virus

Har du prøvet med et andet antivirus program ?

Du kan forsøge med det gratis Antivir.

Dette kan downloades herfra:

http://www.softpedia.com/progDownload/AntiVir-Personal-Edition-Download-6527.html

Afinstaller det nuværende program og installer det nye og scan / slet og skift da tilbage på samme måde igen afinstaller Antivir og installer dit gamle program.

Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe
Installer og start programmet, opdater, lav "fuld systemskanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://www.techsupportforum.com/sectools/sUBs/dds

eller her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds


Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på på computeren og ikke køres fra nettet

hej
er hoppet på den bær bar nu kunne slet ikke logge på nogen af linksne:.
Malwarebytes vil slet ikke starte op men her kommer loggen fra det andet program


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 03-03-2009 00:38:29
System Uptime: 03-06-2009 00:38:07 (-2135 hours ago)

Motherboard:                        |  | 4CoreDual-VSTA
Processor: Intel(R) Celeron(R) CPU        E1400  @ 2.00GHz | CPUSocket | 2009/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 49 GiB total, 34,358 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 17,393 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 30,287 GiB free.
F: is FIXED (NTFS) - 26 GiB total, 15,287 GiB free.
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SI-controller
Device ID: PCI\VEN_1106&DEV_5308&SUBSYS_53081849&REV_00\3&267A616A&0&05
Manufacturer:
Name: SI-controller
PNP Device ID: PCI\VEN_1106&DEV_5308&SUBSYS_53081849&REV_00\3&267A616A&0&05
Service:

==== System Restore Points ===================

RP1: 05-03-2009 16:31:21 - Systemkontrolpunkt
RP2: 05-03-2009 16:31:21 - Installeret ATI Catalyst Control Center
RP3: 05-03-2009 16:31:22 - Installerede Microsoft .NET Framework 2.0
RP4: 05-03-2009 16:31:22 - Installeret Realtek High Definition Audio Driver
RP5: 05-03-2009 16:31:22 - Installed DAEMON Tools
RP6: 05-03-2009 16:31:22 - Installerede Windows Live Messenger
RP7: 05-03-2009 16:31:22 - Software Distribution Service 3.0
RP8: 05-03-2009 16:31:22 - Installed Microsoft Office Enterprise 2007
RP9: 05-03-2009 16:31:22 - Software Distribution Service 3.0
RP10: 05-03-2009 16:31:22 - Software Distribution Service 3.0
RP11: 05-03-2009 16:31:22 - Software Distribution Service 3.0
RP12: 05-03-2009 16:31:22 - Software Distribution Service 3.0
RP13: 05-03-2009 16:31:22 - SetPoint 4.70
RP14: 05-03-2009 16:31:22 - Installed Device Package
RP15: 05-03-2009 16:31:22 - Install CloneDVD2
RP16: 05-03-2009 16:31:22 - Installed Java(TM) 6 Update 12
RP17: 05-03-2009 16:31:22 - Last known good configuration
RP18: 05-03-2009 16:31:22 - Installed ImagXpress
RP19: 05-03-2009 16:31:22 - Installed DirectX
RP20: 05-03-2009 16:31:22 - Installed neroxml
RP21: 05-03-2009 16:31:22 - Installed Advertising Center
RP22: 05-03-2009 16:31:22 - Installed NeroBurningROM
RP23: 05-03-2009 16:31:22 - Installed Nero CoverDesigner
RP24: 05-03-2009 16:31:22 - Installed NeroExpress
RP25: 05-03-2009 16:31:23 - Installed Nero PhotoSnap
RP26: 05-03-2009 16:31:23 - Installed Nero Recode
RP27: 05-03-2009 16:31:23 - Installed Nero ShowTime
RP28: 05-03-2009 16:31:23 - Installed SoundTrax
RP29: 05-03-2009 16:31:23 - Installed Nero StartSmart
RP30: 05-03-2009 16:31:23 - Installed Nero Vision
RP31: 05-03-2009 16:31:23 - Installed Nero WaveEditor
RP32: 05-03-2009 16:31:23 - Installed Nero DriveSpeed
RP33: 05-03-2009 16:31:23 - Installed Nero InfoTool
RP34: 05-03-2009 16:31:23 - Installed Nero Rescue Agent
RP35: 05-03-2009 16:31:23 - Installed Nero BurnRights
RP36: 05-03-2009 16:31:23 - Installed Nero Disc Copy Gadget
RP37: 05-03-2009 16:31:23 - Installed Nero DiscSpeed
RP38: 05-03-2009 16:31:23 - Fjernet ATI Catalyst Control Center
RP39: 05-03-2009 16:31:25 - Software Distribution Service 3.0
RP40: 05-03-2009 16:31:35 - Last known good configuration
RP41: 05-03-2009 17:27:38 - Installeret ATI Catalyst Control Center
RP42: 05-03-2009 18:28:35 - Installed Adobe Reader 7.0.7
RP43: 05-03-2009 18:58:22 - Installed DirectX
RP44: 05-03-2009 19:03:16 - Installed Menu Templates - Starter Kit
RP45: 05-03-2009 19:03:35 - Installed Nero ControlCenter
RP46: 05-03-2009 19:04:01 - Installed Movie Templates - Starter Kit
RP47: 05-03-2009 19:04:27 - Installed DolbyFiles
RP48: 05-03-2009 19:04:52 - Installed Nero Live
RP49: 05-03-2009 19:05:52 - Installed InCD Help
RP50: 05-03-2009 19:06:42 - Installed Nero BurningROM
RP51: 05-03-2009 19:07:20 - Installed Nero CoverDesigner Help
RP52: 05-03-2009 19:07:58 - Installed Nero Express
RP53: 05-03-2009 19:08:29 - Installed Nero StartSmart Help
RP54: 05-03-2009 19:09:12 - Installed Nero Vision
RP55: 05-03-2009 19:09:56 - Installed Nero DriveSpeed
RP56: 05-03-2009 19:10:31 - Installed Nero InfoTool
RP57: 05-03-2009 19:11:02 - Installed Nero RescueAgent Help
RP58: 05-03-2009 19:11:37 - Installed Nero Disc Copy Gadget Help
RP59: 05-03-2009 19:12:08 - Installed Nero DiscSpeed
RP60: 05-03-2009 19:12:45 - Installed Nero ControlCenter
RP61: 05-03-2009 19:13:17 - Installed Nero Live Help
RP62: 05-03-2009 19:13:45 - Installed Nero Installer
RP63: 05-03-2009 19:35:16 - Removed DolbyFiles
RP64: 05-03-2009 19:35:28 - Removed Movie Templates - Starter Kit
RP65: 05-03-2009 19:36:01 - Removed Menu Templates - Starter Kit
RP66: 05-03-2009 19:43:30 - Removed Advertising Center
RP67: 05-03-2009 19:43:53 - Removed Nero Installer

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.7
ATI - Afinstalleringsværktøj for software
ATI Catalyst Control Center
ATI Display Driver
AVG Anti-Spyware 7.5
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCE SP Trial Version
CCleaner (remove only)
CDDRV_Installer
Cinema Craft Encoder SP2
CloneDVD2
DAEMON Tools
Digital Signatur
DU Meter
DVD Decrypter (Remove Only)
DVD Rebuilder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB952287)
Hotfix til Windows XP (KB961118)
ImagXpress
ImgBurn
Java(TM) 6 Update 12
JBinUp 0.90 Beta 7
KhalInstallWrapper
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Software Update for Web Folders  (Danish) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
Nero BurnRights
Nero PhotoSnap
Nero Recode
Nero ShowTime
Nero WaveEditor
neroxml
NewsLeecher v3.95 Beta 3
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB943729)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB967715)
Panda ActiveScan 2.0
Panda Antivirus Pro 2009
QuickPar 0.9
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127-v2)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows XP (KB923789)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB954211)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956841)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB960715)
Skins
Skype 3.0
Skype Plugin Manager
SoundTrax
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
System Requirements Lab
Total Commander (Remove or Repair)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
VideoLAN VLC media player 0.8.4
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

05-03-2009 09:44:13, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\ativvaxx.dll. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.14.10.208.
05-03-2009 09:44:13, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\ati3duag.dll. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.14.10.630.
05-03-2009 09:44:13, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\ati2dvag.dll. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.14.10.6891.
05-03-2009 09:44:13, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\ati2cqag.dll. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.14.10.404.
05-03-2009 09:40:32, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\ativvaxx.dll. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.14.10.208.
05-03-2009 09:40:31, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\ati3duag.dll. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.14.10.630.
05-03-2009 09:40:30, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\ati2cqag.dll. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.14.10.404.
05-03-2009 09:40:30, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\ati2dvag.dll. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.14.10.6891.
05-03-2009 09:40:30, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\drivers\ati2mtag.sys. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.14.10.6891.
05-03-2009 11:47:47, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\wextract.exe. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 6.0.2900.5512.
05-03-2009 22:37:39, oplysninger: Windows File Protection [64002]  - Der blev forsøgt på at udføre filerstatning på den beskyttede systemfil c:\windows\system32\drivers\beep.sys. Filen blev gendannet til sin oprindelige tilstand for at bevare systemets stabilitet. Systemfilens filversion er 5.1.2600.0.

==== End Of File ===========================



DDS (Ver_09-02-01.01) - NTFSx86 
Run by Karsten at  1:00:19,06 on 06-03-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1023.517 [GMT 1:00]

AV: Panda Antivirus Pro 2009 *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
svchost.exe
C:\PROGRAMMER\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost -k Panda
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Security\PavShld\pavprsrv.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programmer\DU Meter\DUMeter.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\IFACE.EXE
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\apvxdwin.exe
C:\Documents and Settings\Karsten\Skrivebord\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://dyndns.dk/start.php
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {63ce3182-1d8c-490b-81f4-0cc1677f1604} - c:\windows\system32\sqdrai.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: {E492657A-4845-418E-998A-1B2BE3CE6CE0} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\programmer\msn messenger\msnmsgr.exe" /background
mRun: [DU Meter] c:\programmer\du meter\DUMeter.exe
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [APVXDWIN] "c:\programmer\panda security\panda antivirus pro 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\programmer\panda security\panda antivirus pro 2009\Inicio.exe"
mRun: [StartCCC] "c:\programmer\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [!AVG Anti-Spyware] "c:\programmer\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [avgnt] "c:\programmer\avira\antivir personaledition classic\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\logite~1.lnk - c:\programmer\logitech\setpoint\SetPoint.exe
Trusted Zone: danid.dk
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236231770412&h=5d696285da6a15717496502bdb5dcfbe/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avldr - avldr.dll
Notify: crypt - crypts.dll
Notify: efcDSJab - efcDSJab.dll
Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\programmer\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUmMEvv

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-5 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-5 28544]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\programmer\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2009-3-5 10872]
R1 avgio;avgio;c:\programmer\avira\antivir personaledition classic\avgio.sys [2009-3-6 11840]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-3-5 41144]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\programmer\avira\antivir personaledition classic\sched.exe [2009-3-6 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\programmer\avira\antivir personaledition classic\avguard.exe [2009-3-6 151297]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\programmer\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-4 10384]
R2 Panda Software Controller;Panda Software Controller;c:\programmer\panda security\panda antivirus pro 2009\PsCtrlS.exe [2009-3-5 181504]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2009-3-5 84024]
R2 PAVFNSVR;Panda Function Service;c:\programmer\panda security\panda antivirus pro 2009\PavFnSvr.exe [2009-3-5 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-3-5 179640]
R2 PavPrSrv;Panda Process Protection Service;c:\programmer\fælles filer\panda security\pavshld\PavPrSrv.exe [2009-3-5 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\programmer\panda security\panda antivirus pro 2009\PAVSRV51.EXE [2009-3-5 288512]
R2 PskSvcRetail;Panda PSK service;c:\programmer\panda security\panda antivirus pro 2009\psksvc.exe [2009-3-5 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 avgntflt;avgntflt;c:\programmer\avira\antivir personaledition classic\avgntflt.sys [2009-3-6 52032]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmer\lavasoft\ad-aware\AAWService.exe [2009-1-18 951120]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2009-03-06 00:28    <DIR>    --d-----    c:\programmer\Avira
2009-03-06 00:28    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Avira
2009-03-05 23:39    <DIR>    --d-----    c:\docume~1\karsten\applic~1\Grisoft
2009-03-05 23:24    10,872    a-------    c:\windows\system32\drivers\AvgAsCln.sys
2009-03-05 23:24    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Grisoft
2009-03-05 23:22    <DIR>    --d-----    c:\programmer\Yahoo!
2009-03-05 23:22    <DIR>    --d-----    c:\programmer\CCleaner
2009-03-05 23:03    <DIR>    --dsh---    c:\windows\system32\wsnpoem
2009-03-05 22:37    102,510    a-------    c:\windows\system32\drivers\90bb48b2.sys
2009-03-05 22:37    2    a-------    C:\-1465735719
2009-03-05 22:37    74,752    a-------    c:\windows\system32\njlaquwb.dll
2009-03-05 22:37    104,448    a-------    c:\windows\system32\gzuidf.dll
2009-03-05 22:37    104,448    a-------    c:\windows\system32\avvlfolg.dll
2009-03-05 21:35    <DIR>    --d-----    c:\documents and settings\karsten\cbt
2009-03-05 21:33    208    a---h---    C:\sqmdata01.sqm
2009-03-05 21:33    172    a---h---    C:\sqmnoopt01.sqm
2009-03-05 21:29    268    a---h---    C:\sqmdata00.sqm
2009-03-05 21:29    244    a---h---    C:\sqmnoopt00.sqm
2009-03-05 21:04    0    a-------    c:\documents and settings\karsten\temp.dat
2009-03-05 21:04    <DIR>    --d-----    c:\documents and settings\karsten\.oces
2009-03-05 20:54    <DIR>    --d-----    C:\Alm. Brand Bank
2009-03-05 20:00    230    a-------    c:\windows\system32\ufvxijce.dll
2009-03-05 20:00    1,902,621    ---sh---    c:\windows\system32\ngvudwhv.ini
2009-03-05 19:50    141    a-------    c:\windows\wcx_ftp.ini
2009-03-05 19:43    545    a-------    c:\windows\UC.PIF
2009-03-05 19:43    545    a-------    c:\windows\RAR.PIF
2009-03-05 19:43    545    a-------    c:\windows\PKZIP.PIF
2009-03-05 19:43    545    a-------    c:\windows\PKUNZIP.PIF
2009-03-05 19:43    545    a-------    c:\windows\NOCLOSE.PIF
2009-03-05 19:43    545    a-------    c:\windows\LHA.PIF
2009-03-05 19:43    545    a-------    c:\windows\ARJ.PIF
2009-03-05 19:43    312    a-------    c:\windows\wincmd.ini
2009-03-05 19:43    <DIR>    --d-----    C:\totalcmd
2009-03-05 19:05    39    a-------    c:\windows\Irremote.ini
2009-03-05 18:49    37,376    a-------    c:\windows\system32\iifgggHb.dll
2009-03-05 18:28    <DIR>    --d-----    c:\programmer\fælles filer\Adobe
2009-03-05 18:21    230    a-------    c:\windows\system32\upysygvn.dll
2009-03-05 18:21    1,902,621    ---sh---    c:\windows\system32\wwnaglbv.ini
2009-03-05 16:35    230    a-------    c:\windows\system32\lklvayoj.dll
2009-03-05 16:34    1,902,621    ---sh---    c:\windows\system32\ckoptwbx.ini
2009-03-05 16:34    230    a-------    c:\windows\system32\dknigcbl.dll
2009-03-05 16:31    1,902,608    ---sh---    c:\windows\system32\hulrmhiw.ini
2009-03-05 16:31    3,088    a--sh---    c:\windows\system32\vvEMmUtv.ini
2009-03-05 16:31    370    a--sh---    c:\windows\system32\vvEMmUtv.ini2
2009-03-05 16:31    236,032    a-------    c:\windows\system32\vtUmMEvv.dll.vir
2009-03-05 16:26    233    a-------    c:\windows\system32\rqRljghE.dll
2009-03-05 12:35    8,627    a-------    c:\windows\system32\PAV_FOG.OPC
2009-03-05 12:26    84,024    a-------    c:\windows\system32\drivers\pavdrv51.sys
2009-03-05 12:26    243    a-------    c:\windows\system32\PavCPL.dat
2009-03-05 12:26    54,832    a-------    c:\windows\system32\pavcpl.cpl
2009-03-05 12:26    446,464    a-------    c:\windows\system32\HHActiveX.dll
2009-03-05 12:26    520,448    a-------    c:\windows\system32\PavSHook.dll
2009-03-05 12:26    193,280    a-------    c:\windows\system32\TpUtil.dll
2009-03-05 12:26    107,568    a-------    c:\windows\system32\SYSTOOLS.DLL
2009-03-05 12:26    87,296    a-------    c:\windows\system32\PavLspHook.dll
2009-03-05 12:26    55,552    a-------    c:\windows\system32\pavipc.dll
2009-03-05 12:26    58,672    a-------    c:\windows\system32\avldr.dll
2009-03-05 12:26    <DIR>    --d-----    c:\windows\system32\PAV
2009-03-05 12:26    <DIR>    --d-----    c:\docume~1\karsten\applic~1\Panda Security
2009-03-05 12:26    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Panda Security
2009-03-05 12:24    179,640    a-------    c:\windows\system32\drivers\PavProc.sys
2009-03-05 12:24    41,144    a-------    c:\windows\system32\drivers\ShlDrv51.sys
2009-03-05 12:24    <DIR>    --d-----    c:\programmer\fælles filer\Panda Security
2009-03-05 11:46    64,160    a-------    c:\windows\system32\drivers\Lbd.sys
2009-03-05 11:44    <DIR>    -cd-h---    c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-05 11:44    <DIR>    --d-----    c:\programmer\Lavasoft
2009-03-05 11:43    <DIR>    --d-----    c:\docume~1\karsten\applic~1\Malwarebytes
2009-03-05 11:43    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-05 11:37    28,544    a-------    c:\windows\system32\drivers\pavboot.sys
2009-03-05 11:37    <DIR>    --d-----    c:\programmer\Panda Security
2009-03-05 10:40    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-05 10:40    <DIR>    --d-----    c:\programmer\Spybot - Search & Destroy
2009-03-05 10:34    <DIR>    --d-----    c:\programmer\MSXML 4.0
2009-03-05 10:34    221,184    a-------    c:\windows\system32\wmpns.dll
2009-03-05 10:14    1,896,289    ---sh---    c:\windows\system32\aodscqtv.ini
2009-03-05 09:53    88,566    a-------    c:\windows\system32\nvapps.xml
2009-03-05 09:53    208,896    a-------    c:\windows\system32\nvudisp.exe
2009-03-05 09:53    17,056    a-------    c:\windows\system32\nvdisp.nvu
2009-03-05 09:53    <DIR>    --d-----    c:\windows\nview
2009-03-05 09:52    208,896    a-------    c:\windows\system32\NVUNINST.EXE
2009-03-05 09:52    <DIR>    --d-----    C:\NVIDIA
2009-03-05 09:43    <DIR>    --d-----    c:\programmer\SystemRequirementsLab
2009-03-05 09:40    10    a-------    c:\windows\WININIT.INI
2009-03-05 09:39    1,896,289    ---sh---    c:\windows\system32\jygloedw.ini
2009-03-05 09:35    4,274,816    ac------    c:\windows\system32\dllcache\nv4_disp.dll
2009-03-05 09:35    3,994,624    ac------    c:\windows\system32\dllcache\nv4_mini.sys
2009-03-05 09:35    4,527,488    a-------    c:\windows\system32\nv4_disp.dll
2009-03-05 09:35    3,994,624    a-------    c:\windows\system32\drivers\nv4_mini.sys
2009-03-05 07:27    <DIR>    --d-----    c:\windows\pss
2009-03-05 07:11    <DIR>    --d-----    c:\programmer\Nero
2009-03-05 07:11    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Nero
2009-03-05 07:11    <DIR>    --d-----    c:\programmer\fælles filer\Nero
2009-03-05 07:09    1,896,289    ---sh---    c:\windows\system32\gedwpsla.ini
2009-03-05 07:08    3,235    a--sh---    c:\windows\system32\hPprAcdd.ini
2009-03-05 07:08    370    a--sh---    c:\windows\system32\hPprAcdd.ini2
2009-03-05 06:42    <DIR>    --d-----    c:\documents and settings\karsten\.JBinUp
2009-03-05 06:41    410,984    a-------    c:\windows\system32\deploytk.dll
2009-03-05 06:41    73,728    a-------    c:\windows\system32\javacpl.cpl
2009-03-05 06:40    <DIR>    --d-----    c:\programmer\JBinUp
2009-03-05 06:36    <DIR>    --d-----    c:\docume~1\karsten\applic~1\Cryptomathic
2009-03-05 06:36    <DIR>    -cd-h---    c:\docume~1\alluse~1\applic~1\{D166A25B-41F0-45EA-B10E-DE7D7B5C3455}
2009-03-05 06:36    <DIR>    --d-----    c:\programmer\DanID
2009-03-04 20:04    <DIR>    --d-----    c:\docume~1\karsten\applic~1\Elaborate Bytes
2009-03-04 20:03    <DIR>    --d-----    c:\programmer\Elaborate Bytes
2009-03-04 08:50    <DIR>    --d-----    c:\programmer\DVD-RB PRO
2009-03-04 08:49    <DIR>    --d-----    c:\programmer\AviSynth 2.5
2009-03-04 08:47    <DIR>    --d-----    c:\programmer\Custom Technology
2009-03-04 07:02    10,384    a-------    c:\windows\system32\drivers\LBeepKE.sys
2009-03-04 07:02    0    a---h---    c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-04 07:02    0    a---h---    c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-04 07:01    0    a---h---    c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-03-04 07:01    0    a---h---    c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-04 07:01    <DIR>    --d-----    c:\windows\system32\ReinstallBackups
2009-03-04 07:01    301,656    a-------    c:\windows\system32\BtCoreIf.dll
2009-03-04 07:01    170,512    a-------    c:\windows\system32\kemutb.dll
2009-03-04 07:01    145,936    a-------    c:\windows\system32\KemUtil.dll
2009-03-04 07:01    117,264    a-------    c:\windows\system32\KemWnd.dll
2009-03-04 07:01    84,496    a-------    c:\windows\system32\KemXML.dll
2009-03-04 07:00    <DIR>    --d-----    c:\programmer\fælles filer\Logishrd
2009-03-03 12:03    268,648    a-------    c:\windows\system32\mucltui.dll
2009-03-03 12:03    27,496    a-------    c:\windows\system32\mucltui.dll.mui
2009-03-03 11:22    <DIR>    --d-----    c:\docume~1\karsten\applic~1\Windows Search
2009-03-03 10:27    <DIR>    --d-----    c:\programmer\Windows Desktop Search
2009-03-03 10:27    <DIR>    --d-----    c:\windows\system32\GroupPolicy
2009-03-03 10:26    <DIR>    --d-----    c:\programmer\Windows Media Connect 2
2009-03-03 10:25    <DIR>    --d-----    c:\windows\system32\LogFiles
2009-03-03 10:24    <DIR>    --d-----    c:\windows\system32\URTTEMP
2009-03-03 08:55    <DIR>    --d-----    c:\documents and settings\karsten\Downloads
2009-03-03 08:54    <DIR>    --d-----    c:\docume~1\karsten\applic~1\NewsLeecher
2009-03-03 08:54    <DIR>    --d-----    c:\programmer\NewsLeecher
2009-03-03 08:31    146,650    a-------    c:\windows\system32\BuzzingBee.wav
2009-03-03 08:31    940,794    a-------    c:\windows\system32\LoopyMusic.wav
2009-03-03 08:31    <DIR>    --d-----    c:\windows\system32\Lang
2009-03-03 08:23    14,048    --------    c:\windows\system32\spmsg2.dll
2009-03-03 08:18    <DIR>    --d-----    c:\windows\system32\XPSViewer
2009-03-03 08:17    1,676,288    -c------    c:\windows\system32\dllcache\xpssvcs.dll
2009-03-03 08:17    597,504    -c------    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-03 08:17    575,488    -c------    c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-03 08:17    89,088    -c------    c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-03 08:17    1,676,288    --------    c:\windows\system32\xpssvcs.dll
2009-03-03 08:17    575,488    --------    c:\windows\system32\xpsshhdr.dll
2009-03-03 08:17    117,760    --------    c:\windows\system32\prntvpt.dll
2009-03-03 08:17    <DIR>    --d-----    C:\6e1b9246202f374992a8b2563e55d5
2009-03-03 08:02    6,066,688    -c------    c:\windows\system32\dllcache\ieframe.dll
2009-03-03 08:02    2,455,488    -c------    c:\windows\system32\dllcache\ieapfltr.dat
2009-03-03 08:02    1,015,808    -c------    c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-03 08:02    459,264    -c------    c:\windows\system32\dllcache\msfeeds.dll
2009-03-03 08:02    383,488    -c------    c:\windows\system32\dllcache\ieapfltr.dll
2009-03-03 08:02    267,776    -c------    c:\windows\system32\dllcache\iertutil.dll
2009-03-03 08:02    63,488    -c------    c:\windows\system32\dllcache\icardie.dll
2009-03-03 08:02    52,224    -c------    c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-03 08:02    13,824    -c------    c:\windows\system32\dllcache\ieudinit.exe
2009-03-03 07:41    26,368    ac------    c:\windows\system32\dllcache\usbstor.sys
2009-03-03 07:29    <DIR>    --dsh---    c:\documents and settings\karsten\UserData
2009-03-03 07:26    <DIR>    --d-----    c:\documents and settings\karsten\Contacts
2009-03-03 06:36    <DIR>    --d-----    c:\programmer\fælles filer\DESIGNER
2009-03-03 06:33    <DIR>    --d-----    c:\windows\SHELLNEW
2009-03-03 06:26    272,256    -c------    c:\windows\system32\dllcache\bthport.sys
2009-03-03 06:26    272,256    --------    c:\windows\system32\drivers\bthport.sys
2009-03-03 06:25    2,147,840    -c------    c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-03 06:25    2,068,608    -c------    c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-03 06:25    2,191,744    -c------    c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-03 06:25    2,026,496    -c------    c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-03 06:25    455,296    -c------    c:\windows\system32\dllcache\mrxsmb.sys
2009-03-03 06:24    <DIR>    --d-----    c:\programmer\VideoLAN
2009-03-03 01:29    4,444    a-------    c:\windows\system32\pid.PNF
2009-03-03 01:28    3,072    a-------    c:\windows\system32\drivers\audstub.sys
2009-03-03 01:28    58,112    a-------    c:\windows\system32\drivers\redbook.sys
2009-03-03 01:28    25,856    a-------    c:\windows\system32\drivers\usbprint.sys
2009-03-03 01:27    10,624    a-------    c:\windows\system32\drivers\gameenum.sys
2009-03-03 01:27    27,165    a-------    c:\windows\system32\drivers\fetnd5.sys
2009-03-03 01:27    75,264    a-------    c:\windows\system32\usbui.dll
2009-03-03 01:27    44,672    a-------    c:\windows\system32\drivers\UAGP35.SYS
2009-03-03 01:26    <DIR>    --d-----    c:\programmer\fælles filer\ODBC
2009-03-03 01:26    <DIR>    --d-----    c:\programmer\fælles filer\SpeechEngines
2009-03-03 01:26    <DIR>    --d-----    c:\programmer\fælles filer\Microsoft Shared
2009-03-03 01:26    <DIR>    --d-----    c:\programmer\Fælles filer
2009-03-03 01:25    15,360    ac------    c:\windows\system32\dllcache\taskman.exe
2009-03-03 01:25    <DIR>    --d-h---    c:\documents and settings\all users\Skabeloner
2009-03-03 01:25    <DIR>    --d--r--    c:\documents and settings\all users\Menuen Start
2009-03-03 01:25    <DIR>    --d--r--    c:\documents and settings\all users\Dokumenter
2009-03-03 01:25    <DIR>    --d-----    c:\documents and settings\all users\Skrivebord
2009-03-03 01:25    <DIR>    --d-----    c:\documents and settings\all users\Foretrukne
2009-03-03 01:24    261    a-------    c:\windows\system32\$winnt$.inf
2009-03-03 01:09    <DIR>    --d-----    c:\programmer\fælles filer\Skype
2009-03-03 01:09    <DIR>    --d-----    c:\programmer\Skype
2009-03-03 01:09    <DIR>    --d-----    c:\programmer\QuickPar
2009-03-03 01:08    <DIR>    --d-----    c:\programmer\MSN Messenger
2009-03-03 01:07    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Hagel Technologies
2009-03-03 01:07    <DIR>    --d-----    c:\programmer\DU Meter
2009-03-03 01:07    <DIR>    --d-----    c:\programmer\D-Tools
2009-03-03 01:05    <DIR>    --d-----    c:\programmer\DVD Decrypter
2009-03-03 00:54    <DIR>    --d-----    c:\programmer\Realtek
2009-03-03 00:43    <DIR>    --d-----    c:\programmer\ATI Technologies
2009-03-03 00:42    <DIR>    --d-----    c:\programmer\fælles filer\InstallShield
2009-03-03 00:41    <DIR>    --d-h---    c:\documents and settings\karsten\Skabeloner
2009-03-03 00:41    <DIR>    --d-h---    c:\documents and settings\karsten\Printere
2009-03-03 00:41    <DIR>    --d-h---    c:\documents and settings\karsten\Lokale indstillinger
2009-03-03 00:41    <DIR>    --d-h---    c:\documents and settings\karsten\Andre computere
2009-03-03 00:41    <DIR>    --d--r--    c:\documents and settings\karsten\Menuen Start
2009-03-03 00:41    <DIR>    --d--r--    c:\documents and settings\karsten\Foretrukne
2009-03-03 00:41    <DIR>    --d--r--    c:\documents and settings\karsten\Dokumenter
2009-03-03 00:41    <DIR>    --d-----    c:\documents and settings\karsten\Skrivebord
2009-03-03 00:35    <DIR>    --dsh---    c:\documents and settings\all users\DRM
2009-03-03 00:35    <DIR>    --d-h---    c:\programmer\WindowsUpdate
2009-03-03 00:35    <DIR>    --d-----    c:\programmer\Onlinetjenester
2009-03-03 00:34    <DIR>    --d-----    c:\programmer\fælles filer\Tjenester
2009-03-03 00:34    <DIR>    --d-----    c:\programmer\fælles filer\MSSoap
2009-03-03 00:33    <DIR>    --d-----    c:\programmer\fælles filer\System
2009-03-03 00:33    <DIR>    --d-----    c:\programmer\Messenger
2009-03-03 00:33    <DIR>    --d-----    c:\programmer\MSN Gaming Zone
2009-03-03 00:32    <DIR>    --d-----    c:\programmer\Windows NT

==================== Find3M  ====================

2009-03-05 17:20    104,448    a-------    c:\windows\system32\sqdrai.dll
2009-03-05 17:20    104,448    a-------    c:\windows\system32\qxhttmmr.dll
2009-03-05 12:32    458,640    a-------    c:\windows\system32\perfh006.dat
2009-03-05 12:32    83,400    a-------    c:\windows\system32\perfc006.dat
2009-03-03 00:59    86,327    a-------    c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-03 00:33    21,644    a-------    c:\windows\system32\emptyregdb.dat
2008-12-21 00:03    826,368    a-------    c:\windows\system32\wininet.dll
2008-04-15 13:00    924,791    ---shr--    c:\windows\system32\wmisrv32.exe

============= FINISH:  1:01:26,20 ===============

ser ud til at den blokerer for alt dersiger et eller andet med
spywære og microsoft

Prøv med en Win98 opstartsdiskette (disketten skal være låst).
efter opstart skriv da ved drev a;

fdisk /mbr
Herved renser du Master Boot Record
Har du ingen diskette drev prøv da med en opstarts cd.
Har du prøvet at starte op i fejlsikret tilstand og køre en scanning?

Du har nogen grimme infektioner der er årsagen til at du ikke kan køre malwarebyte. Lad os se om du kan hente og køre combofix:

Hent ComboFix herfra - ved at højreklikke på link og vælge "Gem som":

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Gem filen som - Mike.exe


Luk alle andre vinduer ned.

Kør så combofix.exe, og følg anvisningerne.

Vigtigt-> Deaktiver dit antivirus/antispyware program. Da det/de kan "forstyrre" og konflikte med Combofix, eller fjerne vigtige Combofix filer, hvilket kan få computeren til fryse.

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix txt

Indholdet af denne fil må du gerne lægge herind

måtte ind i fejlsikret tilstand for at kører combofix og det hjalp nu kan jeg kører malwarebytes
her kommer cobofix loggen
ComboFix 09-03-04.01 - Karsten 2009-03-06  8:23:59.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.1023.833 [GMT 1:00]
Kører fra: c:\documents and settings\Karsten\Skrivebord\mike.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Panda Antivirus Pro 2009 *On-access scanning enabled* (Updated)

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Karsten\LOKALE~1\Temp\tmp1.tmp
c:\docume~1\Karsten\LOKALE~1\Temp\tmp2.tmp
c:\windows\system32\aodscqtv.ini
c:\windows\system32\avvlfolg.dll
c:\windows\system32\ckoptwbx.ini
c:\windows\system32\dachwqer.ini
c:\windows\system32\dknigcbl.dll
c:\windows\system32\drivers\UACewcpkbmq.sys
c:\windows\system32\gedwpsla.ini
c:\windows\system32\gzuidf.dll
c:\windows\system32\hPprAcdd.ini
c:\windows\system32\hPprAcdd.ini2
c:\windows\system32\hulrmhiw.ini
c:\windows\system32\iifgggHb.dll
c:\windows\system32\jygloedw.ini
c:\windows\system32\lklvayoj.dll
c:\windows\system32\ngvudwhv.ini
c:\windows\system32\ntos.exe
c:\windows\system32\qxhttmmr.dll
c:\windows\system32\rqRljghE.dll
c:\windows\system32\sqdrai.dll
c:\windows\system32\UACkrrexuru.dat
c:\windows\system32\UACmftnpeoe.log
c:\windows\system32\UACpdvjknmi.dll
c:\windows\system32\UACqeuyfwod.dll
c:\windows\system32\UACritntpop.dat
c:\windows\system32\UACsfsghhde.log
c:\windows\system32\UACwnvmaxkt.dll
c:\windows\system32\UACworxusiy.dll
c:\windows\system32\UACxrlnstjl.dll
c:\windows\system32\ufvxijce.dll
c:\windows\system32\upysygvn.dll
c:\windows\system32\vtUmMEvv.dll.vir
c:\windows\system32\vvEMmUtv.ini
c:\windows\system32\vvEMmUtv.ini2
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll
c:\windows\system32\wwnaglbv.ini

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


(((((((((((((((((((((((((((((  Filer skabt fra 2009-02-06 til 2009-03-06  )))))))))))))))))))))))))))))))))))
.

2009-03-06 08:18 . 2008-10-16 14:06    208,744    --a------    c:\windows\system32\muweb.dll
2009-03-06 07:12 . 2009-03-06 07:15    <DIR>    d--------    C:\ComboFix
2009-03-06 00:28 . 2009-03-06 00:28    <DIR>    d--------    c:\programmer\Avira
2009-03-06 00:28 . 2009-03-06 00:28    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Avira
2009-03-05 23:39 . 2009-03-05 23:39    <DIR>    d--------    c:\documents and settings\Karsten\Application Data\Grisoft
2009-03-05 23:24 . 2009-03-05 23:24    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Grisoft
2009-03-05 23:24 . 2009-03-05 23:24    <DIR>    d--------    c:\documents and settings\Administrator\Application Data\Grisoft
2009-03-05 23:24 . 2007-05-30 13:10    10,872    --a------    c:\windows\system32\drivers\AvgAsCln.sys
2009-03-05 23:22 . 2009-03-05 23:22    <DIR>    d--------    c:\programmer\Yahoo!
2009-03-05 23:22 . 2009-03-05 23:22    <DIR>    d--------    c:\programmer\CCleaner
2009-03-05 23:19 . 2009-03-05 23:22    <DIR>    d--------    c:\documents and settings\Administrator\Skrivebord
2009-03-05 23:19 . 2009-03-03 00:32    <DIR>    d--h-----    c:\documents and settings\Administrator\Skabeloner
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    d--h-----    c:\documents and settings\Administrator\Printere
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    dr-------    c:\documents and settings\Administrator\Menuen Start
2009-03-05 23:19 . 2009-03-05 23:21    <DIR>    d--h-----    c:\documents and settings\Administrator\Lokale indstillinger
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    d--------    c:\documents and settings\Administrator\Foretrukne
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    d--------    c:\documents and settings\Administrator\Dokumenter
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    d--h-----    c:\documents and settings\Administrator\Andre computere
2009-03-05 23:19 . 2009-03-05 23:30    <DIR>    d--------    c:\documents and settings\Administrator
2009-03-05 22:52 . 2009-03-05 22:52    <DIR>    d--------    c:\documents and settings\Karsten\Application Data\dvdcss
2009-03-05 22:39 . 2009-03-06 07:10    5,164    --a------    c:\windows\system32\uacinit.dll
2009-03-05 22:37 . 2009-03-05 22:55    102,510    --a------    c:\windows\system32\drivers\90bb48b2.sys
2009-03-05 22:37 . 2009-03-05 22:37    74,752    --a------    c:\windows\system32\njlaquwb.dll
2009-03-05 22:37 . 2009-03-05 22:37    2    --a------    C:\-1465735719
2009-03-05 21:35 . 2009-03-05 21:35    <DIR>    d--------    c:\documents and settings\Karsten\cbt
2009-03-05 21:33 . 2009-03-05 21:33    208    --ah-----    C:\sqmdata01.sqm
2009-03-05 21:33 . 2009-03-05 21:33    172    --ah-----    C:\sqmnoopt01.sqm
2009-03-05 21:31 . 2009-03-05 21:31    <DIR>    d--------    c:\documents and settings\Susanne\cbt
2009-03-05 21:29 . 2009-03-05 21:29    268    --ah-----    C:\sqmdata00.sqm
2009-03-05 21:29 . 2009-03-05 21:29    244    --ah-----    C:\sqmnoopt00.sqm
2009-03-05 21:04 . 2009-03-05 21:04    <DIR>    d--------    c:\documents and settings\Karsten\.oces
2009-03-05 21:04 . 2009-03-05 21:04    0    --a------    c:\documents and settings\Karsten\temp.dat
2009-03-05 20:54 . 2009-03-05 20:54    <DIR>    d--------    C:\Alm. Brand Bank
2009-03-05 19:50 . 2009-03-05 20:05    141    --a------    c:\windows\wcx_ftp.ini
2009-03-05 19:43 . 2009-03-05 19:50    <DIR>    d--------    C:\totalcmd
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    c:\windows\UC.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    c:\windows\RAR.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    c:\windows\PKZIP.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    c:\windows\PKUNZIP.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    c:\windows\NOCLOSE.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    c:\windows\LHA.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    c:\windows\ARJ.PIF
2009-03-05 19:43 . 2009-03-05 20:06    312    --a------    c:\windows\wincmd.ini
2009-03-05 19:05 . 2009-03-05 19:34    39    --a------    c:\windows\Irremote.ini
2009-03-05 18:47 . 2009-03-05 19:17    <DIR>    d--------    c:\documents and settings\Karsten\Application Data\Nero
2009-03-05 18:28 . 2009-03-05 18:28    <DIR>    d--------    c:\programmer\Fælles filer\Adobe
2009-03-05 17:39 . 2009-03-05 17:39    <DIR>    d--------    c:\documents and settings\All Users\Application Data\ATI
2009-03-05 12:35 . 2009-03-05 12:41    8,627    --a------    c:\windows\system32\PAV_FOG.OPC
2009-03-05 12:26 . 2009-03-05 12:26    <DIR>    d--------    c:\windows\system32\PAV
2009-03-05 12:26 . 2009-03-05 12:26    <DIR>    d--------    c:\documents and settings\Karsten\Application Data\Panda Security
2009-03-05 12:26 . 2009-03-05 12:26    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Panda Security
2009-03-05 12:26 . 2008-06-18 18:03    520,448    --a------    c:\windows\system32\PavSHook.dll
2009-03-05 12:26 . 2003-10-22 18:23    446,464    --a------    c:\windows\system32\HHActiveX.dll
2009-03-05 12:26 . 2008-06-24 14:48    193,280    --a------    c:\windows\system32\TpUtil.dll
2009-03-05 12:26 . 2007-02-08 11:53    107,568    --a------    c:\windows\system32\SYSTOOLS.DLL
2009-03-05 12:26 . 2008-06-18 18:03    87,296    --a------    c:\windows\system32\PavLspHook.dll
2009-03-05 12:26 . 2008-04-28 17:35    84,024    --a------    c:\windows\system32\drivers\pavdrv51.sys
2009-03-05 12:26 . 2008-03-18 16:58    58,672    --a------    c:\windows\system32\avldr.dll
2009-03-05 12:26 . 2008-06-18 18:03    55,552    --a------    c:\windows\system32\pavipc.dll
2009-03-05 12:26 . 2007-03-15 19:38    54,832    --a------    c:\windows\system32\pavcpl.cpl
2009-03-05 12:26 . 2009-03-05 12:26    243    --a------    c:\windows\system32\PavCPL.dat
2009-03-05 12:24 . 2009-03-05 12:24    <DIR>    d--------    c:\programmer\Fælles filer\Panda Security
2009-03-05 12:24 . 2008-02-07 12:03    179,640    --a------    c:\windows\system32\drivers\PavProc.sys
2009-03-05 12:24 . 2008-03-04 15:59    41,144    --a------    c:\windows\system32\drivers\ShlDrv51.sys
2009-03-05 12:07 . 2009-03-05 12:07    <DIR>    d--------    c:\documents and settings\LocalService\Skrivebord
2009-03-05 11:46 . 2009-03-05 11:46    64,160    --a------    c:\windows\system32\drivers\Lbd.sys
2009-03-05 11:44 . 2009-03-05 11:44    <DIR>    d--------    c:\programmer\Lavasoft
2009-03-05 11:44 . 2009-03-05 11:46    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-05 11:44 . 2009-03-05 11:44    <DIR>    d--h-c---    c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-05 11:43 . 2009-03-05 11:43    <DIR>    d--------    c:\documents and settings\Karsten\Application Data\Malwarebytes
2009-03-05 11:43 . 2009-03-05 11:43    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 11:37 . 2009-03-05 12:26    <DIR>    d--------    c:\programmer\Panda Security
2009-03-05 11:37 . 2008-06-19 17:24    28,544    --a------    c:\windows\system32\drivers\pavboot.sys
2009-03-05 10:40 . 2009-03-05 11:48    <DIR>    d--------    c:\programmer\Spybot - Search & Destroy
2009-03-05 10:40 . 2009-03-05 11:45    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 10:34 . 2009-03-05 10:34    <DIR>    d--------    c:\programmer\MSXML 4.0
2009-03-05 10:34 . 2008-04-15 13:00    221,184    --a------    c:\windows\system32\wmpns.dll
2009-03-05 10:15 . 2009-03-05 10:15    <DIR>    d--------    c:\documents and settings\All Users\Application Data\NVIDIA
2009-03-05 09:53 . 2009-03-05 10:23    <DIR>    d--------    c:\windows\nview
2009-03-05 09:53 . 2006-10-22 12:22    208,896    --a------    c:\windows\system32\nvudisp.exe
2009-03-05 09:53 . 2009-03-05 12:38    88,566    --a------    c:\windows\system32\nvapps.xml
2009-03-05 09:53 . 2006-10-22 12:22    17,056    --a------    c:\windows\system32\nvdisp.nvu
2009-03-05 09:52 . 2009-03-05 09:52    <DIR>    d--------    C:\NVIDIA
2009-03-05 09:52 . 2006-10-22 15:06    208,896    --a------    c:\windows\system32\NVUNINST.EXE
2009-03-05 09:43 . 2009-03-05 09:43    <DIR>    d--------    c:\programmer\SystemRequirementsLab
2009-03-05 09:40 . 2009-03-05 09:40    10    --a------    c:\windows\WININIT.INI
2009-03-05 09:35 . 2006-10-22 12:22    4,527,488    --a------    c:\windows\system32\nv4_disp.dll
2009-03-05 09:35 . 2008-04-14 09:05    4,274,816    --a--c---    c:\windows\system32\dllcache\nv4_disp.dll
2009-03-05 09:35 . 2006-10-22 12:22    3,994,624    --a------    c:\windows\system32\drivers\nv4_mini.sys
2009-03-05 09:35 . 2006-10-22 12:22    3,994,624    --a--c---    c:\windows\system32\dllcache\nv4_mini.sys
2009-03-05 07:11 . 2009-03-05 19:35    <DIR>    d--------    c:\programmer\Nero
2009-03-05 07:11 . 2009-03-05 19:43    <DIR>    d--------    c:\programmer\Fælles filer\Nero
2009-03-05 07:11 . 2009-03-05 19:43    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Nero
2009-03-05 06:42 . 2009-03-05 06:51    <DIR>    d--------    c:\documents and settings\Karsten\.JBinUp
2009-03-05 06:41 . 2009-03-05 06:41    <DIR>    d--------    c:\windows\Sun
2009-03-05 06:41 . 2009-03-05 06:41    <DIR>    d--------    c:\programmer\Java
2009-03-05 06:41 . 2009-03-05 06:41    410,984    --a------    c:\windows\system32\deploytk.dll
2009-03-05 06:41 . 2009-03-05 06:41    73,728    --a------    c:\windows\system32\javacpl.cpl
2009-03-05 06:40 . 2009-03-05 06:40    <DIR>    d--------    c:\programmer\JBinUp
2009-03-05 06:38 . 2009-03-05 06:38    <DIR>    d--------    c:\documents and settings\Susanne\Application Data\Cryptomathic
2009-03-05 06:36 . 2009-03-05 06:36    <DIR>    d--------    c:\programmer\DanID
2009-03-05 06:36 . 2009-03-05 06:36    <DIR>    d--------    c:\documents and settings\Karsten\Application Data\Cryptomathic
2009-03-05 06:36 . 2009-03-05 06:36    <DIR>    d--h-c---    c:\documents and settings\All Users\Application Data\{D166A25B-41F0-45EA-B10E-DE7D7B5C3455}
2009-03-04 20:04 . 2009-03-04 20:04    <DIR>    d--------    c:\documents and settings\Karsten\Application Data\Elaborate Bytes
2009-03-04 20:03 . 2009-03-04 20:03    <DIR>    d--------    c:\programmer\Elaborate Bytes
2009-03-04 08:50 . 2009-03-05 12:54    <DIR>    d--------    c:\programmer\DVD-RB PRO
2009-03-04 08:49 . 2009-03-04 09:41    <DIR>    d--------    c:\programmer\AviSynth 2.5
2009-03-04 08:47 . 2009-03-04 10:29    <DIR>    d--------    c:\programmer\Custom Technology
2009-03-04 07:27 . 2009-03-04 07:27    <DIR>    d--------    c:\documents and settings\Susanne\Contacts
2009-03-04 07:19 . 2009-03-04 07:20    <DIR>    d--------    c:\documents and settings\Susanne\Skrivebord
2009-03-04 07:19 . 2009-03-03 00:32    <DIR>    d--h-----    c:\documents and settings\Susanne\Skabeloner
2009-03-04 07:19 . 2009-03-03 01:25    <DIR>    d--h-----    c:\documents and settings\Susanne\Printere
2009-03-04 07:19 . 2009-03-03 01:25    <DIR>    dr-------    c:\documents and settings\Susanne\Menuen Start
2009-03-04 07:19 . 2009-03-03 01:25    <DIR>    d--h-----    c:\documents and settings\Susanne\Lokale indstillinger
2009-03-04 07:19 . 2009-03-04 07:19    <DIR>    dr-------    c:\documents and settings\Susanne\Foretrukne
2009-03-04 07:19 . 2009-03-04 07:27    <DIR>    dr-------    c:\documents and settings\Susanne\Dokumenter
2009-03-04 07:19 . 2009-03-04 07:19    <DIR>    d--------    c:\documents and settings\Susanne\Application Data\Logitech
2009-03-04 07:19 . 2009-03-04 07:19    <DIR>    d--------    c:\documents and settings\Susanne\Application Data\ATI
2009-03-04 07:19 . 2009-03-03 01:25    <DIR>    d--h-----    c:\documents and settings\Susanne\Andre computere
2009-03-04 07:19 . 2009-03-05 21:31    <DIR>    d--------    c:\documents and settings\Susanne
2009-03-04 07:03 . 2009-03-04 07:03    <DIR>    d--------    c:\documents and settings\Karsten\Application Data\Logitech
2009-03-04 07:02 . 2009-03-04 07:02    <DIR>    d--------    c:\documents and settings\All Users\Application Data\LogiShrd
2009-03-04 07:02 . 2008-09-26 09:52    10,384    --a------    c:\windows\system32\drivers\LBeepKE.sys
2009-03-04 07:02 . 2009-03-04 07:02    0    --ah-----    c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-04 07:02 . 2009-03-04 07:02    0    --ah-----    c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 18:39    ---------    d-----w    c:\documents and settings\Karsten\Application Data\Skype
2009-03-05 16:30    ---------    d-----w    c:\programmer\ATI Technologies
2009-03-05 11:26    ---------    d--h--w    c:\programmer\InstallShield Installation Information
2009-03-03 00:09    ---------    d-----w    c:\programmer\Skype
2009-03-03 00:09    ---------    d-----w    c:\programmer\QuickPar
2009-03-03 00:09    ---------    d-----w    c:\programmer\Fælles filer\Skype
2009-03-03 00:09    ---------    d-----w    c:\documents and settings\All Users\Application Data\Skype
2009-03-03 00:08    ---------    d-----w    c:\programmer\MSN Messenger
2009-03-03 00:07    ---------    d-----w    c:\programmer\DU Meter
2009-03-03 00:07    ---------    d-----w    c:\programmer\D-Tools
2009-03-03 00:07    ---------    d-----w    c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-03-03 00:05    ---------    d-----w    c:\programmer\DVD Decrypter
2009-03-02 23:54    ---------    d-----w    c:\programmer\Realtek
2009-03-02 23:47    ---------    d-----w    c:\programmer\Alwil Software
2009-03-02 23:43    ---------    d-----w    c:\programmer\Fælles filer\InstallShield
2009-03-02 23:36    ---------    d-----w    c:\programmer\microsoft frontpage
2009-03-02 23:35    ---------    d-----w    c:\programmer\Onlinetjenester
2009-03-02 23:34    ---------    d-----w    c:\programmer\Fælles filer\Tjenester
2008-04-15 12:00    924,791    --sh--r    c:\windows\system32\wmisrv32.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"msnmsgr"="c:\programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\programmer\DU Meter\DUMeter.exe" [2004-08-25 1465856]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"APVXDWIN"="c:\programmer\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\programmer\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
"StartCCC"="c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"!AVG Anti-Spyware"="c:\programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avgnt"="c:\programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2009-03-04 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 c:\programmer\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-01-29 15:36 25370152 c:\programmer\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-10-10 14:46 69632 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-09-12 09:58 16264192 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmer\\MSN Messenger\\livecall.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Karsten\\Skrivebord\\eatbfs23\\eatbfs23\\G6FTPSrv.exe"=
"e:\\Ny mappe\\opsæt\\eatbfs23\\eatbfs23\\G6FTPSrv.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"f:\\Ny mappe (4)\\Ny mappe (6)\\eatbfs23\\eatbfs23\\G6FTPSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-05 64160]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-05 28544]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-03-05 41144]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-03-04 10384]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-03-05 179640]
S2 PskSvcRetail;Panda PSK service;c:\programmer\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [2009-03-05 28928]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmer\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda    REG_MULTI_SZ      Gwmsrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eda182a-0785-11de-ae67-00138ff81dd5}]
\Shell\AutoRun\command - driver\usb\usb_driver.exe
\Shell\open\command - driver\usb\usb_driver.exe
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmer\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-05 11:46]

2009-03-06 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe []

2009-03-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe []

2009-03-05 c:\windows\Tasks\User_Feed_Synchronization-{C1F789F5-3A20-419C-B6FD-EB632FB079E1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{63ce3182-1d8c-490b-81f4-0cc1677f1604} - c:\windows\system32\sqdrai.dll
BHO-{E492657A-4845-418E-998A-1B2BE3CE6CE0} - (no file)
Notify-efcDSJab - efcDSJab.dll
MSConfigStartUp-a8a2a576 - c:\windows\system32\wdeolgyj.dll
MSConfigStartUp-microssofts - scvhosts.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://dyndns.dk/start.php
Trusted Zone: danid.dk
.
.
------- Fil Associationer -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 08:30:13
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(256)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Gennemført tid: 2009-03-06  8:32:09 - maskinen blev genstartet [Karsten]
ComboFix-quarantined-files.txt  2009-03-06 07:32:07

Pre-Kørsel: 39,195,447,296 byte ledig
Post-Kørsel: 41,284,857,856 byte ledig

353    --- E O F ---    2009-03-05 10:33:59

lige log filen fra malwarebytes også
Malwarebytes' Anti-Malware 1.34
Database version: 1824
Windows 5.1.2600 Service Pack 3

2009-03-06 08:59:45
mbam-log-2009-03-06 (08-59-45).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 105415
Tid tilbagelagt: 21 minute(s), 2 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 13

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpdvjknmi.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqeuyfwod.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwnvmaxkt.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACworxusiy.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxrlnstjl.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A378E787-722A-4896-99CA-58C46D4F81A0}\RP0\A0000001.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A378E787-722A-4896-99CA-58C46D4F81A0}\RP0\A0000002.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A378E787-722A-4896-99CA-58C46D4F81A0}\RP0\A0003100.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A378E787-722A-4896-99CA-58C46D4F81A0}\RP0\A0003101.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A378E787-722A-4896-99CA-58C46D4F81A0}\RP0\A0003102.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njlaquwb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\90bb48b2.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Fint, så kom der hul på bylden ;)


Åben Notesblok og kopier følgende (tekst imellem de stiplede linjer) ind - og gem tekst-filen som CFScript samme sted som du har ComboFix:

EVT. Kig her:
http://www.fromsej.dk/billeder/CFScript.jpg

…………………………………………………………………….

Killall::

Snapshot::

File::
c:\windows\system32\njlaquwb.dll
c:\windows\system32\wmisrv32.exe
c:\windows\Tasks\OGADaily.job
c:\windows\Tasks\OGALogon.job
c:\windows\system32\drivers\90bb48b2.sys
c:\windows\system32\uacinit.dll

Hosts::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

………………………………………………………………………..


Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Som vist her ->

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Læg den nye ComboFix log herind. Den kan findes her - C:\combofix Txt

Avira + panda antivirus. Du bør afinstallere det ene.

combofix log

ComboFix 09-03-04.01 - Karsten 2009-03-06 12:27:05.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.1023.577 [GMT 1:00]
Kører fra: C:\Documents and Settings\Karsten\Skrivebord\mike.exe
Kommandoer benyttet :: C:\mike\cfscript.txt
AV: Panda Antivirus Pro 2009 *On-access scanning enabled* (Updated)
* Dannede nyt systemgendannelsespunkt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
C:\DOCUME~1\Karsten\LOKALE~1\Temp\tmp1.tmp
C:\DOCUME~1\Karsten\LOKALE~1\Temp\tmp2.tmp
C:\WINDOWS\system32\aodscqtv.ini
C:\WINDOWS\system32\avvlfolg.dll
C:\WINDOWS\system32\ckoptwbx.ini
C:\WINDOWS\system32\dachwqer.ini
C:\WINDOWS\system32\dknigcbl.dll
C:\WINDOWS\system32\drivers\UACewcpkbmq.sys
C:\WINDOWS\system32\gedwpsla.ini
C:\WINDOWS\system32\gzuidf.dll
C:\WINDOWS\system32\hPprAcdd.ini
C:\WINDOWS\system32\hPprAcdd.ini2
C:\WINDOWS\system32\hulrmhiw.ini
C:\WINDOWS\system32\iifgggHb.dll
C:\WINDOWS\system32\jygloedw.ini
C:\WINDOWS\system32\lklvayoj.dll
C:\WINDOWS\system32\ngvudwhv.ini
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\qxhttmmr.dll
C:\WINDOWS\system32\rqRljghE.dll
C:\WINDOWS\system32\sqdrai.dll
C:\WINDOWS\system32\UACkrrexuru.dat
C:\WINDOWS\system32\UACmftnpeoe.log
C:\WINDOWS\system32\UACpdvjknmi.dll
C:\WINDOWS\system32\UACqeuyfwod.dll
C:\WINDOWS\system32\UACritntpop.dat
C:\WINDOWS\system32\UACsfsghhde.log
C:\WINDOWS\system32\UACwnvmaxkt.dll
C:\WINDOWS\system32\UACworxusiy.dll
C:\WINDOWS\system32\UACxrlnstjl.dll
C:\WINDOWS\system32\ufvxijce.dll
C:\WINDOWS\system32\upysygvn.dll
C:\WINDOWS\system32\vtUmMEvv.dll.vir
C:\WINDOWS\system32\vvEMmUtv.ini
C:\WINDOWS\system32\vvEMmUtv.ini2
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\wwnaglbv.ini

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


(((((((((((((((((((((((((((((  Filer skabt fra 2009-02-06 til 2009-03-06  )))))))))))))))))))))))))))))))))))
.

2009-03-06 08:37 . 2009-03-06 08:37    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2009-03-06 08:37 . 2009-02-11 10:19    38,496    --a------    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-03-06 08:37 . 2009-02-11 10:19    15,504    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2009-03-06 08:18 . 2008-10-16 14:06    208,744    --a------    C:\WINDOWS\system32\muweb.dll
2009-03-06 07:12 . 2009-03-06 12:25    <DIR>    d--------    C:\ComboFix
2009-03-05 23:39 . 2009-03-05 23:39    <DIR>    d--------    C:\Documents and Settings\Karsten\Application Data\Grisoft
2009-03-05 23:24 . 2009-03-05 23:24    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2009-03-05 23:24 . 2009-03-05 23:24    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Grisoft
2009-03-05 23:24 . 2007-05-30 13:10    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2009-03-05 23:22 . 2009-03-05 23:22    <DIR>    d--------    C:\Programmer\Yahoo!
2009-03-05 23:22 . 2009-03-05 23:22    <DIR>    d--------    C:\Programmer\CCleaner
2009-03-05 23:19 . 2009-03-05 23:22    <DIR>    d--------    C:\Documents and Settings\Administrator\Skrivebord
2009-03-05 23:19 . 2009-03-03 00:32    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Skabeloner
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Printere
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    dr-------    C:\Documents and Settings\Administrator\Menuen Start
2009-03-05 23:19 . 2009-03-06 12:28    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Lokale indstillinger
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    d--------    C:\Documents and Settings\Administrator\Foretrukne
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    d--------    C:\Documents and Settings\Administrator\Dokumenter
2009-03-05 23:19 . 2009-03-03 01:25    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Andre computere
2009-03-05 23:19 . 2009-03-05 23:30    <DIR>    d--------    C:\Documents and Settings\Administrator
2009-03-05 22:52 . 2009-03-05 22:52    <DIR>    d--------    C:\Documents and Settings\Karsten\Application Data\dvdcss
2009-03-05 22:37 . 2009-03-05 22:37    2    --a------    C:\-1465735719
2009-03-05 21:35 . 2009-03-05 21:35    <DIR>    d--------    C:\Documents and Settings\Karsten\cbt
2009-03-05 21:33 . 2009-03-05 21:33    208    --ah-----    C:\sqmdata01.sqm
2009-03-05 21:33 . 2009-03-05 21:33    172    --ah-----    C:\sqmnoopt01.sqm
2009-03-05 21:31 . 2009-03-05 21:31    <DIR>    d--------    C:\Documents and Settings\Susanne\cbt
2009-03-05 21:29 . 2009-03-05 21:29    268    --ah-----    C:\sqmdata00.sqm
2009-03-05 21:29 . 2009-03-05 21:29    244    --ah-----    C:\sqmnoopt00.sqm
2009-03-05 21:04 . 2009-03-05 21:04    <DIR>    d--------    C:\Documents and Settings\Karsten\.oces
2009-03-05 21:04 . 2009-03-05 21:04    0    --a------    C:\Documents and Settings\Karsten\temp.dat
2009-03-05 20:54 . 2009-03-05 20:54    <DIR>    d--------    C:\Alm. Brand Bank
2009-03-05 19:50 . 2009-03-05 20:05    141    --a------    C:\WINDOWS\wcx_ftp.ini
2009-03-05 19:43 . 2009-03-05 19:50    <DIR>    d--------    C:\totalcmd
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    C:\WINDOWS\UC.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    C:\WINDOWS\RAR.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    C:\WINDOWS\PKZIP.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    C:\WINDOWS\PKUNZIP.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    C:\WINDOWS\NOCLOSE.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    C:\WINDOWS\LHA.PIF
2009-03-05 19:43 . 2006-02-16 06:54    545    --a------    C:\WINDOWS\ARJ.PIF
2009-03-05 19:43 . 2009-03-05 20:06    312    --a------    C:\WINDOWS\wincmd.ini
2009-03-05 19:05 . 2009-03-05 19:34    39    --a------    C:\WINDOWS\Irremote.ini
2009-03-05 18:47 . 2009-03-05 19:17    <DIR>    d--------    C:\Documents and Settings\Karsten\Application Data\Nero
2009-03-05 18:28 . 2009-03-05 18:28    <DIR>    d--------    C:\Programmer\Fælles filer\Adobe
2009-03-05 17:39 . 2009-03-05 17:39    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\ATI
2009-03-05 12:35 . 2009-03-05 12:41    8,627    --a------    C:\WINDOWS\system32\PAV_FOG.OPC
2009-03-05 12:26 . 2009-03-05 12:26    <DIR>    d--------    C:\WINDOWS\system32\PAV
2009-03-05 12:26 . 2009-03-05 12:26    <DIR>    d--------    C:\Documents and Settings\Karsten\Application Data\Panda Security
2009-03-05 12:26 . 2009-03-05 12:26    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Panda Security
2009-03-05 12:26 . 2008-06-18 18:03    520,448    --a------    C:\WINDOWS\system32\PavSHook.dll
2009-03-05 12:26 . 2003-10-22 18:23    446,464    --a------    C:\WINDOWS\system32\HHActiveX.dll
2009-03-05 12:26 . 2008-06-24 14:48    193,280    --a------    C:\WINDOWS\system32\TpUtil.dll
2009-03-05 12:26 . 2007-02-08 11:53    107,568    --a------    C:\WINDOWS\system32\SYSTOOLS.DLL
2009-03-05 12:26 . 2008-06-18 18:03    87,296    --a------    C:\WINDOWS\system32\PavLspHook.dll
2009-03-05 12:26 . 2008-04-28 17:35    84,024    --a------    C:\WINDOWS\system32\drivers\pavdrv51.sys
2009-03-05 12:26 . 2008-03-18 16:58    58,672    --a------    C:\WINDOWS\system32\avldr.dll
2009-03-05 12:26 . 2008-06-18 18:03    55,552    --a------    C:\WINDOWS\system32\pavipc.dll
2009-03-05 12:26 . 2007-03-15 19:38    54,832    --a------    C:\WINDOWS\system32\pavcpl.cpl
2009-03-05 12:26 . 2009-03-05 12:26    243    --a------    C:\WINDOWS\system32\PavCPL.dat
2009-03-05 12:24 . 2009-03-05 12:24    <DIR>    d--------    C:\Programmer\Fælles filer\Panda Security
2009-03-05 12:24 . 2008-02-07 12:03    179,640    --a------    C:\WINDOWS\system32\drivers\PavProc.sys
2009-03-05 12:24 . 2008-03-04 15:59    41,144    --a------    C:\WINDOWS\system32\drivers\ShlDrv51.sys
2009-03-05 12:07 . 2009-03-05 12:07    <DIR>    d--------    C:\Documents and Settings\LocalService\Skrivebord
2009-03-05 11:46 . 2009-03-05 11:46    64,160    --a------    C:\WINDOWS\system32\drivers\Lbd.sys
2009-03-05 11:44 . 2009-03-05 11:44    <DIR>    d--------    C:\Programmer\Lavasoft
2009-03-05 11:44 . 2009-03-05 11:46    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-03-05 11:44 . 2009-03-05 11:44    <DIR>    d--h-c---    C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-05 11:43 . 2009-03-05 11:43    <DIR>    d--------    C:\Documents and Settings\Karsten\Application Data\Malwarebytes
2009-03-05 11:43 . 2009-03-05 11:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-05 11:37 . 2009-03-05 12:26    <DIR>    d--------    C:\Programmer\Panda Security
2009-03-05 11:37 . 2008-06-19 17:24    28,544    --a------    C:\WINDOWS\system32\drivers\pavboot.sys
2009-03-05 10:40 . 2009-03-05 11:48    <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2009-03-05 10:40 . 2009-03-05 11:45    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 10:34 . 2009-03-05 10:34    <DIR>    d--------    C:\Programmer\MSXML 4.0
2009-03-05 10:34 . 2008-04-15 13:00    221,184    --a------    C:\WINDOWS\system32\wmpns.dll
2009-03-05 10:15 . 2009-03-05 10:15    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\NVIDIA
2009-03-05 09:53 . 2009-03-05 10:23    <DIR>    d--------    C:\WINDOWS\nview
2009-03-05 09:53 . 2006-10-22 12:22    208,896    --a------    C:\WINDOWS\system32\nvudisp.exe
2009-03-05 09:53 . 2009-03-05 12:38    88,566    --a------    C:\WINDOWS\system32\nvapps.xml
2009-03-05 09:53 . 2006-10-22 12:22    17,056    --a------    C:\WINDOWS\system32\nvdisp.nvu
2009-03-05 09:52 . 2009-03-05 09:52    <DIR>    d--------    C:\NVIDIA
2009-03-05 09:52 . 2006-10-22 15:06    208,896    --a------    C:\WINDOWS\system32\NVUNINST.EXE
2009-03-05 09:43 . 2009-03-05 09:43    <DIR>    d--------    C:\Programmer\SystemRequirementsLab
2009-03-05 09:40 . 2009-03-05 09:40    10    --a------    C:\WINDOWS\WININIT.INI
2009-03-05 09:35 . 2006-10-22 12:22    4,527,488    --a------    C:\WINDOWS\system32\nv4_disp.dll
2009-03-05 09:35 . 2008-04-14 09:05    4,274,816    --a--c---    C:\WINDOWS\system32\dllcache\nv4_disp.dll
2009-03-05 09:35 . 2006-10-22 12:22    3,994,624    --a------    C:\WINDOWS\system32\drivers\nv4_mini.sys
2009-03-05 09:35 . 2006-10-22 12:22    3,994,624    --a--c---    C:\WINDOWS\system32\dllcache\nv4_mini.sys
2009-03-05 07:11 . 2009-03-05 19:35    <DIR>    d--------    C:\Programmer\Nero
2009-03-05 07:11 . 2009-03-05 19:43    <DIR>    d--------    C:\Programmer\Fælles filer\Nero
2009-03-05 07:11 . 2009-03-05 19:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Nero
2009-03-05 06:42 . 2009-03-05 06:51    <DIR>    d--------    C:\Documents and Settings\Karsten\.JBinUp
2009-03-05 06:41 . 2009-03-05 06:41    <DIR>    d--------    C:\WINDOWS\Sun
2009-03-05 06:41 . 2009-03-05 06:41    <DIR>    d--------    C:\Programmer\Java
2009-03-05 06:41 . 2009-03-05 06:41    410,984    --a------    C:\WINDOWS\system32\deploytk.dll
2009-03-05 06:41 . 2009-03-05 06:41    73,728    --a------    C:\WINDOWS\system32\javacpl.cpl
2009-03-05 06:40 . 2009-03-05 06:40    <DIR>    d--------    C:\Programmer\JBinUp
2009-03-05 06:38 . 2009-03-05 06:38    <DIR>    d--------    C:\Documents and Settings\Susanne\Application Data\Cryptomathic
2009-03-05 06:36 . 2009-03-05 06:36    <DIR>    d--------    C:\Programmer\DanID
2009-03-05 06:36 . 2009-03-05 06:36    <DIR>    d--------    C:\Documents and Settings\Karsten\Application Data\Cryptomathic
2009-03-05 06:36 . 2009-03-05 06:36    <DIR>    d--h-c---    C:\Documents and Settings\All Users\Application Data\{D166A25B-41F0-45EA-B10E-DE7D7B5C3455}
2009-03-04 20:04 . 2009-03-04 20:04    <DIR>    d--------    C:\Documents and Settings\Karsten\Application Data\Elaborate Bytes
2009-03-04 20:03 . 2009-03-04 20:03    <DIR>    d--------    C:\Programmer\Elaborate Bytes
2009-03-04 08:50 . 2009-03-05 12:54    <DIR>    d--------    C:\Programmer\DVD-RB PRO
2009-03-04 08:49 . 2009-03-04 09:41    <DIR>    d--------    C:\Programmer\AviSynth 2.5
2009-03-04 08:47 . 2009-03-04 10:29    <DIR>    d--------    C:\Programmer\Custom Technology
2009-03-04 07:27 . 2009-03-04 07:27    <DIR>    d--------    C:\Documents and Settings\Susanne\Contacts
2009-03-04 07:19 . 2009-03-04 07:20    <DIR>    d--------    C:\Documents and Settings\Susanne\Skrivebord
2009-03-04 07:19 . 2009-03-03 00:32    <DIR>    d--h-----    C:\Documents and Settings\Susanne\Skabeloner
2009-03-04 07:19 . 2009-03-03 01:25    <DIR>    d--h-----    C:\Documents and Settings\Susanne\Printere
2009-03-04 07:19 . 2009-03-03 01:25    <DIR>    dr-------    C:\Documents and Settings\Susanne\Menuen Start
2009-03-04 07:19 . 2009-03-06 12:28    <DIR>    d--h-----    C:\Documents and Settings\Susanne\Lokale indstillinger
2009-03-04 07:19 . 2009-03-04 07:19    <DIR>    dr-------    C:\Documents and Settings\Susanne\Foretrukne
2009-03-04 07:19 . 2009-03-04 07:27    <DIR>    dr-------    C:\Documents and Settings\Susanne\Dokumenter
2009-03-04 07:19 . 2009-03-04 07:19    <DIR>    d--------    C:\Documents and Settings\Susanne\Application Data\Logitech
2009-03-04 07:19 . 2009-03-04 07:19    <DIR>    d--------    C:\Documents and Settings\Susanne\Application Data\ATI
2009-03-04 07:19 . 2009-03-03 01:25    <DIR>    d--h-----    C:\Documents and Settings\Susanne\Andre computere
2009-03-04 07:19 . 2009-03-05 21:31    <DIR>    d--------    C:\Documents and Settings\Susanne
2009-03-04 07:03 . 2009-03-04 07:03    <DIR>    d--------    C:\Documents and Settings\Karsten\Application Data\Logitech
2009-03-04 07:02 . 2009-03-04 07:02    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-03-04 07:02 . 2008-09-26 09:52    10,384    --a------    C:\WINDOWS\system32\drivers\LBeepKE.sys
2009-03-04 07:02 . 2009-03-04 07:02    0    --ah-----    C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-04 07:02 . 2009-03-04 07:02    0    --ah-----    C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-04 07:01 . 2008-11-07 16:37    301,656    --a------    C:\WINDOWS\system32\BtCoreIf.dll
2009-03-04 07:01 . 2008-11-07 16:38    170,512    --a------    C:\WINDOWS\system32\kemutb.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 18:39    ---------    d-----w    C:\Documents and Settings\Karsten\Application Data\Skype
2009-03-05 16:30    ---------    d-----w    C:\Programmer\ATI Technologies
2009-03-05 11:26    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2009-03-03 00:09    ---------    d-----w    C:\Programmer\Skype
2009-03-03 00:09    ---------    d-----w    C:\Programmer\QuickPar
2009-03-03 00:09    ---------    d-----w    C:\Programmer\Fælles filer\Skype
2009-03-03 00:09    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Skype
2009-03-03 00:08    ---------    d-----w    C:\Programmer\MSN Messenger
2009-03-03 00:07    ---------    d-----w    C:\Programmer\DU Meter
2009-03-03 00:07    ---------    d-----w    C:\Programmer\D-Tools
2009-03-03 00:07    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2009-03-03 00:05    ---------    d-----w    C:\Programmer\DVD Decrypter
2009-03-02 23:54    ---------    d-----w    C:\Programmer\Realtek
2009-03-02 23:47    ---------    d-----w    C:\Programmer\Alwil Software
2009-03-02 23:43    ---------    d-----w    C:\Programmer\Fælles filer\InstallShield
2009-03-02 23:36    ---------    d-----w    C:\Programmer\microsoft frontpage
2009-03-02 23:35    ---------    d-----w    C:\Programmer\Onlinetjenester
2009-03-02 23:34    ---------    d-----w    C:\Programmer\Fælles filer\Tjenester
2008-12-20 23:03    826,368    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-04-15 12:00    924,791    --sh--r    C:\WINDOWS\system32\wmisrv32.exe
.

(((((((((((((((((((((((((((((  SnapShot@2009-03-06_ 8.31.20.18  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-06 11:12:07    16,384    ----atw    C:\WINDOWS\temp\Perflib_Perfdata_f8.dat
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63ce3182-1d8c-490b-81f4-0cc1677f1604}]
C:\WINDOWS\system32\sqdrai.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 13:00 15360]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Programmer\DU Meter\DUMeter.exe" [2004-08-25 10:26 1465856]
"SunJavaUpdateSched"="C:\Programmer\Java\jre6\bin\jusched.exe" [2009-03-05 06:41 148888]
"APVXDWIN"="C:\Programmer\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 09:54 869632]
"SCANINICIO"="C:\Programmer\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 14:43 50432]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 17:11 61440]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2009-03-04 07:01:11 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDSJab]
efcDSJab.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a8a2a576]
C:\WINDOWS\system32\wdeolgyj.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Programmer\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-01-29 15:36 25370152 C:\Programmer\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-10-10 14:46 69632 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microssofts]
scvhosts.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-09-12 09:58 16264192 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Documents and Settings\\Karsten\\Skrivebord\\eatbfs23\\eatbfs23\\G6FTPSrv.exe"=
"E:\\Ny mappe\\opsæt\\eatbfs23\\eatbfs23\\G6FTPSrv.exe"=
"C:\\Programmer\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"F:\\Ny mappe (4)\\Ny mappe (6)\\eatbfs23\\eatbfs23\\G6FTPSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [2009-03-05 11:46:57 64160]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2009-03-05 11:37:48 28544]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShlDrv51.sys [2009-03-05 12:24:21 41144]
R2 Gwmsrv;Panda Goodware Cache Manager;C:\WINDOWS\system32\svchost -k Panda --> C:\WINDOWS\system32\svchost -k Panda [?]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\drivers\LBeepKE.sys [2009-03-04 07:02:14 10384]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\drivers\PavProc.sys [2009-03-05 12:24:21 179640]
R2 PskSvcRetail;Panda PSK service;C:\Programmer\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [2009-03-05 12:26:45 28928]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys --> C:\WINDOWS\system32\drivers\av5flt.sys [?]
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys --> C:\WINDOWS\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys --> C:\WINDOWS\system32\PavTPK.sys [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 22:34:37 951120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda    REG_MULTI_SZ      Gwmsrv
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-05 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Programmer\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-05 11:46]

2009-03-06 C:\WINDOWS\Tasks\OGADaily.job
- C:\WINDOWS\system32\OGAVerify.exe []

2009-03-06 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAVerify.exe []

2009-03-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1F789F5-3A20-419C-B6FD-EB632FB079E1}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{E492657A-4845-418E-998A-1B2BE3CE6CE0} - (no file)


.
------- Yderligere scanning -------
.
uStart Page = hxxp://dyndns.dk/start.php
Trusted Zone: danid.dk
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 12:28:18
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(720)
C:\WINDOWS\system32\Ati2evxx.dll
C:\WINDOWS\system32\avldr.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll
.
Gennemført tid: 2009-03-06 12:29:19
ComboFix-quarantined-files.txt  2009-03-06 11:29:16
ComboFix2.txt  2009-03-06 07:32:10

Pre-Kørsel: 41,341,976,576 byte ledig
Post-Kørsel: 41,336,700,928 byte ledig

350    --- E O F ---    2009-03-05 10:33:59

Det virkede ikke helt efter hensigten, så vi prøver Avenger -

Hent Swandog46' Avenger2 her:
http://swandog46.geekstogo.com/avenger2/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe. Nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
c:\windows\system32\njlaquwb.dll
c:\windows\system32\wmisrv32.exe
c:\windows\Tasks\OGADaily.job
c:\windows\Tasks\OGALogon.job
c:\windows\system32\drivers\90bb48b2.sys
c:\windows\system32\uacinit.dll
C:\WINDOWS\system32\wdeolgyj.dll
C:\WINDOWS\System32\scvhosts.exe

-----------------------------

-- Klik på knappen Execute. Følg vejledningen og svar ja på spørgsmålene - programmet vil opfordre dig til at genstarte computeren, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den skal du kopiere herind i forum i dit næste svar

NB. Er dit Antivirus opdateret ?

Kører fra: C:\Documents and Settings\Karsten\Skrivebord\mike.exe
Kommandoer benyttet :: C:\mike\cfscript.txt

den er her

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "c:\windows\system32\njlaquwb.dll" not found!
Deletion of file "c:\windows\system32\njlaquwb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "c:\windows\system32\wmisrv32.exe" deleted successfully.
File "c:\windows\Tasks\OGADaily.job" deleted successfully.
File "c:\windows\Tasks\OGALogon.job" deleted successfully.

Error:  file "c:\windows\system32\drivers\90bb48b2.sys" not found!
Deletion of file "c:\windows\system32\drivers\90bb48b2.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "c:\windows\system32\uacinit.dll" not found!
Deletion of file "c:\windows\system32\uacinit.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\wdeolgyj.dll" not found!
Deletion of file "C:\WINDOWS\system32\wdeolgyj.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\System32\scvhosts.exe" not found!
Deletion of file "C:\WINDOWS\System32\scvhosts.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

Det ligner noget nu, så send lige en hijackthis log herind ->

Hent Hijackthis her: http://danborg.org/spy/hjt/alternativ.exe

Klik så på alternativ.exe filen, så kører programmet. Klik på knappen Do a system scan and save a logfile. Kopier hele indholdet af den gemte logfil, som åbner automatisk og kopier loggen herind i denne tråd.

5. Sådan kopieres loggen ind i et spørgsmål:
Mens loggen er åben, markeres al teksten med tastekombinationen CTRL + A.
For at kopiere den markerede tekst bruges tastekombinationen CTRL + C, som "fastgør" det i udklipsholderen i Windows. Gå så ind i dit spørgsmål og klik på kommentér knappen. Her indsættes det kopierede i det hvide felt med tastekombinationen CTRL + V.

Send så hijackthis loggen herind

Logfile of HijackThis v1.99.1
Scan saved at 15:58, on 2009-03-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Security\PavShld\pavprsrv.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\DU Meter\DUMeter.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\psimreal.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\avciman.exe
C:\Documents and Settings\Karsten\Lokale indstillinger\Temporary Internet Files\Content.IE5\7CWYYBPE\alternativ[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dyndns.dk/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {63ce3182-1d8c-490b-81f4-0cc1677f1604} - C:\WINDOWS\system32\sqdrai.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E492657A-4845-418E-998A-1B2BE3CE6CE0} - (no file)
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmer\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236231770412&h=5d696285da6a15717496502bdb5dcfbe/&filename=jinstall-6u12-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: efcDSJab - efcDSJab.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmer\Java\jre6\bin\jqs.exe" -service -config "C:\Programmer\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Programmer\Fælles filer\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start superantispyware, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.


---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {63ce3182-1d8c-490b-81f4-0cc1677f1604} - C:\WINDOWS\system32\sqdrai.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E492657A-4845-418E-998A-1B2BE3CE6CE0} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: efcDSJab - efcDSJab.dll (file missing)
---------------------------------------´



Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.

Luk programmet, genstart normalt.

---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.


Sammen med en frisk hijackthislog, og høre lidt om hvordan computeren kører nu ?

Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start superantispyware, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.


---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {63ce3182-1d8c-490b-81f4-0cc1677f1604} - C:\WINDOWS\system32\sqdrai.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E492657A-4845-418E-998A-1B2BE3CE6CE0} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: efcDSJab - efcDSJab.dll (file missing)
---------------------------------------´




Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------

Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.


Sammen med en frisk hijackthislog, og høre lidt om hvordan computeren kører nu ?

Nå, det var ikke planen at sende to ens indlæg, beklager

Det sker ret tit i øjeblikket:-)

magictouch --> er det dig der er magic på spywarefri?

Jep, det er også mig.


nero-wolfe -> Hvordan går det ?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/07/2009 at 05:50 AM

Application Version : 4.25.1014

Core Rules Database Version : 3788
Trace Rules Database Version: 1745

Scan type      : Complete Scan
Total Scan Time : 00:13:33

Memory items scanned      : 643
Memory threats detected  : 0
Registry items scanned    : 5024
Registry threats detected : 6
File items scanned        : 13721
File threats detected    : 2

Adware.Tracking Cookie
    C:\Documents and Settings\Karsten\Cookies\karsten@CAUXL8YA.txt
    C:\Documents and Settings\Karsten\Cookies\karsten@track.adform[2].txt

Rogue.Component/Trace
    HKLM\Software\Microsoft\A8A2B7F8
    HKLM\Software\Microsoft\A8A2B7F8#a8a2b7f8
    HKLM\Software\Microsoft\A8A2B7F8#Version
    HKLM\Software\Microsoft\A8A2B7F8#a8a21a78
    HKLM\Software\Microsoft\A8A2B7F8#a8a2739d
    HKU\S-1-5-21-1390067357-261903793-1417001333-1003\Software\Microsoft\FIAS4052N



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:01, on 2009-03-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Security\PavShld\pavprsrv.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\DU Meter\DUMeter.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE
C:\Programmer\Canon\MyPrinter\BJMyPrt.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\avciman.exe
C:\Programmer\Panda Security\Panda Antivirus Pro 2009\psimreal.exe
C:\Documents and Settings\Karsten\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dyndns.dk/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmer\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236231770412&h=5d696285da6a15717496502bdb5dcfbe/&filename=jinstall-6u12-windows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Programmer\Fælles filer\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Programmer\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 5890 bytes
computeren kører helt fint
tak for hjælpen

Det lyder godt og velbekomme, for der er heller ikke mere at komme efter ;->)

Afinstaller combofix på denne måde ->

Start-kør, skriv/kopier: combofix /u

Så vil den fjerne combofix, og tilhørende mapper og filer.

Du får et par gode råd om sikker surfing med på vejen:

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

God fornøjelse.