8 64512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 114984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-11 116608]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-12-16 806000]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-27 2152152]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-9-21 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes’ anti-malware\mbamservice.exe [2009-11-9 652872]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-10-27 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-9 20464]
R3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2005-5-25 4608]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-30 1691480]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2011-11-17 16640]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-12-4 101904]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\owner\locals~1\temp\dmskssrh.sys—> c:\docume~1\owner\locals~1\temp\DMSKSSRh.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 MuVoNXr;Creative NOMAD MuVo NX Control Driver (Windows NT);c:\windows\system32\drivers\muvonxr.sys—> c:\windows\system32\drivers\MuVoNXr.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys—> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-01-12 06:33:33   388096   ——a-r-  c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-12 06:33:30   ————  d——-w-  c:\program files\Trend Micro
2012-01-11 10:54:38   23040   ———w-  c:\windows\system32\dllcache\mciseq.dll
2012-01-11 10:54:38   176128   ———w-  c:\windows\system32\dllcache\winmm.dll
2012-01-09 16:17:40   64616   ——a-w-  c:\windows\system32\RtkCoInstIIXP.dll
2012-01-09 16:17:40   11368   ——a-w-  c:\windows\system32\RtkCoLDRXP.dll
2012-01-09 16:17:39   21736   ——a-w-  c:\windows\system32\drivers\RTAIODAT.DAT
2012-01-09 14:37:22   ————  d——-w-  c:\program files\common files\Spigot
2012-01-09 14:34:39   ————  d——-w-  c:\program files\IObit
2012-01-09 14:34:39   ————  d——-w-  c:\documents and settings\all users\application data\IObit
2012-01-03 07:22:02   103864   ——a-w-  c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 07:22:02   103864   ——a-w-  c:\program files\internet explorer\plugins\nppdf32.dll
2012-01-02 08:05:53   20992   ——a-w-  c:\windows\jestertb.dll
2011-12-27 09:05:48   ————  d——-w-  c:\program files\Call of Duty- Modern Warfare 3
2011-12-21 07:29:44   ————  d——-w-  c:\documents and settings\owner\application data\OpenCandy
2011-12-21 07:29:28   ————  d——-w-  c:\program files\DAEMON Tools Lite
.
==================== Find3M ====================
.
2012-01-13 18:01:04   138160   ——a-w-  c:\windows\system32\drivers\PnkBstrK.sys
2012-01-13 18:00:41   271200   ——a-w-  c:\windows\system32\PnkBstrB.xtr
2012-01-13 18:00:41   271200   ——a-w-  c:\windows\system32\PnkBstrB.exe
2012-01-13 16:09:11   271200   ——a-w-  c:\windows\system32\PnkBstrB.ex0
2011-12-21 07:29:40   428088   ——a-w-  c:\windows\system32\drivers\sptd.sys
2011-12-15 04:39:42   42392   ——a-w-  c:\windows\system32\xfcodec.dll
2011-12-13 17:27:30   7069288   ——a-w-  c:\windows\system32\drivers\RtkHDAud.sys
2011-12-13 10:01:00   1698408   ——a-w-  c:\windows\RtlExUpd.dll
2011-12-10 14:24:06   20464   ——a-w-  c:\windows\system32\drivers\mbam.sys
2011-12-05 14:49:12   20065384   ——a-w-  c:\windows\RTHDCPL.EXE
2011-11-25 21:57:19   293376   ——a-w-  c:\windows\system32\winsrv.dll
2011-11-23 13:25:32   1859584   ——a-w-  c:\windows\system32\win32k.sys
2011-11-16 14:21:44   354816   ——a-w-  c:\windows\system32\winhttp.dll
2011-11-16 14:21:44   152064   ——a-w-  c:\windows\system32\schannel.dll
2011-11-04 19:20:51   916992   ——a-w-  c:\windows\system32\wininet.dll
2011-11-04 19:20:51   43520   ——a-w-  c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51   1469440   ——a-w-  c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59   385024   ——a-w-  c:\windows\system32\html.iec
2011-11-03 15:28:36   386048   ——a-w-  c:\windows\system32\qdvd.dll
2011-11-03 15:28:36   1292288   ——a-w-  c:\windows\system32\quartz.dll
2011-11-01 16:07:10   1288704   ——a-w-  c:\windows\system32\ole32.dll
2011-10-28 15:32:02   16432   ——a-w-  c:\windows\system32\lsdelete.exe
2011-10-28 05:31:48   33280   ——a-w-  c:\windows\system32\csrsrv.dll
2011-10-27 14:03:28   64512   ——a-w-  c:\windows\system32\drivers\Lbd.sys
2011-10-25 13:37:08   2148864   ——a-w-  c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02   2027008   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2011-10-24 13:29:02   94208   ——a-w-  c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02   69632   ——a-w-  c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22   186880   ——a-w-  c:\windows\system32\encdec.dll
.
============= FINISH:  8:57:37,31 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23-04-2008 21:06:00
System Uptime: 13-01-2012 11:02:13 (21 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | 945P-S3
Processor: Genuine Intel(R) CPU         2160 @ 1.80GHz | Socket 775 | 1808/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 145,356 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V9
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider V9
Name: TAP-Win32 Adapter V9
PNP Device ID: ROOT\NET\0000
Service: tap0901
.
==== System Restore Points ===================
.
RP1166: 22-10-2011 18:52:11 - System Checkpoint
RP1167: 23-10-2011 09:24:51 - Software Distribution Service 3.0
RP1168: 23-10-2011 09:53:41 - Software Distribution Service 3.0
RP1169: 24-10-2011 09:55:48 - System Checkpoint
RP1170: 25-10-2011 10:43:49 - System Checkpoint
RP1171: 26-10-2011 11:41:03 - System Checkpoint
RP1172: 27-10-2011 13:06:32 - System Checkpoint
RP1173: 28-10-2011 13:22:04 - System Checkpoint
RP1174: 28-10-2011 17:26:41 - Installed Ad-Aware
RP1175: 28-10-2011 17:28:23 - Installed Ad-Aware
RP1176: 30-10-2011 12:53:51 - System Checkpoint
RP1177: 31-10-2011 13:14:00 - System Checkpoint
RP1178: 01-11-2011 13:57:56 - System Checkpoint
RP1179: 02-11-2011 14:32:23 - System Checkpoint
RP1180: 03-11-2011 16:22:49 - System Checkpoint
RP1181: 05-11-2011 09:21:29 - System Checkpoint
RP1182: 06-11-2011 14:06:06 - System Checkpoint
RP1183: 07-11-2011 14:39:27 - System Checkpoint
RP1184: 08-11-2011 15:18:44 - System Checkpoint
RP1185: 09-11-2011 08:48:28 - Software Distribution Service 3.0
RP1186: 10-11-2011 08:57:40 - System Checkpoint
RP1187: 11-11-2011 08:55:56 - Software Distribution Service 3.0
RP1188: 12-11-2011 10:45:40 - System Checkpoint
RP1189: 13-11-2011 11:03:57 - System Checkpoint
RP1190: 14-11-2011 13:38:50 - System Checkpoint
RP1191: 15-11-2011 14:32:02 - System Checkpoint
RP1192: 16-11-2011 17:11:14 - System Checkpoint
RP1193: 18-11-2011 13:44:17 - System Checkpoint
RP1194: 21-11-2011 13:46:27 - System Checkpoint
RP1195: 22-11-2011 13:53:18 - System Checkpoint
RP1196: 23-11-2011 15:34:10 - System Checkpoint
RP1197: 24-11-2011 15:48:56 - System Checkpoint
RP1198: 26-11-2011 08:12:19 - System Checkpoint
RP1199: 27-11-2011 08:32:43 - System Checkpoint
RP1200: 28-11-2011 10:45:18 - System Checkpoint
RP1201: 29-11-2011 12:18:10 - System Checkpoint
RP1202: 30-11-2011 12:37:27 - System Checkpoint
RP1203: 01-12-2011 12:55:05 - System Checkpoint
RP1204: 02-12-2011 14:27:05 - System Checkpoint
RP1205: 03-12-2011 17:34:22 - Restore Operation
RP1206: 04-12-2011 18:12:42 - System Checkpoint
RP1207: 06-12-2011 09:30:56 - System Checkpoint
RP1208: 07-12-2011 11:13:36 - System Checkpoint
RP1209: 08-12-2011 14:09:03 - System Checkpoint
RP1210: 09-12-2011 14:10:49 - System Checkpoint
RP1211: 10-12-2011 14:20:04 - System Checkpoint
RP1212: 11-12-2011 14:53:03 - System Checkpoint
RP1213: 13-12-2011 06:00:09 - Removed HydraVision
RP1214: 13-12-2011 06:01:53 - Fjernede iTunes
RP1215: 14-12-2011 09:41:07 - Software Distribution Service 3.0
RP1216: 15-12-2011 13:13:26 - System Checkpoint
RP1217: 16-12-2011 21:29:38 - System Checkpoint
RP1218: 17-12-2011 22:10:47 - System Checkpoint
RP1219: 18-12-2011 22:15:49 - System Checkpoint
RP1220: 19-12-2011 22:26:09 - System Checkpoint
RP1221: 21-12-2011 08:29:40 - SPTD setup V1.79
RP1222: 22-12-2011 22:22:29 - System Checkpoint
RP1223: 23-12-2011 23:08:25 - System Checkpoint
RP1224: 24-12-2011 23:45:44 - System Checkpoint
RP1225: 26-12-2011 00:13:09 - System Checkpoint
RP1226: 27-12-2011 01:13:08 - System Checkpoint
RP1227: 28-12-2011 10:17:00 - System Checkpoint
RP1228: 29-12-2011 13:44:47 - System Checkpoint
RP1229: 30-12-2011 14:19:23 - System Checkpoint
RP1230: 31-12-2011 14:42:49 - System Checkpoint
RP1231: 31-12-2011 17:50:00 - Software Distribution Service 3.0
RP1232: 01-01-2012 21:03:13 - System Checkpoint
RP1233: 02-01-2012 21:09:32 - System Checkpoint
RP1234: 04-01-2012 07:08:34 - System Checkpoint
RP1235: 05-01-2012 11:42:14 - System Checkpoint
RP1236: 06-01-2012 22:06:03 - System Checkpoint
RP1237: 07-01-2012 22:41:59 - System Checkpoint
RP1238: 08-01-2012 23:06:15 - System Checkpoint
RP1239: 09-01-2012 16:14:18 - Installeret REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP1240: 09-01-2012 17:17:34 - Installeret Realtek High Definition Audio Driver
RP1241: 11-01-2012 21:35:05 - System Checkpoint
RP1242: 12-01-2012 03:00:26 - Software Distribution Service 3.0
RP1243: 12-01-2012 07:33:29 - Installed HiJackThis
RP1244: 13-01-2012 03:00:18 - Software Distribution Service 3.0
RP1245: 14-01-2012 03:06:20 - System Checkpoint
.
==== Installed Programs ======================
.
2350
2350_Help
2350Trb
32 Bit HP CIO Components Installer
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Color Common Settings
Adobe Community Help
Adobe Download Manager
Adobe Dreamweaver CS5
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 8.1.4
Adobe Reader 9.3.4
Adobe Reader 9.5.0
Adobe Setup
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Parental Control & Encoder
ATI Stream SDK v2 Developer
AVIcodec (remove only)
B110
Bonjour
BufferChm
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
Conduit Engine
ConvertXtoDVD 4.1.19.365
Copy
CreativeProjects
CreativeProjectsTemplates
CueTour
DAEMON Tools Lite
Destinations
DeviceDiscovery
DocProc
DocumentViewer
Dream Aquarium 1.234
eDocPrinter PDF Pro Ver 6.42
ESET Online Scanner v3
Fax
FileZilla Client 3.5.2
Game Booster 3
Google Update Helper
Google Updater
GPBaseService2
HiJackThis
Hitman Blood Money
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Customer Participation Program 14.0
HP Image Zone 4.2
HP Imaging Device Functions 14.0
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
HP PSC & OfficeJet 4.2
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPDiagnosticAlert
HPProductAssistant
HPSystemDiagnostics
IBP & ARELIS 9.7.1
ImgBurn
InstantShare
InstantShareAlert
Internet Explorer Developer Toolbar
Java Auto Updater
Java(TM) 6 Update 22
K-Lite Codec Pack 6.6.0 (Basic)
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint 6.15
Macromedia Extension Manager
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DAN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DAN
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - dan
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Migrazione Archivi
Mozilla Firefox (3.6.15)
Mozilla Firefox 10.0 (x86 nb-NO)
MSI Afterburner 2.1.0
MSI Kombustor 2.0.0
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
Network
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
NotePad++ 3.6
NVIDIA Drivers
Opera 11.60
Overland
PDF Settings CS5
PhotoGallery
PowerDVD
PrintScreen
ProductContext
PS_AIO_07_B110_SW_Min
PunkBuster Services
QFolder
QuickProjects
QuickTime
QuickTransfer
Readme
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
SkinsHP1
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Sprogpakke til Microsoft .NET Framework 3.5 - dansk
Spybot - Search & Destroy
Status
Steam
Stone’s SummaSummarum 3.5.2
SummaSummarum 3.7
SUPERAntiSpyware Free Edition
TeamSpeak 3 Client
The Lord of the Rings FREE Trial
TlqJ3 Banca di Roma
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Vista Codec Package
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
VoipBuster
WebReg
Windows 7 Upgrade Advisor
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
XML Paper Specification Shared Components Language Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
13-01-2012 10:59:07, error: Service Control Manager [7022]  - The ESET Service service hung on starting.
07-01-2012 07:38:25, error: Service Control Manager [7000]  - The PfModNT service failed to start due to the following error:  The system cannot find the file specified.
07-01-2012 07:38:25, error: Service Control Manager [7000]  - The CT Device Query service service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================

og den sidste

CKScanner - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 hl2rcv.adobe.com
hosts 127.0.0.1           activate.adobe.com
hosts 127.0.0.1           practivate.adobe.com
hosts 127.0.0.1           ereg.adobe.com
hosts 127.0.0.1           activate.wip3.adobe.com
hosts 127.0.0.1           wip3.adobe.com
hosts 127.0.0.1           3dns-3.adobe.com
hosts 127.0.0.1           3dns-2.adobe.com
hosts 127.0.0.1           adobe-dns.adobe.com
hosts 127.0.0.1           adobe-dns-2.adobe.com
hosts 127.0.0.1           adobe-dns-3.adobe.com
hosts 127.0.0.1           ereg.wip3.adobe.com
hosts 127.0.0.1           activate-sea.adobe.com
hosts 127.0.0.1           wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1           activate-sjc0.adobe.com
hosts 127.0.0.1                     adobe.activate.com
hosts 127.0.0.1                     wwis-dubc1-vip60.adobe.com      
hosts 127.0.0.1                     hl2rcv.adobe.com
scanner sequence 3.ZZ.11.BJCAGG
——- EOF——-

Det ser bedre ud.

Hent Combofix, og gem den på dit skrivebord:
Her

Vigtigt-> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. 

Kopiér indholdet mellem de bølgede linier ind i et notepad/notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Snapshot::
File::
c:\documents and settings\owner\favorites\unsorted bookmarks\download file keygen.rar
c:\documents and settings\owner\my documents\my pictures\call_of_duty_4_crackfix_and_keygen-razor1911
Folder::
c:\documents and settings\owner\desktop\internet business promoter-arelis v9.7.1
c:\documents and settings\owner\my documents\my pictures\call_of_duty_4_crackfix_and_keygen-razor1911
c:\program files\electronic arts\battlefield bad company 2
c:\program files\utorrentbar
c:\program files\conduitengine
c:\program files\logitech\desktop messenger\8876480
DDS::
Notify: Antiwpa - antiwpa.dll

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den CFScript filen med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen, som vist her ->
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Send så en ny combofix log herind. Den kan findes her - C:\combofix

hej Magic

Pc gik i blå skærm under kørslen af combofix jeg har nu genstartet og kan ikke finde nogen log file, skal jeg køre combofix igen?

så er den her, jeg kørte den lige igen

ComboFix 12-01-13.05 - Owner 14-01-2012   9:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.2047.841 [GMT 1:00]
Kører fra: c:\documents and settings\Owner\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
FILE ::
“c:\documents and settings\owner\favorites\unsorted bookmarks\download file keygen.rar”
“c:\documents and settings\owner\my documents\my pictures\call_of_duty_4_crackfix_and_keygen-razor1911”
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\GLB940.tmp
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\Application Data\vso_ts_preview.xml
c:\documents and settings\Owner\GLB940.tmp
c:\program files\conduitengine
c:\program files\conduitengine\appContextMenu.xml
c:\program files\conduitengine\ConduitEngine.dll
c:\program files\conduitengine\ConduitEngineHelper.exe
c:\program files\conduitengine\ConduitEngineUninstall.exe
c:\program files\conduitengine\engineContextMenu.xml
c:\program files\conduitengine\EngineSettings.json
c:\program files\conduitengine\INSTALL.LOG
c:\program files\conduitengine\toolbar.cfg
c:\program files\logitech\desktop messenger\8876480
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Install\bwUnin.exe
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Install\LiteInst.exe
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Install\readme.txt
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Install\win2000.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Plugins\Npavi32.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\backweb.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\backweb.tlb
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\BWCHelpr.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\bwfiles.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\bwlang.ini
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\bwsec.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\bwxtext.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\Cpuinf32.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\ding.wav
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\EN\ClientRc.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\EN\registerRC.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\EN\SpriteRC.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\EN\UninstallRC.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\GAPlugProtocol.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\IAdHide.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\loading.htm
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\pacsupport.js
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\Pre6Import.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\register.exe
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\Restart.exe
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\runner.dll
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\runner.exe
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\Sprite6.exe
c:\program files\logitech\desktop messenger\8876480\8.1.1.50-8876480SL\Program\wtsisctd.exe
c:\program files\logitech\desktop messenger\8876480\clasid.bak
c:\program files\logitech\desktop messenger\8876480\enabled.txt
c:\program files\logitech\desktop messenger\8876480\InitData\Data\background.gif
c:\program files\logitech\desktop messenger\8876480\InitData\Data\browser.htm
c:\program files\logitech\desktop messenger\8876480\InitData\Data\cert.db
c:\program files\logitech\desktop messenger\8876480\InitData\Data\chandir.dat
c:\program files\logitech\desktop messenger\8876480\InitData\Data\chandir.idx
c:\program files\logitech\desktop messenger\8876480\InitData\Data\chn.dat
c:\program files\logitech\desktop messenger\8876480\InitData\Data\chn.idx
c:\program files\logitech\desktop messenger\8876480\InitData\Data\DefPrefs.ini
c:\program files\logitech\desktop messenger\8876480\InitData\Data\desktop-8876480-37554968.ico
c:\program files\logitech\desktop messenger\8876480\InitData\Data\desktop.ico
c:\program files\logitech\desktop messenger\8876480\InitData\Data\GenFlash\1\gen.bif
c:\program files\logitech\desktop messenger\8876480\InitData\Data\GenFlash\1\gen.bis
c:\program files\logitech\desktop messenger\8876480\InitData\Data\GenFlash\1\info.iad
c:\program files\logitech\desktop messenger\8876480\InitData\Data\InfoCenter.GIF
c:\program files\logitech\desktop messenger\8876480\InitData\Data\InfoCenter.htm
c:\program files\logitech\desktop messenger\8876480\InitData\Data\main.wkg
c:\program files\logitech\desktop messenger\8876480\InitData\Data\UpgradePubKey.txt
c:\program files\logitech\desktop messenger\8876480\InitData\Data\UsrPrefs.ini
c:\program files\logitech\desktop messenger\8876480\Program\BWCHelpr-8876480.dll
c:\program files\logitech\desktop messenger\8876480\Program\BWfiles-8876480.dll
c:\program files\logitech\desktop messenger\8876480\Program\GAPlugProtocol-8876480.dll
c:\program files\logitech\desktop messenger\8876480\Program\LDMConf.exe
c:\program files\logitech\desktop messenger\8876480\Program\ldmrchs.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrcht.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrdan.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrdeu.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmresp.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrfin.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrfra.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrita.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrjpn.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrkor.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrnld.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrnor.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrptb.dll
c:\program files\logitech\desktop messenger\8876480\Program\ldmrsve.dll
c:\program files\logitech\desktop messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\program files\logitech\desktop messenger\8876480\Program\LogitechDesktopMessenger.exe.appid.8876480
c:\program files\logitech\desktop messenger\8876480\Program\SyncExt.dll
c:\program files\logitech\desktop messenger\8876480\readme.txt
c:\program files\logitech\desktop messenger\8876480\Users\DataSets.ini
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\2d9f\BWEvents.txt
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\2d9f\chninfo.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\2d9f\ChnReg.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\2d9f\segrules.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\2d9f\Stats.tmp
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\2d9f\UserProf.bak
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\2d9f\UserProf.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\579b\BWEvents.txt
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\579b\chninfo.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\579b\ChnReg.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\579b\segrules.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\579b\Stats.tmp
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\579b\UserProf.bak
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\579b\UserProf.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7663\BWEvents.txt
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7663\chninfo.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7663\ChnReg.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7663\segrules.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7663\Stats.tmp
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7663\UserProf.bak
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7663\UserProf.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3e36\_bwfindx.zip
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3e36\info.iad
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3e53\_bwfindx.zip
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3e53\info.iad
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3e54\_bwfindx.zip
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3e54\info.iad
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3ef0\_bwfindx.zip
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3ef0\info.iad
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3f17\_bwfindx.zip
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\a9a3f17\info.iad
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\BWEvents.txt
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\chninfo.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\ChnReg.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\segrules.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\Stats.tmp
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\UserProf.bak
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\7667\UserProf.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\background.gif
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\browser.htm
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\cache.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\cert.db
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\chandir.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\chandir.idx
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\chn.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\chn.idx
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\D0000000.FCS
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\DefPrefs.ini
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\desktop-8876480-37554968.ico
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\desktop.ico
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\GenFlash\1\gen.bif
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\GenFlash\1\gen.bis
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\GenFlash\1\info.iad
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\HostCache.ini
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\InfoCenter.GIF
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\InfoCenter.htm
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\inuse.txt
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\L0000074.FCS
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\L0000075.FCS
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\L0000076.FCS
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\L0000077.FCS
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\main.log
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\player.ini
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs.idx
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs_die.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs_die.idx
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs_dnd.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs_dnd.idx
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs_ext.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs_ext.idx
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs_rcv.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\prs_rcv.idx
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\S0000000.FCS
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\S0000001.FCS
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\shopping.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\storydb.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\storydb.idx
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\T6D151E9
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\T7525DAA
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\T88123A2
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\T9C56E20
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\TC7DA523
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\TE603776
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\test.txt
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\TF5B1F9B
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\TF7BF21E
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\UpgradePubKey.txt
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\UsrPrefs.ini
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Data\wg1.wkg
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Misc\Backup\chandir.da~
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Misc\Backup\chandir.dat
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Misc\Backup\chandir.id~
c:\program files\logitech\desktop messenger\8876480\Users\Owner\Misc\Backup\chandir.idx
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\jestertb.dll
c:\windows\system32\Chip.dll
c:\windows\system32\config\systemprofile\GLB940.tmp
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\WinSys.exe
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-12-14 til 2012-01-14 )))))))))))))))))))))))))))))))))))
.
.
2012-01-12 06:33 . 2012-01-12 06:33   388096   ——a-r-  c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-12 06:33 . 2012-01-12 06:33   ————  d——-w-  c:\program files\Trend Micro
2012-01-11 10:54 . 2011-10-14 14:47   23040   ———w-  c:\windows\system32\dllcache\mciseq.dll
2012-01-11 10:54 . 2011-10-14 14:47   176128   ———w-  c:\windows\system32\dllcache\winmm.dll
2012-01-09 16:17 . 2011-12-12 16:20   64616   ——a-w-  c:\windows\system32\RtkCoInstIIXP.dll
2012-01-09 16:17 . 2011-11-22 15:28   11368   ——a-w-  c:\windows\system32\RtkCoLDRXP.dll
2012-01-09 16:17 . 2011-11-24 10:37   21736   ——a-w-  c:\windows\system32\drivers\RTAIODAT.DAT
2012-01-09 14:37 . 2012-01-09 14:37   ————  d——-w-  c:\program files\Common Files\Spigot
2012-01-09 14:34 . 2012-01-09 14:34   ————  d——-w-  c:\program files\IObit
2012-01-09 14:34 . 2012-01-09 14:34   ————  d——-w-  c:\documents and settings\All Users\Application Data\IObit
2012-01-03 07:22 . 2012-01-03 07:22   103864   ——a-w-  c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 07:22 . 2012-01-03 07:22   103864   ——a-w-  c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-12-27 09:05 . 2012-01-02 18:37   ————  d——-w-  c:\program files\Call of Duty- Modern Warfare 3
2011-12-21 07:29 . 2011-12-21 07:29   ————  d——-w-  c:\documents and settings\Owner\Application Data\OpenCandy
2011-12-21 07:29 . 2011-12-21 07:29   ————  d——-w-  c:\program files\DAEMON Tools Lite
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-13 18:01 . 2008-05-07 05:57   138160   ——a-w-  c:\windows\system32\drivers\PnkBstrK.sys
2012-01-13 18:00 . 2009-02-28 20:36   271200   ——a-w-  c:\windows\system32\PnkBstrB.xtr
2012-01-13 18:00 . 2008-05-07 05:56   271200   ——a-w-  c:\windows\system32\PnkBstrB.exe
2012-01-13 16:09 . 2008-05-07 05:56   271200   ——a-w-  c:\windows\system32\PnkBstrB.ex0
2011-12-21 07:29 . 2008-05-07 01:47   428088   ——a-w-  c:\windows\system32\drivers\sptd.sys
2011-12-15 04:39 . 2011-12-15 04:39   42392   ——a-w-  c:\windows\system32\xfcodec.dll
2011-12-13 17:27 . 2008-04-23 21:14   7069288   ——a-w-  c:\windows\system32\drivers\RtkHDAud.sys
2011-12-13 10:01 . 2008-04-23 21:14   1698408   ——a-w-  c:\windows\RtlExUpd.dll
2011-12-10 14:24 . 2009-11-09 06:32   20464   ——a-w-  c:\windows\system32\drivers\mbam.sys
2011-12-05 14:49 . 2008-04-23 21:14   20065384   ——a-w-  c:\windows\RTHDCPL.EXE
2011-11-25 21:57 . 2007-02-20 06:44   293376   ——a-w-  c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2007-02-20 06:44   1859584   ——a-w-  c:\windows\system32\win32k.sys
2011-11-16 14:21 . 2004-08-12 06:00   354816   ——a-w-  c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-12 06:00   152064   ——a-w-  c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2007-02-20 06:44   916992   ——a-w-  c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-12 06:00   43520   ——a-w-  c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-12 06:00   1469440   ——a-w-  c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-12 06:00   385024   ——a-w-  c:\windows\system32\html.iec
2011-11-03 15:28 . 2007-02-20 06:44   1292288   ——a-w-  c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2007-02-20 06:44   386048   ——a-w-  c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2007-02-20 06:44   1288704   ——a-w-  c:\windows\system32\ole32.dll
2011-10-28 15:32 . 2011-11-24 08:34   16432   ——a-w-  c:\windows\system32\lsdelete.exe
2011-10-28 05:31 . 2004-08-12 06:00   33280   ——a-w-  c:\windows\system32\csrsrv.dll
2011-10-27 14:03 . 2010-03-08 07:59   64512   ——a-w-  c:\windows\system32\drivers\Lbd.sys
2011-10-25 13:37 . 2007-02-20 06:44   2148864   ——a-w-  c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2006-10-30 05:27   2027008   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2011-10-25 11:00 . 2011-10-25 11:00   45056   ——a-r-  c:\documents and settings\Owner\Application Data\Microsoft\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}\ARPPRODUCTICON.exe
2011-10-25 11:00 . 2011-10-25 11:00   102400   ——a-r-  c:\documents and settings\Owner\Application Data\Microsoft\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
2011-10-24 13:29 . 2011-10-24 13:29   94208   ——a-w-  c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29   69632   ——a-w-  c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-12 06:00   186880   ——a-w-  c:\windows\system32\encdec.dll
.
.
———- Sigcheck———-
Note: Unsigned files aren’t necessarily malware.
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
.
c:\windows\System32\regsvc.dll ... mangler !!
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10   87440   ——a-w-  c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{6c97a91e-4524-4019-86af-2aa2d567bf5c}”= “c:\program files\adawaretb\adawareDx.dll” [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“VoipBuster”=“c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe” [2011-08-23 13872432]
“SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe” [2009-03-05 2260480]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-01-30 39408]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\DTLite.exe” [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-03-27 13684736]
“nwiz”=“nwiz.exe” [2009-03-27 1657376]
“HP Component Manager”=“c:\program files\HP\hpcoretech\hpcmpmgr.exe” [2004-05-12 241664]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-03-27 86016]
“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2009-08-13 98304]
“egui”=“c:\program files\ESET\ESET Smart Security\egui.exe” [2009-12-16 2136760]
“SwitchBoard”=“c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe” [2010-02-19 517096]
“ATICustomerCare”=“c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe” [2010-03-04 311296]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2012-01-03 37296]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-03 843712]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2011-05-10 49208]
“MSN Toolbar”=“c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe” [2009-11-16 240992]
“Microsoft Default Manager”=“c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” [2009-07-17 288080]
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2011-11-01 59240]
“Ad-Aware Browsing Protection”=“c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe” [2011-10-21 198032]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2011-10-24 421888]
“MSIAfterburner”=“c:\program files\MSI Afterburner\MSIAfterburner.exe” [2011-02-15 364544]
“Malwarebytes’ Anti-Malware”=“c:\program files\Malwarebytes’ Anti-Malware\mbamgui.exe” [2011-12-24 460872]
“RTHDCPL”=“RTHDCPL.EXE” [2011-12-05 20065384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_3”=“advpack.dll” [2009-03-08 128512]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-15 3527576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMConfigurePrograms”= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
“ForceClassicControlPanel”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-11-06 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 07:38   548352   ——a-w-  c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29   64592   ——a-w-  c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=”“
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Javaupdate.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Javaupdate.lnk
backup=c:\windows\pss\Javaupdate.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17   3514176   ——a-w-  c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes’ Anti-Malware]
2011-12-24 16:50   460872   ——a-w-  c:\program files\Malwarebytes’ Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53   153136   ——a-w-  c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28   421888   ——a-w-  c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“WZCSVC”=2 (0x2)
“SharedAccess”=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe”=
“c:\\WINDOWS\\system32\\PnkBstrA.exe”=
“c:\\WINDOWS\\system32\\PnkBstrB.exe”=
“c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\Xfire\\xfire.exe”=
“c:\\Program Files\\FileZilla FTP Client\\filezilla.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4sp.exe”=
“c:\\Program Files\\IBP 9\\IBP.exe”=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [08-03-2010 08:59 64512]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys—> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06-02-2009 13:23 114984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [26-05-2009 09:05 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26-05-2009 09:05 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11-07-2010 05:54 116608]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16-12-2009 21:18 806000]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [21-09-2010 07:59 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes’ Anti-Malware\mbamservice.exe [09-11-2009 07:32 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09-11-2009 07:32 20464]
R3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [25-05-2005 04:39 4608]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24-12-2010 11:43 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [27-10-2011 15:03 2152152]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30-11-2010 09:53 1691480]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [17-11-2011 07:11 16640]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [04-12-2010 16:42 101904]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\Owner\LOCALS~1\Temp\DMSKSSRh.sys—> c:\docume~1\Owner\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24-12-2010 11:43 136176]
S3 MuVoNXr;Creative NOMAD MuVo NX Control Driver (Windows NT);c:\windows\system32\Drivers\MuVoNXr.sys—> c:\windows\system32\Drivers\MuVoNXr.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25-04-2008 15:01 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26-05-2009 09:05 12872]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys—> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-02-2010 12:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-01-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-27 14:03]
.
2012-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 07:20]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 10:43]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 10:43]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.igoogle.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport; to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: DhcpNameServer = 62.94.0.1 62.94.0.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\joemc8r8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - http://www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\tbuTor.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
BHO-{ad55c869-668e-457c-b270-0cfb2f61116f} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\tbuTor.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\tbuTor.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\uTorrentBar\tbuTor.dll
Notify-WgaLogon - (no file)
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘winlogon.exe’(1104)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Gennemført tid: 2012-01-14 10:06:48
ComboFix-quarantined-files.txt 2012-01-14 09:06
.
Pre-Kørsel: 156.746.928.128 bytes free
Post-Kørsel: 157.521.063.936 bytes free
.
- - End Of File - - 0A7412681DA6456FDCD9626DD8856E73

Hent dette lille værktøj, gem den på skrivebordet: http://jpshortstuff.247fixes.com/SystemLook.exe

Dobbeltklik på systemlook.exe - et lille vindue popper op, hvor du skal kopiere det med fed tekst ind:

: Filefind
*regsvc.dll*
 

Klik på Søg​​-knappen. Programmet vil nu søge din computer.
Når scanningen er færdig, vil der poppe notepad vindue op med en log fra System Look. Kopier venligst det her i forum i dit næste svar.

  Loggen kan også findes på dit skrivebord med navnet: SystemLook.txt.

Her er den:

SystemLook 30.07.11 by jpshortstuff
Log created at 13:40 on 14/01/2012 by Owner
Administrator - Elevation successful

==========  Filefind ==========

Searching for “*regsvc.dll*”
C:\WINDOWS\ServicePackFiles\i386\regsvc.dll   ———- 59904 bytes   [09:58 26/10/2008]  [04:42 14/04/2008] 5B19B557B0C188210A56A6B699D90B8F
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll   —a——59904 bytes   [00:32 09/09/2008]  [00:12 14/04/2008] 5B19B557B0C188210A56A6B699D90B8F

Searching for ”  “
No files found.

-= EOF =-

Kopiér indholdet mellem de bølgede linier ind i et notepad/notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Snapshot::
ClearJavaCache::
Fcopy::
C:\WINDOWS\ServicePackFiles\i386\regsvc.dll | c:\windows\System32\regsvc.dll
Driver::
DMSKSSRh
Registry::
[-HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den CFScript filen med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen, som vist her ->
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Send så en ny combofix log herind. Den kan findes her - C:\combofix

her er den:

ComboFix 12-01-13.05 - Owner 14-01-2012 20:37:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.2047.1001 [GMT 1:00]
Kører fra: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
———————- FCopy———————-
.
c:\windows\ServicePackFiles\i386\regsvc.dll—> c:\windows\System32\regsvc.dll
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
———-\Legacy_DMSKSSRH
———-\Service_DMSKSSRh
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-12-14 til 2012-01-14 )))))))))))))))))))))))))))))))))))
.
.
2012-01-14 19:37 . 2008-04-14 04:42   59904   ——a-w-  c:\windows\system32\regsvc.dll
2012-01-14 19:37 . 2008-04-14 04:42   59904   ——a-w-  c:\windows\system32\dllcache\regsvc.dll
2012-01-12 06:33 . 2012-01-12 06:33   388096   ——a-r-  c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-12 06:33 . 2012-01-12 06:33   ————  d——-w-  c:\program files\Trend Micro
2012-01-11 10:54 . 2011-10-14 14:47   23040   ———w-  c:\windows\system32\dllcache\mciseq.dll
2012-01-11 10:54 . 2011-10-14 14:47   176128   ———w-  c:\windows\system32\dllcache\winmm.dll
2012-01-09 16:17 . 2011-12-12 16:20   64616   ——a-w-  c:\windows\system32\RtkCoInstIIXP.dll
2012-01-09 16:17 . 2011-11-22 15:28   11368   ——a-w-  c:\windows\system32\RtkCoLDRXP.dll
2012-01-09 16:17 . 2011-11-24 10:37   21736   ——a-w-  c:\windows\system32\drivers\RTAIODAT.DAT
2012-01-09 14:37 . 2012-01-09 14:37   ————  d——-w-  c:\program files\Common Files\Spigot
2012-01-09 14:34 . 2012-01-09 14:34   ————  d——-w-  c:\program files\IObit
2012-01-09 14:34 . 2012-01-09 14:34   ————  d——-w-  c:\documents and settings\All Users\Application Data\IObit
2012-01-03 07:22 . 2012-01-03 07:22   103864   ——a-w-  c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 07:22 . 2012-01-03 07:22   103864   ——a-w-  c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-12-27 09:05 . 2012-01-02 18:37   ————  d——-w-  c:\program files\Call of Duty- Modern Warfare 3
2011-12-21 07:29 . 2011-12-21 07:29   ————  d——-w-  c:\documents and settings\Owner\Application Data\OpenCandy
2011-12-21 07:29 . 2011-12-21 07:29   ————  d——-w-  c:\program files\DAEMON Tools Lite
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 14:20 . 2008-05-07 05:57   138160   ——a-w-  c:\windows\system32\drivers\PnkBstrK.sys
2012-01-14 14:20 . 2009-02-28 20:36   271200   ——a-w-  c:\windows\system32\PnkBstrB.xtr
2012-01-14 14:20 . 2008-05-07 05:56   271200   ——a-w-  c:\windows\system32\PnkBstrB.exe
2012-01-14 14:18 . 2008-05-07 05:56   271200   ——a-w-  c:\windows\system32\PnkBstrB.ex0
2011-12-21 07:29 . 2008-05-07 01:47   428088   ——a-w-  c:\windows\system32\drivers\sptd.sys
2011-12-15 04:39 . 2011-12-15 04:39   42392   ——a-w-  c:\windows\system32\xfcodec.dll
2011-12-13 17:27 . 2008-04-23 21:14   7069288   ——a-w-  c:\windows\system32\drivers\RtkHDAud.sys
2011-12-13 10:01 . 2008-04-23 21:14   1698408   ——a-w-  c:\windows\RtlExUpd.dll
2011-12-10 14:24 . 2009-11-09 06:32   20464   ——a-w-  c:\windows\system32\drivers\mbam.sys
2011-12-05 14:49 . 2008-04-23 21:14   20065384   ——a-w-  c:\windows\RTHDCPL.EXE
2011-11-25 21:57 . 2007-02-20 06:44   293376   ——a-w-  c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2007-02-20 06:44   1859584   ——a-w-  c:\windows\system32\win32k.sys
2011-11-16 14:21 . 2004-08-12 06:00   354816   ——a-w-  c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-12 06:00   152064   ——a-w-  c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2007-02-20 06:44   916992   ——a-w-  c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-12 06:00   43520   ——a-w-  c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-12 06:00   1469440   ——a-w-  c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-12 06:00   385024   ——a-w-  c:\windows\system32\html.iec
2011-11-03 15:28 . 2007-02-20 06:44   1292288   ——a-w-  c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2007-02-20 06:44   386048   ——a-w-  c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2007-02-20 06:44   1288704   ——a-w-  c:\windows\system32\ole32.dll
2011-10-28 15:32 . 2011-11-24 08:34   16432   ——a-w-  c:\windows\system32\lsdelete.exe
2011-10-28 05:31 . 2004-08-12 06:00   33280   ——a-w-  c:\windows\system32\csrsrv.dll
2011-10-27 14:03 . 2010-03-08 07:59   64512   ——a-w-  c:\windows\system32\drivers\Lbd.sys
2011-10-25 13:37 . 2007-02-20 06:44   2148864   ——a-w-  c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2006-10-30 05:27   2027008   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2011-10-25 11:00 . 2011-10-25 11:00   45056   ——a-r-  c:\documents and settings\Owner\Application Data\Microsoft\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}\ARPPRODUCTICON.exe
2011-10-25 11:00 . 2011-10-25 11:00   102400   ——a-r-  c:\documents and settings\Owner\Application Data\Microsoft\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
2011-10-24 13:29 . 2011-10-24 13:29   94208   ——a-w-  c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29   69632   ——a-w-  c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-12 06:00   186880   ——a-w-  c:\windows\system32\encdec.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“VoipBuster”=“c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe” [2011-08-23 13872432]
“SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe” [2009-03-05 2260480]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-01-30 39408]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\DTLite.exe” [2011-11-10 3514176]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-03-27 13684736]
“nwiz”=“nwiz.exe” [2009-03-27 1657376]
“HP Component Manager”=“c:\program files\HP\hpcoretech\hpcmpmgr.exe” [2004-05-12 241664]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-03-27 86016]
“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2009-08-13 98304]
“egui”=“c:\program files\ESET\ESET Smart Security\egui.exe” [2009-12-16 2136760]
“SwitchBoard”=“c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe” [2010-02-19 517096]
“ATICustomerCare”=“c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe” [2010-03-04 311296]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2012-01-03 37296]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-03 843712]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2011-05-10 49208]
“MSN Toolbar”=“c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe” [2009-11-16 240992]
“Microsoft Default Manager”=“c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” [2009-07-17 288080]
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2011-11-01 59240]
“Ad-Aware Browsing Protection”=“c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe” [2011-10-21 198032]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2011-10-24 421888]
“MSIAfterburner”=“c:\program files\MSI Afterburner\MSIAfterburner.exe” [2011-02-15 364544]
“Malwarebytes’ Anti-Malware”=“c:\program files\Malwarebytes’ Anti-Malware\mbamgui.exe” [2011-12-24 460872]
“RTHDCPL”=“RTHDCPL.EXE” [2011-12-05 20065384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_3”=“advpack.dll” [2009-03-08 128512]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-15 3527576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Logitech Desktop Messenger.lnk - c:\qoobox\Quarantine\C\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe.vir [2008-5-6 67128]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMConfigurePrograms”= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
“ForceClassicControlPanel”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-11-06 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 07:38   548352   ——a-w-  c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29   64592   ——a-w-  c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=”“
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Javaupdate.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Javaupdate.lnk
backup=c:\windows\pss\Javaupdate.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17   3514176   ——a-w-  c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes’ Anti-Malware]
2011-12-24 16:50   460872   ——a-w-  c:\program files\Malwarebytes’ Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53   153136   ——a-w-  c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28   421888   ——a-w-  c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“WZCSVC”=2 (0x2)
“SharedAccess”=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe”=
“c:\\WINDOWS\\system32\\PnkBstrA.exe”=
“c:\\WINDOWS\\system32\\PnkBstrB.exe”=
“c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\Xfire\\xfire.exe”=
“c:\\Program Files\\FileZilla FTP Client\\filezilla.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4sp.exe”=
“c:\\Program Files\\IBP 9\\IBP.exe”=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [08-03-2010 08:59 64512]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys—> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06-02-2009 13:23 114984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [26-05-2009 09:05 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26-05-2009 09:05 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11-07-2010 05:54 116608]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16-12-2009 21:18 806000]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [27-10-2011 15:03 2152152]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [21-09-2010 07:59 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes’ Anti-Malware\mbamservice.exe [09-11-2009 07:32 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09-11-2009 07:32 20464]
R3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [25-05-2005 04:39 4608]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24-12-2010 11:43 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30-11-2010 09:53 1691480]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [17-11-2011 07:11 16640]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [04-12-2010 16:42 101904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24-12-2010 11:43 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [27-10-2011 15:03 15232]
S3 MuVoNXr;Creative NOMAD MuVo NX Control Driver (Windows NT);c:\windows\system32\Drivers\MuVoNXr.sys—> c:\windows\system32\Drivers\MuVoNXr.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25-04-2008 15:01 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26-05-2009 09:05 12872]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys—> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-02-2010 12:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-01-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-27 14:03]
.
2012-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 07:20]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 10:43]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 10:43]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.igoogle.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport; to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: DhcpNameServer = 62.94.0.1 62.94.0.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\joemc8r8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - http://www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
.
- - - - TOMME GENVEJE FJERNET - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
BHO-{ad55c869-668e-457c-b270-0cfb2f61116f} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
Notify-Antiwpa - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘winlogon.exe’(1108)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > ‘explorer.exe’(656)
c:\windows\system32\WININET.dll
c:\program files\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\Xfire\xfire_toucan_44840.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RTHDCPL.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\MSI Afterburner\Bundle\OSDServer\RTSS.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Gennemført tid: 2012-01-14 20:56:52 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-01-14 19:56
ComboFix2.txt 2012-01-14 09:06
.
Pre-Kørsel: 160.300.326.912 bytes free
Post-Kørsel: 160.146.694.144 bytes free
.
- - End Of File - - EAB25CFC6D74C8EAE508361B6E8D4862

Hvordan opfører computeren sig nu ?