Tjek af log-fil - malware,spyware og lign..

Jeg har efter følgende guide, http://www.eksperten.dk/guide/1232, kørt CCcleaner. Her er log-filen.

ComboFix 09-07-23.04 - Kristian Jerslev 24-07-2009 18:20.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.3327.2680 [GMT 2:00]
Kører fra: d:\downloads\Browserdownloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-06-24 til 2009-07-24  )))))))))))))))))))))))))))))))))))
.

2009-07-24 16:07 . 2009-07-24 16:07    --------    d-----w-    c:\programmer\CCleaner
2009-07-24 12:49 . 2009-07-24 12:49    --------    d-----w-    c:\programmer\Trend Micro
2009-07-24 10:29 . 2009-07-24 10:29    --------    d-----w-    c:\windows\McAfee.com
2009-07-24 10:09 . 2009-07-24 10:09    --------    d-----w-    c:\programmer\Hewlett-Packard
2009-07-23 08:56 . 2009-07-23 08:56    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\Malwarebytes
2009-07-23 08:56 . 2009-07-13 11:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 08:56 . 2009-07-23 08:56    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-07-23 08:56 . 2009-07-23 08:56    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-23 08:56 . 2009-07-13 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-07-23 08:55 . 2009-07-23 08:57    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2009-07-22 08:07 . 2009-07-22 08:07    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{BE1D7187-C39B-4B11-9EBD-9D19FAE66E65}
2009-07-22 08:07 . 2009-07-10 11:52    3113376    -c--a-w-    c:\documents and settings\All Users\Application Data\{BE1D7187-C39B-4B11-9EBD-9D19FAE66E65}\csp.exe
2009-07-22 08:07 . 2009-07-22 08:07    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Lokale indstillinger\Application Data\PackageAware
2009-07-17 19:36 . 2009-07-17 19:37    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Lokale indstillinger\Application Data\Temp
2009-07-15 10:43 . 2009-07-15 10:23    58733897    ----a-w-    C:\War3TFT_123a_English.exe
2009-07-15 10:38 . 2009-07-15 10:43    73667    ----a-w-    c:\windows\War3Unin.dat
2009-07-15 10:38 . 2009-07-15 10:40    2829    ----a-w-    c:\windows\War3Unin.pif
2009-07-15 10:38 . 2009-07-15 10:40    139264    ----a-w-    c:\windows\War3Unin.exe
2009-07-07 21:18 . 2009-07-07 21:22    --------    d-----w-    C:\AC Web Ultimate Repack
2009-06-29 08:31 . 2009-06-29 08:31    --------    d-sh--w-    c:\documents and settings\NetworkService\IETldCache
2009-06-27 12:57 . 2009-06-27 12:57    --------    d-----w-    c:\documents and settings\Kristian Jerslev\ErrorLogs
2009-06-27 12:56 . 2009-06-27 12:56    --------    d-----w-    c:\documents and settings\All Users\Application Data\ATI
2009-06-27 12:55 . 2009-06-29 08:35    705344    ----a-w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2009-06-27 12:53 . 2009-06-27 12:58    --------    d-----w-    c:\programmer\ATI
2009-06-27 12:32 . 2009-06-27 12:32    41933488    ----a-w-    c:\documents and settings\Kristian Jerslev\Application Data\Uniblue\DriverScanner\Download\pci_ven_1002_dev_944c8_600_0_0000.exe
2009-06-27 12:32 . 2009-06-27 12:32    16668058    ----a-w-    c:\documents and settings\Kristian Jerslev\Application Data\Uniblue\DriverScanner\Download\hdaudio_func_01_ven_1002_dev_aa015_10_0_5796.exe
2009-06-27 10:07 . 2008-10-26 03:54    2567167    -c--a-w-    c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
2009-06-27 10:07 . 2008-08-26 16:48    99624    -c--a-w-    c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-06-27 10:07 . 2008-08-26 16:48    757760    -c--a-w-    c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-06-27 10:07 . 2008-08-26 16:48    6676480    -c--a-w-    c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-06-27 10:07 . 2008-08-26 16:48    497496    -c--a-w-    c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-06-27 10:07 . 2008-08-26 16:48    413696    -c--a-w-    c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-06-27 10:07 . 2008-08-26 16:48    2019624    -c--a-w-    c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-06-27 10:07 . 2008-08-26 16:48    111912    -c--a-w-    c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-06-27 10:07 . 2009-06-27 10:07    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-06-27 09:39 . 2009-06-27 09:40    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Lokale indstillinger\Application Data\Google

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 16:25 . 2009-06-14 14:57    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\Tunebite
2009-07-24 16:24 . 2009-03-28 19:05    24672288    --sha-w-    c:\windows\system32\drivers\fidbox.dat
2009-07-24 16:24 . 2009-03-28 19:05    2635552    --sha-w-    c:\windows\system32\drivers\fidbox2.dat
2009-07-24 16:22 . 2009-03-28 19:05    252260    --sha-w-    c:\windows\system32\drivers\fidbox2.idx
2009-07-24 16:22 . 2009-03-28 19:05    336632    --sha-w-    c:\windows\system32\drivers\fidbox.idx
2009-07-24 16:09 . 2009-03-28 19:59    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-24 10:08 . 2009-03-29 18:54    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\Image Zone Express
2009-07-24 07:20 . 2009-03-28 19:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-15 10:45 . 2009-03-28 20:11    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\uTorrent
2009-07-03 20:10 . 2009-04-27 17:29    1    ----a-w-    c:\documents and settings\Kristian Jerslev\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-27 12:52 . 2009-03-28 18:47    --------    d-----w-    c:\programmer\ATI Technologies
2009-06-27 10:54 . 2009-06-27 10:54    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-06-27 10:14 . 2009-04-26 17:57    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\Uniblue
2009-06-27 10:08 . 2009-04-26 20:58    --------    d-----w-    c:\programmer\Uniblue
2009-06-27 10:03 . 2009-04-26 17:57    --------    d-----w-    c:\documents and settings\All Users\Application Data\DriverScanner
2009-06-20 13:19 . 2009-04-26 18:04    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\dvdcss
2009-06-19 15:12 . 2009-06-19 15:12    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\Inkscape
2009-06-16 14:39 . 2004-08-27 12:00    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2004-08-27 12:00    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-14 15:04 . 2009-06-14 15:04    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\RTPlayer
2009-06-14 14:59 . 2009-06-14 14:59    390424    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\lyrics\LyricsFreak.dll
2009-06-14 14:59 . 2009-06-14 14:59    394520    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\lyrics\LyricsOnDemand.dll
2009-06-14 14:59 . 2009-06-14 14:59    394520    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\lyrics\AstraLyrics.dll
2009-06-14 14:59 . 2009-06-14 14:59    394520    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\lyrics\LyricsDemon.dll
2009-06-14 14:59 . 2009-06-14 14:59    427288    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\general\yahoomusic.dll
2009-06-14 14:59 . 2009-06-14 14:59    427288    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\general\aol.dll
2009-06-14 14:59 . 2009-06-14 14:59    419096    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\general\allmusic.dll
2009-06-14 14:59 . 2009-06-14 14:59    427288    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\general\musicline.dll
2009-06-14 14:59 . 2009-06-14 14:59    427288    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\general\sonybmg.dll
2009-06-14 14:59 . 2009-06-14 14:59    480536    ----a-w-    c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\AutoTag\general\amazon.dll
2009-06-14 14:59 . 2009-06-14 14:57    --------    d-----w-    c:\documents and settings\All Users\Application Data\RapidSolution
2009-06-14 14:58 . 2009-06-14 14:58    --------    d-----w-    c:\programmer\PixiePack Codec Pack
2009-06-14 14:57 . 2009-06-14 14:57    --------    d-----w-    c:\programmer\RapidSolution
2009-06-12 22:45 . 2009-03-29 18:46    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\FileZilla
2009-06-12 09:25 . 2009-06-12 07:57    --------    d-----w-    c:\programmer\Fælles filer\Blizzard Entertainment
2009-06-12 07:58 . 2009-06-12 07:58    --------    d-----w-    c:\documents and settings\All Users\Application Data\Blizzard
2009-06-11 22:02 . 2009-03-29 21:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-11 21:59 . 2009-06-11 21:59    27928    ----a-w-    c:\documents and settings\Default User\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 17:42 . 2009-03-29 22:06    --------    d-----w-    c:\programmer\Fælles filer\Merge Modules
2009-06-09 17:41 . 2009-03-29 21:58    --------    d-----w-    c:\programmer\Microsoft Visual Studio 8
2009-06-09 12:36 . 2009-06-09 12:36    --------    d-----w-    c:\programmer\Fælles filer\SupportSoft
2009-06-08 06:01 . 2009-06-08 06:01    21035    ----a-w-    c:\windows\system32\drivers\AegisP.sys
2009-06-08 05:56 . 2009-03-28 18:39    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2009-06-04 19:59 . 2009-06-04 19:59    10134    ----a-r-    c:\documents and settings\Kristian Jerslev\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-04 19:59 . 2009-06-04 19:59    --------    d-----w-    c:\programmer\Microsoft WSE
2009-06-03 19:11 . 2004-08-27 12:00    1295360    ----a-w-    c:\windows\system32\quartz.dll
2009-06-02 06:33 . 2009-06-02 06:29    119192    ----a-w-    c:\windows\hpqins00.dat
2009-05-27 11:04 . 2009-05-27 11:02    --------    d-----w-    c:\programmer\Fælles filer\3DO Shared
2009-05-27 11:04 . 2009-05-27 11:02    --------    d-----w-    c:\programmer\3DO
2009-05-26 14:12 . 2009-05-26 14:12    --------    d-----w-    c:\documents and settings\Kristian Jerslev\Application Data\Cryptomathic
2009-05-26 14:12 . 2009-05-26 14:12    --------    d-----w-    c:\programmer\DanID
2009-05-20 15:26 . 2009-03-28 19:05    94643    ----a-w-    c:\windows\system32\drivers\klick.dat
2009-05-20 15:26 . 2009-03-28 19:05    105395    ----a-w-    c:\windows\system32\drivers\klin.dat
2009-05-17 15:58 . 2004-08-27 12:00    505348    ----a-w-    c:\windows\system32\perfh006.dat
2009-05-17 15:58 . 2004-08-27 12:00    101042    ----a-w-    c:\windows\system32\perfc006.dat
2009-05-13 05:05 . 2004-08-27 12:00    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2004-08-27 12:00    346624    ----a-w-    c:\windows\system32\localspl.dll
2009-05-04 08:46 . 2009-06-27 10:54    2835656    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\speedupmypc2009.exe
2009-05-02 20:23 . 2009-05-02 20:21    110857    ----a-w-    c:\windows\hpqins05.dat
2009-04-29 09:45 . 2009-06-27 10:54    845128    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\58D97068\B74607BA\System.Data.SQLite.dll
2009-04-29 09:45 . 2009-06-27 10:54    771368    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\9966075F\B74607BA\UBSysMan.dll
2009-04-29 09:45 . 2009-06-27 10:54    614696    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\Launcher.exe
2009-04-29 09:45 . 2009-06-27 10:54    54608    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\D720648F\B74607BA\Interop.IWshRuntimeLibrary.dll
2009-04-29 09:45 . 2009-06-27 10:54    519168    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\78B94F67\B74607BA\IsLicense40.dll
2009-04-29 09:45 . 2009-06-27 10:54    474408    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\62A3297F\B74607BA\AvalonCommon.dll
2009-04-29 09:45 . 2009-06-27 10:54    395048    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\C77843B\B74607BA\SUMPBackend.dll
2009-04-29 09:45 . 2009-06-27 10:54    345008    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\4BF757A\B74607BA\IsLicense30.dll
2009-04-29 09:45 . 2009-06-27 10:54    236840    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\683B013A\B74607BA\PowerSuiteBackendUtils.dll
2009-04-29 09:45 . 2009-06-27 10:54    197968    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\6A0591D6\B74607BA\ICSharpCode.SharpZipLib.dll
2009-04-29 09:45 . 2009-06-27 10:54    1250600    -c--a-w-    c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\B430549D\B74607BA\SUMP.exe
2009-04-26 21:14 . 2009-03-28 18:55    27928    ----a-w-    c:\documents and settings\Kristian Jerslev\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 21:00 . 2009-04-26 21:00    4429593    ----a-w-    c:\documents and settings\Kristian Jerslev\Application Data\Uniblue\DriverScanner\Download\hid_vid_046d_pid_c30e_mi_002_21.exe
2009-07-18 05:07 . 2009-07-06 10:13    137208    ----a-w-    c:\programmer\mozilla firefox\components\brwsrcmp.dll
2009-04-15 20:24 . 2009-04-15 20:24    1044480    ----a-w-    c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24    200704    ----a-w-    c:\programmer\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-06-20 11:59    361600    AD978A1B783B5719720CFF204B666C8E    c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-27 12:00    359040    9F4B36614A0FC234525BA224957DE55C    c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 11:20    361344    93EA8D04EC73A85DB02EB8805988F733    c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 11:20    361344    93EA8D04EC73A85DB02EB8805988F733    c:\windows\ServicePackFiles\i386\TCPIP.SYS

• 2009-03-28 22:31    361600    CBEEBEB899E31EF52B962CB31FC8CA5C    c:\windows\system32\dllcache\TCPIP.SYS
  

• 2009-03-28 22:31    361600    CBEEBEB899E31EF52B962CB31FC8CA5C    c:\windows\system32\drivers\TCPIP.SYS
  

.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\programmer\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Tunebite"="c:\programmer\RapidSolution\Tunebite\Tunebite.exe" [2008-06-04 6366512]
"Google Update"="c:\documents and settings\Kristian Jerslev\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-28 148888]
"RemoteControl9"="c:\programmer\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\programmer\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\programmer\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\programmer\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"HDAudDeck"="c:\programmer\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-09-16 30023680]
"StartCCC"="c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kristian Jerslev\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
ScreenHunter 4.1 Pro.lnk - c:\programmer\Wisdom-soft ScreenHunter\ScreenHunter.exe [2009-3-30 723023]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Wireless Configuration Utility .lnk - c:\programmer\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2005-9-11 622592]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\uTorrent\\uTorrent.exe"=
"d:\\Programmer\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"d:\\Programmer\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Programmer\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Programmer\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\AC Web Ultimate Repack\\Server\\mysql\\bin\\mysqld.exe"=
"c:\\AC Web Ultimate Repack\\Arcemu\\arcemu-logonserver.exe"=
"c:\\AC Web Ultimate Repack\\Arcemu\\arcemu-world.exe"=
"c:\\AC Web Ultimate Repack\\Server\\apache\\bin\\apache.exe"=
"d:\\Programmer\\World of Warcraft\\Repair.exe"=
"c:\\Programmer\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"d:\\Programmer\\Warcraft III\\Warcraft III.exe"=
"d:\\Programmer\\World of Warcraft\\Launcher.exe"=

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/03/30 11:45];c:\programmer\CyberLink\PowerDVD9\000.fcl [28-02-2009 19:40 87536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04-04-2007 15:58 24344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [28-03-2009 20:39 874240]
S2 RPCHGM;Remote Procedure Call (HGM);c:\programmer\NetMeeting\secedit.exe [15-07-2009 12:39 22863560]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [28-03-2009 20:48 89600]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programmer\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02-12-2006 06:17 2805000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\programmer\PixiePack Codec Pack\InstallerHelper.exe
.
Indhold af mappen 'Planlagte Opgaver'

2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-2077806209-725345543-1004Core.job
- c:\documents and settings\Kristian Jerslev\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-06-27 09:39]

2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-2077806209-725345543-1004UA.job
- c:\documents and settings\Kristian Jerslev\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-06-27 09:39]

2009-07-24 c:\windows\Tasks\User_Feed_Synchronization-{6EB0B1B9-C563-41CC-9FD4-FEAD7A01FFEB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: danid.dk
FF - ProfilePath - c:\documents and settings\Kristian Jerslev\Application Data\Mozilla\Firefox\Profiles\zvmnuxp0.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Kristian Jerslev\Lokale indstillinger\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",    true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",  false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",  true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",    true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",      true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",              false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",              true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                  true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",            false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 18:25
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="\"c:\ac web ultimate repack\Server\mysql\bin\mysqld-nt\" \"--defaults-file=c:\ac web ultimate repack\Server\mysql\bin\my.cnf\" mysql"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\programmer\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1532)
c:\windows\SYSTEM32\Wireless\WirelessGina.DLL
c:\programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1588)
c:\programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

- - - - - - - > 'explorer.exe'(2444)
c:\programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\ac web ultimate repack\Server\mysql\bin\mysqld-nt.exe
c:\programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\programmer\HP\Digital Imaging\bin\hpqste08.exe
c:\programmer\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Gennemført tid: 2009-07-24 18:30 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-07-24 16:29

Pre-Kørsel: 151.698.194.432 byte ledig
Post-Kørsel: 151.569.960.960 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

331    --- E O F ---    2009-07-15 17:27

ComboFix er det selvfølgelig - ikke CCcleaner, der er postet ovenfor. Jeg undskylder for forvirringen.

* c:\Programmer\uTorrent\uTorrent.exe *

Afinstaller

* µTorrent

Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Hej karise_larry

Tak for svaret. Jeg har nu fjernet programmet, som du skrev. Er der andet, der falder dig mistænksomt ind i de log-filer, jeg har skrevet?

Tak igen.

Så skulle det lige være ->

Klik på Start->Kør skriv Services.msc (C:\Windows\System32\services.msc) og klik OK.
Find Tjenesten (Hvis den er der)
*  Service: mysql - Unknown owner
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

-----

Ta' en oprydning med CCleaner - specielt [Register]

Hej igen karise_larry

Det er hermed ordnet. Tjenesten var der, og den er nu stoppet og sat til ikke at starte op aktiveret.

Jeg har kørt CCleaner, men jeg gør det lige igen efter anbefaling.

Tak igen.

HMMM

------- Sigcheck -------

[7] 2008-06-20 11:59    361600    AD978A1B783B5719720CFF204B666C8E    c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-27 12:00    359040    9F4B36614A0FC234525BA224957DE55C    c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 11:20    361344    93EA8D04EC73A85DB02EB8805988F733    c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 11:20    361344    93EA8D04EC73A85DB02EB8805988F733    c:\windows\ServicePackFiles\i386\TCPIP.SYS

• 2009-03-28 22:31    361600    CBEEBEB899E31EF52B962CB31FC8CA5C    c:\windows\system32\dllcache\TCPIP.SYS
  

• 2009-03-28 22:31    361600    CBEEBEB899E31EF52B962CB31FC8CA5C    c:\windows\system32\drivers\TCPIP.SYS

<f-arn>: Du må gerne 'køre' videre ...

f-arn, jeg er ikke med på, hvad du mener. Kan du uddybe dit indlæg?

Jeg citerede bare fra din log

Find og upload disse filer hos Jotti eller Virustotal:

c:\windows\system32\dllcache\TCPIP.SYS
c:\windows\system32\drivers\TCPIP.SYS

http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Du skal måske slå vis skjulte filer oog mapper til.

Hvis du ikke ved hvordan så se her:
http://www.it-artikler.dk/2008/03/05/vis-skjulte-filer-og-mapper/

Kopier resultatet herind

Hej f-arn

Jeg har gjort, som du sagde. Jeg fik at vide, at filen har været skannet før, så jeg fik de tidligere resultater oplyst. Jeg bad dog Jotti om at skanne igen. Resultaterne ses nedenfor.

Filen fra ~/dllcache/
Filename:     TCPIP.SYS
Status:    
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on:      Sat 25 Jul 2009 10:32:57 (CET) Permalink

Filen fra ~/drivers/
Filename:     TCPIP.SYS
Status:    
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on:      Sat 25 Jul 2009 10:31:10 (CET) Permalink

Igen tak for hjælpen.

Fint - det var dem jeg ikke kunne li'

f-arn: Så vil jeg sige tak for hjælpen. =)

Er der andet, der falder dig eller andre ind, når I kigger på log-filerne?

Nej :o)