Søg
Avatar billede ps76 Forsker
11. marts 2007 - 18:09 Der er 20 kommentarer og
1 løsning

Langsom Youtube m.m.

Et eller andet blokerer min adgang til visse dele af nettet, primært når jeg vil se streaming, f.eks. Youtube. Den loader så den valgte video i henved 5 minutter, før det starter visningen. Jeg mistænker at noget software blokerer. Derfor har jeg lavet en "hijack this" som ses nedenfor.
Noget der falder i øjnene som kan være synderen?


Logfile of HijackThis v1.99.1
Scan saved at 18:06:53, on 11-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
C:\Programmer\FamilyKeyLogger\cisvc.exe
C:\Programmer\dvd43\dvd43_tray.exe
C:\Programmer\IconSaver\IconSaver.exe
C:\WINDOWS\system32\TTTimer.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\TITLEB~1\Tbc.exe
C:\Programmer\HFXP\hfxp.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Softland\Backup4all 3\Backup4all.exe
C:\Programmer\Softland\Backup4all 3\Backup4all.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programmer\Macro Express3\MacExp.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\PowerMenu.exe
C:\Programmer\PrintKey2000\Printkey2000.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmer\PopTray\PopTray.exe
C:\Programmer\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmer\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Preben\Skrivebord\Protection\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\7.bin\MWSBAR.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: News Ticker - {05F8C4F5-7CCF-4129-B221-B2B4CFC589DA} - C:\Programmer\CmpSoft\NewsTicker\Ticker.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Programmer\FamilyKeyLogger\cisvc.exe
O4 - HKLM\..\Run: [dvd43] C:\Programmer\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [IconSaver] C:\Programmer\IconSaver\IconSaver.exe
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\WINDOWS\system32\TTTimer.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [kav] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [TBC.exe] C:\PROGRA~1\TITLEB~1\Tbc.exe
O4 - HKCU\..\Run: [hfxp] C:\Programmer\HFXP\hfxp.exe
O4 - HKCU\..\Run: [Flashpaste lite] C:\Programmer\Flashpaste\flashpaste.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DynAdvance Notifier] C:\Programmer\DynAdvance\DynAdvance Notifier\MailNotifier.Exe
O4 - HKCU\..\Run: [Backup4all 3] "C:\Programmer\Softland\Backup4all 3\Backup4all.exe" /s
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\7.bin\MWSOEMON.EXE
O4 - Startup: PopTray.lnk = C:\Programmer\PopTray\PopTray.exe
O4 - Startup: PowerMenu.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmer\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Macro Express 3.lnk = C:\Programmer\Macro Express3\MacExp.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\7.bin\MWSOEMON.EXE
O4 - Global Startup: PowerMenu.exe
O4 - Global Startup: Printkey2000.lnk = C:\Programmer\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Statusmonitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Guru News Reader - {9025F70D-DB4B-4312-982B-8FE916987ED8} - C:\Programmer\CmpSoft\NewsTicker\Ticker.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .bcf: C:\Programmer\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Programmer\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede levich Nybegynder
11. marts 2007 - 19:00 #1
Jeg ser på det, øjeblik.
Avatar billede levich Nybegynder
11. marts 2007 - 19:11 #2
Læs alle punkterne inden du gør noget.

(1)
Hent AVG Anti-Spyware her: http://www.ewido.net/en/download.
Installer programmer og opdater det, men vent med at scanne.

(2)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\7.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\7.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\7.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN

(3)
Scan med AVG Anti-Spyware, fix de ting som den finder og gem loggen, f.eks. på skrivebordet.

(4)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende mappe:
C:\Programmer\MyWebSearch\

(5)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(6)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind sammen med loggen fra AVG Anti-Spyware.
Avatar billede ps76 Forsker
11. marts 2007 - 19:44 #3
Hm, jeg kom ikke så langt, for den vil ikke gå i safemode med f8. Den kommer bare med et vindue, der spørger om bootenhed. Kan huske jeg har haft det problem tidligere - men er der ikke en anden vej at komme i safemode?
Avatar billede levich Nybegynder
11. marts 2007 - 20:03 #4
Ja, det er der.

Close all open programs.

Click Start, Run and type MSCONFIG in the box and click OK

The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted.

The computer restarts in Safe mode.

Perform the troubleshooting steps for which you are using Safe Mode.

When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab,  uncheck "/SAFEBOOT" and click OK to restart your computer
Avatar billede ps76 Forsker
11. marts 2007 - 21:30 #5
ah okay, jeg fandt nu ud af det - man kan ikke nøjes med at vælge Genstart. Man skal helt slukke computeren, og så tænde igen. Så gik den i safemode.
Jeg er ved at scanne - det tager jo lidt tid. Vender tilbage med resultatet når den er færdig, muligvis først mandag.
Avatar billede ps76 Forsker
11. marts 2007 - 21:54 #6
Tog alligevel ikke så lang tid. Den stod ellers på 2/3 dele færdig - men så sluttede den lige pludselig..
Ny hijack:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
C:\Programmer\FamilyKeyLogger\cisvc.exe
C:\Programmer\dvd43\dvd43_tray.exe
C:\Programmer\IconSaver\IconSaver.exe
C:\WINDOWS\system32\TTTimer.exe
C:\progra~1\yahoo!\YCentral\YahooCentral.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\TITLEB~1\Tbc.exe
C:\Programmer\HFXP\hfxp.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Softland\Backup4all 3\Backup4all.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programmer\Softland\Backup4all 3\Backup4all.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Macro Express3\MacExp.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\PowerMenu.exe
C:\Programmer\PrintKey2000\Printkey2000.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programmer\PopTray\PopTray.exe
C:\Programmer\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\Programmer\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmer\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmer\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmer\Raxco\PerfectDisk\PDSched.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Preben\Dokumenter\Downloads\Protection\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: News Ticker - {05F8C4F5-7CCF-4129-B221-B2B4CFC589DA} - C:\Programmer\CmpSoft\NewsTicker\Ticker.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Programmer\FamilyKeyLogger\cisvc.exe
O4 - HKLM\..\Run: [dvd43] C:\Programmer\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [IconSaver] C:\Programmer\IconSaver\IconSaver.exe
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\WINDOWS\system32\TTTimer.exe
O4 - HKLM\..\Run: [YCentral] c:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [kav] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [TBC.exe] C:\PROGRA~1\TITLEB~1\Tbc.exe
O4 - HKCU\..\Run: [hfxp] C:\Programmer\HFXP\hfxp.exe
O4 - HKCU\..\Run: [Flashpaste lite] C:\Programmer\Flashpaste\flashpaste.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DynAdvance Notifier] C:\Programmer\DynAdvance\DynAdvance Notifier\MailNotifier.Exe
O4 - HKCU\..\Run: [Backup4all 3] "C:\Programmer\Softland\Backup4all 3\Backup4all.exe" /s
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: PopTray.lnk = C:\Programmer\PopTray\PopTray.exe
O4 - Startup: PowerMenu.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmer\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Macro Express 3.lnk = C:\Programmer\Macro Express3\MacExp.exe
O4 - Global Startup: PowerMenu.exe
O4 - Global Startup: Printkey2000.lnk = C:\Programmer\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Statusmonitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Guru News Reader - {9025F70D-DB4B-4312-982B-8FE916987ED8} - C:\Programmer\CmpSoft\NewsTicker\Ticker.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .bcf: C:\Programmer\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Programmer\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmer\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Og herefter avg filen:


HKLM\SOFTWARE\KMiNT21 -> Adware.DesktopSpyAgent : Cleaned.
HKLM\SOFTWARE\KMiNT21\FamilyKeyLogger -> Adware.DesktopSpyAgent : Cleaned.
C:\Documents and Settings\Preben\Dokumenter\My Downloads\Emule\PC Rockstar.Games GTA San.Andreas [Crack + Trainer].rar/PC Rockstar.Games GTA San.Andreas [Crack + Trainer +]\Grand.Theft.Auto.San.Andreas.CRACK-HOODLUM\HLM-INTR.EXE -> Backdoor.Hupigon.kg : Cleaned.
C:\Documents and Settings\Preben\Dokumenter\My Downloads\Emule\PC Rockstar.Games GTA San.Andreas [Crack + Trainer]\PC Rockstar.Games GTA San.Andreas [Crack + Trainer +]\Grand.Theft.Auto.San.Andreas.CRACK-HOODLUM\HLM-INTR.EXE -> Backdoor.Hupigon.kg : Cleaned.
C:\Documents and Settings\Preben\Dokumenter\Downloads\DVD&Video\Video ikke brugt\movies on cd and dvd\CrK.exe -> Backdoor.Theef.111 : Cleaned.
C:\Documents and Settings\Preben\Dokumenter\Downloads\Office\SmileyCentralPFSetup2.0.4.0.exe -> Dropper.Small : Cleaned.
C:\WINDOWS\Downloaded Program Files\UDC6K_0001_D19M0109NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned.
C:\Documents and Settings\Preben\Dokumenter\Downloads\Foto diverse\Ikke brugt foto\Jasc after shot\Afscrk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
C:\Documents and Settings\Preben\Dokumenter\Downloads\Foto diverse\Ikke brugt foto\Jasc after shot\Jasc after shot.zip/Afscrk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
C:\Documents and Settings\Preben\Cookies\preben@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@edsa.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@edsa.122.2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@hotelscom.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@netgear.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@promarkt.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@sonymusic.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@adtech[2].txt -> TrackingCookie.Adtech : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@advertising[2].txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@adviva[2].txt -> TrackingCookie.Adviva : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@bfast[2].txt -> TrackingCookie.Bfast : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ads42.bpath[1].txt -> TrackingCookie.Bpath : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@www.burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@clickbank[1].txt -> TrackingCookie.Clickbank : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@com[1].txt -> TrackingCookie.Com : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@track.commissionpartner[1].txt -> TrackingCookie.Commissionpartner : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@www.etracker[1].txt -> TrackingCookie.Etracker : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@fastclick[3].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@media.fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@media.fastclick[3].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ehg-aha.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ehg-digg.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ehg-medtronic.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ehg-myplanet.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ehg-reed.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@hotlog[1].txt -> TrackingCookie.Hotlog : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ads15.hyperbanner[1].txt -> TrackingCookie.Hyperbanner : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@hypertracker[1].txt -> TrackingCookie.Hypertracker : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@searchportal.information[1].txt -> TrackingCookie.Information : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ivwbox[1].txt -> TrackingCookie.Ivwbox : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@stat.onestat[1].txt -> TrackingCookie.Onestat : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@stat.onestat[2].txt -> TrackingCookie.Onestat : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@overture[2].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@qksrv[2].txt -> TrackingCookie.Qksrv : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@realmedia[2].txt -> TrackingCookie.Realmedia : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@revenue[1].txt -> TrackingCookie.Revenue : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@revsci[2].txt -> TrackingCookie.Revsci : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@revsci[3].txt -> TrackingCookie.Revsci : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@edge.ru4[1].txt -> TrackingCookie.Ru4 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@tacoda[1].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@tacoda[3].txt -> TrackingCookie.Tacoda : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@trafic[1].txt -> TrackingCookie.Trafic : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@valueclick[2].txt -> TrackingCookie.Valueclick : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@weborama[1].txt -> TrackingCookie.Weborama : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@yadro[2].txt -> TrackingCookie.Yadro : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Preben\Cookies\preben@zedo[1].txt -> TrackingCookie.Zedo : Ignored.
C:\Documents and Settings\Preben\Dokumenter\Downloads\Desktop\Desktop ikke brugt\Icon software - ikke instll\any2icon\any2iconv2.12crackdigerati\Crack.rar/AnyToIcon_v212_DIGERATI_patch.exe -> Trojan.Proxcrak.A : Cleaned.
C:\Documents and Settings\Preben\Dokumenter\Downloads\Desktop\Desktop ikke brugt\Icon software - ikke instll\any2icon\any2iconv2.12crackdigerati\Crack\AnyToIcon_v212_DIGERATI_patch.exe -> Trojan.Proxcrak.A : Cleaned.


::Report end
Avatar billede Computer Hjælp (Gratis) Mester
11. marts 2007 - 22:22 #7
... jeg ka' ikke la' være med at sige/skrive det: Det er du næsten selv ude om med download "ting" fra P2P programmer:
* Emule *

Se hvor mange [Crack] som AVG har påpejet ifølge AVG listen + dem som der allerede HAR lavet ballade *SUK*

Og hvad med denne (Havde du glemt den <levich>?):
O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Programmer\FamilyKeyLogger\cisvc.exe

http://www.spyarsenal.com/familykeylogger/
http://spywaredetector.net/spyware_encyclopedia/FamilyKeyLogger.htm
(Er det noget du SELV har lagt ind ?)
Avatar billede ps76 Forsker
11. marts 2007 - 22:45 #8
Ja, Family keylogger er udmærket til hvis man er kommet til at slette noget man har skrevet. Så kan man lige fremkalde det igen. Så det accepterer jeg.
Den har jeg haft i mange år, og det har aldrig givet problemer.
Du skal huske overskriften: Det drejer sig om at Youtube er enormt langsom til at loade. Og det har den ikke altid været, selvom mange af de programmer, som AVG og Hijack finder, også har været der hele tiden...! Så det var ikke ment som en egentlig kemisk vask og rensning, men mere et spørgsmål om at identificere hvad det er, som holder Youtube tilbage.
Avatar billede gurly Praktikant
11. marts 2007 - 23:39 #9
dr1 > behøver du ligefrem reklamere for sådan en usmaglig ting  c",)

ps76 > du skulle bare være glad for at dr1 gider hjælpe,
med du er måske ligeglad med at der står alverdens virus og køre på din pc, ligeglad med åbne bagdøre som giver hackere fruld adgang til din pc, crack er hackernes paradis, men hvis du syntes at det er i orden at en masse hackere får adgang til din pc, og måske enda bruge dens recurser, så ok.
men måske det er derfor den opføre sig underligt, hæ hæ  c",)
Avatar billede Computer Hjælp (Gratis) Mester
12. marts 2007 - 00:14 #10
http://www.spywarefri.dk/artikler3.htm#computerspionage
Avatar billede ps76 Forsker
12. marts 2007 - 09:55 #11
Jamen hej, jeg ER da glad for gode råd, også fra dr1. Var ikke klar over, at en enkelt crack til et eller andet spil skulle kunne gøre skade på den måde? Men hvis I virkelig mener det, så er der vel ikke andet at gøre en at formattere og starte helt forfra. Herregud, hvad skulle jeg ellers lave de næste 2-3 dage...;-(
Følte bare at det var en software konflikt, som pludselig drillede disse streams - for der har ikke været problemer før med Youtoube.
Avatar billede Computer Hjælp (Gratis) Mester
12. marts 2007 - 10:32 #12
Hmmm... jeg tæller nu mere end "en enkelt crack til et eller andet spil" ...
Og når du først har haft EMULE åben/igang så ka' der dukke de underligste elementer op...

------------------

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

----------------
Avatar billede ps76 Forsker
12. marts 2007 - 11:14 #13
Her er combofix filen:

(((((((((((((((((((((((((((((((  Files Created from 2007-02-12 to 2007-03-12  ))))))))))))))))))))))))))))))))))


2007-03-12 10:05    <DIR>    d--------    C:\WINDOWS\LastGood
2007-03-11 19:55    786,432    --ah-----    C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-11 19:55    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Menuen Start
2007-03-11 19:55    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Skabeloner
2007-03-11 19:55    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Printere
2007-03-11 19:55    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Lokale indstillinger
2007-03-11 19:55    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Andre computere
2007-03-11 19:55    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Skrivebord
2007-03-11 19:55    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Foretrukne
2007-03-11 19:55    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Dokumenter
2007-03-11 19:32    <DIR>    d--------    C:\WINDOWS\pss
2007-03-10 22:42    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-03-09 09:56    <DIR>    d--------    C:\DOCUME~1\Preben\APPLIC~1\GoogleWeatherGadget
2007-03-05 19:45    2,560    ---------    C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-05 19:45    2,432    ---------    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-05 19:45    <DIR>    d--------    C:\WINDOWS\system32\IOSUBSYS
2007-03-03 10:57    <DIR>    d--------    C:\Programmer\Microsoft AutoRoute
2007-03-02 19:10    <DIR>    d--------    C:\DOCUME~1\Preben\APPLIC~1\Nokia 6230i
2007-03-01 16:17    <DIR>    d--------    C:\Programmer\Your Uninstaller 2006
2007-03-01 15:24    <DIR>    d--------    C:\DOCUME~1\Preben\APPLIC~1\SYSTRAN
2007-02-28 16:53    <DIR>    d--------    C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-02-28 15:57    81,920    ---------    C:\WINDOWS\system32\BrWebIns.dll
2007-02-28 15:57    65,536    ---------    C:\WINDOWS\system32\BRWEBUP.EXE
2007-02-28 15:57    188,416    ---------    C:\WINDOWS\system32\PDRVINST.DLL
2007-02-28 15:57    122,880    ---------    C:\WINDOWS\system32\BrfxD05a.dll
2007-02-28 15:57    0    --a------    C:\WINDOWS\brdfxspd.dat
2007-02-28 15:57    <DIR>    d--------    C:\Brother
2007-02-28 15:55    <DIR>    d--------    C:\Programmer\ScanSoft
2007-02-28 15:55    <DIR>    d--------    C:\Programmer\F‘lles filer\ScanSoft Shared
2007-02-28 15:55    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-02-27 22:55    <DIR>    d--------    C:\DOCUME~1\Preben\APPLIC~1\OfficeUpdate12
2007-02-27 22:55    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-02-27 13:54    73,728    --a------    C:\WINDOWS\system32\PowerMenuHook.dll
2007-02-27 12:30    28,672    --a------    C:\WINDOWS\system32\f3PSSavr.scr
2007-02-27 11:27    <DIR>    d--h-----    C:\WINDOWS\msdownld.tmp
2007-02-27 11:27    <DIR>    d--------    C:\WINDOWS\system32\windows media
2007-02-27 11:26    <DIR>    d--------    C:\Programmer\Windows Media Components
2007-02-27 11:26    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-02-27 11:21    <DIR>    d--------    C:\Programmer\CyberLink
2007-02-27 11:20    <DIR>    d--------    C:\Programmer\ffdshow
2007-02-27 00:50    89,632    --ahs----    C:\WINDOWS\system32\drivers\fidbox2.dat
2007-02-27 00:50    3,958,560    --ahs----    C:\WINDOWS\system32\drivers\fidbox.dat
2007-02-27 00:50    <DIR>    d--------    C:\Programmer\Kaspersky Lab
2007-02-27 00:50    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-02-26 21:34    <DIR>    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-02-26 21:33    5,632    --a------    C:\WINDOWS\system32\drivers\StarOpen.sys
2007-02-26 21:33    <DIR>    d--------    C:\Programmer\Softland
2007-02-26 21:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Softland


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-12 11:12    --------    d--------    C:\DOCUME~1\Preben\APPLIC~1\slimbrowser
2007-03-12 09:21    48094    --a------    C:\WINDOWS\system32\perfc006.dat
2007-03-12 09:21    327690    --a------    C:\WINDOWS\system32\perfh006.dat
2007-03-12 09:17    --------    d--------    C:\Programmer\macro express3
2007-03-11 21:43    --------    d--------    C:\Programmer\mywebsearch
2007-03-10 23:37    --------    d--h-----    C:\Programmer\installshield installation information
2007-03-10 22:08    --------    d--------    C:\DOCUME~1\Preben\APPLIC~1\ulead systems
2007-03-10 21:54    --------    d--------    C:\Programmer\F‘lles filer\ulead systems
2007-03-10 21:28    --------    d--------    C:\Programmer\yahoo!
2007-03-10 17:36    --------    d--------    C:\Programmer\quicktime
2007-03-09 17:08    --------    d--------    C:\Programmer\slimbrowser
2007-03-09 14:23    --------    d--------    C:\Programmer\google
2007-03-05 19:45    --------    d--------    C:\Programmer\picasa2
2007-03-05 19:41    --------    d--------    C:\DOCUME~1\Preben\APPLIC~1\adobe
2007-03-05 17:00    --------    d--------    C:\Programmer\emule
2007-03-03 10:35    --------    d--------    C:\Programmer\clonedvd
2007-03-01 19:16    --------    d--------    C:\Programmer\mixmeister 3
2007-03-01 16:43    --------    d--------    C:\DOCUME~1\Preben\APPLIC~1\utorrent
2007-02-28 22:06    86772    --ah-----    C:\WINDOWS\system32\mlfcache.dat
2007-02-28 17:11    --------    d--------    C:\Programmer\powerinternettv 3.7
2007-02-28 15:58    50    --a------    C:\WINDOWS\system32\bridf05a.dat
2007-02-28 15:58    --------    d--------    C:\Programmer\brother
2007-02-28 15:57    --------    d--------    C:\Programmer\F‘lles filer\installshield
2007-02-27 22:59    --------    d--------    C:\Programmer\microsoft activesync
2007-02-27 12:52    --------    d--------    C:\Programmer\microsoft frontpage
2007-02-27 12:14    --------    d--------    C:\DOCUME~1\Preben\APPLIC~1\wsinspector
2007-02-27 10:30    --------    d--------    C:\DOCUME~1\Preben\APPLIC~1\adobeum
2007-02-27 00:45    --------    d--------    C:\Programmer\symantec
2007-02-27 00:45    --------    d--------    C:\Programmer\F‘lles filer\symantec shared
2007-02-27 00:33    --------    d--------    C:\Programmer\backup4all
2007-02-27 00:30    --------    d---s----    C:\DOCUME~1\Preben\APPLIC~1\microsoft
2007-02-27 00:30    --------    d--------    C:\DOCUME~1\Preben\APPLIC~1\ahead
2007-02-27 00:00    --------    d--------    C:\DOCUME~1\Preben\APPLIC~1\spambayes
2007-02-26 21:20    --------    d--------    C:\Programmer\common files
2007-01-23 15:15    676224    --a------    C:\WINDOWS\system32\ogacheckcontrol.dll
2006-12-21 18:58    4    --a------    C:\WINDOWS\dllmain.dll
2006-12-21 18:54    65536    --a------    C:\WINDOWS\ifinst27.exe
2006-12-19 09:28    89    --a------    C:\AUTOEXEC.BAT


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Active Desktop Calendar"="C:\\Programmer\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"TBC.exe"="C:\\PROGRA~1\\TITLEB~1\\Tbc.exe"
"hfxp"="C:\\Programmer\\HFXP\\hfxp.exe"
"Flashpaste lite"="C:\\Programmer\\Flashpaste\\flashpaste.exe"
"H/PC Connection Agent"="\"C:\\Programmer\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"DynAdvance Notifier"="C:\\Programmer\\DynAdvance\\DynAdvance Notifier\\MailNotifier.Exe"
"Backup4all 3"="\"C:\\Programmer\\Softland\\Backup4all 3\\Backup4all.exe\" /s"
"RoboForm"="\"C:\\Programmer\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"CTStartup"="C:\\Programmer\\Creative\\SBAudigy\\Program\\CTEaxSpl.EXE /run"
"Jet Detection"="C:\\Programmer\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
"Acronis Scheduler2 Service"="\"C:\\Programmer\\Fælles filer\\Acronis\\Schedule2\\schedhlp.exe\""
"FamilyKeyLogger"="C:\\Programmer\\FamilyKeyLogger\\cisvc.exe"
"dvd43"="C:\\Programmer\\dvd43\\dvd43_tray.exe"
"IconSaver"="C:\\Programmer\\IconSaver\\IconSaver.exe"
"TerraTec Scheduler"="C:\\WINDOWS\\system32\\TTTimer.exe"
"YCentral"="c:\\progra~1\\yahoo!\\YCentral\\YahooCentral.exe"
"Adobe Photo Downloader"="\"C:\\Programmer\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Programmer\\iTunes\\iTunesHelper.exe\""
"zBrowser Launcher"="C:\\Programmer\\Logitech\\iTouch\\iTouch.exe"
"kav"="\"C:\\Programmer\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""
"SSBkgdUpdate"="\"C:\\Programmer\\Fælles filer\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Programmer\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Programmer\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Programmer\\Brother\\Brmfl05a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Programmer\\Brother\\ControlCenter2\\brctrcen.exe /autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
   

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Programmer\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Programmer\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService    REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService    REG_MULTI_SZ      DnsCache\0\0
rpcss    REG_MULTI_SZ      RpcSs\0\0
imgsvc    REG_MULTI_SZ      StiSvc\0\0
termsvcs    REG_MULTI_SZ      TermService\0\0
HTTPFilter    REG_MULTI_SZ      HTTPFilter\0\0
DcomLaunch    REG_MULTI_SZ      DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\B4A_Indstillinger Preben.job
C:\WINDOWS\tasks\B4A_Outlook.job
C:\WINDOWS\tasks\B4A_Weekly backup.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTStartup = C:\Programmer\Creative\SBAudigy\Program\CTEaxSpl.EXE /run?7?????????????x??????s$????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&7????w???w????????\???\???????$???U??w???w\???\????????w_????????w\???\??????s????\??????s\????&7?A??s?&7????w???

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-12 11:13:15
C:\ComboFix2.txt ... 07-03-12 10:54
Avatar billede ps76 Forsker
12. marts 2007 - 12:50 #14
Fik du noget ud af det? For Youtube virker stadig ikke, så hvis ikke der er flere forslag, så går jeg i gang med formatering og geninstallering, UDEN noget snask..så må vi se, om DET hjælper.
GIv et svar, så skal du få dine point for at i det mindste prøve..!
Avatar billede Computer Hjælp (Gratis) Mester
12. marts 2007 - 12:59 #15
"... UDEN noget snask..." det ville være en go' ting  >;-)

Samme med denne KeyLogger ting >8-(
Avatar billede Computer Hjælp (Gratis) Mester
12. marts 2007 - 13:00 #16
Du får lige 'talen':

Her er hvorfor torrents og alle andre P2P systemer skal fjernes, før vi gider røre ved det:
Her er lidt læsning om P2P og risici ved at bruge dem.

http://newz.dk/forum/item/51863/ - http://www.benedelman.org/news/010205-1.html (engelsk desværre)
http://www.microsoft.com/danmark/athome/security/online/p2p_file_sharing.mspx
http://www.computerworld.dk/art/29010
http://www.pressbox.dk/Default.asp?obj=arkiv&id=10118

P2P er noget skrammel, man åbner sin maskine for omverdenen, det beskyttelse man i dyre domme har købt, eller hentet freewareversioner af, bliver udsat for alle mulige angreb, heldigvis kan nogle programmer holde det ude, men da det i sagens natur er "skidt"programmøren der er foran, vil der uværgerligt slippe noget igennem.

Den seneste tids debat om Rootkits, og hvor stort et problem de allerede er, burde også få folk til at genoverveje brugen af P2P.
http://www.computerforensics.dk/rootkits.htm
Der er ingen garanti for at det spil, program, film eller musik man henter ikke er inficeret, tværtimod er risikoen for det enorm.
Avatar billede Computer Hjælp (Gratis) Mester
12. marts 2007 - 13:00 #17
Generelt ->
http://www.spywareinfo.dk/manualer/xp-installation.htm +
http://www.spywareinfo.dk/manualer/xp-installation-side2.htm +
http://www.spywareinfo.dk/manualer/xp-opsaetning.htm

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29193

Altså INGEN FORM FOR INTERNETFORBINDELSE undervejs ...
Avatar billede Computer Hjælp (Gratis) Mester
12. marts 2007 - 13:00 #18
Ping...

(Læg selv et [svar] og la' os dele allesammen...)
Avatar billede ps76 Forsker
12. marts 2007 - 15:57 #19
Nej - snup du bare dem. ALtid godt med lidt rådgivning, selvom det ikke løste mit problem i første omgang.
Nu skal jeg til at formattere, og har taget kopi af alle dokumenter, brugt "gem indstillinger" i Office, og ligeledes kopieret det meste af "Lokale indstillinger" mappen for at spare tid med opsætningen bagefter...men på den anden side ved man vel ikke, om nogle af problemerne gemmer sig netop dér, så måske er det ikke så smart? Nogle sidste øjebliks gode råd, før jeg kører format c: ??
Avatar billede levich Nybegynder
12. marts 2007 - 17:17 #20
dr1 -> bare for en god ordens skyld. Jeg havde ikke overset O4 - HKLM\..\Run: [FamilyKeyLogger] C:\Programmer\FamilyKeyLogger\cisvc.exe, men det virkede ikke som om det var skadeligt.
Avatar billede Computer Hjælp (Gratis) Mester
13. marts 2007 - 09:41 #21
Mht FamilyKeyLogger - har du så 112% garanti for at info'en ikke bliver samlet sammen og sendt 'ud i verden' ?
http://www.spywarefri.dk/artikler3.htm#computerspionage
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Generator til strømafbrydelse Af arnepedersen i Andet sikkerhed 11 06/10/202510:26 07/10/202516:37
Sophus Scan og Clean på USB- samler den "snavs" op? Af Uvanga i Andet sikkerhed 7 24/09/202522:06 25/09/202518:27
synology surveillance Af johnnylassen i Andet sikkerhed 2 09/06/202514:49 09/06/202518:18
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36 Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
White papers
Flere white papers »