langsom boot på 203 sekunder

du loader Acrobat, AVG med fulde indstillinger, messenger og andet geil under boot, og undrer dig?

Sæt AVG til kun at køre de ting du bruger, har du f.eks. kun webmail er der ikke brug for en email sikkerhedstjeneste.
Fjern acrobat fra boot, eventuelt ved hjælp af en bootmanager (startup manager)
Det samme gælder alle udgaver af MSN, windows messenger og lignende - VÆK med det indtil du skal bruge det...

for lidt ram evt.?

Prøv at køre "chkdsk /r /f" www.helgec.dk/chkdsk.html

Jeg bruger ikke længere avg men avira.

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Ikke nødvendigvis pga virus ell. lign. men så ka' jeg se hvad der er i din opstart mm.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\qttask.exe
C:\Programmer\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Messenger\Msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\WinDates\WinDates.exe
C:\Programmer\WordWeb\wweb32.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\Mozilla Thunderbird\thunderbird.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.247:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programmer\Freecorder\tbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Programmer\Surf Canyon\surfcanyon.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Programmer\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Sun Java Applet Plugin - {E9B1FB08-BA8C-4CDA-AF62-54FF3BAF941D} - C:\DOCUME~1\Axellius\APPLIC~1\Microsoft\Word\Lucene.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programmer\Freecorder\tbFre0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Armor2net] C:\Programmer\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinDates.lnk = C:\Programmer\WinDates\WinDates.exe
O4 - Startup: WordWeb.lnk = C:\Programmer\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\VISUAL~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238441307109
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238452420495&h=5218bd699e2159aea7729e50d09c841d/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

(Vil gerne have toppen af log filen med !!)

Ved nærmere åsyn - jo der er 'snavs' / Uønskede elementer ifølge din log...

Ved du eksempelvis selv hvad dette er ->
* C:\Programmer\WinDates\WinDates.exe
* C:\Programmer\WordWeb\wweb32.exe
(Og andre 'mistænkelige' elementer...)

Derfor ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

------

PS: Elsker du denne ubruglige [Yahoo! Toolbar] ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:37, on 23-07-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal


windates.exe er min kalender og wweb32.exe er en engelsk ordbog.

... hvad med resten fra #8 (http://www.eksperten.dk/spm/881662#reply_7423212)

jeg har prøvet med ccleaner og anti-malware.

JEg prøvede at logge ind på en ny gæstkonto, så varer det ligeså længe. Det tager ca. 50 sekunder fra POST til logon-screen. Det er acceptabelt. Men ellers er den længe om resten. Jeg troede først det var min firewall, fordi dens splash screen står længe. Men den har jeg ikke på gæstkontoen.

Det ville være rart at kunne se hvad HDD arbejder med realtime.

... hvad med resten fra #8 (http://www.eksperten.dk/spm/881662#reply_7423212) ???

Malwarebytes' Anti-Malware 1.39
Database version: 2492
Windows 5.1.2600 Service Pack 3

24-07-2009 15:35:44
mbam-log-2009-07-24 (15-35-44).txt

Skan type: Fuldstændig skanning (C:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)
Objekter skannet: 263169
Tid tilbagelagt: 2 hour(s), 2 minute(s), 23 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 13
Inficerede Registeringsdatabase Værdier: 4
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 7
Inficerede Filer: 196

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\firstbho.helloworldbho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07d3626d-10c6-4d84-820c-2f4fdcafab02} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\Interface\{eaa3f1ff-f1cc-46bf-85fa-197eebf3b524} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{e9b1fb08-ba8c-4cda-af62-54ff3baf941d} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9b1fb08-ba8c-4cda-af62-54ff3baf941d}

(Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9b1fb08-ba8c-4cda-

af62-54ff3baf941d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\firstbho.helloworldbho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1ee4c9c2-d755-11d5-9202-000021023c26} (Backdoor.Bot) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\CLSID\{1ee4c9c3-d755-11d5-9202-000021023c26} (Backdoor.Bot) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{B5BB60EE-125B-40AB-AAA5-A4E194973C95} (Spyware.OnlineGames) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\AppID\FirstBHO.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\programmer\ace mega codecs

pack\SystemS\moonlight\mlcom.ax (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\programmer\ace mega codecs

pack\SystemS\moonlight\mpeg2mux.ax (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\programmer\ace mega codecs

pack\SystemS\moonlight\windivx.ax (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\programmer\ace mega codecs

pack\SystemS\Elecard\mpgdec.ax (Backdoor.Bot) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad:

(C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe) Good: (Userinit.exe) -> Quarantined and

deleted successfully.

Inficerede Mapper:
C:\Documents and Settings\All Users\Menuen Start\Programmer\RegTool (Rogue.RegTool) -> Quarantined and deleted

successfully.
C:\Programmer\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Axellius\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted

successfully.
c:\documents and settings\Axellius\application data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted

successfully.
c:\documents and settings\Axellius\application data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted

successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010 (Rogue.RegTool) ->

Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted

successfully.

Inficerede Filer:
C:\Documents and Settings\Axellius\Application Data\Microsoft\Word\Lucene.dll (Trojan.BHO) -> Quarantined and

deleted successfully.
c:\programmer\ace mega codecs pack\SystemS\moonlight\mlcom.ax (Backdoor.Bot) -> Quarantined and deleted

successfully.
c:\programmer\ace mega codecs pack\SystemS\moonlight\mpeg2mux.ax (Backdoor.Bot) -> Quarantined and deleted

successfully.
c:\programmer\ace mega codecs pack\SystemS\moonlight\windivx.ax (Backdoor.Bot) -> Quarantined and deleted

successfully.
c:\programmer\ace mega codecs pack\SystemS\Elecard\mpgdec.ax (Backdoor.Bot) -> Quarantined and deleted

successfully.
c:\programmer\Pinnacle\pinnacle pctv\eregister\RegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\programmer\RegTool\RegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\lokale indstillinger\Temp\SetupWizard.exe (Trojan.Downloader) -> Quarantined and

deleted successfully.
c:\documents and settings\all users\menuen start\programmer\RegTool\RegTool Help.lnk (Rogue.RegTool) -> Quarantined

and deleted successfully.
c:\documents and settings\all users\menuen start\programmer\RegTool\RegTool on the Web.lnk (Rogue.RegTool) ->

Quarantined and deleted successfully.
c:\documents and settings\all users\menuen start\programmer\RegTool\RegTool.lnk (Rogue.RegTool) -> Quarantined and

deleted successfully.
c:\programmer\RegTool\definitions.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\programmer\RegTool\defrag.dll (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\programmer\RegTool\privacy.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\programmer\RegTool\RegTool.url (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\resultsw.db (Rogue.RegTool) -> Quarantined and deleted

successfully.
c:\documents and settings\Axellius\application data\RegTool\Logs\2009-03-30 23-06-000.log (Rogue.RegTool) ->

Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\Logs\2009-03-30 23-41-000.log (Rogue.RegTool) ->

Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\Logs\2009-03-30 23-43-200.log (Rogue.RegTool) ->

Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\filelist.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-0.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-1.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-10.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-100.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-101.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-102.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-103.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-104.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-105.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-106.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-107.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-108.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-109.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-11.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-110.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-111.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-112.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-113.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-114.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-115.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-116.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-117.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-118.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-119.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-12.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-120.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-121.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-122.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-123.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-124.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-125.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-126.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-127.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-128.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-129.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-13.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-130.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-131.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-132.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-133.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-134.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-135.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-136.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-137.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-138.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-139.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-14.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-140.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-141.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-142.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-143.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-144.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-145.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-146.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-147.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-148.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-149.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-15.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-150.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-151.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-152.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-153.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-154.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-155.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-156.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-157.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-158.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-159.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-16.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-160.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-161.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-162.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-163.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-164.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-165.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-166.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-167.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-168.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-17.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-18.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-19.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-2.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-20.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-21.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-22.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-23.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-24.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-25.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-26.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-27.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-28.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-29.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-3.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-30.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-31.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-32.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-33.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-34.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-35.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-36.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-37.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-38.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-39.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-4.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-40.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-41.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-42.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-43.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-44.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-45.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-46.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-47.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-48.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-49.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-5.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-50.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-51.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-52.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-53.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-54.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-55.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-56.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-57.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-58.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-59.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-6.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-60.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-61.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-62.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-63.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-64.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-65.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-66.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-67.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-68.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-69.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-7.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-70.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-71.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-72.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-73.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-74.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-75.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-76.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-77.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-78.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-79.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-8.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-80.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-81.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-82.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-83.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-84.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-85.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-86.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-87.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-88.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-89.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-9.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-90.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-91.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-92.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-93.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-94.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-95.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-96.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-97.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-98.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\quarantinew\2009-03-30 23-11-010\regb-99.db

(Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and

deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and

deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and

deleted successfully.
c:\documents and settings\Axellius\application data\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and

deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Axellius\Application Data\IEApplet.dll (Trojan.BHO) -> Quarantined and deleted

successfully.
C:\Documents and Settings\Axellius\Application Data\Microsoft\profile.dat (Malware.Trace) -> Quarantined and

deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:38, on 24-07-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\WinDates\WinDates.exe
C:\Programmer\WordWeb\wweb32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 67.69.254.247:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programmer\Freecorder\tbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Programmer\Surf Canyon\surfcanyon.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Programmer\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programmer\Freecorder\tbFre0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Armor2net] C:\Programmer\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinDates.lnk = C:\Programmer\WinDates\WinDates.exe
O4 - Startup: WordWeb.lnk = C:\Programmer\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\VISUAL~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\programmer\armor2net\armor2net personal firewall\netdog.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238441307109
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238452420495&h=5218bd699e2159aea7729e50d09c841d/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11013 bytes



Det tager stadig lige så lang tid at starte xp.

Har du prøvet kommentar nr. 3 ????

Ja, og her fjernedes 700 ubeskyttede indexposter og 700 ubrugte sikkerhedsskrivelser.

Har du prøvet at køre Advanced systemcare http://www.iobit.com/advancedwindowscareper.html

ja, det har jeg nu. men stadig ingen forskel.

Oprydning - efter min mening ->

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som må/kan/skal fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programmer\Freecorder\tbFre0.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Programmer\Surf Canyon\surfcanyon.dll

O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programmer\Freecorder\tbFre0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\VISUAL~1\NTXtoolbar.htm (HKCU)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

Genstart normalt...

------------------------------------------------------------------------

Ta' en omrydning med CCleaner - incl. [Register]...

------------------------------------------------------------------------

Defragmentering....

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

Det ser ud til intet kan afhjælpe mit problem med langsom opstart. Måske en dårlig driver eller hardware.

... også efter ovenstående ... ?

Ja, desværre.

... evt. brug DVALE funktionen til at 'lukke ned' / 'lukke op' ... ?

ja, det er da en mulighed. Men tak for forsøget. Vil du have point så læg svar.

Et 'skud' mere ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

underligt program. min virusscanner brokkede sig kraftigt og internetforbindelsen blev lukket. Men nu virker det igen.

ComboFix 09-08-02.04 - luke 03-08-2009 15:27.1.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.511.169 [GMT 2:00]
Kører fra: c:\documents and settings\luke\Skrivebord\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3519860233-626517638-115236851-1003

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-07-03 til 2009-08-03  )))))))))))))))))))))))))))))))))))
.

2063-09-19 05:50 . 2063-09-19 05:50    5501    ----a-w-    c:\windows\system32\rtclmg32.dll
2009-07-24 15:06 . 2009-07-24 15:06    --------    d-----w-    c:\documents and settings\luke\Application Data\IObit
2009-07-24 15:06 . 2009-07-24 15:06    --------    d-----w-    c:\programmer\IObit
2009-07-24 13:51 . 2009-07-24 13:51    --------    d-----w-    c:\documents and settings\luke\Application Data\Uniblue
2009-07-24 13:51 . 2009-07-06 04:16    2568214    -c--a-w-    c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-07-24 13:51 . 2009-07-24 13:51    --------    d-----w-    c:\programmer\Uniblue
2009-07-24 13:51 . 2008-08-26 16:48    99624    -c--a-w-    c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-07-24 13:51 . 2008-08-26 16:48    757760    -c--a-w-    c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-07-24 13:51 . 2008-08-26 16:48    6676480    -c--a-w-    c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-07-24 13:51 . 2008-08-26 16:48    497496    -c--a-w-    c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-07-24 13:51 . 2008-08-26 16:48    413696    -c--a-w-    c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-07-24 13:51 . 2008-08-26 16:48    2019624    -c--a-w-    c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-07-24 13:51 . 2008-08-26 16:48    111912    -c--a-w-    c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-07-24 13:50 . 2009-07-24 13:51    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-24 11:30 . 2009-07-13 11:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 11:30 . 2009-07-13 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-07-24 11:30 . 2009-07-24 11:30    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-07-24 09:53 . 2009-07-24 09:53    --------    d-----w-    c:\documents and settings\Gæst\Lokale indstillinger\Application Data\ArcSoft
2009-07-24 09:52 . 2009-07-24 09:52    --------    d-----w-    c:\documents and settings\Gæst\Application Data\ArcSoft
2009-07-24 09:51 . 2009-07-24 09:51    --------    d-sh--w-    c:\documents and settings\Gæst\IETldCache
2009-07-23 11:12 . 2009-07-23 11:12    1078    ----a-r-    c:\documents and settings\luke\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2009-07-23 11:12 . 2009-07-23 11:12    1078    ----a-r-    c:\documents and settings\luke\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2009-07-23 11:12 . 2009-07-23 11:12    1078    ----a-r-    c:\documents and settings\luke\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2009-07-23 11:12 . 2009-07-23 11:12    1078    ----a-r-    c:\documents and settings\luke\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2009-07-23 11:12 . 2009-07-23 11:18    --------    d-----w-    c:\programmer\Microsoft Bootvis
2009-07-23 08:25 . 2009-07-23 08:28    --------    d-----w-    c:\programmer\lynx
2009-07-22 14:36 . 2009-07-22 14:36    --------    d-----w-    c:\documents and settings\luke\Lokale indstillinger\Application Data\Google
2009-07-22 14:35 . 2009-07-22 14:36    --------    d-----w-    c:\programmer\Google
2009-07-06 09:01 . 2009-07-06 09:01    --------    d-----w-    c:\programmer\Investintech.com Inc

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 13:16 . 2008-06-01 10:29    --------    d-----w-    c:\programmer\Mozilla Thunderbird
2009-07-25 12:44 . 2008-07-29 09:45    --------    d-----w-    c:\programmer\CCleaner
2009-07-15 12:55 . 2008-06-01 10:40    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-11 18:40 . 2008-06-01 08:28    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2009-07-03 16:59 . 2004-09-14 13:37    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-06-27 21:53 . 2009-06-27 21:52    --------    d-----w-    c:\programmer\Windows Live
2009-06-27 21:53 . 2009-06-27 21:53    --------    d-----w-    c:\programmer\Microsoft
2009-06-27 21:52 . 2009-06-27 21:52    --------    d-----w-    c:\programmer\Windows Live SkyDrive
2009-06-24 21:06 . 2009-06-24 21:06    --------    d-----w-    c:\programmer\Fælles filer\Windows Live
2009-06-24 21:05 . 2009-06-24 21:05    15256    ----a-w-    c:\documents and settings\luke\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-06-19 21:36 . 2008-06-01 11:02    --------    d-----w-    c:\programmer\Macromedia
2009-06-19 21:36 . 2008-06-01 11:02    --------    d-----w-    c:\programmer\Fælles filer\Macromedia
2009-06-16 14:39 . 2004-09-14 13:37    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2004-09-14 13:36    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-03 19:11 . 2004-09-14 13:37    1295360    ----a-w-    c:\windows\system32\quartz.dll
2009-05-13 19:44 . 2009-05-13 19:44    2736640    ----a-w-    c:\documents and settings\luke\test.EXE
2009-05-07 15:33 . 2004-09-14 13:36    346624    ----a-w-    c:\windows\system32\localspl.dll
2008-11-13 22:32 . 2008-11-13 22:32    30    ----a-w-    c:\programmer\Exiferupdate.ini
2003-11-12 16:42 . 2008-06-01 09:41    120485    ----a-w-    c:\programmer\dict.hlp
2001-10-28 13:52 . 2008-06-01 09:41    37878    ----a-w-    c:\programmer\logo.bmp
2001-10-28 13:27 . 2008-06-01 09:41    182784    ----a-w-    c:\programmer\dict.avi
2001-10-27 16:50 . 2008-06-01 09:41    32    ----a-w-    c:\programmer\language.ini
2000-03-22 08:27 . 2008-06-01 09:41    188416    ----a-w-    c:\programmer\dict.exe
1998-05-15 18:01 . 2008-06-01 09:41    8562    ----a-w-    c:\programmer\right.wav
1998-05-15 18:01 . 2008-06-01 09:41    7754    ----a-w-    c:\programmer\wrong.wav
1996-12-16 22:00 . 2008-06-01 09:41    1758    ----a-w-    c:\programmer\skipped.wav
2009-03-31 10:15 . 2009-01-14 20:44    134648    ----a-w-    c:\programmer\mozilla firefox\components\brwsrcmp.dll
1999-04-23 22:22 . 1999-04-23 22:22    12    --sha-w-    c:\windows\system\WININETICMP32.drv
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"Armor2net"="c:\programmer\Armor2net\Armor2net Personal Firewall\Armor2net.exe" [2008-06-01 991309]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 344064]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-30 148888]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2008-07-14 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\luke\Menuen Start\Programmer\Start\
WinDates.lnk - c:\programmer\WinDates\WinDates.exe [2008-6-1 1589248]
WordWeb.lnk - c:\programmer\WordWeb\wweb32.exe [2008-6-1 44384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41    294912    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\FarStone\\VirtualDrive\\MGR.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Fælles filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 APFTrans;Armor2net Filter;c:\windows\system32\APFTrans.sys [01-06-2008 12:18 32896]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [29-01-2009 19:57 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [29-01-2009 19:58 971552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01-06-2008 13:39 96520]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [15-07-2007 03:37 27992]
R2 SFC4;SFC4;c:\windows\system32\drivers\sfc4.sys [02-06-2008 17:21 41472]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [01-06-2008 11:26 60008]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [01-06-2008 12:28 6369]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [31-07-2008 14:19 4224]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [14-07-2008 15:49 371349]
S3 ntportio;ntportio; [x]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S4 avg8wd;AVG8 WatchDog; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\programmer\PixiePack Codec Pack\InstallerHelper.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

Toolbar-Locked - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)


.
------- Yderligere scanning -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 67.69.254.247:80
LSP: c:\programmer\Armor2net\Armor2net Personal Firewall\NETDOG.DLL
FF - ProfilePath - c:\documents and settings\luke\Application Data\Mozilla\Firefox\Profiles\dmjie04l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\luke\Application Data\Mozilla\Firefox\Profiles\dmjie04l.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\programmer\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\programmer\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 15:41
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A2C6EC6-E1BC-9BF5-B3F7D282645EFB0F}\{C08E0694-C5E1-48EE-3ACF6A24AC2BF796}\{A9549B8D-B7EF-15E1-4BD44DC35FFCD192}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18E09523-0BB1-0E75-6B141AE958ABE9E7}\{8E8BA3D9-389B-9F43-3B5B6490B54F898E}\{0E0922CC-9ECE-C3AB-5B05A5FA1997F2CA}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1B4D76B2-2237-6AB1-C59156FF7AA455C1}\{35B98308-1D69-8071-AF58F5E3D514EE0E}\{760D581B-3FFB-79FB-ED7F148FC0DBB3BF}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D0D1DBE-D81F-D306-5437E45696154CEE}\{BB3F4491-C2FA-99A3-3FB31108844B020A}\{37E50F9E-362C-792E-57F19660836F5A8C}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2E59814C-B3DE-44FB-94965C0366D98DF0}\{ABEB2D87-DFA0-F53D-992658CC296F0BC9}\{4501FB50-D3D7-43DD-41A9BB47FD107040}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{399560AD-16A1-1C42-B8ABCDA82BB95BD1}\{612A140D-0F00-4178-3873E27B58551793}\{AE627BFA-B567-4F9A-57DD34442A0D5150}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48FFDBC0-65F5-8101-E6A5E6DD5D6987D3}\{27CA9EF6-7C20-BA5C-F1E964FD391A5DCD}\{EF53C495-2C8A-F63D-BE87F6505A64DD38}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59FD906B-7064-D511-A92C76967AEA497D}\{7BE5E469-8614-18F7-FB4A2951C2296B41}\{4CE5DCAA-16CA-BCB0-DF1B4E45E77E17F5}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6D76D6D7-A7CC-131F-797F424BC93C15B8}\{47289824-B993-06F3-156E190938736781}\{502C4C98-88D9-9643-C836CEAED1829527}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7105F8B9-026E-CFD3-5D9F0001C57F1CEC}\{AACA605D-194C-A7AC-E2A3B1335A37F3B8}\{651E2FC5-8B06-4659-81C7FD9235B0E0BA}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74599CE1-6A23-5483-EB701B08F9A92206}\{E02CED0D-4BCF-9035-DBE164FDC4BAFF1D}\{4E02710B-D78F-2FB3-D08A702F3A48D363}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7CACDF5A-0E2D-A998-38B4B1D490EAE887}\{83892839-8EE2-C547-3E6DBF0265E34072}\{B9A8F094-A05A-7BFC-2DD781993331EE07}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7DD3F40A-D355-6812-5F38C6DF25C81416}\{ABD6C561-23A4-DB1A-8071BFAD90F4BBA7}\{44979372-8107-77C6-62A4A40E954B2869}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93E6CEFD-CA56-59D1-C6A1E22689695F47}\{E62B984B-3624-15D7-6BC3102B23FA8A76}\{D0F98AA7-EDD9-94A9-9F817DE029F1BE16}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{95E4E1A2-907D-DCF4-ECED76DBDD55C8D9}\{E181FB36-5321-7919-FB2ED9EA97CF00E0}\{36D13116-5EAF-FC6E-3E8424C538F75A0E}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B60CDB60-5376-6DCA-4461E93C2465DB73}\{FC4191BA-6A42-922A-A34EA95E47ABF03B}\{07043ED0-9EC9-0D6A-FB993C405174A321}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1D66034-199B-5834-FAD091A744E2DF52}\{A9398372-0762-3A7E-A7C8ABB3F38F2F6E}\{F18374B6-D35D-16D4-9DBDDA1016548C70}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C9791B2E-5B50-94A2-6150B4CB461D6075}\{0B8A9361-9405-15CE-FD3AFA34C9DB9BA2}\{54850B20-C302-5B9E-ABC602476860E9F3}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D8AFB037-EC8A-0A5F-D228212CAC8159AC}\{10A8A97E-841A-7365-F0AC3A63CA1C84A4}\{518C08BB-E06D-E673-AE6AD9D2EC96DD84}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DCB42C02-2C7E-50EC-E2B5A792F7765BFB}\{38286259-1A12-EDE0-84E2CD6A1D76E8F7}\{2C2658AF-F73E-73C6-89D45D0D6FCCCFF2}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EAE54BA3-56A0-7636-9D760FE75B19E95C}\{32AED356-A62E-B541-0C1631C471EC4552}\{622BCC28-1320-8061-75578A77CF92A31A}*]
"XGGAMV2QH5QKRJQBYQJBGWAGTG1"=hex:01,00,01,00,00,00,00,00,5d,02,8f,c1,7e,80,86,
  af,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F1AB0511-A375-41F8-28F286EA5B314AE1}\{CDE856FA-B0FC-53AE-2E76D427065C9F08}\{06F28CA4-0E64-79D3-A5453F20806788AF}*]
"DAFFV1RIXICR4IOJ51HZ2XYHBD1"=hex:01,00,01,00,00,00,00,00,68,cb,f6,c8,66,cf,df,
  a1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9807A10-4727-9AC7-5739BD03864C7141}\{F4D35AF9-854F-CCC6-B4221006081D3FF5}\{1DA5733C-531E-5F12-5A70B13F4DD5DE9D}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE362BA5-0629-D23B-C3FB8C239E33F8FC}\{C1CE7122-E981-B6FB-55D5EB357453DE2E}\{F24091A5-7F5D-E904-126AD7451BC3CC57}*]
"3BEP6YXEZFAWIY25EIKWIS6CBG1"=hex:01,00,01,00,00,00,00,00,3e,51,03,1b,36,69,6d,
  85,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\avgrsstx.dll
c:\programmer\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1124)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'explorer.exe'(968)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmer\SUPERAntiSpyware\SASSEH.DLL
.
Gennemført tid: 2009-08-03 15:46
ComboFix-quarantined-files.txt  2009-08-03 13:46

Pre-Kørsel: 40.527.151.104 byte ledig
Post-Kørsel: 41.504.055.296 byte ledig

275    --- E O F ---    2009-07-29 12:42

... (heller) ikke noget at gi' af der...

Ping...
(Det var et [svar]...)

Jeg synes dog visse ting er blevet en anelse hurtigere, såsom at starte IE første gang eller thunderbird første gang. Måske det er min harddisk, der er noget galt med. Et eller andet gør den langsom??

(Hvor meget fysisk RAM er der i dyret ?)

Hun er født med de 512 MB der er i endnu. Der var ingen problemer med hastighed i starten. Når jeg tænker tilbage, startede disse hastighedsproblemer så småt efter jeg havde kørt et gandannelsesprogram som skulle fører HDD tilbage i den tilstand den var ved køb.

(Det kunne ikke 'skade' med en klods á 512Mb mere ...)

Næ sikker ikke. Men som sagt så har det jo været rigeligt for at den kunne kører upåklageligt.