DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Marianne at 8:21:23 on 2012-01-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1477 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Fighters\Tray\FightersTray.exe
C:\programmer\real\realplayer\update\realsched.exe
C:\Programmer\Samsung\Kies\KiesTrayAgent.exe
C:\Programmer\TrojanHunter 5.5\THGuard.exe
D:\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\PSI\psi_tray.exe
C:\Programmer\Rainlendar\Rainlendar.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe
C:\Programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVWatchService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\CDBurnerXP\NMSAccessU.exe
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
D:\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmer\Fighters\FighterSuiteService.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\PSI\sua.exe
C:\Programmer\Avira\AntiVir Desktop\sched.exe
C:\Programmer\Avira\AntiVir Desktop\avguard.exe
C:\Programmer\Avira\AntiVir Desktop\avgnt.exe
C:\Programmer\Avira\AntiVir Desktop\avshadow.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\programmer\canon\easy-webprint ex\ewpexbho.dll
BHO: Fravalg af annonceringscookie: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\programmer\google\advertising cookie opt-out\opt_out.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\programmer\canon\easy-webprint ex\ewpexhlp.dll
TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programmer\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\programmer\canon\easy-webprint ex\ewpexhlp.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] “c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe”
uRun: [SUPERAntiSpyware] c:\programmer\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] “RTHDCPL.EXE”
mRun: [Alcmtr] “ALCMTR.EXE”
mRun: [Kernel and Hardware Abstraction Layer] “KHALMNPR.EXE”
mRun: [NvMediaCenter] “RUNDLL32.EXE” c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] “RUNDLL32.EXE” c:\windows\system32\NvCpl.dll,NvStartup
mRun: [<NO NAME>]
mRun: [APSDaemon] “c:\programmer\fælles filer\apple\apple application support\APSDaemon.exe”
mRun: [CommonToolkitTray] c:\programmer\fighters\tray\FightersTray.exe
mRun: [TkBellExe] “c:\programmer\real\realplayer\update\realsched.exe”  -osboot
mRun: [QuickTime Task] “c:\programmer\quicktime\qttask.exe” -atboottime
mRun: [KiesHelper] c:\programmer\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\programmer\samsung\kies\KiesTrayAgent.exe
mRun: [THGuard] “c:\programmer\trojanhunter 5.5\THGuard.exe”
mRun: [iTunesHelper] “D:\iTunesHelper.exe”
mRun: [avgnt] “c:\programmer\avira\antivir desktop\avgnt.exe” /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\marianne\menuen~1\progra~1\start\rainle~1.lnk - c:\programmer\rainlendar\Rainlendar.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\secuni~1.lnk - d:\psi\psi_tray.exe
IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter; til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
Trusted Zone: spks.dk
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263033202874
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263565151968
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
TCP: Interfaces\{C438D674-B1EB-40CF-BAAD-21B722C01AE1} : DhcpNameServer = 193.162.153.164 194.239.134.83
Notify: !SASWinLogon - c:\programmer\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmer\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-12 36000]
R1 hugoio;hugoio;c:\programmer\i-menu\hugoio.sys [2011-8-26 9760]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R1 SASDIFSV;SASDIFSV;c:\programmer\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmer\avira\antivir desktop\sched.exe [2012-1-12 86224]
R2 AntiVirService;Avira Realtime Protection;c:\programmer\avira\antivir desktop\avguard.exe [2012-1-12 110032]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\programmer\fælles filer\common toolkit suite\avengine\AVScanningService.exe [2011-5-25 830808]
R2 AV Watch Service;AV Watch Service;c:\programmer\fælles filer\common toolkit suite\avengine\AVWatchService.exe [2011-5-25 142768]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-12 74640]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-9-17 21992]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-1-11 10384]
R2 Secunia PSI Agent;Secunia PSI Agent;d:\psi\psia.exe—start-service—> d:\psi\PSIA.exe—start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;d:\psi\sua.exe—start-service—> d:\psi\sua.exe—start-service [?]
R2 Suite Service;Suite Service;c:\programmer\fighters\FighterSuiteService.exe [2011-12-13 1324680]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [2010-12-24 10264]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 SASENUM;SASENUM;c:\programmer\superantispyware\SASENUM.SYS [2006-2-16 4096]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2010-1-9 28672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\google\update\GoogleUpdate.exe [2010-1-12 135664]
S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\google\update\GoogleUpdate.exe [2010-1-12 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmer\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Olympus DVR Service;Olympus DVR Service;“c:\programmer\fælles filer\olympus shared\devicemanager\olydvrsv.exe”—> c:\programmer\fælles filer\olympus shared\devicemanager\olydvrsv.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-13 12:42:48   ————  d——-w-  c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-13 12:42:42   ————  d——-w-  c:\programmer\SUPERAntiSpyware
2012-01-13 12:42:41   ————  d——-w-  c:\documents and settings\marianne\application data\SUPERAntiSpyware.com
2012-01-13 12:42:16   ————  d——-w-  c:\programmer\fælles filer\Wise Installation Wizard
2012-01-12 22:06:48   ————  d——-w-  c:\documents and settings\marianne\application data\Malwarebytes
2012-01-12 22:06:27   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-12 22:06:25   20952   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-01-12 22:06:25   ————  d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2012-01-12 22:06:25   ————  d——-w-  c:\documents and settings\all users\application data\Malwarebytes
2012-01-12 18:08:26   ————  d——-w-  c:\programmer\ESET
2012-01-12 18:02:03   ————  d——-w-  c:\documents and settings\marianne\application data\Avira
2012-01-12 18:01:26   36000   ——a-w-  c:\windows\system32\drivers\avkmgr.sys
2012-01-12 18:01:25   74640   ——a-w-  c:\windows\system32\drivers\avgntflt.sys
2012-01-12 18:01:22   ————  d——-w-  c:\programmer\Avira
2012-01-12 18:01:22   ————  d——-w-  c:\documents and settings\all users\application data\Avira
2012-01-12 17:58:41   ————  d——-w-  c:\programmer\CCleaner
2012-01-11 19:09:45   ————  d——-w-  c:\windows\system32\wbem\repository\FS
2012-01-11 19:09:45   ————  d——-w-  c:\windows\system32\wbem\Repository
2012-01-05 17:46:32   ————  d——-w-  c:\programmer\Uniblue(2)
2012-01-05 11:04:50   ————  d——-w-  c:\documents and settings\marianne\application data\licenses
2012-01-05 11:04:47   ————  d——-w-  c:\documents and settings\marianne\application data\PCMM2009
2012-01-05 11:04:40   ————  d——-w-  c:\documents and settings\marianne\application data\PCMM2011
2012-01-05 08:35:04   ————  dc——w-  c:\documents and settings\all users\application data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-01-04 15:45:54   ————  d——-w-  c:\documents and settings\marianne\lokale indstillinger\application data\AskToolbar(2)
2012-01-03 17:47:40   ————  d——-w-  c:\documents and settings\marianne\application data\OpenSong
2011-12-26 15:25:31   ————  dc——w-  c:\documents and settings\all users\application data\{553764F8-6599-495D-B99E-4797D3DFC558}
2011-12-21 15:33:22   ————  d——-w-  c:\programmer\iPod
2011-12-20 17:17:01   ————  d——-w-  c:\documents and settings\marianne\application data\AVG
2011-12-18 08:56:43   ————  d——-w-  c:\documents and settings\marianne\application data\TrojanHunter
2011-12-18 08:44:56   ————  d——-w-  c:\documents and settings\all users\application data\TrojanHunter
2011-12-18 08:44:49   ————  d——-w-  c:\programmer\TrojanHunter 5.5
.
==================== Find3M ====================
.
2011-11-25 21:57:23   293376   ——a-w-  c:\windows\system32\winsrv.dll
2011-11-23 14:40:40   1859584   ——a-w-  c:\windows\system32\win32k.sys
2011-11-20 06:12:40   60928   ——a-w-  c:\windows\system32\packager.exe
2011-11-16 14:21:45   354816   ——a-w-  c:\windows\system32\winhttp.dll
2011-11-16 14:21:45   152064   ——a-w-  c:\windows\system32\schannel.dll
2011-11-13 17:41:51   414368   ——a-w-  c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:13:21   916992   ——a-w-  c:\windows\system32\wininet.dll
2011-11-04 19:13:20   43520   ——a-w-  c:\windows\system32\licmgr10.dll
2011-11-04 19:13:20   1469440   ———w-  c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59   385024   ——a-w-  c:\windows\system32\html.iec
2011-11-03 15:29:12   386560   ——a-w-  c:\windows\system32\qdvd.dll
2011-11-03 15:29:12   1296384   ——a-w-  c:\windows\system32\quartz.dll
2011-11-01 16:07:04   1288192   ——a-w-  c:\windows\system32\ole32.dll
2011-10-28 05:31:57   33280   ——a-w-  c:\windows\system32\csrsrv.dll
2011-10-26 10:49:54   2071936   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49:53   2195328   ——a-w-  c:\windows\system32\ntoskrnl.exe
2011-10-26 09:20:47   499712   ——a-w-  c:\windows\system32\msvcp71.dll
2011-10-26 09:20:47   348160   ——a-w-  c:\windows\system32\msvcr71.dll
2011-10-24 13:29:02   94208   ——a-w-  c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02   69632   ——a-w-  c:\windows\system32\QuickTime.qts
2011-10-18 11:13:33   186880   ——a-w-  c:\windows\system32\encdec.dll
.
============= FINISH:  8:21:59,82 ===============

Tråden er flyttet, så renseeksperterne kan gennemgå logs.

Sløv computer kan skyldes malware, og ellers kan det være umuligt at finde årsagen. Brugen af regdata rensere som f,eks SLOW-PCfighter kan have meget uheldige bivirkninger, som netop sløvning.

hej forevernewbie.
Tak for det . Citatet - jo tak - jeg har forstået ( er du også stærk i bibelcitater )!!!- men håber stadig på,at det ikke bliver nødvendigt geninstallere.
Hilsen og god lørdag aften
jus

Hej

Vil du godt opdatere Malwarebytes’ Anti-Malware, og køre en hurtig scan med den.
Kopier loggen herind.

———

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Øverst sætter du flueben i “Scan All Users”

I nederste højre hjørne af det øverste panel, sæt fluben ved “LOP Check” og “Purity Check”.

Luk alle åbne vinduer og klik på “Run Scan” øverst til venstre og lad programmet køre. Scanningen kan tage 5-10 minutter.

Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt.

Så kopier følgende ind i dit næste indlæg (i rækkefølge):

indholdet af OTL.txt
indholdet af Extras.txt

———

Jeg vil gerne se: (Lavet i den rækkefølge)

1. Log fra Malwarebytes. (Opdateret)

2. Logs fra OTL. (OTL.txt og Extras.txt)

Malwarebytes Anti-Malware 1.60.0.1800
http://www.malwarebytes.org

Database version: v2012.01.15.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Marianne :: MARIANNE-BDD3A4 [administrator]

15-01-2012 10:13:05
mbam-log-2012-01-15 (10-13-05).txt

Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 168340
Tid gået: 7 minut(ter), 11 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)

(færdig)
OTL logfile created on: 15-01-2012 11:05:32 - Run 1
OTL by OldTimer - Version 3.2.31.0   Folder = C:\Documents and Settings\Marianne\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,05% Memory free
3,85 Gb Paging File | 3,08 Gb Available in Paging File | 80,13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 39,06 Gb Total Space | 17,53 Gb Free Space | 44,88% Space Free | Partition Type: NTFS
Drive D: | 194,69 Gb Total Space | 192,04 Gb Free Space | 98,64% Space Free | Partition Type: NTFS
Drive F: | 14,92 Gb Total Space | 6,89 Gb Free Space | 46,21% Space Free | Partition Type: FAT32

Computer Name: MARIANNE-BDD3A4 | User Name: Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-01-15 11:04:16 | 000,584,192 |——| M] (OldTimer Tools)—C:\Documents and Settings\Marianne\Skrivebord\OTL.exe
PRC - [2011-12-20 12:41:52 | 000,215,688 |——| M] (SPAMfighter ApS)—C:\Programmer\Fighters\SPAMfighter\sfus.exe
PRC - [2011-12-20 12:41:48 | 001,197,704 |——| M] (SPAMfighter ApS)—C:\Programmer\Fighters\SPAMfighter\sfagent.exe
PRC - [2011-12-13 16:08:44 | 001,324,680 |——| M] (SPAMfighter ApS)—C:\Programmer\Fighters\FighterSuiteService.exe
PRC - [2011-12-13 15:35:08 | 001,450,120 |——| M] (SPAMfighter ApS)—C:\Programmer\Fighters\Tray\FightersTray.exe
PRC - [2011-12-08 01:36:42 | 000,421,736 |——| M] (Apple Inc.)—D:\iTunesHelper.exe
PRC - [2011-12-06 10:06:50 | 001,088,280 |——| M] (Mischel Internet Security)—C:\Programmer\TrojanHunter 5.5\THGuard.exe
PRC - [2011-11-02 16:51:54 | 003,508,624 |——| M] (Samsung Electronics Co., Ltd.)—C:\Programmer\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011-10-26 10:20:48 | 000,273,528 |——| M] (RealNetworks, Inc.)—C:\Programmer\Real\RealPlayer\Update\realsched.exe
PRC - [2011-10-24 21:32:00 | 000,055,144 |——| M] (Apple Inc.)—C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011-09-23 18:08:19 | 000,086,224 |——| M] (Avira Operations GmbH & Co. KG)—C:\Programmer\Avira\AntiVir Desktop\sched.exe
PRC - [2011-09-23 18:01:09 | 000,110,032 |——| M] (Avira Operations GmbH & Co. KG)—C:\Programmer\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-09-23 11:38:21 | 000,258,512 |——| M] (Avira Operations GmbH & Co. KG)—C:\Programmer\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011-09-16 02:34:43 | 000,080,336 |——| M] (Avira Operations GmbH & Co. KG)—C:\Programmer\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011-05-25 10:36:45 | 000,830,808 |——| M] (Preventon Technologies Limited)—C:\Programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe
PRC - [2011-05-25 10:36:45 | 000,142,768 |——| M] (Preventon Technologies Limited)—C:\Programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVWatchService.exe
PRC - [2011-01-10 15:24:20 | 000,993,848 |——| M] (Secunia)—D:\PSI\psia.exe
PRC - [2011-01-10 15:24:20 | 000,399,416 |——| M] (Secunia)—D:\PSI\sua.exe
PRC - [2011-01-10 15:24:20 | 000,291,896 |——| M] (Secunia)—D:\PSI\psi_tray.exe
PRC - [2009-02-10 08:01:49 | 000,116,104 |——| M] ()—C:\Programmer\Canon\IJPLM\ijplmsvc.exe
PRC - [2008-04-14 17:05:49 | 001,034,752 |——| M] (Microsoft Corporation)—C:\WINDOWS\explorer.exe
PRC - [2008-03-09 11:20:26 | 000,071,096 |——| M] ()—C:\Programmer\CDBurnerXP\NMSAccessU.exe
PRC - [2008-02-29 16:03:46 | 001,481,968 |——| M] (SUPERAntiSpyware.com)—C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2006-01-21 13:31:46 | 000,118,784 |——| M] (Rainy)—C:\Programmer\Rainlendar\Rainlendar.exe
PRC - [2004-07-29 03:02:34 | 001,269,760 |——| M] (Symantec Corporation)—C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2004-07-29 01:53:58 | 000,053,248 |——| M] (GEAR Software)—C:\WINDOWS\system32\gearsec.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 |——| M] (Microsoft Corporation)—C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2012-01-14 09:12:52 | 002,019,976 |——| M] ()—C:\Programmer\Fighters\SPAMfighter\sfse.dll
MOD - [2011-12-20 12:42:14 | 000,549,512 |——| M] ()—C:\Programmer\Fighters\SPAMfighter\sfsg.dll
MOD - [2011-09-16 02:05:58 | 000,398,288 |——| M] ()—C:\Programmer\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011-09-05 18:05:00 | 000,300,544 |——| M] ()—C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.DAN
MOD - [2011-06-24 21:56:36 | 000,087,328 |——| M] ()—C:\Programmer\Fælles filer\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-24 21:56:14 | 001,241,888 |——| M] ()—C:\Programmer\Fælles filer\Apple\Apple Application Support\libxml2.dll
MOD - [2011-05-25 10:36:45 | 002,121,728 |——| M] ()—C:\Programmer\Fælles filer\Common Toolkit Suite\AVEngine\QtCore4.dll
MOD - [2011-05-25 10:36:45 | 000,909,312 |——| M] ()—C:\Programmer\Fælles filer\Common Toolkit Suite\AVEngine\QtNetwork4.dll
MOD - [2011-05-25 10:36:45 | 000,344,064 |——| M] ()—C:\Programmer\Fælles filer\Common Toolkit Suite\AVEngine\QtXml4.dll
MOD - [2009-02-10 08:01:49 | 000,116,104 |——| M] ()—C:\Programmer\Canon\IJPLM\ijplmsvc.exe
MOD - [2008-03-09 11:20:26 | 000,071,096 |——| M] ()—C:\Programmer\CDBurnerXP\NMSAccessU.exe
MOD - [2008-03-01 06:10:49 | 000,008,704 |——| M] ()—C:\Programmer\Unlocker\UnlockerCOM.dll
MOD - [2006-01-21 13:31:46 | 000,176,128 |——| M] ()—C:\Programmer\Rainlendar\Plugins\iCalPlugin.dll
MOD - [2006-01-21 13:31:46 | 000,065,536 |——| M] ()—C:\Programmer\Rainlendar\Plugins\IniFormatPlugin.dll
MOD - [2006-01-21 13:31:46 | 000,053,248 |——| M] ()—C:\Programmer\Rainlendar\Plugins\OutlookPlugin.dll
MOD - [2006-01-21 13:31:46 | 000,045,056 |——| M] ()—C:\Programmer\Rainlendar\Plugins\ServerPlugin.dll
MOD - [2006-01-21 13:31:44 | 000,573,440 |——| M] ()—C:\Programmer\Rainlendar\Rainlendar.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped]——(Olympus DVR Service)
SRV - File not found [On_Demand | Stopped]——(AppMgmt)
SRV - [2011-12-20 12:41:52 | 000,215,688 |——| M] (SPAMfighter ApS) [Auto | Running]—C:\Programmer\Fighters\SPAMfighter\sfus.exe—(SPAMfighter Update Service)
SRV - [2011-12-13 16:08:44 | 001,324,680 |——| M] (SPAMfighter ApS) [Auto | Running]—C:\Programmer\Fighters\FighterSuiteService.exe—(Suite Service)
SRV - [2011-10-24 21:32:00 | 000,055,144 |——| M] (Apple Inc.) [Auto | Running]—C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe—(Apple Mobile Device)
SRV - [2011-09-23 18:08:19 | 000,086,224 |——| M] (Avira Operations GmbH & Co. KG) [Auto | Running]—C:\Programmer\Avira\AntiVir Desktop\sched.exe—(AntiVirSchedulerService)
SRV - [2011-09-23 18:01:09 | 000,110,032 |——| M] (Avira Operations GmbH & Co. KG) [Auto | Running]—C:\Programmer\Avira\AntiVir Desktop\avguard.exe—(AntiVirService)
SRV - [2011-05-25 10:36:45 | 000,830,808 |——| M] () [Auto | Running]—C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe—(AV Engine Scanning Service)
SRV - [2011-05-25 10:36:45 | 000,142,768 |——| M] () [Auto | Running]—C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVWatchService.exe—(AV Watch Service)
SRV - [2011-01-10 15:24:20 | 000,993,848 |——| M] (Secunia) [Auto | Running]—D:\PSI\PSIA.exe—(Secunia PSI Agent)
SRV - [2011-01-10 15:24:20 | 000,399,416 |——| M] (Secunia) [Auto | Running]—D:\PSI\sua.exe—(Secunia Update Agent)
SRV - [2010-01-15 13:49:20 | 000,227,232 |——| M] (McAfee, Inc.) [On_Demand | Stopped]—C:\Programmer\McAfee Security Scan\2.0.181\McCHSvc.exe—(McComponentHostService)
SRV - [2009-07-20 12:28:10 | 000,121,360 |——| M] (Logitech, Inc.) [On_Demand | Stopped]—C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe—(LBTServ)
SRV - [2009-02-19 21:10:54 | 000,238,968 |——| M] (Symantec Corporation) [Disabled | Stopped]—C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe—(Automatic LiveUpdate Scheduler)
SRV - [2009-02-19 21:09:53 | 003,220,856 |——| M] (Symantec Corporation) [On_Demand | Stopped]—C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE—(LiveUpdate)
SRV - [2009-02-10 08:01:49 | 000,116,104 |——| M] () [Auto | Running]—C:\Programmer\Canon\IJPLM\ijplmsvc.exe—(IJPLMSVC)
SRV - [2008-03-09 11:20:26 | 000,071,096 |——| M] () [Auto | Running]—C:\Programmer\CDBurnerXP\NMSAccessU.exe—(NMSAccessU)
SRV - [2004-07-29 03:02:34 | 001,269,760 |——| M] (Symantec Corporation) [Auto | Running]—C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe—(Norton Ghost)
SRV - [2004-07-29 01:53:58 | 000,053,248 |——| M] (GEAR Software) [Auto | Running]—C:\WINDOWS\system32\gearsec.exe—(GEARSecurity)
SRV - [2003-06-19 23:25:00 | 000,322,120 |——| M] (Microsoft Corporation) [Auto | Running]—C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE—(MDM)


========== Driver Services (SafeList) ==========

DRV - [2012-01-14 07:10:57 | 000,134,856 |——| M] (Avira GmbH) [Kernel | System | Running]—C:\WINDOWS\system32\drivers\avipbb.sys—(avipbb)
DRV - [2011-09-15 23:55:04 | 000,036,000 |——| M] (Avira GmbH) [Kernel | System | Running]—C:\WINDOWS\system32\drivers\avkmgr.sys—(avkmgr)
DRV - [2011-09-15 23:55:03 | 000,074,640 |——| M] (Avira GmbH) [File_System | Auto | Running]—C:\WINDOWS\system32\drivers\avgntflt.sys—(avgntflt)
DRV - [2010-12-24 13:45:10 | 000,010,264 |——| M] () [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\avfsfilter.sys—(AVFSFilter)
DRV - [2010-11-09 14:35:30 | 000,021,992 |——| M] (CPUID) [Kernel | Auto | Running]—C:\WINDOWS\system32\drivers\cpuz135_x32.sys—(cpuz135)
DRV - [2010-09-01 09:30:58 | 000,015,544 |——| M] (Secunia) [File_System | On_Demand | Running]—C:\WINDOWS\system32\drivers\psi_mf.sys—(PSI)
DRV - [2010-06-17 15:14:27 | 000,028,520 |——| M] (Avira GmbH) [Kernel | System | Running]—C:\WINDOWS\system32\drivers\ssmdrv.sys—(ssmdrv)
DRV - [2009-06-17 17:56:32 | 000,028,560 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\LUsbFilt.sys—(LUsbFilt)
DRV - [2009-06-17 17:56:24 | 000,079,248 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\LMouKE.Sys—(LMouKE)
DRV - [2009-06-17 17:56:16 | 000,037,392 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\LMouFilt.Sys—(LMouFilt)
DRV - [2009-06-17 17:56:06 | 000,035,472 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\LHidFilt.Sys—(LHidFilt)
DRV - [2009-06-17 17:55:34 | 000,010,384 |——| M] (Logitech, Inc.) [Kernel | Auto | Running]—C:\WINDOWS\system32\drivers\LBeepKE.sys—(LBeepKE)
DRV - [2009-06-17 17:55:26 | 000,063,248 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\L8042mou.Sys—(L8042mou)
DRV - [2009-06-17 17:55:18 | 000,020,240 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\L8042Kbd.sys—(L8042Kbd)
DRV - [2008-04-14 19:57:10 | 000,009,760 |——| M] () [Kernel | System | Running]—C:\Programmer\i-Menu\hugoio.sys—(hugoio)
DRV - [2008-04-13 19:45:29 | 000,010,624 |——| M] (Microsoft Corporation) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\gameenum.sys—(gameenum)
DRV - [2008-02-29 16:03:48 | 000,008,944 |——| M] () [Kernel | System | Running]—C:\Programmer\SUPERAntiSpyware\sasdifsv.sys—(SASDIFSV)
DRV - [2008-02-29 16:03:46 | 000,051,440 |——| M] () [Kernel | System | Running]—C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS—(SASKUTIL)
DRV - [2006-07-02 12:39:40 | 000,036,864 |——| M] (Advanced Micro Devices) [Kernel | System | Running]—C:\WINDOWS\system32\drivers\AmdK8.sys—(AmdK8)
DRV - [2006-04-17 09:31:26 | 004,262,912 | R—- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\RtkHDAud.Sys—(IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-02-16 16:51:08 | 000,004,096 | R—- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running]—C:\Programmer\SUPERAntiSpyware\SASENUM.SYS—(SASENUM)
DRV - [2005-03-22 20:36:40 | 000,028,672 |——| M] (ULi Electronics Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\ULILAN51.SYS—(ULI5261XP)
DRV - [2004-07-29 03:13:28 | 000,046,779 |——| M] (PowerQuest Corporation) [Kernel | System | Running]—C:\WINDOWS\System32\drivers\PQIMount.sys—(PQIMount)
DRV - [2004-07-29 02:33:08 | 000,138,780 |——| M] (StorageCraft) [File_System | Boot | Running]—C:\WINDOWS\System32\drivers\PQV2i.sys—(PQV2i)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0



IE - HKU\S-1-5-21-1078081533-1425521274-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-1078081533-1425521274-839522115-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-1078081533-1425521274-839522115-1004\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - No CLSID value found
IE - HKU\S-1-5-21-1078081533-1425521274-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-1078081533-1425521274-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programmer\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programmer\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmer\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\programmer\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\programmer\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\programmer\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmer\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmer\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-26 10:21:24 | 000,000,000 |—-D | M]


O1 HOSTS File: ([2011-09-26 07:07:30 | 000,000,723 |——| M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1     localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programmer\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Fravalg af annonceringscookie) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programmer\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Sammsoft Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programmer\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Sammsoft Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1078081533-1425521274-839522115-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programmer\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1078081533-1425521274-839522115-1004\..\Toolbar\WebBrowser: (Sammsoft Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programmer\Fælles filer\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programmer\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Programmer\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KiesHelper] C:\Programmer\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programmer\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [sfagent] C:\Programmer\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [StartupDelayer] C:\Programmer\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKLM..\Run: [THGuard] C:\Programmer\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TkBellExe] C:\programmer\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1078081533-1425521274-839522115-1004..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Secunia PSI Tray.lnk = D:\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Marianne\Menuen Start\Programmer\Start\Rainlendar.lnk = C:\Programmer\Rainlendar\Rainlendar.exe (Rainy)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1425521274-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver; - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1078081533-1425521274-839522115-1004\..Trusted Domains: spks.dk ([]https in Websteder, du har tillid til)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263033202874 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263565151968 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C438D674-B1EB-40CF-BAAD-21B722C01AE1}: DhcpNameServer = 193.162.153.164 194.239.134.83
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programmer\SUPERAntiSpyware\SASWINLO.dll) - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll) - c:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marianne\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marianne\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmer\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-09 11:13:43 | 000,000,000 |——| M] () - C:\AUTOEXEC.BAT—[ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open]—“%1” %*
O35 - HKLM\..exefile [open]—“%1” %*
O37 - HKLM\...com [@ = comfile]—“%1” %*
O37 - HKLM\...exe [@ = exefile]—“%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2012-01-15 11:04:13 | 000,584,192 |——| C] (OldTimer Tools)—C:\Documents and Settings\Marianne\Skrivebord\OTL.exe
[2012-01-14 18:43:30 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\r2 Studios
[2012-01-14 18:43:29 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Application Data\r2 Studios
[2012-01-14 18:42:42 | 000,000,000 |—-D | C]—C:\Programmer\r2 Studios
[2012-01-14 18:36:34 | 005,044,592 |——| C] (Auslogics Software Pty Ltd                       )—C:\Documents and Settings\Marianne\Skrivebord\disk-defrag-setup.exe
[2012-01-14 12:28:50 | 000,000,000 |—-D | C]—C:\WINDOWS\System32\NtmsData
[2012-01-14 09:10:41 | 002,455,384 |——| C] (SPAMfighter ApS)—C:\Documents and Settings\Marianne\Skrivebord\spamfighter_web.exe
[2012-01-13 13:42:48 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012-01-13 13:42:44 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\SUPERAntiSpyware
[2012-01-13 13:42:42 | 000,000,000 |—-D | C]—C:\Programmer\SUPERAntiSpyware
[2012-01-13 13:42:41 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Application Data\SUPERAntiSpyware.com
[2012-01-13 13:42:16 | 000,000,000 |—-D | C]—C:\Programmer\Fælles filer\Wise Installation Wizard
[2012-01-12 23:06:48 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Application Data\Malwarebytes
[2012-01-12 23:06:30 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes’ Anti-Malware
[2012-01-12 23:06:25 | 000,020,464 |——| C] (Malwarebytes Corporation)—C:\WINDOWS\System32\drivers\mbam.sys
[2012-01-12 23:06:25 | 000,000,000 |—-D | C]—C:\Programmer\Malwarebytes’ Anti-Malware
[2012-01-12 23:06:25 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-01-12 19:08:26 | 000,000,000 |—-D | C]—C:\Programmer\ESET
[2012-01-12 19:02:03 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Application Data\Avira
[2012-01-12 19:01:42 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\Avira
[2012-01-12 19:01:29 | 000,028,520 |——| C] (Avira GmbH)—C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012-01-12 19:01:26 | 000,036,000 |——| C] (Avira GmbH)—C:\WINDOWS\System32\drivers\avkmgr.sys
[2012-01-12 19:01:25 | 000,134,856 |——| C] (Avira GmbH)—C:\WINDOWS\System32\drivers\avipbb.sys
[2012-01-12 19:01:25 | 000,074,640 |——| C] (Avira GmbH)—C:\WINDOWS\System32\drivers\avgntflt.sys
[2012-01-12 19:01:22 | 000,000,000 |—-D | C]—C:\Programmer\Avira
[2012-01-12 19:01:22 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Application Data\Avira
[2012-01-12 19:00:13 | 000,000,000 | RH-D | C]—C:\Documents and Settings\Marianne\Recent
[2012-01-12 18:58:41 | 000,000,000 |—-D | C]—C:\Programmer\CCleaner
[2012-01-12 18:38:28 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Skrivebord\Spywarefri forum
[2012-01-06 18:22:47 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Dokumenter\Mail_20120106
[2012-01-05 18:46:32 | 000,000,000 |—-D | C]—C:\Programmer\Uniblue(2)
[2012-01-05 12:04:50 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Application Data\licenses
[2012-01-05 12:04:47 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Application Data\PCMM2009
[2012-01-05 12:04:40 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Application Data\PCMM2011
[2012-01-05 09:35:04 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012-01-04 16:46:33 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\BurnAware Free
[2012-01-04 16:45:54 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Lokale indstillinger\Application Data\AskToolbar(2)
[2012-01-04 16:12:35 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Dokumenter\help
[2012-01-03 18:47:58 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Dokumenter\Songs
[2012-01-03 18:47:58 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Dokumenter\Settings
[2012-01-03 18:47:58 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Dokumenter\Sets
[2012-01-03 18:47:58 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Dokumenter\Backgrounds
[2012-01-03 18:47:40 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Application Data\OpenSong
[2011-12-26 16:25:31 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Application Data\{553764F8-6599-495D-B99E-4797D3DFC558}
[2011-12-22 18:44:52 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Dokumenter\HØJTIDER
[2011-12-21 16:34:10 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\iTunes
[2011-12-21 16:33:22 | 000,000,000 |—-D | C]—C:\Programmer\iPod
[2011-12-20 18:17:01 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Application Data\AVG
[2011-12-20 18:16:00 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Application Data\TEMP
[2011-12-20 18:15:50 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\AVG PC Tuneup 2011
[2011-12-18 09:56:43 | 000,000,000 |—-D | C]—C:\Documents and Settings\Marianne\Application Data\TrojanHunter
[2011-12-18 09:44:57 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\TrojanHunter
[2011-12-18 09:44:56 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Application Data\TrojanHunter
[2011-12-18 09:44:49 | 000,000,000 |—-D | C]—C:\Programmer\TrojanHunter 5.5
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-01-15 11:06:00 | 000,000,234 |——| M] ()—C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-01-15 11:04:16 | 000,584,192 |——| M] (OldTimer Tools)—C:\Documents and Settings\Marianne\Skrivebord\OTL.exe
[2012-01-15 10:57:00 | 000,000,918 |——| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-01-15 10:02:16 | 000,000,914 |——| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-01-15 10:02:15 | 000,000,264 |——| M] ()—C:\WINDOWS\tasks\RegistryBooster.job
[2012-01-15 10:01:46 | 000,002,048 |—S- | M] ()—C:\WINDOWS\bootstat.dat
[2012-01-15 10:00:14 | 000,000,763 |——| M] ()—C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-01-15 07:43:18 | 000,000,420 | -H—| M] ()—C:\WINDOWS\tasks\User_Feed_Synchronization-{E707ECCA-F45E-4547-9AEB-9D53B738D977}.job
[2012-01-14 18:40:41 | 000,466,164 |——| M] ()—C:\Documents and Settings\Marianne\Skrivebord\keykeep1 husker passwords.exe
[2012-01-14 18:36:47 | 005,044,592 |——| M] (Auslogics Software Pty Ltd                       )—C:\Documents and Settings\Marianne\Skrivebord\disk-defrag-setup.exe
[2012-01-14 09:10:47 | 002,455,384 |——| M] (SPAMfighter ApS)—C:\Documents and Settings\Marianne\Skrivebord\spamfighter_web.exe
[2012-01-14 07:10:57 | 000,134,856 |——| M] (Avira GmbH)—C:\WINDOWS\System32\drivers\avipbb.sys
[2012-01-13 18:46:13 | 000,013,646 |——| M] ()—C:\WINDOWS\System32\wpa.dbl
[2012-01-13 18:45:09 | 000,000,287 |——| M] ()—C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Secunia PSI Tray.lnk
[2012-01-13 18:26:06 | 000,565,010 |——| M] ()—C:\WINDOWS\System32\perfh006.dat
[2012-01-13 18:26:06 | 000,547,700 |——| M] ()—C:\WINDOWS\System32\perfh009.dat
[2012-01-13 18:26:06 | 000,114,940 |——| M] ()—C:\WINDOWS\System32\perfc006.dat
[2012-01-13 18:26:06 | 000,100,030 |——| M] ()—C:\WINDOWS\System32\perfc009.dat
[2012-01-07 17:11:31 | 000,003,751 |——| M] ()—C:\Documents and Settings\Marianne\Dokumenter\harmonika ensemble Godt Nytår fra JP.eml
[2012-01-06 19:27:57 | 000,160,605 |——| M] ()—C:\Documents and Settings\Marianne\Dokumenter\Google Oversæt# pen 2.mht
[2012-01-06 16:32:07 | 000,010,583 |——| M] ()—C:\Documents and Settings\Marianne\Dokumenter\Your RegistryBooster’s ActiveProtection payment is due.eml
[2012-01-05 18:26:06 | 000,289,296 |——| M] ()—C:\WINDOWS\System32\FNTCACHE.DAT
[2011-12-21 14:20:06 | 000,000,278 |——| M] ()—C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-12-18 09:45:02 | 000,059,392 | R—- | M] ()—C:\WINDOWS\System32\streamhlp.dll
[2011-12-18 09:45:01 | 000,000,757 |——| M] ()—C:\Documents and Settings\Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\TrojanHunter Scanner.lnk
[2011-12-16 19:00:01 | 000,000,302 |——| M] ()—C:\WINDOWS\tasks\tempoperfectShakeIcon.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-01-15 10:00:14 | 000,000,763 |——| C] ()—C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-01-14 18:40:40 | 000,466,164 |——| C] ()—C:\Documents and Settings\Marianne\Skrivebord\keykeep1 husker passwords.exe
[2012-01-13 18:45:09 | 000,000,287 |——| C] ()—C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Secunia PSI Tray.lnk
[2012-01-07 17:11:31 | 000,003,751 |——| C] ()—C:\Documents and Settings\Marianne\Dokumenter\harmonika ensemble Godt Nytår fra JP.eml
[2012-01-06 19:27:55 | 000,160,605 |——| C] ()—C:\Documents and Settings\Marianne\Dokumenter\Google Oversæt# pen 2.mht
[2012-01-06 16:32:07 | 000,010,583 |——| C] ()—C:\Documents and Settings\Marianne\Dokumenter\Your RegistryBooster’s ActiveProtection payment is due.eml
[2012-01-05 18:46:52 | 000,000,264 |——| C] ()—C:\WINDOWS\tasks\RegistryBooster.job
[2012-01-04 16:46:27 | 000,000,234 |——| C] ()—C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011-12-18 09:45:01 | 000,000,757 |——| C] ()—C:\Documents and Settings\Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\TrojanHunter Scanner.lnk
[2011-12-18 09:44:49 | 000,059,392 | R—- | C] ()—C:\WINDOWS\System32\streamhlp.dll
[2011-12-04 19:37:31 | 000,631,264 |——| C] ()—C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
[2011-10-31 11:22:42 | 000,030,568 |——| C] ()—C:\WINDOWS\MusiccityDownload.exe
[2011-10-31 11:22:40 | 000,081,920 |——| C] ()—C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011-10-31 11:22:40 | 000,065,536 |——| C] ()—C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011-10-31 11:22:40 | 000,057,344 |——| C] ()—C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011-10-31 11:22:38 | 000,974,848 |——| C] ()—C:\WINDOWS\System32\cis-2.4.dll
[2011-09-20 09:30:19 | 000,000,754 |——| C] ()—C:\WINDOWS\WORDPAD.INI
[2011-08-26 15:34:58 | 000,009,760 |——| C] ()—C:\WINDOWS\System32\drivers\hugoio.sys
[2011-06-22 10:02:20 | 000,000,128 | -H—| C] ()—C:\Documents and Settings\Marianne\Application Data\lakerda1967.sys
[2011-06-22 10:01:49 | 000,010,584 |——| C] ()—C:\Documents and Settings\Marianne\Application Data\docXConverter (3).ini
[2011-04-29 14:20:29 | 000,000,222 |——| C] ()—C:\WINDOWS\Support.ini
[2011-04-16 18:04:55 | 000,252,080 |——| C] ()—C:\WINDOWS\System32\nvdrsdb0.bin
[2011-04-16 18:04:51 | 000,252,080 |——| C] ()—C:\WINDOWS\System32\nvdrsdb1.bin
[2011-04-16 18:04:51 | 000,000,001 |——| C] ()—C:\WINDOWS\System32\nvdrssel.bin
[2011-04-02 17:55:04 | 000,000,000 |——| C] ()—C:\WINDOWS\nsreg.dat
[2011-03-17 11:53:55 | 000,007,680 |——| C] ()—C:\Documents and Settings\Marianne\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-06 18:20:19 | 000,000,000 |——| C] ()—C:\WINDOWS\Powertxt.INI
[2011-03-03 08:28:43 | 000,000,137 |——| C] ()—C:\Documents and Settings\Marianne\Lokale indstillinger\Application Data\fusioncache.dat
[2011-02-27 19:43:36 | 000,583,026 |——| C] ()—C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-1425521274-839522115-1004-0.dat
[2011-02-27 19:43:35 | 000,291,754 |——| C] ()—C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\WPFFontCache_v0400-System.dat
[2011-01-30 19:04:23 | 000,000,214 |——| C] ()—C:\Documents and Settings\Marianne\Application Data\burnaware.ini
[2011-01-26 15:00:06 | 000,255,344 |——| C] ()—C:\WINDOWS\System32\imagxpr3.dll
[2011-01-26 15:00:06 | 000,065,536 |——| C] ()—C:\WINDOWS\System32\Eztw32.dll
[2011-01-23 18:59:34 | 000,000,164 |——| C] ()—C:\WINDOWS\install.dat
[2010-12-24 13:45:10 | 000,010,264 |——| C] ()—C:\WINDOWS\System32\drivers\avfsfilter.sys
[2010-01-27 10:01:39 | 000,055,484 | -H—| C] ()—C:\WINDOWS\System32\mlfcache.dat
[2010-01-13 16:23:38 | 000,000,079 |——| C] ()—C:\WINDOWS\KDatabase.ini
[2010-01-09 20:57:26 | 000,000,376 |——| C] ()—C:\WINDOWS\ODBC.INI
[2010-01-09 20:26:47 | 002,292,678 |——| C] ()—C:\WINDOWS\System32\nvdata.bin
[2010-01-09 20:23:15 | 000,000,664 |——| C] ()—C:\WINDOWS\System32\d3d9caps.dat
[2010-01-09 20:23:14 | 000,000,552 |——| C] ()—C:\WINDOWS\System32\d3d8caps.dat
[2010-01-09 20:19:23 | 000,135,168 | R—- | C] ()—C:\WINDOWS\System32\RtlCPAPI.dll
[2010-01-09 20:19:23 | 000,040,960 | R—- | C] ()—C:\WINDOWS\System32\ChCfg.exe
[2010-01-09 12:03:33 | 000,004,161 |——| C] ()—C:\WINDOWS\ODBCINST.INI
[2010-01-09 12:02:26 | 000,289,296 |——| C] ()—C:\WINDOWS\System32\FNTCACHE.DAT
[2010-01-09 11:25:52 | 000,028,672 |——| C] ()—C:\WINDOWS\System32\UnLAN.exe
[2010-01-09 11:25:36 | 000,004,463 |——| C] ()—C:\WINDOWS\Ascd_tmp.ini
[2010-01-09 11:25:35 | 000,005,824 |——| C] ()—C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010-01-09 11:15:15 | 000,002,048 |—S- | C] ()—C:\WINDOWS\bootstat.dat
[2010-01-09 11:11:20 | 000,021,644 |——| C] ()—C:\WINDOWS\System32\emptyregdb.dat
[2004-08-27 13:00:00 | 013,107,200 |——| C] ()—C:\WINDOWS\System32\oembios.bin
[2004-08-27 13:00:00 | 000,673,088 |——| C] ()—C:\WINDOWS\System32\mlang.dat
[2004-08-27 13:00:00 | 000,565,010 |——| C] ()—C:\WINDOWS\System32\perfh006.dat
[2004-08-27 13:00:00 | 000,547,700 |——| C] ()—C:\WINDOWS\System32\perfh009.dat
[2004-08-27 13:00:00 | 000,284,912 |——| C] ()—C:\WINDOWS\System32\perfi006.dat
[2004-08-27 13:00:00 | 000,272,128 |——| C] ()—C:\WINDOWS\System32\perfi009.dat
[2004-08-27 13:00:00 | 000,218,003 |——| C] ()—C:\WINDOWS\System32\dssec.dat
[2004-08-27 13:00:00 | 000,114,940 |——| C] ()—C:\WINDOWS\System32\perfc006.dat
[2004-08-27 13:00:00 | 000,100,030 |——| C] ()—C:\WINDOWS\System32\perfc009.dat
[2004-08-27 13:00:00 | 000,046,258 |——| C] ()—C:\WINDOWS\System32\mib.bin
[2004-08-27 13:00:00 | 000,034,026 |——| C] ()—C:\WINDOWS\System32\perfd006.dat
[2004-08-27 13:00:00 | 000,028,626 |——| C] ()—C:\WINDOWS\System32\perfd009.dat
[2004-08-27 13:00:00 | 000,004,569 |——| C] ()—C:\WINDOWS\System32\secupd.dat
[2004-08-27 13:00:00 | 000,004,461 |——| C] ()—C:\WINDOWS\System32\oembios.dat
[2004-08-27 13:00:00 | 000,001,804 |——| C] ()—C:\WINDOWS\System32\dcache.bin
[2004-08-27 13:00:00 | 000,000,741 |——| C] ()—C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011-02-27 15:54:02 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\ashampoo
[2010-01-11 11:43:59 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012-01-11 20:07:21 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010-01-11 16:21:01 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011-03-10 16:40:49 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2011-01-24 16:14:20 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012-01-06 18:48:32 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010-01-11 11:59:55 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011-01-24 16:14:23 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2011-10-14 11:21:14 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\Cloudmark
[2011-11-01 07:56:42 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\clp
[2011-09-09 17:34:16 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\Common Files
[2011-02-08 09:25:52 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
[2011-02-09 19:17:21 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\eMachineShop
[2010-01-20 11:30:33 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\explauncher
[2011-02-01 19:12:46 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\F-Secure
[2011-10-22 17:51:15 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\Fighters
[2012-01-12 18:45:28 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\MFAData
[2011-03-03 16:35:29 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011-09-22 15:53:25 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012-01-14 18:43:29 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\r2 Studios
[2011-12-04 18:40:58 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\Samsung
[2011-12-21 19:26:25 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\TEMP
[2011-12-18 09:51:32 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\TrojanHunter
[2011-02-21 15:46:20 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012-01-11 20:08:48 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\{553764F8-6599-495D-B99E-4797D3DFC558}
[2012-01-11 20:08:09 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2011-07-05 17:21:19 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\{E07F9938-EC07-44EC-B4EC-8A92DCF004BB}
[2011-01-23 14:15:44 | 000,000,000 |—-D | M]—C:\Documents and Settings\LocalService\Application Data\Fighters
[2011-01-30 18:27:31 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\AnvSoft
[2011-02-27 16:07:51 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Ashampoo
[2011-02-06 16:00:53 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Audacity
[2011-12-20 19:33:29 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\AVG
[2011-09-02 18:00:44 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Canneverbe_Limited
[2012-01-06 19:07:30 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Canon
[2011-01-24 16:12:57 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Canon Easy-WebPrint EX
[2011-01-26 14:51:29 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\CD-LabelPrint
[2011-01-26 10:51:30 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\CDBurnerXP_Soft
[2011-05-05 17:47:46 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\com.aspiro.wimp.dk.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2011-04-13 17:53:29 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\DriverCure
[2011-02-08 18:23:12 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\eMachineShop
[2011-02-01 19:12:59 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\f-secure
[2011-10-22 17:51:39 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Fighters
[2011-01-30 18:56:26 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\FinalMediaPlayer
[2011-02-27 19:01:15 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\GARMIN
[2011-02-06 16:12:35 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Get from YouTube
[2010-01-14 18:13:34 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\GoodSync
[2011-03-06 19:19:05 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\GST
[2011-01-25 18:23:57 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\IsolatedStorage
[2011-09-17 08:47:36 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\JAM Software
[2010-01-11 11:35:27 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Leadertech
[2012-01-05 12:04:50 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\licenses
[2010-01-21 15:55:38 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\NCH Swift Sound
[2011-05-12 12:24:47 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Notepad++
[2010-01-16 19:07:05 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\OpenOffice.org
[2012-01-03 18:50:35 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\OpenSong
[2011-04-13 17:53:29 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\ParetoLogic
[2012-01-05 12:06:35 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\PCMM2009
[2012-01-05 12:04:40 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\PCMM2011
[2011-05-13 09:58:26 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\PeaZip
[2011-01-30 16:16:55 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\PGP
[2011-02-07 19:23:53 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Power Sound Editor Free
[2011-02-06 16:47:19 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\PriceGong
[2011-03-06 19:12:31 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Publisher4
[2010-01-11 18:58:05 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Rainlendar
[2011-02-04 15:23:25 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\REAPER
[2011-04-02 17:34:49 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Sammsoft
[2011-12-04 18:39:02 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Samsung
[2011-01-30 18:56:31 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\SmartDraw
[2011-01-23 11:49:06 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\TeamViewer
[2011-12-18 09:56:43 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\TrojanHunter
[2012-01-05 09:35:10 | 000,000,000 |—-D | M]—C:\Documents and Settings\Marianne\Application Data\Uniblue
[2012-01-15 10:02:15 | 000,000,264 |——| M] ()—C:\WINDOWS\Tasks\RegistryBooster.job
[2012-01-15 11:06:00 | 000,000,234 |——| M] ()—C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011-12-16 19:00:01 | 000,000,302 |——| M] ()—C:\WINDOWS\Tasks\tempoperfectShakeIcon.job
[2012-01-15 07:43:18 | 000,000,420 | -H—| M] ()—C:\WINDOWS\Tasks\User_Feed_Synchronization-{E707ECCA-F45E-4547-9AEB-9D53B738D977}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 15-01-2012 11:05:32 - Run 1
OTL by OldTimer - Version 3.2.31.0   Folder = C:\Documents and Settings\Marianne\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,05% Memory free
3,85 Gb Paging File | 3,08 Gb Available in Paging File | 80,13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 39,06 Gb Total Space | 17,53 Gb Free Space | 44,88% Space Free | Partition Type: NTFS
Drive D: | 194,69 Gb Total Space | 192,04 Gb Free Space | 98,64% Space Free | Partition Type: NTFS
Drive F: | 14,92 Gb Total Space | 6,89 Gb Free Space | 46,21% Space Free | Partition Type: FAT32

Computer Name: MARIANNE-BDD3A4 | User Name: Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
cplfile [cplopen]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
exefile [open]—“%1” %*
htmlfile [edit]—Reg Error: Key error.
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [scan_with_SPYWAREfighter]—D:\SPYWAREfighter\SWPROTray.exe /scan “%1” (SPAMfighter)
Folder [open]—%SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore]—%SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“UpdatesDisableNotify” = 0
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
“Start” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
“Start” = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DoNotAllowExceptions” = 0
“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“1900:UDP” = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
“2869:TCP” = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
“139:TCP” = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
“445:TCP” = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
“137:UDP” = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
“138:UDP” = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Programmer\TeamViewer\Version6\TeamViewer.exe” = C:\Programmer\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application—(TeamViewer GmbH)
“C:\Programmer\TeamViewer\Version6\TeamViewer_Service.exe” = C:\Programmer\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service—(TeamViewer GmbH)
“C:\Programmer\AVG\AVG2012\avgmfapx.exe” = C:\Programmer\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-installationsprogram
“C:\WINDOWS\system32\muzapp.exe” = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player—(Musiccity Co.Ltd.)
“C:\Programmer\Fælles filer\Apple\Apple Application Support\WebKit2WebProcess.exe” = C:\Programmer\Fælles filer\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit—(Apple Inc.)
“D:\iTunes.exe” = D:\iTunes.exe:*:Enabled:iTunes—(Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}” = RealNetworks - Microsoft Visual C++ 2005 Runtime
“{0C826C5B-B131-423A-A229-C71B3CACCD6A}” = CDDRV_Installer
“{10B47424-611D-4FB4-951B-C946EB04830C}” = SPAMfighter
“{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series” = Canon MP630 series MP Drivers
“{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series” = Canon MP640 series MP Drivers
“{143BE018-D8F8-4014-8CB6-AF63F5799D21}” = ULi LAN Driver
“{18455581-E099-4BA8-BC6B-F34B2F06600C}” = Google Toolbar for Internet Explorer
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer
“{26A24AE4-039D-4CA4-87B4-2F83216017FF}” = Java(TM) 6 Update 26
“{2AABA840-1F82-11D5-B3FA-0050BA013CD3}” = iCD CoolBeLa
“{3101CB58-3482-4D21-AF1A-7057FC935355}” = KhalInstallWrapper
“{32343DB6-9A52-40C9-87E4-5E7C79791C87}” = MSXML 4.0 SP2 and SOAP Toolkit 3.0
“{343666E2-A059-48AC-AD67-230BF74E2DB2}” = Apple Application Support
“{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{3C3901C5-3455-3E0A-A214-0B093A5070A6}” = Microsoft .NET Framework 4 Client Profile
“{3C759736-8347-4031-BB9C-D75ADFE6B101}” = Norton Ghost 9.0
“{47985AEA-2CA2-3344-851E-BA4DC9101C68}” = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1” = AVG PC Tuneup
“{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}” = SPYWAREfighter
“{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}” = PowerDVD
“{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
“{735619D4-B42A-437A-958C-199BFCAEDB38}” = Safari
“{758C8301-2696-4855-AF45-534B1200980A}” = Samsung Kies
“{76AA6AA4-3EE1-4EB1-9418-946A25ADC626}” = Google Fravalg af annonceringscookie
“{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}” = RealNetworks - Microsoft Visual C++ 2008 Runtime
“{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}” = MobileMe Control Panel
“{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update
“{79155F2B-9895-49D7-8612-D92580E0DE5B}” = Bonjour
“{7BE15435-2D3E-4B58-867F-9C75BED0208C}” = QuickTime
“{7E265513-8CDA-4631-B696-F40D983F3B07}_is1” = CDBurnerXP
“{7ED0767D-ABCF-6F76-0377-0500759A1E12}” = Wimp 1.3.7.3
“{8153ED9A-C94A-426E-9880-5E6775C08B62}” = Apple Mobile Device Support
“{868291A4-229E-4795-B0B0-E60E87AF53CD}” = Sibelius Scorch (ActiveX Only)
“{86D4B82A-ABED-442A-BE86-96357B70F4FE}” = Ask Toolbar
“{870815CA-6B60-47B6-88DD-A67F42D2F03E}” = GPL MPEG-1/2 DirectShow Decoder Filter
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{968ECEB6-5476-4131-B5E0-41D01D621243}” = Sibelius Scorch (all browsers)
“{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
“{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2
“{A498D9EB-927B-459B-85D6-DD6EF8C2C564}” = erLT
“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper
“{AC76BA86-7AD7-1030-7B44-AA1000000001}” = Adobe Reader X (10.1.1) - Dansk
“{B1102A25-3AA3-446B-AA0F-A699B07A02FD}” = Garmin USB Drivers
“{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel” = NVIDIA Kontrolpanel 266.58
“{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver” = NVIDIA Grafikdriver 266.58
“{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView” = NVIDIA NView 135.50
“{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer” = NVIDIA Install Application
“{B69349AE-2D41-3708-8BA4-4DC22645CA04}” = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
“{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}” = iTunes
“{BFE5EE53-FB9C-4E32-B652-A85C55E1F081}” = Olympus Sonority
“{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}” = SUPERAntiSpyware Free Edition
“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1
“{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}” = SAMSUNG USB Driver for Mobile Phones
“{DFCB15E0-969C-3E74-8654-F5978478E876}” = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN
“{E0783143-EAE2-4047-A8D6-E155523C594C}” = Garmin WebUpdater
“{E2019D64-E819-3B4F-9C85-95BE2688ABF9}” = Microsoft .NET Framework 4 Client Profile DAN Language Pack
“{E80F62FF-5D3C-4A19-8409-9721F2928206}” = LiveUpdate (Symantec Corporation)
“{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}” = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
“{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}” = Logitech SetPoint
“{F6FCC591-A21B-47C7-BCB3-F535FBA210E2}” = SLOW-PCfighter
“{FDB3B167-F4FA-461D-976F-286304A57B2A}” = Adobe AIR
“45A7283175C62FAC673F913C1F532C5361F97841” = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
“53F13DB4D9611FD63BE580F06F0729BF236ABE68” = Windows-driverpakke - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
“7-Zip” = 7-Zip 9.20
“Adobe AIR” = Adobe AIR
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin
“Any Audio Converter_is1” = Any Audio Converter 3.1.2
“Ashampoo Burning Studio 2010 Advanced_is1” = Ashampoo Burning Studio 2010 Advanced 9.25
“Avira AntiVir Desktop” = Avira Free Antivirus
“BestPractice” = BestPractice (remove only)
“Canon MP630 series Brugerregistrering” = Canon MP630 series Brugerregistrering
“Canon MP640 series Brugerregistrering” = Canon MP640 series Brugerregistrering
“CANONIJPLM100” = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
“CanonMyPrinter” = Canon Utilities My Printer
“CanonSolutionMenu” = Canon Utilities Solution Menu
“CCleaner” = CCleaner
“com.aspiro.wimp.dk.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1” = Wimp 1.3.7.3
“CPUID CPU-Z_is1” = CPUID CPU-Z 1.58
“docXConverter3_is1” = docXConverter 3.1.2
“Easy-PhotoPrint EX” = Canon Utilities Easy-PhotoPrint EX
“Easy-WebPrint EX” = Canon Easy-WebPrint EX
“ESET Online Scanner” = ESET Online Scanner v3
“FreeOnlineRadioPlayerRecorder Toolbar” = FreeOnlineRadioPlayerRecorder Toolbar
“i-Menu_is1” = i-Menu 2.2
“InstallShield_{758C8301-2696-4855-AF45-534B1200980A}” = Samsung Kies
“Komputer for alle Register 4.2.4” = Komputer for alle Register 4.2.4
“LAME for Audacity_is1” = LAME v3.98.3 for Audacity
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.60.0.1800
“McAfee Security Scan” = McAfee Security Scan Plus
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“Microsoft .NET Framework 3.5 Language Pack SP1 - dan” = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1
“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile
“Microsoft .NET Framework 4 Client Profile DAN Language Pack” = Microsoft .NET Framework 4 Client Profile DAN sprogpakke
“MixPad” = MixPad Audio Mixer
“MP Navigator EX 2.0” = Canon MP Navigator EX 2.0
“MP Navigator EX 3.0” = Canon MP Navigator EX 3.0
“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP
“MyAshampoo Toolbar” = MyAshampoo Toolbar
“NVIDIA nView Desktop Manager” = NVIDIA nView Desktop Manager
“Picasa 3” = Picasa 3
“Power Sound Editor Free” = Power Sound Editor Free
“PsuedoLiveUpdate” = LiveUpdate (Symantec Corporation)
“Rainlendar” = Rainlendar (remove only)
“RealPlayer 12.0” = RealPlayer
“Secunia PSI” = Secunia PSI (2.0.0.3001)
“SLOW-PCfighter” = SLOW-PCfighter
“SPAMfighter” = SPAMfighter
“SPYWAREfighter” = SPYWAREfighter
“Startup Delayer” = Startup Delayer v3.0 (build 319)
“Switch” = Switch Sound File Converter
“SystemRequirementsLab” = System Requirements Lab
“TeamViewer 6” = TeamViewer 6
“TempoPerfect” = TempoPerfect Metronome Software
“ToolBox” = NCH Toolbox
“TrojanHunter_is1” = TrojanHunter 5.5
“UltraSearch_is1” = UltraSearch V1.4
“Unlocker” = Unlocker 1.8.6
“WavePad” = WavePad Sound Editor
“Wdf01005” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
“Windows Media Format Runtime” = Windows Media Format 11 runtime
“Windows Media Player” = Windows Media Player 11
“Windows XP Service Pack” = Windows XP Service Pack 3
“WMFDist11” = Windows Media Format 11 runtime
“wmp11” = Windows Media Player 11
“Wudf01000” = Microsoft User-Mode Driver Framework Feature Pack 1.0
“XPSEPSCLP” = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-1425521274-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“Octoshape add-in for Adobe Flash Player” = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11-01-2012 15:16:04 | Computer Name = MARIANNE-BDD3A4 | Source = LoadPerf | ID = 3001
Description = Strengværdien til ydelsestællernavnet i registreringsdatabasen er
forkert formateret. Den falske streng er 12626, og den falske indeksværdi er det
første DWORD i dataafsnittet, mens de sidste gyldige indeksværdier er det andet og
tredje
DWORD i dataafsnittet.

Error - 11-01-2012 15:16:04 | Computer Name = MARIANNE-BDD3A4 | Source = LoadPerf | ID = 3001
Description = Strengværdien til ydelsestællernavnet i registreringsdatabasen er
forkert formateret. Den falske streng er 12626, og den falske indeksværdi er det
første DWORD i dataafsnittet, mens de sidste gyldige indeksværdier er det andet og
tredje
DWORD i dataafsnittet.

Error - 11-01-2012 15:16:04 | Computer Name = MARIANNE-BDD3A4 | Source = LoadPerf | ID = 3011
Description = Fjernelse af ydelsestællerstrenge for tjenesten WmiApRpl (WmiApRpl)
mislykkedes. Fejlkoden er det første DWORD i dataafsnittet.

Error - 11-01-2012 15:16:07 | Computer Name = MARIANNE-BDD3A4 | Source = LoadPerf | ID = 3001
Description = Strengværdien til ydelsestællernavnet i registreringsdatabasen er
forkert formateret. Den falske streng er 12626, og den falske indeksværdi er det
første DWORD i dataafsnittet, mens de sidste gyldige indeksværdier er det andet og
tredje
DWORD i dataafsnittet.

Error - 11-01-2012 15:36:19 | Computer Name = MARIANNE-BDD3A4 | Source = MsiInstaller | ID = 11500
Description = Produkt: SLOW-PCfighter—Fejl 1500. En anden installation er i gang.
Den skal færdiggøres, før du fortsætter med en ny.

Error - 11-01-2012 15:36:20 | Computer Name = MARIANNE-BDD3A4 | Source = MsiInstaller | ID = 11500
Description = Produkt: SLOW-PCfighter—Fejl 1500. En anden installation er i gang.
Den skal færdiggøres, før du fortsætter med en ny.

Error - 11-01-2012 15:36:21 | Computer Name = MARIANNE-BDD3A4 | Source = MsiInstaller | ID = 11500
Description = Produkt: SLOW-PCfighter—Fejl 1500. En anden installation er i gang.
Den skal færdiggøres, før du fortsætter med en ny.

Error - 11-01-2012 15:43:10 | Computer Name = MARIANNE-BDD3A4 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn’t the latest version of CLR Optimization service.
Will shutdown

Error - 14-01-2012 04:23:37 | Computer Name = MARIANNE-BDD3A4 | Source = MsiInstaller | ID = 11321
Description = Produkt: Adobe Reader X (10.1.2) - Dansk—Fejl 1321. Installationsprogrammet
har ikke de nødvendige rettigheder til at ændre filen: C:\Programmer\Adobe\Reader
10.0\Reader\plug_ins\Annots.api.

Error - 14-01-2012 04:23:44 | Computer Name = MARIANNE-BDD3A4 | Source = MsiInstaller | ID = 1024
Description = Produkt: Adobe Reader X (10.1.2) - Dansk - Opdateringen ‘Adobe Reader
X (10.1.2)’ kunne ikke installeres. Fejlkode 1603. Windows Installer kan oprette
logfiler som hjælp til fejlfinding af problemer ved installation af softwarepakker.
Brug følgende link for at få oplysninger om, hvordan logføring slås til: http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 11-01-2012 18:37:43 | Computer Name = MARIANNE-BDD3A4 | Source = Service Control Manager | ID = 7000
Description = Tjenesten Secunia Update Agent kunne ikke starte pga. følgende fejl:
  S

Error - 11-01-2012 18:38:44 | Computer Name = MARIANNE-BDD3A4 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisekunder) venter på, at tjenesten Secunia Update
Agent tilsluttes.

Error - 11-01-2012 18:39:04 | Computer Name = MARIANNE-BDD3A4 | Source = Service Control Manager | ID = 7000
Description = Tjenesten Secunia Update Agent kunne ikke starte pga. følgende fejl:
  S

Error - 11-01-2012 18:39:46 | Computer Name = MARIANNE-BDD3A4 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisekunder) venter på, at tjenesten Secunia Update
Agent tilsluttes.

Error - 11-01-2012 18:39:46 | Computer Name = MARIANNE-BDD3A4 | Source = Service Control Manager | ID = 7000
Description = Tjenesten Secunia Update Agent kunne ikke starte pga. følgende fejl:
  S

Error - 11-01-2012 18:40:26 | Computer Name = MARIANNE-BDD3A4 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisekunder) venter på, at tjenesten Secunia Update
Agent tilsluttes.

Error - 11-01-2012 18:40:26 | Computer Name = MARIANNE-BDD3A4 | Source = Service Control Manager | ID = 7000
Description = Tjenesten Secunia Update Agent kunne ikke starte pga. følgende fejl:
  S

Error - 11-01-2012 18:41:07 | Computer Name = MARIANNE-BDD3A4 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisekunder) venter på, at tjenesten Secunia Update
Agent tilsluttes.

Error - 13-01-2012 06:56:54 | Computer Name = MARIANNE-BDD3A4 | Source = sr | ID = 1
Description = Systemgendannelsesfilteret stødte på en uventet fejl ‘0xC0000001’
under behandling af filen ‘’ på drev ‘HarddiskVolume1’.  Overvågning af drevet er
stoppet.

Error - 13-01-2012 13:58:28 | Computer Name = MARIANNE-BDD3A4 | Source = DCOM | ID = 10010
Description = Serveren {4EB61BAC-A3B6-4760-9581-655041EF4D69} blev ikke registreret
af DCOM inden for det specificerede tidsrum.


< End of report >
På genhør hilsen jus

Afinstaller Ask Toolbar.
Du bør også afinstallere TrojanHunter og McAfee Security Scan.

Ved du hvad AVEngine\AVWatchService.exe er

———

Hent og gem ComboFix på dit skrivebord. <- Vigtigt

Kør så ComboFix og følg anvisningerne.

Da ComboFix kan konflikte med dine sikkerhedsprogrammer, er det vigtigt at du deaktiverer dem. <- Vigtigt

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her: C:\ComboFix.txt

Hej.
Nej, jeg ved ikke hvadAVEngine\AVWatchService. exe er for noget. Og medens vi er ved det- kan jeg ændre det nye password jeg har fået til noget, der er nemmere at huske?
Vender tilbage i morgen.
På genhør og hav en god aften
Jus

jus - 16.01.2012 17:03:43

... Og medens vi er ved det- kan jeg ændre det nye password jeg har fået til noget, der er nemmere at huske?

Hvilket Password hentyder du til

Det er password til at logge ind hos Jer i spywarefri forum. Jeg havde glemt det og fik tilsendt et nyt, som som jeg gerne vil have lavet om!

Det kan du ændre under “Min Komto” -> “Brugernavn og password”

Hej og godmorgen. Her kommer så combofix-loggen

ComboFix 12-01-16.02 - Marianne 17-01-2012   0:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1436 [GMT 1:00]
Kører fra: c:\documents and settings\Marianne\Skrivebord\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Dannede nyt systemgendannelsespunkt
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Marianne\Application Data\PriceGong
c:\documents and settings\Marianne\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Marianne\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Marianne\System
c:\documents and settings\Marianne\System\win_qs8.jqx
C:\VDM23.tmp
C:\VDM24.tmp
c:\windows\system32\drivers\Install.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET4B.tmp
c:\windows\TEMP\8w0dmke4.vbt
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-12-16 til 2012-01-16 )))))))))))))))))))))))))))))))))))
.
.
2012-01-14 17:43 . 2012-01-14 17:43   ————  d——-w-  c:\documents and settings\All Users\Application Data\r2 Studios
2012-01-14 17:42 . 2012-01-14 17:42   ————  d——-w-  c:\programmer\r2 Studios
2012-01-14 11:28 . 2012-01-14 11:36   ————  d——-w-  c:\windows\system32\NtmsData
2012-01-13 12:42 . 2012-01-13 12:42   ————  d——-w-  c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-13 12:42 . 2012-01-13 12:42   ————  d——-w-  c:\programmer\SUPERAntiSpyware
2012-01-13 12:42 . 2012-01-13 12:42   ————  d——-w-  c:\documents and settings\Marianne\Application Data\SUPERAntiSpyware.com
2012-01-13 12:42 . 2012-01-13 12:42   ————  d——-w-  c:\programmer\Fælles filer\Wise Installation Wizard
2012-01-12 22:06 . 2012-01-12 22:06   ————  d——-w-  c:\documents and settings\Marianne\Application Data\Malwarebytes
2012-01-12 22:06 . 2012-01-15 09:01   ————  d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2012-01-12 22:06 . 2012-01-12 22:06   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-12 22:06 . 2011-12-10 14:24   20464   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-01-12 18:08 . 2012-01-12 18:08   ————  d——-w-  c:\programmer\ESET
2012-01-12 18:02 . 2012-01-12 18:02   ————  d——-w-  c:\documents and settings\Marianne\Application Data\Avira
2012-01-12 18:01 . 2011-09-15 22:55   36000   ——a-w-  c:\windows\system32\drivers\avkmgr.sys
2012-01-12 18:01 . 2012-01-14 06:10   134856   ——a-w-  c:\windows\system32\drivers\avipbb.sys
2012-01-12 18:01 . 2011-09-15 22:55   74640   ——a-w-  c:\windows\system32\drivers\avgntflt.sys
2012-01-12 18:01 . 2012-01-12 18:01   ————  d——-w-  c:\programmer\Avira
2012-01-12 18:01 . 2012-01-12 18:01   ————  d——-w-  c:\documents and settings\All Users\Application Data\Avira
2012-01-12 17:58 . 2012-01-12 17:58   ————  d——-w-  c:\programmer\CCleaner
2012-01-11 19:09 . 2012-01-11 19:09   ————  d——-w-  c:\windows\system32\wbem\Repository
2012-01-05 17:46 . 2012-01-11 19:07   ————  d——-w-  c:\programmer\Uniblue(2)
2012-01-05 11:04 . 2012-01-05 11:04   ————  d——-w-  c:\documents and settings\Marianne\Application Data\licenses
2012-01-05 11:04 . 2012-01-05 11:06   ————  d——-w-  c:\documents and settings\Marianne\Application Data\PCMM2009
2012-01-05 11:04 . 2012-01-05 11:04   ————  d——-w-  c:\documents and settings\Marianne\Application Data\PCMM2011
2012-01-05 08:35 . 2012-01-11 19:08   ————  dc——w-  c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-01-04 15:45 . 2012-01-05 17:19   ————  d——-w-  c:\documents and settings\Marianne\Lokale indstillinger\Application Data\AskToolbar(2)
2012-01-03 17:47 . 2012-01-03 17:50   ————  d——-w-  c:\documents and settings\Marianne\Application Data\OpenSong
2011-12-26 15:25 . 2012-01-11 19:08   ————  dc——w-  c:\documents and settings\All Users\Application Data\{553764F8-6599-495D-B99E-4797D3DFC558}
2011-12-21 15:33 . 2011-12-21 15:33   ————  d——-w-  c:\programmer\iPod
2011-12-20 17:17 . 2011-12-20 18:33   ————  d——-w-  c:\documents and settings\Marianne\Application Data\AVG
2011-12-18 08:56 . 2011-12-18 08:56   ————  d——-w-  c:\documents and settings\Marianne\Application Data\TrojanHunter
2011-12-18 08:44 . 2012-01-16 14:56   ————  d——-w-  c:\programmer\TrojanHunter 5.5
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-27 12:00   293376   ——a-w-  c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-27 12:00   1859584   ——a-w-  c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-27 12:00   60928   ——a-w-  c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-27 12:00   354816   ——a-w-  c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-27 12:00   152064   ——a-w-  c:\windows\system32\schannel.dll
2011-11-13 17:41 . 2011-05-13 11:23   414368   ——a-w-  c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:13 . 2004-08-27 12:00   916992   ——a-w-  c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-27 12:00   43520   ——a-w-  c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-27 12:00   1469440   ———w-  c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-27 12:00   385024   ——a-w-  c:\windows\system32\html.iec
2011-11-03 15:29 . 2004-08-27 12:00   386560   ——a-w-  c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-27 12:00   1296384   ——a-w-  c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-27 12:00   1288192   ——a-w-  c:\windows\system32\ole32.dll
2011-10-31 10:22 . 2011-12-04 17:23   4659712   ——a-w-  c:\windows\system32\Redemption.dll
2011-10-31 10:22 . 2011-10-31 10:22   90112   ——a-w-  c:\windows\MAMCityDownload.ocx
2011-10-31 10:22 . 2011-10-31 10:22   325552   ——a-w-  c:\windows\MASetupCaller.dll
2011-10-31 10:22 . 2011-10-31 10:22   30568   ——a-w-  c:\windows\MusiccityDownload.exe
2011-10-31 10:22 . 2011-10-31 10:22   81920   ——a-w-  c:\windows\system32\issacapi_bs-2.3.dll
2011-10-31 10:22 . 2011-10-31 10:22   65536   ——a-w-  c:\windows\system32\issacapi_pe-2.3.dll
2011-10-31 10:22 . 2011-10-31 10:22   57344   ——a-w-  c:\windows\system32\issacapi_se-2.3.dll
2011-10-31 10:22 . 2011-10-31 10:22   49152   ——a-w-  c:\windows\system32\MaJGUILib.dll
2011-10-31 10:22 . 2011-10-31 10:22   45056   ——a-w-  c:\windows\system32\MaXMLProto.dll
2011-10-31 10:22 . 2011-10-31 10:22   40960   ——a-w-  c:\windows\system32\MTTELECHIP.dll
2011-10-31 10:22 . 2011-10-31 10:22   200704   ——a-w-  c:\windows\system32\muzwmts.dll
2011-10-31 10:22 . 2011-10-31 10:22   143360   ——a-w-  c:\windows\system32\3DAudio.ax
2011-10-31 10:22 . 2011-10-31 10:22   135168   ——a-w-  c:\windows\system32\muzaf1.dll
2011-10-31 10:22 . 2011-10-31 10:22   122880   ——a-w-  c:\windows\system32\muzeffect.ax
2011-10-31 10:22 . 2011-10-31 10:22   118784   ——a-w-  c:\windows\system32\MaDRM.dll
2011-10-31 10:22 . 2011-10-31 10:22   110592   ——a-w-  c:\windows\system32\muzmp4sp.ax
2011-10-31 10:22 . 2011-10-31 10:22   974848   ——a-w-  c:\windows\system32\cis-2.4.dll
2011-10-31 10:22 . 2011-10-31 10:22   57344   ——a-w-  c:\windows\system32\MTXSYNCICON.dll
2011-10-31 10:22 . 2011-10-31 10:22   57344   ——a-w-  c:\windows\system32\MK_Lyric.dll
2011-10-31 10:22 . 2011-10-31 10:22   569344   ——a-w-  c:\windows\system32\muzdecode.ax
2011-10-31 10:22 . 2011-10-31 10:22   491520   ——a-w-  c:\windows\system32\muzapp.dll
2011-10-31 10:22 . 2011-10-31 10:22   45056   ——a-w-  c:\windows\system32\MACXMLProto.dll
2011-10-31 10:22 . 2011-10-31 10:22   40960   ——a-w-  c:\windows\system32\MAMACExtract.dll
2011-10-31 10:22 . 2011-10-31 10:22   352256   ——a-w-  c:\windows\system32\MSLUR71.dll
2011-10-31 10:22 . 2011-10-31 10:22   258048   ——a-w-  c:\windows\system32\muzoggsp.ax
2011-10-31 10:22 . 2011-10-31 10:22   245760   ——a-w-  c:\windows\system32\MSCLib.dll
2011-10-31 10:22 . 2011-10-31 10:22   24576   ——a-w-  c:\windows\system32\MASetupCleaner.exe
2011-10-31 10:22 . 2011-10-31 10:22   155648   ——a-w-  c:\windows\system32\MSFLib.dll
2011-10-31 10:22 . 2011-10-31 10:22   14336   ——a-w-  c:\windows\system32\avrt.dll
2011-10-31 10:22 . 2011-10-31 10:22   131072   ——a-w-  c:\windows\system32\muzmpgsp.ax
2011-10-31 10:22 . 2011-12-04 17:22   319456   ——a-w-  c:\windows\system32\DIFxAPI.dll
2011-10-31 10:22 . 2011-12-04 17:22   20032   ——a-w-  c:\windows\system32\drivers\dgderdrv.sys
2011-10-31 10:22 . 2011-12-04 17:22   821824   ——a-w-  c:\windows\system32\dgderapi.dll
2011-10-28 05:31 . 2004-08-27 12:00   33280   ——a-w-  c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-26 17:50   2071936   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2004-08-27 12:00   2195328   ——a-w-  c:\windows\system32\ntoskrnl.exe
2011-10-26 09:20 . 2011-01-23 15:09   499712   ——a-w-  c:\windows\system32\msvcp71.dll
2011-10-26 09:20 . 2011-01-23 15:09   348160   ——a-w-  c:\windows\system32\msvcr71.dll
2011-10-24 13:29 . 2011-10-24 13:29   94208   ——a-w-  c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29   69632   ——a-w-  c:\windows\system32\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2010-01-12 39408]
“SUPERAntiSpyware”=“c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-02-29 1481968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RTHDCPL”=“RTHDCPL.EXE” [2006-04-17 16143872]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2009-06-17 55824]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2011-01-07 111208]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2011-01-07 13880424]
“APSDaemon”=“c:\programmer\Fælles filer\Apple\Apple Application Support\APSDaemon.exe” [2011-11-01 59240]
“CommonToolkitTray”=“c:\programmer\Fighters\Tray\FightersTray.exe” [2011-12-13 1450120]
“TkBellExe”=“c:\programmer\real\realplayer\update\realsched.exe” [2011-10-26 273528]
“QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2011-10-24 421888]
“KiesHelper”=“c:\programmer\Samsung\Kies\KiesHelper.exe” [2011-11-02 928656]
“KiesTrayAgent”=“c:\programmer\Samsung\Kies\KiesTrayAgent.exe” [2011-11-02 3508624]
“iTunesHelper”=“D:\iTunesHelper.exe” [2011-12-08 421736]
“avgnt”=“c:\programmer\Avira\AntiVir Desktop\avgnt.exe” [2011-09-23 258512]
“StartupDelayer”=“c:\programmer\r2 Studios\Startup Delayer\Startup Launcher.exe” [2011-12-13 978944]
“sfagent”=“c:\programmer\Fighters\SPAMfighter\sfagent.exe” [2011-12-20 1197704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
.
c:\documents and settings\Marianne\Menuen Start\Programmer\Start\
Rainlendar.lnk - c:\programmer\Rainlendar\Rainlendar.exe [2006-1-21 118784]
.
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Secunia PSI Tray.lnk - d:\psi\psi_tray.exe [2011-1-10 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41   294912   ——a-w-  c:\programmer\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28   72208   ——a-w-  c:\programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Secunia PSI Tray.lnk]
backupExtension=.CommonStartup
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
2004-07-29 02:41   1122304   ——a-w-  c:\programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-03-01 05:10   15872   ——a-w-  c:\programmer\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Programmer\\TeamViewer\\Version6\\TeamViewer.exe”=
“c:\\Programmer\\TeamViewer\\Version6\\TeamViewer_Service.exe”=
“c:\\Programmer\\Windows Media Player\\mplayer2.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\Fælles filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe”=
“d:\\iTunes.exe”=
.
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29-07-2004 02:33 138780]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12-01-2012 19:01 36000]
R1 hugoio;hugoio;c:\programmer\i-Menu\hugoio.sys [26-08-2011 15:32 9760]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [29-07-2004 03:13 46779]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmer\Avira\AntiVir Desktop\sched.exe [12-01-2012 19:01 86224]
R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe [25-05-2011 10:36 830808]
R2 AV Watch Service;AV Watch Service;c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVWatchService.exe [25-05-2011 10:36 142768]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [17-09-2011 08:44 21992]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11-01-2010 11:35 10384]
R2 Secunia PSI Agent;Secunia PSI Agent;d:\psi\PSIA.exe—start-service—> d:\psi\PSIA.exe—start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;d:\psi\sua.exe—start-service—> d:\psi\sua.exe—start-service [?]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [24-12-2010 13:45 10264]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01-09-2010 09:30 15544]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [09-01-2010 11:25 28672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [12-01-2010 18:22 135664]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\programmer\Fighters\SPAMfighter\sfus.exe [20-12-2011 12:41 215688]
S2 Suite Service;Suite Service;c:\programmer\Fighters\FighterSuiteService.exe [13-12-2011 16:08 1324680]
S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\Google\Update\GoogleUpdate.exe [12-01-2010 18:22 135664]
S3 Olympus DVR Service;Olympus DVR Service;“c:\programmer\Fælles filer\Olympus Shared\DeviceManager\olydvrsv.exe”—> c:\programmer\Fælles filer\Olympus Shared\DeviceManager\olydvrsv.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
.
—- Andre Services/Drivers i Hukommelsen—-
.
*NewlyCreated* - WS2IFSL
.
Indhold af mappen ‘Planlagte Opgaver’
.
2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-12 17:22]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-12 17:22]
.
2011-12-16 c:\windows\Tasks\tempoperfectShakeIcon.job
- c:\programmer\NCH Swift Sound\TempoPerfect\tempoperfect.exe [2011-03-03 18:00]
.
2012-01-16 c:\windows\Tasks\User_Feed_Synchronization-{E707ECCA-F45E-4547-9AEB-9D53B738D977}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: spks.dk
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programmer\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programmer\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programmer\Ask.com\GenericAskToolbar.dll
AddRemove-24_flashusbdriver - c:\programmer\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Marianne\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 01:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
“ImagePath”=“C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe”
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Watch Service]
“ImagePath”=“C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVWatchService.exe”
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
“ImagePath”=“C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe”
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Watch Service]
“ImagePath”=“C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVWatchService.exe”
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘winlogon.exe’(852)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > ‘explorer.exe’(5696)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\nvsvc32.exe
c:\programmer\Avira\AntiVir Desktop\avguard.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmer\Bonjour\mDNSResponder.exe
c:\windows\System32\GEARSec.exe
c:\programmer\Canon\IJPLM\IJPLMSVC.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\CDBurnerXP\NMSAccessU.exe
c:\programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
d:\psi\PSIA.exe
c:\programmer\Avira\AntiVir Desktop\avshadow.exe
d:\psi\sua.exe
.
**************************************************************************
.
Gennemført tid: 2012-01-17 09:01:31 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-01-17 08:01
.
Pre-Kørsel: 18.406.858.752 byte ledig
Post-Kørsel: 18.936.524.800 byte ledig
.
WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect
.
- - End Of File - - CC7A542A791F9FA68D5F6400C8F5B285

Hent og installer ERUNT: http://www.derfisch.de/lars/erunt-setup.exe

Start den og lad den lave en Backup af Registreringsdatabasen.

Du skal ikke la’ den køre ved opstart.

———

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
File::
c:\windows\system32\drivers\avfsfilter.sys
Filelook::
c:\programmer\i-Menu\hugoio.sys
Folder::
c:\programmer\Fælles filer\Common Toolkit Suite\
Driver::
AV Engine Scanning Service
AV Watch Service
AVFSFilter
ClearJavaCache::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem. <- Vigtigt

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle ComboFix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Vær-så god
ComboFix 12-01-17.01 - Marianne 17-01-2012 18:03:23.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1462 [GMT 1:00]
Kører fra: c:\documents and settings\Marianne\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Marianne\Skrivebord\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
“c:\windows\system32\drivers\avfsfilter.sys”
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmer\Fælles filer\Common Toolkit Suite
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVEngine.dll
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\avfsfilter.inf
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\avfsfilter_x64.cat
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\avfsfilter_x86.cat
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVWatchService.exe
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\QtCore4.dll
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\QtNetwork4.dll
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\QtXml4.dll
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\VBAdapter.dll
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\vbengnt.dll
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\x64\avfsfilter.sys
c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\x86\avfsfilter.sys
c:\windows\system32\drivers\avfsfilter.sys
.
——Forrige Kørsel———-
.
c:\windows\TEMP\zv7o9j1f.vbt
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
———-\Legacy_AVFSFILTER
———-\Legacy_AV_ENGINE_SCANNING_SERVICE
———-\Legacy_AV_WATCH_SERVICE
———-\Service_AV Engine Scanning Service
———-\Service_AV Watch Service
———-\Service_AVFSFilter
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-12-17 til 2012-01-17 )))))))))))))))))))))))))))))))))))
.
.
2012-01-17 16:29 . 2012-01-17 16:29   ————  d——-w-  c:\programmer\ERUNT
2012-01-14 17:43 . 2012-01-14 17:43   ————  d——-w-  c:\documents and settings\All Users\Application Data\r2 Studios
2012-01-14 17:42 . 2012-01-14 17:42   ————  d——-w-  c:\programmer\r2 Studios
2012-01-14 11:28 . 2012-01-14 11:36   ————  d——-w-  c:\windows\system32\NtmsData
2012-01-13 12:42 . 2012-01-13 12:42   ————  d——-w-  c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-13 12:42 . 2012-01-13 12:42   ————  d——-w-  c:\programmer\SUPERAntiSpyware
2012-01-13 12:42 . 2012-01-13 12:42   ————  d——-w-  c:\documents and settings\Marianne\Application Data\SUPERAntiSpyware.com
2012-01-13 12:42 . 2012-01-13 12:42   ————  d——-w-  c:\programmer\Fælles filer\Wise Installation Wizard
2012-01-12 22:06 . 2012-01-12 22:06   ————  d——-w-  c:\documents and settings\Marianne\Application Data\Malwarebytes
2012-01-12 22:06 . 2012-01-15 09:01   ————  d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2012-01-12 22:06 . 2012-01-12 22:06   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-12 22:06 . 2011-12-10 14:24   20464   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-01-12 18:08 . 2012-01-12 18:08   ————  d——-w-  c:\programmer\ESET
2012-01-12 18:02 . 2012-01-12 18:02   ————  d——-w-  c:\documents and settings\Marianne\Application Data\Avira
2012-01-12 18:01 . 2011-09-15 22:55   36000   ——a-w-  c:\windows\system32\drivers\avkmgr.sys
2012-01-12 18:01 . 2012-01-14 06:10   134856   ——a-w-  c:\windows\system32\drivers\avipbb.sys
2012-01-12 18:01 . 2011-09-15 22:55   74640   ——a-w-  c:\windows\system32\drivers\avgntflt.sys
2012-01-12 18:01 . 2012-01-12 18:01   ————  d——-w-  c:\programmer\Avira
2012-01-12 18:01 . 2012-01-12 18:01   ————  d——-w-  c:\documents and settings\All Users\Application Data\Avira
2012-01-12 17:58 . 2012-01-12 17:58   ————  d——-w-  c:\programmer\CCleaner
2012-01-11 19:09 . 2012-01-11 19:09   ————  d——-w-  c:\windows\system32\wbem\Repository
2012-01-05 17:46 . 2012-01-11 19:07   ————  d——-w-  c:\programmer\Uniblue(2)
2012-01-05 11:04 . 2012-01-05 11:04   ————  d——-w-  c:\documents and settings\Marianne\Application Data\licenses
2012-01-05 11:04 . 2012-01-05 11:06   ————  d——-w-  c:\documents and settings\Marianne\Application Data\PCMM2009
2012-01-05 11:04 . 2012-01-05 11:04   ————  d——-w-  c:\documents and settings\Marianne\Application Data\PCMM2011
2012-01-05 08:35 . 2012-01-11 19:08   ————  dc——w-  c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-01-04 15:45 . 2012-01-05 17:19   ————  d——-w-  c:\documents and settings\Marianne\Lokale indstillinger\Application Data\AskToolbar(2)
2012-01-03 17:47 . 2012-01-03 17:50   ————  d——-w-  c:\documents and settings\Marianne\Application Data\OpenSong
2011-12-26 15:25 . 2012-01-11 19:08   ————  dc——w-  c:\documents and settings\All Users\Application Data\{553764F8-6599-495D-B99E-4797D3DFC558}
2011-12-21 15:33 . 2011-12-21 15:33   ————  d——-w-  c:\programmer\iPod
2011-12-20 17:17 . 2011-12-20 18:33   ————  d——-w-  c:\documents and settings\Marianne\Application Data\AVG
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-27 12:00   293376   ——a-w-  c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-27 12:00   1859584   ——a-w-  c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-27 12:00   60928   ——a-w-  c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-27 12:00   354816   ——a-w-  c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-27 12:00   152064   ——a-w-  c:\windows\system32\schannel.dll
2011-11-13 17:41 . 2011-05-13 11:23   414368   ——a-w-  c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:13 . 2004-08-27 12:00   916992   ——a-w-  c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-27 12:00   43520   ——a-w-  c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-27 12:00   1469440   ———w-  c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-27 12:00   385024   ——a-w-  c:\windows\system32\html.iec
2011-11-03 15:29 . 2004-08-27 12:00   386560   ——a-w-  c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-27 12:00   1296384   ——a-w-  c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-27 12:00   1288192   ——a-w-  c:\windows\system32\ole32.dll
2011-10-31 10:22 . 2011-12-04 17:23   4659712   ——a-w-  c:\windows\system32\Redemption.dll
2011-10-31 10:22 . 2011-10-31 10:22   90112   ——a-w-  c:\windows\MAMCityDownload.ocx
2011-10-31 10:22 . 2011-10-31 10:22   325552   ——a-w-  c:\windows\MASetupCaller.dll
2011-10-31 10:22 . 2011-10-31 10:22   30568   ——a-w-  c:\windows\MusiccityDownload.exe
2011-10-31 10:22 . 2011-10-31 10:22   81920   ——a-w-  c:\windows\system32\issacapi_bs-2.3.dll
2011-10-31 10:22 . 2011-10-31 10:22   65536   ——a-w-  c:\windows\system32\issacapi_pe-2.3.dll
2011-10-31 10:22 . 2011-10-31 10:22   57344   ——a-w-  c:\windows\system32\issacapi_se-2.3.dll
2011-10-31 10:22 . 2011-10-31 10:22   49152   ——a-w-  c:\windows\system32\MaJGUILib.dll
2011-10-31 10:22 . 2011-10-31 10:22   45056   ——a-w-  c:\windows\system32\MaXMLProto.dll
2011-10-31 10:22 . 2011-10-31 10:22   40960   ——a-w-  c:\windows\system32\MTTELECHIP.dll
2011-10-31 10:22 . 2011-10-31 10:22   200704   ——a-w-  c:\windows\system32\muzwmts.dll
2011-10-31 10:22 . 2011-10-31 10:22   143360   ——a-w-  c:\windows\system32\3DAudio.ax
2011-10-31 10:22 . 2011-10-31 10:22   135168   ——a-w-  c:\windows\system32\muzaf1.dll
2011-10-31 10:22 . 2011-10-31 10:22   122880   ——a-w-  c:\windows\system32\muzeffect.ax
2011-10-31 10:22 . 2011-10-31 10:22   118784   ——a-w-  c:\windows\system32\MaDRM.dll
2011-10-31 10:22 . 2011-10-31 10:22   110592   ——a-w-  c:\windows\system32\muzmp4sp.ax
2011-10-31 10:22 . 2011-10-31 10:22   974848   ——a-w-  c:\windows\system32\cis-2.4.dll
2011-10-31 10:22 . 2011-10-31 10:22   57344   ——a-w-  c:\windows\system32\MTXSYNCICON.dll
2011-10-31 10:22 . 2011-10-31 10:22   57344   ——a-w-  c:\windows\system32\MK_Lyric.dll
2011-10-31 10:22 . 2011-10-31 10:22   569344   ——a-w-  c:\windows\system32\muzdecode.ax
2011-10-31 10:22 . 2011-10-31 10:22   491520   ——a-w-  c:\windows\system32\muzapp.dll
2011-10-31 10:22 . 2011-10-31 10:22   45056   ——a-w-  c:\windows\system32\MACXMLProto.dll
2011-10-31 10:22 . 2011-10-31 10:22   40960   ——a-w-  c:\windows\system32\MAMACExtract.dll
2011-10-31 10:22 . 2011-10-31 10:22   352256   ——a-w-  c:\windows\system32\MSLUR71.dll
2011-10-31 10:22 . 2011-10-31 10:22   258048   ——a-w-  c:\windows\system32\muzoggsp.ax
2011-10-31 10:22 . 2011-10-31 10:22   245760   ——a-w-  c:\windows\system32\MSCLib.dll
2011-10-31 10:22 . 2011-10-31 10:22   24576   ——a-w-  c:\windows\system32\MASetupCleaner.exe
2011-10-31 10:22 . 2011-10-31 10:22   155648   ——a-w-  c:\windows\system32\MSFLib.dll
2011-10-31 10:22 . 2011-10-31 10:22   14336   ——a-w-  c:\windows\system32\avrt.dll
2011-10-31 10:22 . 2011-10-31 10:22   131072   ——a-w-  c:\windows\system32\muzmpgsp.ax
2011-10-31 10:22 . 2011-12-04 17:22   319456   ——a-w-  c:\windows\system32\DIFxAPI.dll
2011-10-31 10:22 . 2011-12-04 17:22   20032   ——a-w-  c:\windows\system32\drivers\dgderdrv.sys
2011-10-31 10:22 . 2011-12-04 17:22   821824   ——a-w-  c:\windows\system32\dgderapi.dll
2011-10-28 05:31 . 2004-08-27 12:00   33280   ——a-w-  c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-26 17:50   2071936   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2004-08-27 12:00   2195328   ——a-w-  c:\windows\system32\ntoskrnl.exe
2011-10-26 09:20 . 2011-01-23 15:09   499712   ——a-w-  c:\windows\system32\msvcp71.dll
2011-10-26 09:20 . 2011-01-23 15:09   348160   ——a-w-  c:\windows\system32\msvcr71.dll
2011-10-24 13:29 . 2011-10-24 13:29   94208   ——a-w-  c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29   69632   ——a-w-  c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- c:\programmer\i-Menu\hugoio.sys—-
Company:———
File Description:———
File Version:———
Product Name:———
Copyright:———
Original Filename:———
File size: 9760
Created time: 2011-08-26 14:32
Modified time: 2008-04-14 18:57
MD5: 7DECCB2612255F4B538976AD25DA0D29
SHA1: 8F2E390DC1F4D680464E6E16F430339DC814618D
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2010-01-12 39408]
“SUPERAntiSpyware”=“c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-02-29 1481968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RTHDCPL”=“RTHDCPL.EXE” [2006-04-17 16143872]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2009-06-17 55824]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2011-01-07 111208]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2011-01-07 13880424]
“APSDaemon”=“c:\programmer\Fælles filer\Apple\Apple Application Support\APSDaemon.exe” [2011-11-01 59240]
“CommonToolkitTray”=“c:\programmer\Fighters\Tray\FightersTray.exe” [2011-12-13 1450120]
“TkBellExe”=“c:\programmer\real\realplayer\update\realsched.exe” [2011-10-26 273528]
“QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2011-10-24 421888]
“KiesHelper”=“c:\programmer\Samsung\Kies\KiesHelper.exe” [2011-11-02 928656]
“KiesTrayAgent”=“c:\programmer\Samsung\Kies\KiesTrayAgent.exe” [2011-11-02 3508624]
“iTunesHelper”=“D:\iTunesHelper.exe” [2011-12-08 421736]
“avgnt”=“c:\programmer\Avira\AntiVir Desktop\avgnt.exe” [2011-09-23 258512]
“StartupDelayer”=“c:\programmer\r2 Studios\Startup Delayer\Startup Launcher.exe” [2011-12-13 978944]
“sfagent”=“c:\programmer\Fighters\SPAMfighter\sfagent.exe” [2011-12-20 1197704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
.
c:\documents and settings\Marianne\Menuen Start\Programmer\Start\
Rainlendar.lnk - c:\programmer\Rainlendar\Rainlendar.exe [2006-1-21 118784]
.
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Secunia PSI Tray.lnk - d:\psi\psi_tray.exe [2011-1-10 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41   294912   ——a-w-  c:\programmer\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28   72208   ——a-w-  c:\programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Secunia PSI Tray.lnk]
backupExtension=.CommonStartup
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
2004-07-29 02:41   1122304   ——a-w-  c:\programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-03-01 05:10   15872   ——a-w-  c:\programmer\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Programmer\\TeamViewer\\Version6\\TeamViewer.exe”=
“c:\\Programmer\\TeamViewer\\Version6\\TeamViewer_Service.exe”=
“c:\\Programmer\\Windows Media Player\\mplayer2.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\Fælles filer\\Apple\\Apple Application Support\\WebKit2WebProcess.exe”=
“d:\\iTunes.exe”=
.
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29-07-2004 02:33 138780]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12-01-2012 19:01 36000]
R1 hugoio;hugoio;c:\programmer\i-Menu\hugoio.sys [26-08-2011 15:32 9760]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [29-07-2004 03:13 46779]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [17-09-2011 08:44 21992]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11-01-2010 11:35 10384]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01-09-2010 09:30 15544]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [09-01-2010 11:25 28672]
.
Indhold af mappen ‘Planlagte Opgaver’
.
2011-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-12 17:22]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-12 17:22]
.
2011-12-16 c:\windows\Tasks\tempoperfectShakeIcon.job
- c:\programmer\NCH Swift Sound\TempoPerfect\tempoperfect.exe [2011-03-03 18:00]
.
2012-01-17 c:\windows\Tasks\User_Feed_Synchronization-{E707ECCA-F45E-4547-9AEB-9D53B738D977}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: spks.dk
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 18:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘winlogon.exe’(848)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > ‘explorer.exe’(3680)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\nvsvc32.exe
c:\programmer\Avira\AntiVir Desktop\sched.exe
c:\programmer\Avira\AntiVir Desktop\avguard.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\windows\System32\GEARSec.exe
c:\programmer\Canon\IJPLM\IJPLMSVC.EXE
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\CDBurnerXP\NMSAccessU.exe
c:\programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
d:\psi\PSIA.exe
c:\programmer\Fighters\SPAMfighter\sfus.exe
c:\programmer\Fighters\FighterSuiteService.exe
c:\programmer\Avira\AntiVir Desktop\avshadow.exe
d:\psi\sua.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmer\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Gennemført tid: 2012-01-17 18:21:04 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-01-17 17:21
ComboFix2.txt 2012-01-17 08:01
.
Pre-Kørsel: 18.777.243.648 byte ledig
Post-Kørsel: 18.724.597.760 byte ledig
.
- - End Of File - - D3400423CC77E1A7A79CAA6DB409DC8B

Tak for hjælp til ændring af password