Hej og velkommen      

Lad os tage et nærmere kig på tingene.

Download OTL af Oldtimer fra et af nedenstående links, og gem den på dit skrivebord:
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.com
http://www.itxassociates.com/OT-Tools/OTL.scr

Luk alle åbne vinduer. Klik på OTL ikonet (for Vista/win7, skal du højreklikke på ikonet og Kør som Administrator) for at starte programmet.
Når vinduet vises, under Output i toppen skift til Minimal Output.
Marker felterne ud for LOP check og Purity Check.
• 

I Custom Scan boxen, kopierer du nedestående ind

netsvcs
drivers32
msconfig
@
/md5stop
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.
%CREATERESTOREPOINT

Klik så på Quick Scan.
• 

Det vil give to (2) logfiler på skrivebordet, en kaldet OTL.txt, den anden vil blive navngivet Extras.txt.
Husk, hvor du har gemt disse 2 filer.

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Fra otl.txt

OTL logfile created on: 17-08-2012 15:16:42 - Run 1
OTL by OldTimer - Version 3.2.57.0   Folder = C:\Documents and Settings\daniel juul eskerod.DANIEL\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

895,30 Mb Total Physical Memory | 371,78 Mb Available Physical Memory | 41,53% Memory free
2,12 Gb Paging File | 1,57 Gb Available in Paging File | 73,96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 118,05 Gb Total Space | 86,62 Gb Free Space | 73,38% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 23,00 Gb Free Space | 76,68% Space Free | Partition Type: NTFS

Computer Name: DANIEL | User Name: daniel juul eskerod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-17 15:15:01 | 000,596,992 |——| M] (OldTimer Tools)—C:\Documents and Settings\daniel juul eskerod.DANIEL\Skrivebord\OTL.exe
PRC - [2012-07-22 19:01:47 | 001,193,176 |——| M] ()—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-07-05 22:07:00 | 000,161,704 |——| M] (Oracle Corporation)—C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012-07-05 18:41:46 | 003,048,136 |——| M] (Skype Technologies S.A.)—C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-03-26 17:08:12 | 000,931,200 |——| M] (Microsoft Corporation)—C:\Programmer\Microsoft Security Client\msseces.exe
PRC - [2012-03-26 17:03:40 | 000,011,552 |——| M] (Microsoft Corporation)—c:\Programmer\Microsoft Security Client\MsMpEng.exe
PRC - [2012-01-17 11:07:54 | 000,252,296 |——| M] (Sun Microsystems, Inc.)—C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
PRC - [2009-05-25 13:38:08 | 002,048,000 |——| M] (Micro-Star International Co., Ltd.)—C:\Programmer\System Control Manager\MGSysCtrl.exe
PRC - [2008-12-05 09:08:40 | 000,604,776 |——| M] (Broadcom Corporation.)—C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008-11-05 09:21:04 | 000,159,744 |——| M] (Micro-Star Int’l Co., Ltd.)—C:\Programmer\System Control Manager\MSIService.exe
PRC - [2008-04-15 14:00:00 | 001,034,752 |——| M] (Microsoft Corporation)—C:\WINDOWS\explorer.exe
PRC - [2007-07-24 11:15:14 | 000,185,632 |——| M] (Protexis Inc.)—C:\Programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
PRC - [2006-03-21 14:19:40 | 000,069,632 |——| M] (ScanSoft, Inc.)—C:\Programmer\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-07 22:03:04 | 000,041,984 |——| M] ()—C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Temp\1C.tmp
MOD - [2012-07-22 19:01:47 | 001,193,176 |——| M] ()—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2009-04-10 09:31:56 | 000,053,248 |——| M] ()—C:\Programmer\System Control Manager\MGKBHook.dll
MOD - [2008-12-05 09:07:42 | 002,854,976 |——| M] ()—C:\WINDOWS\system32\btwicons.dll
MOD - [2008-12-05 09:05:44 | 000,069,697 |——| M] ()—C:\Programmer\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008-04-15 14:00:00 | 000,014,336 |——| M] ()—C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped]—%SystemRoot%\System32\appmgmts.dll—(AppMgmt)
SRV - [2012-07-05 22:07:00 | 000,161,704 |——| M] (Oracle Corporation) [Auto | Running]—C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe—(JavaQuickStarterService)
SRV - [2012-07-05 18:41:46 | 003,048,136 |——| M] (Skype Technologies S.A.) [Auto | Running]—C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe—(Skype C2C Service)
SRV - [2012-04-05 11:37:38 | 000,158,856 | R—- | M] (Skype Technologies) [Auto | Stopped]—C:\Programmer\Skype\Updater\Updater.exe—(SkypeUpdate)
SRV - [2012-03-26 17:03:40 | 000,011,552 |——| M] (Microsoft Corporation) [Auto | Running]—c:\Programmer\Microsoft Security Client\MsMpEng.exe—(MsMpSvc)
SRV - [2010-01-09 22:37:50 | 004,640,000 |——| M] (Microsoft Corporation) [On_Demand | Stopped]—C:\Programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE—(osppsvc)
SRV - [2010-01-09 22:18:00 | 000,149,352 |——| M] (Microsoft Corporation) [On_Demand | Stopped]—C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE—(ose)
SRV - [2008-11-05 09:21:04 | 000,159,744 |——| M] (Micro-Star Int’l Co., Ltd.) [Auto | Running]—C:\Programmer\System Control Manager\MSIService.exe—(Micro Star SCM)
SRV - [2007-07-24 11:15:14 | 000,185,632 |——| M] (Protexis Inc.) [Auto | Running]—C:\Programmer\Fælles filer\Protexis\License Service\PsiService_2.exe—(PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped]——(WDICA)
DRV - File not found [Kernel | On_Demand | Stopped]—system32\DRIVERS\RtsUCcid.sys—(USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped]—system32\DRIVERS\Rts516xIR.sys—(RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped]——(PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped]——(PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped]——(PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped]——(PDCOMP)
DRV - File not found [Kernel | System | Stopped]——(PCIDump)
DRV - File not found [Kernel | System | Stopped]——(lbrtfdc)
DRV - File not found [Kernel | System | Stopped]——(i2omgmt)
DRV - File not found [Kernel | System | Stopped]——(Changer)
DRV - [2012-08-07 22:15:39 | 000,050,704 |——| M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\npf.sys—(NPF)
DRV - [2010-01-05 15:42:00 | 000,569,632 |——| M] (Realtek Semiconductor Corporation                   ) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\rtl8192se.sys—(RTL8192se)
DRV - [2009-05-21 21:29:00 | 003,565,568 |——| M] (ATI Technologies Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\ati2mtag.sys—(ati2mtag)
DRV - [2009-04-07 18:14:36 | 005,066,752 |——| M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\RtkHDAud.sys—(IntcAzAudAddService)
DRV - [2009-04-02 14:01:26 | 000,164,864 |——| M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\RtsUStor.sys—(RSUSBSTOR)
DRV - [2009-02-20 18:12:00 | 003,729,280 |——| M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\RtKHDMI.sys—(RTHDMIAzAudService)
DRV - [2008-10-31 04:19:18 | 000,991,656 |——| M] (Broadcom Corporation.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\btkrnl.sys—(BTKRNL)
DRV - [2008-10-31 04:19:14 | 000,047,272 |——| M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\btwusb.sys—(BTWUSB)
DRV - [2008-10-30 21:14:20 | 000,117,888 |——| M] (Realtek Semiconductor Corporation                   ) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\Rtenicxp.sys—(RTLE8023xp)
DRV - [2008-08-05 20:10:12 | 001,684,736 |——| M] (Creative) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\Ambfilt.sys—(Ambfilt)
DRV - [2008-07-24 16:37:10 | 000,156,816 |——| M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\btwdndis.sys—(BTWDNDIS)
DRV - [2008-05-30 10:46:12 | 000,534,568 |——| M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\btaudio.sys—(btaudio)
DRV - [2008-03-10 17:18:42 | 000,057,384 |——| M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\btwhid.sys—(btwhid)
DRV - [2008-02-04 16:57:44 | 000,037,160 |——| M] (Broadcom Corporation.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\btport.sys—(BTDriver)
DRV - [2006-01-04 15:41:48 | 001,389,056 |——| M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\Monfilt.sys—(Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src;={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101373&mntrId=6c6739510000000000000025d31ecf49&tt=090212_ctrl
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_daDK471DK471
IE - HKCU\..\SearchScopes\{C7A51453-39A4-4C2D-A4DA-097C9D9A588A}: “URL” = http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmer\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programmer\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmer\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmer\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie;={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl;={language}&q={searchTerms},
CHR - homepage: http://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programmer\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmer\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programmer\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin:  (Enabled) = C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmer\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.190.4 (Enabled) = C:\Programmer\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Programmer\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmer\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Programmer\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programmer\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmer\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,723 |——| M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1     localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmer\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmer\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [MGSysCtrl] C:\Programmer\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Programmer\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmer\Fælles filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateYouPaintShortCut] C:\Programmer\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Odkoompioh] C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Ytdac\obmi.exe (the VideoLAN Team)
O4 - HKCU..\Run: [Spotify] C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\BTTray.lnk = C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 14673 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msakqoyml.pif ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - C:\Programmer\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: S&end; til OneNote - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send til &Bluetooth;-enhed… - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send til Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay.dk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-91768-17534-1/4 File not found
O9 - Extra ‘Tools’ menuitem : eBay.dk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-91768-17534-1/4 File not found
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Sammenk;ædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : &Sammenk;ædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra ‘Tools’ menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271769688768 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.239.134.83 193.162.153.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9EE082A-5609-430C-8DF7-F4EA30922660}: DhcpNameServer = 194.239.134.83 193.162.153.164
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\chrome - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\prox - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programmer\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-20 12:28:56 | 000,000,000 |——| M] () - C:\AUTOEXEC.BAT—[ NTFS ]
O33 - MountPoints2\{508a08e1-4c68-11df-8dcf-ef4b4e09aa5b}\Shell\AutoRun\command - “” = F:\setup.exe
O33 - MountPoints2\{821c7282-4d39-11df-836e-002421672414}\Shell\AutoRun\command - “” = F:\setup.exe
O33 - MountPoints2\{938af400-cb9f-11df-97b9-002421649976}\Shell\AutoRun\command - “” = F:\setup.exe
O33 - MountPoints2\{e8c49e8c-d1b4-11e1-84ac-002421f6a546}\Shell - “” = AutoRun
O33 - MountPoints2\{e8c49e8c-d1b4-11e1-84ac-002421f6a546}\Shell\AutoRun\command - “” = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open]—“%1” %*
O35 - HKLM\..exefile [open]—“%1” %*
O37 - HKLM\...com [@ = comfile]—“%1” %*
O37 - HKLM\...exe [@ = exefile]—“%1” %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

MsConfig - State: “system.ini” - 0
MsConfig - State: “win.ini” - 0
MsConfig - State: “bootini” - 2
MsConfig - State: “services” - 0
MsConfig - State: “startup” - 0

%CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-08-17 15:15:08 | 000,596,992 |——| C] (OldTimer Tools)—C:\Documents and Settings\daniel juul eskerod.DANIEL\Skrivebord\OTL.exe
[2012-08-17 14:29:59 | 000,000,000 |—-D | C]—C:\Programmer\Fælles filer\Java
[2012-08-17 14:28:39 | 000,000,000 |—-D | C]—C:\Programmer\Oracle
[2012-08-17 14:28:24 | 000,000,000 |—-D | C]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Oracle
[2012-08-17 12:05:43 | 000,000,000 |—-D | C]—C:\WINDOWS\pss
[2012-08-17 11:46:45 | 000,000,000 | R—D | C]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Menuen Start\Programmer\Administration
[2012-08-17 11:45:08 | 000,000,000 | RH-D | C]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Recent
[2012-08-17 10:44:24 | 000,000,000 |—-D | C]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\Secunia PSI
[2012-08-17 10:43:41 | 000,000,000 |—-D | C]—C:\Programmer\Secunia
[2012-08-17 09:36:54 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\CCleaner
[2012-08-17 09:36:50 | 000,000,000 |—-D | C]—C:\Programmer\CCleaner
[2012-08-17 08:31:20 | 000,000,000 | -HSD | C]—C:\Documents and Settings\daniel juul eskerod.DANIEL\IECompatCache
[2012-08-17 07:50:22 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\ArcSoft PhotoStudio 5.5
[2012-08-17 07:50:19 | 000,000,000 |—-D | C]—C:\Programmer\ArcSoft
[2012-08-17 07:49:01 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\Corel Home Office
[2012-08-17 07:48:55 | 000,000,000 |—-D | C]—C:\Programmer\Corel Home Office
[2012-08-16 18:44:08 | 000,000,000 |—-D | C]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Malwarebytes
[2012-08-16 18:43:26 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-08-16 16:58:14 | 000,000,000 |—-D | C]—C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\PCHealth
[2012-08-16 16:57:53 | 000,000,000 |—-D | C]—C:\Programmer\Microsoft Security Client
[2012-08-07 22:15:39 | 000,050,704 |——| C] (CACE Technologies, Inc.)—C:\WINDOWS\System32\drivers\npf.sys
[2012-08-07 22:15:35 | 000,281,104 |——| C] (CACE Technologies, Inc.)—C:\WINDOWS\System32\wpcap.dll
[2012-08-07 22:15:33 | 000,100,880 |——| C] (CACE Technologies, Inc.)—C:\WINDOWS\System32\Packet.dll
[2012-08-07 22:15:25 | 000,000,000 |—-D | C]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Ytdac
[2012-08-07 22:15:25 | 000,000,000 |—-D | C]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Opkyp
[2012-08-07 22:15:25 | 000,000,000 |—-D | C]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Huiguc
[2012-08-07 22:14:59 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Local Settings
[2012-08-07 22:02:34 | 000,000,000 |—-D | C]—C:\WINDOWS\Sun
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\daniel juul eskerod.DANIEL\Dokumenter\*.tmp files -> C:\Documents and Settings\daniel juul eskerod.DANIEL\Dokumenter\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-17 15:21:50 | 000,000,378 | -H—| M] ()—C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012-08-17 15:21:37 | 000,000,360 | -H—| M] ()—C:\WINDOWS\tasks\MpIdleTask.job
[2012-08-17 15:21:00 | 000,000,914 |——| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1ccecd579afd9f2.job
[2012-08-17 15:15:01 | 000,596,992 |——| M] (OldTimer Tools)—C:\Documents and Settings\daniel juul eskerod.DANIEL\Skrivebord\OTL.exe
[2012-08-17 15:12:01 | 000,000,910 |——| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ccecd578bcaa16.job
[2012-08-17 15:11:34 | 000,002,048 |—S- | M] ()—C:\WINDOWS\bootstat.dat
[2012-08-17 15:11:30 | 938,856,448 | -HS- | M] ()—C:\hiberfil.sys
[2012-08-17 14:45:00 | 000,000,830 |——| M] ()—C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-08-17 14:29:12 | 000,001,790 |——| M] ()—C:\Documents and Settings\All Users\Skrivebord\Google Chrome.lnk
[2012-08-17 13:12:50 | 000,000,211 | RHS- | M] ()—C:\boot.ini
[2012-08-17 09:36:54 | 000,000,665 |——| M] ()—C:\Documents and Settings\All Users\Skrivebord\CCleaner.lnk
[2012-08-17 09:29:51 | 000,243,128 |——| M] ()—C:\WINDOWS\System32\FNTCACHE.DAT
[2012-08-17 08:33:27 | 000,001,912 |——| M] ()—C:\WINDOWS\epplauncher.mif
[2012-08-17 08:32:39 | 000,001,158 |——| M] ()—C:\WINDOWS\System32\wpa.dbl
[2012-08-17 08:32:26 | 000,550,824 |——| M] ()—C:\WINDOWS\System32\perfh006.dat
[2012-08-17 08:32:26 | 000,511,362 |——| M] ()—C:\WINDOWS\System32\perfh009.dat
[2012-08-17 08:32:26 | 000,112,564 |——| M] ()—C:\WINDOWS\System32\perfc006.dat
[2012-08-17 08:32:26 | 000,090,504 |——| M] ()—C:\WINDOWS\System32\perfc009.dat
[2012-08-16 17:08:46 | 000,000,036 |——| M] ()—C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\housecall.guid.cache
[2012-08-15 21:05:49 | 000,000,664 |——| M] ()—C:\WINDOWS\System32\d3d9caps.dat
[2012-08-07 22:15:39 | 000,050,704 |——| M] (CACE Technologies, Inc.)—C:\WINDOWS\System32\drivers\npf.sys
[2012-08-07 22:15:36 | 000,281,104 |——| M] (CACE Technologies, Inc.)—C:\WINDOWS\System32\wpcap.dll
[2012-08-07 22:15:33 | 000,100,880 |——| M] (CACE Technologies, Inc.)—C:\WINDOWS\System32\Packet.dll
[2012-07-31 21:52:17 | 000,002,245 |——| M] ()—C:\Documents and Settings\All Users\Skrivebord\Skype.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\daniel juul eskerod.DANIEL\Dokumenter\*.tmp files -> C:\Documents and Settings\daniel juul eskerod.DANIEL\Dokumenter\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-08-17 13:50:22 | 938,856,448 | -HS- | C] ()—C:\hiberfil.sys
[2012-08-17 09:36:54 | 000,000,665 |——| C] ()—C:\Documents and Settings\All Users\Skrivebord\CCleaner.lnk
[2012-08-17 08:52:15 | 000,000,360 | -H—| C] ()—C:\WINDOWS\tasks\MpIdleTask.job
[2012-08-17 08:33:21 | 000,001,687 |——| C] ()—C:\Documents and Settings\All Users\Menuen Start\Programmer\Microsoft Security Essentials.lnk
[2012-08-16 17:08:46 | 000,000,036 |——| C] ()—C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\housecall.guid.cache
[2012-08-16 17:08:17 | 000,000,378 | -H—| C] ()—C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012-08-16 16:58:25 | 000,001,912 |——| C] ()—C:\WINDOWS\epplauncher.mif
[2012-08-16 15:05:20 | 000,000,830 |——| C] ()—C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-08-15 20:18:53 | 000,000,664 |——| C] ()—C:\WINDOWS\System32\d3d9caps.dat
[2012-07-19 17:32:33 | 001,715,934 |——| C] ()—C:\Documents and Settings\daniel juul eskerod.DANIEL\Dokumenter\Kopi af IMG_8837.JPG
[2012-05-10 21:16:06 | 000,003,584 |——| C] ()—C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-18 20:48:35 | 000,000,413 |——| C] ()—C:\WINDOWS\MAXLINK.INI
[2012-02-29 17:44:52 | 000,053,317 |——| C] ()—C:\WINDOWS\War3Unin.dat
[2012-02-16 20:07:48 | 000,003,072 |——| C] ()—C:\WINDOWS\System32\iacenc.dll
[2012-02-16 13:30:29 | 000,000,133 |——| C] ()—C:\Documents and Settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\fusioncache.dat

========== LOP Check ==========

[2012-02-17 15:48:08 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\Babylon
[2012-04-30 15:32:30 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012-03-18 20:55:05 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012-03-08 18:47:20 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\Partner
[2012-03-18 20:48:35 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010-10-01 09:14:17 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\Temp
[2012-02-20 12:33:51 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\.minecraft
[2012-02-17 15:48:06 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Babylon
[2012-08-07 22:15:25 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Huiguc
[2012-08-17 15:12:19 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Opkyp
[2012-08-17 14:28:24 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Oracle
[2012-03-18 20:48:30 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\ScanSoft
[2012-08-17 15:15:19 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify
[2010-04-21 09:49:56 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Windows Desktop Search
[2010-04-21 10:05:43 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Windows Search
[2012-08-07 22:15:25 | 000,000,000 |—-D | M]—C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Ytdac
[2012-08-17 15:21:37 | 000,000,360 | -H—| M] ()—C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Custom Scans ==========

< @  >

< /md5stop >
Invalid Switch: md5stop

< %SYSTEMDRIVE%\*.* >
[2010-04-20 12:28:56 | 000,000,000 |——| M] ()—C:\AUTOEXEC.BAT
[2012-08-17 13:12:50 | 000,000,211 | RHS- | M] ()—C:\boot.ini
[2008-04-15 14:00:00 | 000,004,952 | RHS- | M] ()—C:\Bootfont.bin
[2010-04-20 12:28:56 | 000,000,000 |——| M] ()—C:\CONFIG.SYS
[2012-08-17 15:11:30 | 938,856,448 | -HS- | M] ()—C:\hiberfil.sys
[2010-04-20 12:28:56 | 000,000,000 | RHS- | M] ()—C:\IO.SYS
[2010-04-20 12:28:56 | 000,000,000 | RHS- | M] ()—C:\MSDOS.SYS
[2008-04-15 14:00:00 | 000,047,564 | RHS- | M] ()—C:\NTDETECT.COM
[2008-04-15 14:00:00 | 000,250,576 | RHS- | M] ()—C:\ntldr
[2012-08-17 15:11:25 | 1409,286,144 | -HS- | M] ()—C:\pagefile.sys
[2012-02-17 15:48:47 | 000,001,498 |——| M] ()—C:\user.js
[2010-10-01 09:15:06 | 006,842,770 |——| M] ()—C:\vcredist_x86.log

< %SYSTEMDRIVE%\*. >
[2012-06-15 22:54:55 | 000,000,000 |—-D | M]—C:\3b3c271a6ba19ad99fb49555
[2012-05-23 09:02:40 | 000,000,000 |—-D | M]—C:\56317085bd92f57ec3b831ed181abd
[2012-02-17 23:17:12 | 000,000,000 |—-D | M]—C:\Documents and Settings
[2012-02-28 20:33:11 | 000,000,000 | RH-D | M]—C:\MSOCache
[2012-08-17 14:28:39 | 000,000,000 | R—D | M]—C:\Programmer
[2012-02-16 13:36:13 | 000,000,000 | -HSD | M]—C:\RECYCLER
[2012-02-16 13:22:21 | 000,000,000 | -HSD | M]—C:\System Volume Information
[2012-08-17 13:45:52 | 000,000,000 |—-D | M]—C:\WINDOWS

< End of report >

fra extras.txt

OTL Extras logfile created on: 17-08-2012 15:16:42 - Run 1
OTL by OldTimer - Version 3.2.57.0   Folder = C:\Documents and Settings\daniel juul eskerod.DANIEL\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

895,30 Mb Total Physical Memory | 371,78 Mb Available Physical Memory | 41,53% Memory free
2,12 Gb Paging File | 1,57 Gb Available in Paging File | 73,96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 118,05 Gb Total Space | 86,62 Gb Free Space | 73,38% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 23,00 Gb Free Space | 76,68% Space Free | Partition Type: NTFS

Computer Name: DANIEL | User Name: daniel juul eskerod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.html [@ = ChromeHTML]—C:\Programmer\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile]—Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
cplfile [cplopen]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
exefile [open]—“%1” %*
htmlfile [edit]—“C:\Programmer\Microsoft Office\Office14\msohtmed.exe” %1 (Microsoft Corporation)
htmlfile [print]—“C:\Programmer\Microsoft Office\Office14\msohtmed.exe” /p %1 (Microsoft Corporation)
http [open]—“C:\Programmer\Google\Chrome\Application\chrome.exe”—“%1” (Google Inc.)
https [open]—“C:\Programmer\Google\Chrome\Application\chrome.exe”—“%1” (Google Inc.)
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open]—%SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore]—%SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
“Start” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
“Start” = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0
“DoNotAllowExceptions” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0
“DoNotAllowExceptions” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“5985:TCP” = 5985:TCP:*:Disabled:Windows Fjernadministration
“80:TCP” = 80:TCP:*:Disabled:Windows Fjernadministration - kompatibilitetstilstand (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“C:\Programmer\CyberLink\PowerDVD9\PowerDVD9.exe” = C:\Programmer\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0—(CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Programmer\CyberLink\PowerDVD9\PowerDVD9.exe” = C:\Programmer\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0—(CyberLink Corp.)
“C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify\spotify.exe” = C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify\spotify.exe:*:Enabled:Spotify—(Spotify Ltd)
“C:\Programmer\Microsoft Office\Office14\ONENOTE.EXE” = C:\Programmer\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote—(Microsoft Corporation)
“C:\WINDOWS\explorer.exe” = C:\WINDOWS\explorer.exe:*:Enabled:Windows Stifinder—(Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}” = Corel Home Office 5.0.56
“_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}” = CorelDRAW Essentials 4
“_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}” = CorelDRAW Essentials 4 - Windows Shell Extension
“{01FB4998-33C4-4431-85ED-079E3EEFE75D}” = CyberLink YouCam
“{048FC675-D00F-A0B0-C111-AE39F4B8CC9E}” = CCC Help Italian
“{055EE59D-217B-43A7-ABFF-507B966405D8}” = ATI Catalyst Control Center
“{07B62101-7EBD-434A-94B1-B38063BE5516}” = CorelDRAW Essentials 4 - PHOTO-PAINT
“{0A0CADCF-78DA-33C4-A350-CD51849B9702}” = Microsoft .NET Framework 4 Extended
“{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}” = CorelDRAW Essentials 4 - Lang DE
“{0F842B77-56EA-4AAF-8295-81A022350B5E}” = Microsoft Security Client
“{1111706F-666A-4037-7777-211328764D10}” = JavaFX 2.1.1
“{18455581-E099-4BA8-BC6B-F34B2F06600C}” = Google Toolbar for Internet Explorer
“{19AC095C-3520-4999-AA15-93B6D0248A50}” = CorelDRAW Essentials 4 - Content
“{1AC247CD-DC48-0DF7-0570-8B07885FF018}” = Catalyst Control Center Graphics Previews Common
“{205C6BDD-7B73-42DE-8505-9A093F35A238}” = Overførselsværktøj til Windows Live
“{20800BCE-5629-3F94-9F9A-4B7A2C17324F}” = CCC Help German
“{209775F0-6B14-5E9A-87E4-0C78A79C78FE}” = CCC Help Norwegian
“{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}” = MSVCRT
“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer
“{242F05A2-B450-5235-6C95-656FE1C422CB}” = Catalyst Control Center Core Implementation
“{26A24AE4-039D-4CA4-87B4-2F83216019FF}” = Java(TM) 6 Update 20
“{26A24AE4-039D-4CA4-87B4-2F83217005FF}” = Java(TM) 7 Update 5
“{2729C4B5-822B-43BB-9645-3E2C23F88489}” = Windows Presentation Foundation Language Pack (DAN)
“{29D851C2-048C-4B5E-8D1F-25D473342BB5}” = ScanSoft OmniPage SE 4.0
“{2F3082BF-4A3B-45CA-805F-52DBBFD3C645}” = Windows Live Essentials
“{341B8C78-57D3-EAA3-9661-D74304C3EE17}” = CCC Help French
“{34A9406E-1994-4C20-AC72-04CFA2B24545}” = CorelDRAW Essentials 4 - Lang EN
“{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{3576C335-958D-4D60-A812-F68F9A2796AF}” = CorelDRAW Essentials 4 - Lang IT
“{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}” = Corel Home Office
“{39FE455F-9478-451B-9420-73C15143DF8E}” = Corel Home Office - IPM
“{3B4E636E-9D65-4D67-BA61-189800823F52}” = Windows Live Communications Platform
“{3B8028BA-35C7-6032-B889-30B3B37B41C0}” = Catalyst Control Center Localization All
“{3C3901C5-3455-3E0A-A214-0B093A5070A6}” = Microsoft .NET Framework 4 Client Profile
“{45A2D49C-8124-4015-A8B3-073A827EC5C1}” = Windows Live Sync
“{47985AEA-2CA2-3344-851E-BA4DC9101C68}” = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN
“{48ADC36F-75AA-6EF5-0733-D9F8CDE8D0D2}” = CCC Help Greek
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}” = Corel Home Office - Templates1
“{50C78D0B-B45E-638F-D120-0721D86B253A}” = CCC Help Korean
“{51A24711-A461-1CD8-6AA1-DF37F3E02C77}” = CCC Help Dutch
“{535C6037-F272-71F4-FE26-E1B2868DE2F7}” = ccc-core-static
“{5500BB35-1C21-4328-9F16-F894B860FADE}” = CorelDRAW Essentials 4 - Lang NL
“{5D91D393-1523-5293-176D-9E2204BB5829}” = CCC Help Turkish
“{61C3E1B4-2F5C-8961-1439-CA5D44F49CFC}” = CCC Help Chinese Standard
“{6222657E-1118-DFFC-2683-FAA9BA68FE10}” = CCC Help Spanish
“{6857B928-CD51-E5EC-7120-0D1E5E631350}” = CCC Help Finnish
“{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
“{7121BAE0-8959-6930-441C-409455A2391F}” = CCC Help English
“{72BF1DA0-2B00-4794-9173-159722019B74}” = CyberLink YouPaint
“{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}” = CorelDRAW Essentials 4 - IPM - No VBA
“{7932FC5E-CCD0-916C-9B56-0C2F5B786843}” = CCC Help Portuguese
“{84814E6B-2581-46EC-926A-823BD1C670F6}” = WIDCOMM Bluetooth Software
“{85309D89-7BE9-4094-BB17-24999C6118FC}” = ArcSoft PhotoStudio 5.5
“{855425BB-0BB6-E908-2781-134FD8BDE9C0}” = ccc-utility
“{86FFE51F-6DC8-6D5D-7571-E6837DAC7F26}” = CCC Help Czech
“{88223E9F-D792-77A6-D1C0-500610042740}” = Catalyst Control Center Graphics Full New
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{8A74E887-8F0F-4017-AF53-CBA42211AAA5}” = Microsoft Sync Framework Runtime Native v1.0 (x86)
“{8B08E38A-73EF-4A3D-B166-EB8B7D98E0BA}” = Microsoft .NET Framework 3.0 Danish Language Pack
“{8B80D71B-5AA2-E36D-BE9D-70A2FBBB9C85}” = CCC Help Japanese
“{90120000-0020-0406-0000-0000000FF1CE}” = Kompatibilitetspakke til Office 2007-systemet
“{90140000-0010-0406-0000-0000000FF1CE}” = Microsoft Software Update for Web Folders (Danish) 14
“{90140000-0015-0406-0000-0000000FF1CE}” = Microsoft Office Access MUI (Danish) 2010
“{90140000-0015-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0016-0406-0000-0000000FF1CE}” = Microsoft Office Excel MUI (Danish) 2010
“{90140000-0016-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0018-0406-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (Danish) 2010
“{90140000-0018-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0019-0406-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (Danish) 2010
“{90140000-0019-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001A-0406-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (Danish) 2010
“{90140000-001A-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001B-0406-0000-0000000FF1CE}” = Microsoft Office Word MUI (Danish) 2010
“{90140000-001B-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-0406-0000-0000000FF1CE}” = Microsoft Office Proof (Danish) 2010
“{90140000-001F-0406-0000-0000000FF1CE}_Office14.SingleImage_{59BCA417-5095-450B-931A-AE6194728386}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2010
“{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2010
“{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-041D-0000-0000000FF1CE}” = Microsoft Office Proof (Swedish) 2010
“{90140000-001F-041D-0000-0000000FF1CE}_Office14.SingleImage_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-002C-0406-0000-0000000FF1CE}” = Microsoft Office Proofing (Danish) 2010
“{90140000-002C-0406-0000-0000000FF1CE}_Office14.SingleImage_{EC231F64-29AF-4FBD-85B8-EAFFFAE8B7A5}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-003D-0000-0000-0000000FF1CE}” = Microsoft Office Single Image 2010
“{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-006E-0406-0000-0000000FF1CE}” = Microsoft Office Shared MUI (Danish) 2010
“{90140000-006E-0406-0000-0000000FF1CE}_Office14.SingleImage_{63CDEDB9-50F5-4C35-9219-72C4F31A61FE}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-00A1-0406-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (Danish) 2010
“{90140000-00A1-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{9043B9A0-9505-405B-8202-E7167A38A89C}” = CorelDRAW Essentials 4
“{945DAF9A-2BE1-DEDE-3B16-81757CA2BEAD}” = CCC Help Swedish
“{94B8F069-F223-4F48-BC88-7104CBA77F30}” = Windows Live Messenger
“{95120000-00B9-0409-0000-0000000FF1CE}” = Microsoft Application Error Reporting
“{95FD3168-58AF-8C6B-1B33-9B196E992425}” = CCC Help Chinese Traditional
“{96AE7E41-E34E-47D0-AC07-1091A8127911}” = USB2.0 Card Reader Software
“{973F8409-F8DA-4A40-ACB4-12B02F3399D7}” = Microsoft .NET Framework 1.1 Danish Language Pack
“{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
“{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
“{9D3D8C60-A55F-4fed-B2B9-173F09590E16}” = REALTEK Wireless LAN Driver
“{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}” = Segoe UI
“{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2
“{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}” = CyberLink PowerDVD 9
“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper
“{AB770FDE-8087-4C98-9A85-BD64262C104C}” = Medion Home Cinema
“{ABD8B955-1C69-4AF3-949B-13CD587C175F}” = CorelDRAW Essentials 4 - Lang BR
“{B2544A03-10D0-4E5E-BA69-0362FFC20D18}” = OGA Notifier 2.0.0048.0
“{B69349AE-2D41-3708-8BA4-4DC22645CA04}” = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
“{B6CF2967-C81E-40C0-9815-C05774FEF120}” = Skype Click to Call
“{B80F72C0-C511-C947-3F2E-83AFC506517B}” = CCC Help Polish
“{B8754879-727E-A8CF-2210-A345CD1CF9ED}” = ccc-core-preinstall
“{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}” = CorelDRAW Essentials 4 - Draw
“{BA9319FE-BCEF-4C99-8039-F464648D046E}” = CorelDRAW Essentials 4 - Lang FR
“{BAF78226-3200-4DB4-BE33-4D922A799840}” = Windows Presentation Foundation
“{BBA51523-A256-825E-C5C2-8F4FC1D787ED}” = Catalyst Control Center Graphics Light
“{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}” = Microsoft Sync Framework Services Native v1.0 (x86)
“{BFD09E5B-6D40-4CAD-A349-103BFEF1C574}” = Windows Live Mail
“{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}” = CorelDRAW Essentials 4 - ICA
“{C040AA8E-11D2-9648-9F9C-985A91A4727A}” = CCC Help Thai
“{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2
“{C682F3F0-00A6-4379-B083-4F3273624D7B}” = CorelDRAW Essentials 4 - Lang ES
“{C9BED750-1211-4480-B1A5-718A3BE15525}” = REALTEK GbE & FE Ethernet PCI-E NIC Driver
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1
“{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}” = CorelDRAW Essentials 4 - Windows Shell Extension
“{D32B19EA-BFAD-442D-A0C3-FAA8A93DEFCA}” = CCC Help Danish
“{D55D77A5-BBE2-1A5F-CD1E-E7AB6DEACB60}” = CCC Help Russian
“{D6510194-C41F-CE9C-F726-8543F4414EE9}” = CCC Help Hungarian
“{D7EC54D8-3D95-4F9D-A191-59C9BB7F5AC9}” = Windows Live Photo Gallery
“{DC948283-F20C-388D-A325-251BE20110EE}” = Microsoft .NET Framework 4 Extended DAN Language Pack
“{DFCB15E0-969C-3E74-8654-F5978478E876}” = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN
“{E2019D64-E819-3B4F-9C85-95BE2688ABF9}” = Microsoft .NET Framework 4 Client Profile DAN Language Pack
“{E2DFE069-083E-4631-9B6C-43C48E991DE5}” = Junk Mail filter update
“{E74EA3B1-7192-489D-9A57-0AE918FEC001}” = Corel Home Office - Launcher
“{E80F9ABB-618D-4B9E-9EA0-5BF6A7C2FE9D}” = Tilmeldingsassistent til Windows Live
“{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}” = System Control Manager
“{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}” = Skype™ 5.9
“{F067F869-D300-FF34-F1D5-13474E1BB948}” = Catalyst Control Center Graphics Full Existing
“{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}” = Microsoft SQL Server 2005 Compact Edition [ENU]
“{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}” = Microsoft Choice Guard
“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
“{F16841F6-5F0F-4DBE-B318-63CEB916F21D}” = CorelDRAW Essentials 4 - Filters
“{FA3215C7-7032-4D4D-B21F-C9D941749283}” = Corel Home Office 5.0.56
“{FC0C6E54-BCD4-42C5-BEAA-4FFFEC499EE0}” = Windows Live Writer
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“ATI Display Driver” = ATI Display Driver
“CCleaner” = CCleaner
“Easy-PhotoPrint” = Canon Utilities Easy-PhotoPrint
“Easy-WebPrint” = Easy-WebPrint
“Google Chrome” = Google Chrome
“ie8” = Windows Internet Explorer 8
“InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}” = CyberLink YouCam
“InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}” = CyberLink YouPaint
“InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}” = CyberLink PowerDVD 9
“InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}” = Medion Home Cinema
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“Microsoft .NET Framework 3.0 Danish Language Pack” = Dansk sprogpakke til Microsoft .NET Framework 3.0
“Microsoft .NET Framework 3.5 Language Pack SP1 - dan” = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1
“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile
“Microsoft .NET Framework 4 Client Profile DAN Language Pack” = Microsoft .NET Framework 4 Client Profile DAN sprogpakke
“Microsoft .NET Framework 4 Extended” = Microsoft .NET Framework 4 Extended
“Microsoft .NET Framework 4 Extended DAN Language Pack” = Microsoft .NET Framework 4 Extended DAN sprogpakke
“Microsoft Security Client” = Microsoft Security Essentials
“MP Navigator 3.0” = Canon MP Navigator 3.0
“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP
“Office14.SingleImage” = Microsoft Office Home and Student 2010
“Recuva” = Recuva
“SynTPDeinstKey” = Synaptics Pointing Device Driver
“Wdf01007” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
“Windows Media Format Runtime” = Windows Media Format 11 runtime
“Windows Media Player” = Windows Media Player 11
“WinLiveSuite_Wave3” = Windows Live Essentials
“WMFDist11” = Windows Media Format 11 runtime
“wmp11” = Windows Media Player 11
“Wudf01000” = Microsoft User-Mode Driver Framework Feature Pack 1.0
“XPSEPSCLP” = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“Spotify” = Spotify
“Warcraft III” = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17-08-2012 01:52:45 | Computer Name = DANIEL | Source = Windows Search Service | ID = 3029
Description = Plug-in’en i <Search.TripoliIndexer> kan ikke initialiseres.  Kontekst:
programmet Windows, kataloget SystemIndex Detaljer:  Indholdsindekset kan ikke læses.
  (0xc0041800)

Error - 17-08-2012 01:52:45 | Computer Name = DANIEL | Source = Windows Search Service | ID = 3028
Description = Indsamlingsprogramobjektet kan ikke initialiseres.  Kontekst: programmet
Windows, kataloget SystemIndex Detaljer:  Indholdsindekset kan ikke læses.  (0xc0041800)

Error - 17-08-2012 01:52:45 | Computer Name = DANIEL | Source = Windows Search Service | ID = 3058
Description = Programmet kan ikke initialiseres.  Kontekst: programmet Windows Detaljer:
  Indholdsindekset
kan ikke læses.  (0xc0041800)

Error - 17-08-2012 02:32:22 | Computer Name = DANIEL | Source = LoadPerf | ID = 3001
Description = Strengværdien til ydelsestællernavnet i registreringsdatabasen er
forkert formateret. Den falske streng er 15464, og den falske indeksværdi er det
første DWORD i dataafsnittet, mens de sidste gyldige indeksværdier er det andet og
tredje
DWORD i dataafsnittet.

Error - 17-08-2012 02:32:22 | Computer Name = DANIEL | Source = LoadPerf | ID = 3001
Description = Strengværdien til ydelsestællernavnet i registreringsdatabasen er
forkert formateret. Den falske streng er 15464, og den falske indeksværdi er det
første DWORD i dataafsnittet, mens de sidste gyldige indeksværdier er det andet og
tredje
DWORD i dataafsnittet.

Error - 17-08-2012 02:32:22 | Computer Name = DANIEL | Source = LoadPerf | ID = 3011
Description = Fjernelse af ydelsestællerstrenge for tjenesten WmiApRpl (WmiApRpl)
mislykkedes. Fejlkoden er det første DWORD i dataafsnittet.

Error - 17-08-2012 02:32:26 | Computer Name = DANIEL | Source = LoadPerf | ID = 3001
Description = Strengværdien til ydelsestællernavnet i registreringsdatabasen er
forkert formateret. Den falske streng er 15464, og den falske indeksværdi er det
første DWORD i dataafsnittet, mens de sidste gyldige indeksværdier er det andet og
tredje
DWORD i dataafsnittet.

Error - 17-08-2012 02:33:15 | Computer Name = DANIEL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 17-08-2012 02:45:32 | Computer Name = DANIEL | Source = Windows Search Service | ID = 3024
Description = Opdateringen kan ikke startes, fordi der ikke er adgang til indholdskilderne.
Ret fejlene, og prøv at køre opdateringen igen.  Kontekst: programmet , kataloget
SystemIndex

Error - 17-08-2012 07:53:35 | Computer Name = DANIEL | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8601.0, P3 1.131.2244.0, P4 1.131.2244.0, P5 200045b328e036fe_fd8db408fec99576c2e2d194ef1dac9ab8f4a1b9,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 17-08-2012 05:40:20 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl:  %6

Error - 17-08-2012 05:40:20 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl:  %6

Error - 17-08-2012 05:40:20 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl:  %6

Error - 17-08-2012 05:40:20 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl:  %6

Error - 17-08-2012 05:40:20 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl:  %6

Error - 17-08-2012 05:40:21 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl:  %6

Error - 17-08-2012 07:46:30 | Computer Name = DANIEL | Source = DCOM | ID = 10005
Description = Fejlen “84” opstod på DCOM under forsøg på at starte tjenesten
EventSystem med argumenterne “”  for at køre serveren:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 17-08-2012 07:46:49 | Computer Name = DANIEL | Source = DCOM | ID = 10005
Description = Fejlen “84” opstod på DCOM under forsøg på at starte tjenesten
StiSvc med argumenterne “”  for at køre serveren:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17-08-2012 07:47:32 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7026
Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses:
  Fips MpFilter Processor

Error - 17-08-2012 07:49:23 | Computer Name = DANIEL | Source = DCOM | ID = 10005
Description = Fejlen “84” opstod på DCOM under forsøg på at starte tjenesten
EventSystem med argumenterne “”  for at køre serveren:  {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

•  Start OTL
•  Kopier nedenstånde med fed skrift ind i Custom Scan feltet

:Services
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src;={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
E - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101373&mntrId=6c6739510000000000000025d31ecf49&tt=090212_ctrl
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_daDK471DK471
IE - HKCU\..\SearchScopes\{C7A51453-39A4-4C2D-A4DA-097C9D9A588A}: “URL” = http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
O4 - HKCU..\Run: [Odkoompioh] C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Ytdac\obmi.exe (the VideoLAN Team
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 14673 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msakqoyml.pif ()
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (Reg Error: Key error.)
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\chrome - No CLSID value found
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\daniel juul eskerod.DANIEL\Dokumenter\*.tmp files -> C:\Documents and Settings\daniel juul eskerod.DANIEL\Dokumenter\*.tmp -> ]
:Files
ipconfig /flushdns /c
C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Ytdac
C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Opkyp
C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Huiguc
C:\Documents and Settings\All Users\Application Data\Babylon
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]

•  Klik på  Run Fix - Knappen
•  Hvis OTL spørger om at genstarte, så sig ja.
•  Klik på OK.
•  En log vil åbne, kopier den herind i dit næste svar.
• 
•  Ellers kan den findes her:
•    C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss

Hent Combofix, og gem den på dit skrivebord:
Her

NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse.

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan også findes her - > C: combofix txt

Fra otl

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C7A51453-39A4-4C2D-A4DA-097C9D9A588A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7A51453-39A4-4C2D-A4DA-097C9D9A588A}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Odkoompioh deleted successfully.
C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Ytdac\obmi.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\14673 deleted successfully.
C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msakqoyml.pif moved successfully.
Starting removal of ActiveX control {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
C:\WINDOWS\Downloaded Program Files\SystemRequirementsLab.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ deleted successfully.
File Protocol\Handler\base64 - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ deleted successfully.
File Protocol\Handler\chrome - No CLSID value found not found.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\PerfStringBackup.TMP deleted successfully.
C:\WINDOWS\System32\SET4C6.tmp deleted successfully.
C:\WINDOWS\System32\SET5C0.tmp deleted successfully.
C:\WINDOWS\System32\SET5C5.tmp deleted successfully.
C:\WINDOWS\System32\SET5C9.tmp deleted successfully.
C:\WINDOWS\System32\SET5CA.tmp deleted successfully.
C:\WINDOWS\System32\SET5CB.tmp deleted successfully.
C:\WINDOWS\System32\SET5CE.tmp deleted successfully.
C:\WINDOWS\System32\SET5CF.tmp deleted successfully.
C:\WINDOWS\System32\SET5D0.tmp deleted successfully.
C:\WINDOWS\System32\SET60B.tmp deleted successfully.
C:\WINDOWS\System32\SET6F.tmp deleted successfully.
C:\WINDOWS\System32\SET76.tmp deleted successfully.
C:\WINDOWS\System32\SET836.tmp deleted successfully.
C:\Documents and Settings\daniel juul eskerod.DANIEL\Dokumenter\~WRL0001.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev tømt.
C:\Documents and Settings\daniel juul eskerod.DANIEL\Skrivebord\cmd.bat deleted successfully.
C:\Documents and Settings\daniel juul eskerod.DANIEL\Skrivebord\cmd.txt deleted successfully.
C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Ytdac folder moved successfully.
C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Opkyp folder moved successfully.
C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Huiguc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: daniel juul eskerod
->Temp folder emptied: 648080 bytes
->Temporary Internet Files folder emptied: 816045 bytes
->Flash cache emptied: 434 bytes

User: daniel juul eskerod.DANIEL
->Temp folder emptied: 1196278350 bytes
->Temporary Internet Files folder emptied: 96008720 bytes
->Java cache emptied: 27958 bytes
->Google Chrome cache emptied: 26829138 bytes
->Flash cache emptied: 1076 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 475270 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33036 bytes

User: NetworkService
->Temp folder emptied: 55096 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18925954 bytes
RecycleBin emptied: 12387 bytes

Total Files Cleaned = 1.278,00 mb


[EMPTYFLASH]

User: All Users

User: daniel juul eskerod
->Flash cache emptied: 0 bytes

User: daniel juul eskerod.DANIEL
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: daniel juul eskerod

User: daniel juul eskerod.DANIEL
->Java cache emptied: 0 bytes

User: Default User
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08172012_172729

Files\Folders moved on Reboot…

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

Fra combofix

ComboFix 12-08-17.02 - daniel juul eskerod 17-08-2012 17:41:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.895.310 [GMT 2:00]
Kører fra: c:\documents and settings\daniel juul eskerod.DANIEL\Skrivebord\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{72BF1DA0-2B00-4794-9173-159722019B74}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{AB770FDE-8087-4C98-9A85-BD64262C104C}\PostBuild.exe
c:\programmer\Internet Explorer\SET5D3.tmp
c:\programmer\Internet Explorer\SET5D4.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
———-\Legacy_NPF
———-\Service_NPF
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-07-17 til 2012-08-17 )))))))))))))))))))))))))))))))))))
.
.
2012-08-17 15:27 . 2012-08-17 15:27   ————  d——-w-  C:\_OTL
2012-08-17 12:29 . 2012-08-17 12:29   ————  d——-w-  c:\programmer\Fælles filer\Java
2012-08-17 12:28 . 2012-08-17 12:28   ————  d——-w-  c:\programmer\Oracle
2012-08-17 12:28 . 2012-08-17 12:28   ————  d——-w-  c:\documents and settings\daniel juul eskerod.DANIEL\Application Data\Oracle
2012-08-17 12:27 . 2012-07-05 20:06   772544   ——a-w-  c:\windows\system32\npDeployJava1.dll
2012-08-17 08:44 . 2012-08-17 08:44   ————  d——-w-  c:\documents and settings\daniel juul eskerod.DANIEL\Lokale indstillinger\Application Data\Secunia PSI
2012-08-17 08:43 . 2012-08-17 08:43   ————  d——-w-  c:\programmer\Secunia
2012-08-17 07:36 . 2012-08-17 07:36   ————  d——-w-  c:\programmer\CCleaner
2012-08-17 06:34 . 2012-06-28 23:44   6891424   ——a-w-  c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4DF021C-0D29-4139-B839-91E96D57BDB8}\mpengine.dll
2012-08-17 06:34 . 2012-01-31 12:44   237072   ———w-  c:\windows\system32\MpSigStub.exe
2012-08-17 06:31 . 2012-08-17 06:31   ————  d-sh—w-  c:\documents and settings\daniel juul eskerod.DANIEL\IECompatCache
2012-08-17 05:51 . 2012-08-17 05:51   ————  d——-w-  c:\windows\system32\wbem\Repository
2012-08-17 05:50 . 2012-08-17 05:50   ————  d——-w-  c:\programmer\ArcSoft
2012-08-17 05:48 . 2012-08-17 05:49   ————  d——-w-  c:\programmer\Corel Home Office
2012-08-16 16:44 . 2012-08-16 16:44   ————  d——-w-  c:\documents and settings\daniel juul eskerod.DANIEL\Application Data\Malwarebytes
2012-08-16 16:43 . 2012-08-16 16:43   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-16 14:58 . 2012-08-16 14:58   ————  d——-w-  c:\documents and settings\LocalService\Lokale indstillinger\Application Data\PCHealth
2012-08-16 14:57 . 2012-08-17 06:33   ————  d——-w-  c:\programmer\Microsoft Security Client
2012-08-07 20:15 . 2012-08-07 20:15   50704   ——a-w-  c:\windows\system32\drivers\npf.sys
2012-08-07 20:02 . 2012-08-07 20:02   ————  d——-w-  c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2010-04-20 19:05   78336   ——a-w-  c:\windows\system32\browser.dll
2012-07-05 20:07 . 2010-04-20 11:47   143872   ——a-w-  c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2010-04-20 14:17   687544   ——a-w-  c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2010-04-20 10:25   139784   ——a-w-  c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2010-04-20 19:07   1866112   ——a-w-  c:\windows\system32\win32k.sys
2012-07-02 17:37 . 2010-04-20 19:07   916992   ——a-w-  c:\windows\system32\wininet.dll
2012-07-02 17:37 . 2010-04-20 19:06   43520   ——a-w-  c:\windows\system32\licmgr10.dll
2012-07-02 17:37 . 2010-04-20 19:06   1469440   ——a-w-  c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2010-04-20 19:06   385024   ——a-w-  c:\windows\system32\html.iec
2012-06-06 06:49 . 2012-06-06 06:49   1070152   ——a-w-  c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:49 . 2010-04-20 19:06   1372672   ——a-w-  c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2010-04-20 19:06   1172480   ——a-w-  c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2010-04-20 19:07   152576   ——a-w-  c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-04-20 13:24   15384   ——a-w-  c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-04-20 10:27   329240   ——a-w-  c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-04-20 10:27   210968   ——a-w-  c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-04-20 10:27   219160   ——a-w-  c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-04-20 19:05   97304   ——a-w-  c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-04-20 13:24   45080   ——a-w-  c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-04-20 10:27   53784   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-04-20 10:27   35864   ——a-w-  c:\windows\system32\wups.dll
2012-06-02 13:19 . 2010-04-20 13:24   18456   ——a-w-  c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-04-20 10:27   577048   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-04-20 13:24   23064   ——a-w-  c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-04-20 13:24   15896   ——a-w-  c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-04-20 10:27   1933848   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2012-02-28 18:59   17648   ——a-w-  c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2012-02-28 18:59   275696   ——a-w-  c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2012-02-28 18:59   214256   ——a-w-  c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2010-04-20 19:05   602112   ——a-w-  c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2010-09-29 39408]
“Skype”=“c:\programmer\Skype\Phone\Skype.exe” [2012-05-03 17355912]
“Spotify Web Helper”=“c:\documents and settings\daniel juul eskerod.DANIEL\Application Data\Spotify\Data\SpotifyWebHelper.exe” [2012-07-22 1193176]
“Spotify”=“c:\documents and settings\daniel juul eskerod.DANIEL\Application Data\Spotify\Spotify.exe” [2012-07-22 7601880]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“StartCCC”=“c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2009-03-12 61440]
“RTHDCPL”=“RTHDCPL.EXE” [2009-04-03 17567744]
“SynTPEnh”=“c:\programmer\Synaptics\SynTP\SynTPEnh.exe” [2009-03-06 1434920]
“MGSysCtrl”=“c:\programmer\System Control Manager\MGSysCtrl.exe” [2009-05-25 2048000]
“UCam_Menu”=“c:\programmer\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” [2009-05-19 222504]
“UpdateYouPaintShortCut”=“c:\programmer\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe” [2009-05-19 222504]
“SSBkgdUpdate”=“c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2003-09-29 155648]
“OpwareSE4”=“c:\programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe” [2006-03-21 69632]
“MSC”=“c:\programmer\Microsoft Security Client\msseces.exe” [2012-03-26 931200]
“SunJavaUpdateSched”=“c:\programmer\Fælles filer\Java\Java Update\jusched.exe” [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]
.
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-5 604776]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\CyberLink\\PowerDVD9\\PowerDVD9.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Documents and Settings\\daniel juul eskerod.DANIEL\\Application Data\\Spotify\\spotify.exe”=
“c:\\Programmer\\Microsoft Office\\Office14\\ONENOTE.EXE”=
“c:\\Programmer\\Skype\\Phone\\Skype.exe”=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“5985:TCP”= 5985:TCP:*:Disabled:Windows Fjernadministration
.
R2 Micro Star SCM;Micro Star SCM;c:\programmer\System Control Manager\MSIService.exe [20-04-2010 13:09 159744]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [05-07-2012 18:41 3048136]
R3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [20-04-2010 13:04 569632]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [29-09-2010 10:01 135664]
S2 SkypeUpdate;Skype Updater;c:\programmer\Skype\Updater\Updater.exe [05-04-2012 11:37 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20-04-2010 12:58 1684736]
S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\Google\Update\GoogleUpdate.exe [29-09-2010 10:01 135664]
S3 osppsvc;Office Software Protection Platform;c:\programmer\Fælles filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09-01-2010 22:37 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [20-04-2010 13:03 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys—> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ccecd578bcaa16.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-09-29 08:01]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ccecd579afd9f2.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-09-29 08:01]
.
2012-08-17 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programmer\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
2012-08-17 c:\windows\Tasks\MpIdleTask.job
- c:\programmer\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
mStart Page =
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: S&end; til OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send til &Bluetooth;-enhed… - c:\programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send til Bluetooth - c:\programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-91768-17534-1/4
TCP: DhcpNameServer = 194.239.134.83 193.162.153.164
.
- - - - TOMME GENVEJE FJERNET - - - -
.
HKCU-Run-Odkoompioh - c:\documents and settings\daniel juul eskerod.DANIEL\Application Data\Ytdac\obmi.exe
SafeBoot-BsScanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 17:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘winlogon.exe’(852)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > ‘explorer.exe’(2796)
c:\programmer\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\Ati2evxx.exe
c:\programmer\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Gennemført tid: 2012-08-17 17:55:33 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-08-17 15:55
.
Pre-Kørsel: 94.298.865.664 byte ledig
Post-Kørsel: 94.519.037.952 byte ledig
.
- - End Of File - - 0FCBC52F9BEAB8B7312CEEEDDCB65D1D

Hent og installer Ccleaner: Her
Klik på Download Latest Version

Fjern flueben ved -  Installer Yahoo toolbar

Når du åbner programmet for første gang, vil der være flueben i alle felter.
Hvis du ønsker at bevare cookies, kan du fjerne dette flueben.

Klik på Kør Cleaner, for at få renset din computer.

Du vil nu få en advarsel, om at disse filer slettes fuldstændigt fra dit system, og om du ønsker at fortsætte. Klik på Ok for at svare ja til det. Sæt flueben ved ->  Vis mig ikke denne besked igen.

Genstart.

Hent Malwarebytes Anti-Malware:
Her
Installer programmet - NB, du skal sørge for at der er et flueben placeret ved siden af Update Malwarebytes ‘Anti-Malware og Launch Malwarebytes’ Anti-Malware, og klik derefter på Udfør. .
Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.

NB Hvis Malwarebytes Anti-Malware vil genstarte computeren for at fuldføre rensningen så lad den genstarte.

Send så en ny hijackthis log herind, sammen med malwarebyte loggen, og fortæl hvordan computeren opfører sig nu ?

Fra HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:26:40, on 17-08-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmer\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programmer\System Control Manager\MSIService.exe
C:\Programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Malwarebytes’ Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\System Control Manager\MGSysCtrl.exe
C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmer\Microsoft Security Client\msseces.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Malwarebytes’ Anti-Malware\mbamgui.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Google\Chrome\Application\chrome.exe
C:\Programmer\Google\Chrome\Application\chrome.exe
C:\Programmer\Google\Chrome\Application\chrome.exe
C:\Programmer\Google\Chrome\Application\chrome.exe
C:\Programmer\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\daniel juul eskerod.DANIEL\Dokumenter\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmer\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StartCCC] “C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programmer\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [UCam_Menu] “C:\Programmer\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Programmer\CyberLink\YouCam” UpdateWithCreateOnce “Software\CyberLink\YouCam\3.0”
O4 - HKLM\..\Run: [UpdateYouPaintShortCut] “C:\Programmer\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe” “C:\Programmer\CyberLink\YouPaint” UpdateWithCreateOnce “Software\CyberLink\YouPaint\1.2”
O4 - HKLM\..\Run: [SSBkgdUpdate] “C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] “C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe”
O4 - HKLM\..\Run: [MSC] “c:\Programmer\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Fælles filer\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: [Malwarebytes’ Anti-Malware] “C:\Programmer\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU\..\Run: [swg] “C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: [Skype] “C:\Programmer\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU\..\Run: [Spotify Web Helper] “C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKCU\..\Run: [Spotify] “C:\Documents and Settings\daniel juul eskerod.DANIEL\Application Data\Spotify\Spotify.exe” /uri spotify:autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: S&end; til OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send til &Bluetooth;-enhed… - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send til Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay.dk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-91768-17534-1/4 (file missing)
O9 - Extra ‘Tools’ menuitem: eBay.dk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-91768-17534-1/4 (file missing)
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog; det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Sammenk;ædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Sammenk;ædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: eBay.dk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-91768-17534-1/4 (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: eBay.dk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-91768-17534-1/4 (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271769688768
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345220305296
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmer\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 - Service: Micro Star SCM - Micro-Star Int’l Co., Ltd. - C:\Programmer\System Control Manager\MSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmer\Skype\Updater\Updater.exe

—
End of file - 12145 bytes

Malwarebytes Anti-Malware (Prøveversion) 1.62.0.1300
http://www.malwarebytes.org

Database version: v2012.08.17.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
daniel juul eskerod :: DANIEL [administrator]

Beskyttelse: Slået fra

17-08-2012 18:32:15
mbam-log-2012-08-17 (18-32-15).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 264169
Tid gået: 1 time(e), 52 minut(ter), 27 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Ingen handling valgt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Ingen handling valgt.

Registreringsdatabaseværdier Inficeret: 1
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Ingen handling valgt.

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 1
C:\System Volume Information\_restore{D570F7B9-28E6-457B-8F41-0242CCFFA1B0}\RP118\A0264402.exe (Trojan.Obfuscated) -> Sat i karantæne og slettet succesfuldt.

(færdig)

Computeren køre faktisk rimeligt fint. Men IE loader ikke billeder på de sider jeg går ind på

Det kræver vist en uddybning. Der er nogle billeder der ikke vises eks. visens ingen billeder på artiklerne på forsiden af http://www.spywarefri.dk. Logoet vises heller ikke. Men på forsiden af http://www.eb.dk mangler der kun få billeder.

Ok. Men kør malwarebyte igen, og lad den fjerne hvad den finder:
(PUP.Blabbers) -> Ingen handling valgt.

Ligesom her:
(Trojan.Obfuscated) -> Sat i karantæne og slettet succesfuldt.

Prøv om Opera laver samme nummer med de manglende billeder:

http://www.opera.com/

Sådan så er den kørt.

Grafik i IE driller stadigt men køre fint i Chrome og Opera

Mange tusinde tak for hjælpen.

Lyder godt, og velbekomme                

Skal vi lukke sagen ?

Ja lad os endeligt lukke den.

Endnu engang mange tak for hjælpen