Notifikationer

Markér alle som læst Log ud

bmdk Nybegynder

04. august 2009 - 14:32 Der er 28 kommentarer og
1 løsning

Hjælp til en HJT log

Hey eksperter,

Min computer er på det sidste begyndt at skabe sig ret meget. Underlige fejlmeddelelser ved kørsel af programmer og desktop.ini filer over alt i startmenuen. Det bedste ville nok være, at formatere den, men har simpelthen så mange programmer installeret, at det virker meget uoverskueligt lige nu. Jeg prøver derfor først med en hijackthis, men har desværre ikke ret meget kendskab til, hvad jeg skal pille ved i det.

Derfor: er der nogen af jer venlige sjæle derude, der har tid/lyst til at gå denne log igennem for mig? :)

Logfile of HijackThis v1.99.1
Scan saved at 14:26:10, on 04-08-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bo Mortensen\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bo Mortensen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://stage.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.25.CAB
O16 - DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} (Windows Live Mesh Upload Tool) - https://www.mesh.com/0.9.4014.7/TSWeb.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

På forhånd mange tak!

Mvh. Bo

Synes godt om

Computer Hjælp (Gratis) Mester

04. august 2009 - 14:48 #1

1) Du mangler M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da + efterfølgende opdateringer fra WindowsUpdate ...

2) Afinstall AVG og install eksempelvis [Avast!] istedet ->
Direkte link -> http://files.avast.com/iavs4pro/setupdan.exe

3) Gennemfør denne procedure ->
Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

4) Der er enkelte 'oprydnings' ting; det tager vi bagefter...

Synes godt om

bmdk Nybegynder

04. august 2009 - 14:53 #2

karise_larry, tak for svaret! Perfekt :) jeg giver mig i kast med de ting du skriver og så vender jeg tilbage med det samme.

Synes godt om

bmdk Nybegynder

04. august 2009 - 16:28 #3

det skal vise sig at tage sin tid ;) er igang med at scanne med Malwarebytes - Antimalware nu..

Synes godt om

Computer Hjælp (Gratis) Mester

04. august 2009 - 16:33 #4

(Jeg er først tilbage midt imorgen...sansynligvis...)

Synes godt om

bmdk Nybegynder

04. august 2009 - 16:40 #5

Helt i orden :) jeg tror også efterhånden den er ved at være godt renset. Eneste der er mærkeligt ved den er, at hver gang jeg starter den op/genstarter den, så popper der en txtfil op med noget %root/system...yadayada% op og den har lagt en desktop.ini fil i toppen af min startmenu (oven over "Programs")

Synes godt om

bmdk Nybegynder

04. august 2009 - 18:16 #6

Så, nu har jeg gjort alt det som karise_larry skrev og her er den nye hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:19, on 04-08-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\MAFWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Bo Mortensen\Desktop\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://stage.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.25.CAB
O16 - DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} (Windows Live Mesh Upload Tool) - https://www.mesh.com/0.9.4014.7/TSWeb.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7813 bytes

Synes godt om

b-and Novice

04. august 2009 - 19:54 #7

Kom lige med loggen fra Malwarebytes Anti-Malware, og fortæl om det har hjulpet…

Synes godt om

bmdk Nybegynder

04. august 2009 - 21:22 #8

Hmm, det virker til at have hjulpet ja :) rart at få ryddet op osv! Det med desktop.ini fandt jeg ud af - noget med nogle filer der skulle være hidden.

Log:

Malwarebytes' Anti-Malware 1.40
Database version: 2558
Windows 5.1.2600 Service Pack 3

04-08-2009 17:55:26
mbam-log-2009-08-04 (17-55-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 284088
Time elapsed: 1 hour(s), 29 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM072618de.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Synes godt om

b-and Novice

04. august 2009 - 22:11 #9

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Synes godt om

bmdk Nybegynder

05. august 2009 - 00:08 #10

b-and, det er hermed gjort! :)

Du får lige en døds-log her:

ComboFix 09-08-04.02 - Bo Mortensen 04-08-2009 23:54.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1216 [GMT 2:00]
Running from: c:\documents and settings\Bo Mortensen\Desktop\combofix\ComboFix.exe
Command switches used :: c:\documents and settings\Bo Mortensen\Desktop\combofix\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090804-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 19:13 . 2009-08-04 19:13 -------- d-----w- c:\program files\Common Files\Skype
2009-08-04 19:13 . 2009-08-04 19:14 -------- d-----r- c:\program files\Skype
2009-08-04 14:25 . 2009-08-04 14:25 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Malwarebytes
2009-08-04 14:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 14:25 . 2009-08-04 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 14:25 . 2009-08-04 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 14:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 14:12 . 2009-08-04 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-08-04 13:59 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-04 13:59 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-04 13:59 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-04 13:59 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-04 13:59 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-04 13:59 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-04 13:59 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-04 13:59 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-04 13:58 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-04 13:29 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-04 13:28 . 2009-08-04 13:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\system32\scripting
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\system32\en
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\system32\bits
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\l2schemas
2009-08-04 13:17 . 2009-08-04 13:17 -------- d-----w- c:\windows\ServicePackFiles
2009-08-04 12:43 . 2009-07-19 16:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-04 12:43 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-04 12:43 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-04 12:43 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-04 12:43 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-04 12:43 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-04 12:41 . 2009-08-04 12:42 -------- dc-h--w- c:\windows\ie8
2009-08-03 23:32 . 2009-08-04 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-03 23:20 . 2009-08-03 23:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-02 13:49 . 2008-02-17 15:16 90112 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-08-02 13:49 . 2007-12-28 09:15 172032 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-08-02 13:49 . 2007-10-07 23:57 307200 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-08-02 12:50 . 2008-12-03 23:25 120832 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-07-30 19:40 . 2009-07-30 19:41 -------- d-----w- c:\program files\Dreamweaver
2009-07-30 05:51 . 2009-07-30 05:51 -------- d-----w- c:\program files\IDM Computer Solutions
2009-07-30 05:51 . 2009-07-30 05:51 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\IDMComp
2009-07-30 05:45 . 2009-07-30 05:46 -------- d-----w- C:\wamp
2009-07-30 00:11 . 2009-03-16 22:04 26624 ----a-w- c:\windows\system32\VNCpm.dll
2009-07-30 00:10 . 2009-03-16 22:04 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2009-07-30 00:10 . 2009-03-16 22:04 20992 ----a-w- c:\windows\system32\vncmirror.dll
2009-07-30 00:10 . 2009-07-30 00:10 -------- d-----w- c:\program files\RealVNC
2009-07-29 23:53 . 2009-07-29 23:59 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\TeamViewer
2009-07-29 23:53 . 2009-07-29 23:53 -------- d-----w- c:\program files\TeamViewer
2009-07-29 23:52 . 2009-07-29 23:52 -------- d-----w- c:\documents and settings\Bo Mortensen\temp
2009-07-28 21:28 . 2009-07-28 21:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-28 21:27 . 2009-07-28 21:27 152576 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-18 19:31 . 2009-08-03 19:36 -------- d-----w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Temp
2009-07-18 19:31 . 2009-07-18 19:31 -------- d-----w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google
2009-07-18 19:31 . 2009-07-18 19:31 -------- d-----w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Deployment
2009-07-15 23:05 . 2009-03-19 08:42 217088 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\NPDyyno@dyyno.com\Plugins\npDyyno.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 22:00 . 2008-05-24 08:58 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\skypePM
2009-08-04 22:00 . 2008-05-24 08:58 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Skype
2009-08-04 21:54 . 2008-05-10 10:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-04 19:56 . 2008-05-11 11:43 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\uTorrent
2009-08-04 19:15 . 2008-05-10 02:36 71936 ----a-w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-04 19:13 . 2008-05-24 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-04 14:17 . 2008-05-11 12:43 -------- d-----w- c:\program files\REAPER
2009-08-04 14:17 . 2008-05-11 12:49 -------- d-----w- c:\program files\VstPlugins
2009-08-04 14:17 . 2008-10-23 14:17 -------- d-----w- c:\program files\Native Instruments
2009-08-04 14:15 . 2009-05-15 19:34 -------- d-----w- c:\program files\Bonjour
2009-08-04 14:15 . 2009-05-15 19:32 -------- d-----w- c:\program files\Common Files\Apple
2009-08-04 14:14 . 2008-05-10 02:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 14:12 . 2008-06-20 11:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-04 14:11 . 2008-06-14 20:33 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-08-04 13:58 . 2008-06-21 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-04 13:48 . 2008-11-22 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-04 13:45 . 2008-11-22 12:28 -------- d-----w- c:\program files\Microsoft Works
2009-08-04 13:22 . 2008-05-10 07:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-03 22:00 . 2008-06-20 18:29 -------- d-----w- c:\program files\CCleaner
2009-07-31 20:18 . 2009-02-26 00:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 14:28 . 2008-12-19 23:58 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Digidesign
2009-07-29 00:48 . 2008-11-26 19:22 18368 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-07-29 00:48 . 2008-11-26 19:22 2106720 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-07-29 00:46 . 2008-11-26 19:15 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-28 21:27 . 2008-05-16 21:09 -------- d-----w- c:\program files\Java
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 13:12 . 2009-07-01 13:07 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Propellerhead Software
2009-07-01 13:07 . 2009-07-01 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-07-01 13:06 . 2009-07-01 13:06 -------- d-----w- c:\program files\Propellerhead
2009-06-17 21:31 . 2009-06-10 07:24 -------- d-----w- c:\program files\MasterWriter 2.0
2009-06-16 17:47 . 2009-06-13 12:56 16 ----a-w- c:\windows\msocreg32.dat
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 12:56 . 2009-06-13 12:56 -------- d-----w- c:\program files\IK Multimedia
2009-06-12 19:19 . 2009-06-12 19:19 -------- d-----w- c:\program files\NETGEAR
2009-06-12 19:19 . 2008-05-10 02:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 15:39 . 2009-05-28 15:39 82944 ----a-w- c:\windows\system32\usbkt1x1.dll
2009-05-28 15:39 . 2009-05-28 15:39 22304 ----a-w- c:\windows\system32\drivers\usbkt1x1.sys
2009-05-28 15:39 . 2009-05-28 15:39 13504 ----a-w- c:\windows\system32\drivers\uks11ldr.sys
2009-05-28 15:39 . 2008-06-14 19:29 724992 ----a-w- c:\windows\iun6002.exe
2009-05-18 18:36 . 2009-05-14 17:48 334912 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-05-18 18:36 . 2009-05-14 17:48 171072 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-05-18 18:02 . 2008-05-10 16:25 138944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-18 18:02 . 2008-05-10 16:25 189784 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-18 18:02 . 2009-05-14 17:48 874660 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-05-18 18:02 . 2009-05-14 17:48 57344 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-05-18 18:02 . 2009-05-14 17:48 479232 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbsv.dll
2009-05-18 18:02 . 2009-05-14 17:48 2669632 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-05-15 13:45 . 2009-05-14 17:48 441408 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2009-05-14 18:21 . 2008-05-10 16:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-14 17:48 . 2009-05-14 17:48 874660 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbcls.dll
2009-05-14 17:48 . 2009-05-14 17:48 57344 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbags.dll
2009-05-14 17:43 . 2008-05-10 16:25 22328 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\PnkBstrK.sys
2009-05-14 17:43 . 2008-05-10 16:25 22328 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\PnkBstrK.sys
2009-05-14 17:43 . 2009-05-14 17:41 2246144 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-08-02 12:46 . 2009-05-15 13:31 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2005-09-20 155648]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13508608]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v3 Wireless Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk
backup=c:\windows\pss\NETGEAR WG311v3 Wireless Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bo Mortensen^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Bo Mortensen\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"e:\\Games\\Steam\\SteamApps\\kvazr\\day of defeat\\hl.exe"=
"f:\\Games\\UO\\client.exe"=
"f:\\IRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\mIRC\\mirc.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Games\\COD4_old\\iw3mp.exe"=
"c:\\Documents and Settings\\Bo Mortensen\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Steam\\SteamApps\\kvazr\\counter-strike\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MasterWriter 2.0\\jre\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [20-12-2008 01:50 16384]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04-08-2009 15:59 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [01-02-2008 17:24 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04-08-2009 15:59 20560]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [10-04-2007 04:21 12160]
R3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [28-05-2009 17:39 22304]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [28-05-2009 17:39 13504]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [04-09-2007 17:53 55664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1220945662-839522115-1003Core.job
- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-18 19:31]

2009-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1220945662-839522115-1003UA.job
- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-18 19:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://stage.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.25.CAB
DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} - hxxps://www.mesh.com/0.9.4014.7/TSWeb.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\
FF - component: c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 00:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(784)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-04 0:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 22:05

Pre-Run: 4.534.882.304 bytes free
Post-Run: 4.552.331.264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

333 --- E O F --- 2009-08-04 13:31

Synes godt om

b-and Novice

05. august 2009 - 10:54 #11

Jeg vil også godt se en frisk HJT log.

Synes godt om

bmdk Nybegynder

05. august 2009 - 13:02 #12

Som ønsket skal du få :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:00, on 05-08-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\MAFWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Bo Mortensen\Desktop\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://stage.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.25.CAB
O16 - DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} (Windows Live Mesh Upload Tool) - https://www.mesh.com/0.9.4014.7/TSWeb.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8163 bytes

Synes godt om

johnstigers Seniormester

05. august 2009 - 20:27 #13

Husk at slå automatiske opdateringer til :)

Synes godt om

bmdk Nybegynder

05. august 2009 - 21:38 #14

Jep det skulle de være :)

Synes godt om

Computer Hjælp (Gratis) Mester

05. august 2009 - 22:00 #15

Hvordan kører putteren så nu ?

Generelt afinstall
* Bonjour-tjeneste (Bonjour Service)
* iPod-tjeneste (iPod Service)

(Behøver ikke at fylde op / bruger resourser...)

Synes godt om

bmdk Nybegynder

05. august 2009 - 22:20 #16

den kører faktisk ret fedt ja! Ingen problemer overhovedet :) Så I skal have mange tak begge to!

Afinstallerer lige de to der så.

Ved ikke med point fordeling, hvem skal have hvad? :)

Synes godt om

Computer Hjælp (Gratis) Mester

05. august 2009 - 22:28 #17

http://www.eksperten.dk/faq#faq-3-4

Synes godt om

Computer Hjælp (Gratis) Mester

05. august 2009 - 22:30 #18

Der er ikke mere 'snavs' ifølge din Log...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

PS: Ta' også en oprydning med nævnte CCleaner...

Synes godt om

bmdk Nybegynder

05. august 2009 - 22:42 #19

Oki, jeg takker mange gange :) det vil jeg lige gøre så!

Jeg tænkte mere på fordelingen af point - vil du også have point, b-and, eller? :)

Synes godt om

b-and Novice

06. august 2009 - 18:06 #20

Jeg er helt ligeglad - køb du en is for dem... *SS*

Synes godt om

b-and Novice

06. august 2009 - 18:39 #21

Men jeg er nu ikke helt sikker på du er ren, så jeg har bedt om en alternativ vurdering.

Vi kunne blive enige om at vi var usikre.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ •€|ù•A~ *]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

I og med at der har været Vundo på spil, kan det være hvad som helst.

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Unlock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ •€|ù•A~ *]

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Synes godt om

bmdk Nybegynder

06. august 2009 - 23:27 #22

Det vil jeg lige gøre :) takker!

Synes godt om

bmdk Nybegynder

06. august 2009 - 23:45 #23

ComboFix log:

ComboFix 09-08-04.02 - Bo Mortensen 06-08-2009 23:31.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1643 [GMT 2:00]
Running from: c:\documents and settings\Bo Mortensen\Desktop\combofix\ComboFix.exe
Command switches used :: c:\documents and settings\Bo Mortensen\Desktop\combofix\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090806-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 21:08 . 2009-08-06 21:08 -------- d-sh--w- c:\documents and settings\Bo Mortensen\IECompatCache
2009-08-04 19:13 . 2009-08-04 19:13 -------- d-----w- c:\program files\Common Files\Skype
2009-08-04 19:13 . 2009-08-04 19:14 -------- d-----r- c:\program files\Skype
2009-08-04 14:25 . 2009-08-04 14:25 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Malwarebytes
2009-08-04 14:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 14:25 . 2009-08-04 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 14:25 . 2009-08-04 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 14:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 14:12 . 2009-08-04 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-08-04 13:59 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-04 13:59 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-04 13:59 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-04 13:59 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-04 13:59 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-04 13:59 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-04 13:59 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-04 13:59 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-04 13:58 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-04 13:29 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-04 13:28 . 2009-08-04 13:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\system32\scripting
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\system32\en
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\system32\bits
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\l2schemas
2009-08-04 13:17 . 2009-08-04 13:17 -------- d-----w- c:\windows\ServicePackFiles
2009-08-04 12:43 . 2009-07-19 16:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-04 12:43 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-04 12:43 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-04 12:43 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-04 12:43 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-04 12:43 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-04 12:41 . 2009-08-04 12:42 -------- dc-h--w- c:\windows\ie8
2009-08-03 23:32 . 2009-08-04 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-03 23:20 . 2009-08-03 23:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-02 13:49 . 2008-02-17 15:16 90112 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-08-02 13:49 . 2007-12-28 09:15 172032 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-08-02 13:49 . 2007-10-07 23:57 307200 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-08-02 12:50 . 2008-12-03 23:25 120832 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-07-30 19:40 . 2009-07-30 19:41 -------- d-----w- c:\program files\Dreamweaver
2009-07-30 05:51 . 2009-07-30 05:51 -------- d-----w- c:\program files\IDM Computer Solutions
2009-07-30 05:51 . 2009-07-30 05:51 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\IDMComp
2009-07-30 05:45 . 2009-07-30 05:46 -------- d-----w- C:\wamp
2009-07-30 00:11 . 2009-03-16 22:04 26624 ----a-w- c:\windows\system32\VNCpm.dll
2009-07-30 00:10 . 2009-03-16 22:04 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2009-07-30 00:10 . 2009-03-16 22:04 20992 ----a-w- c:\windows\system32\vncmirror.dll
2009-07-30 00:10 . 2009-07-30 00:10 -------- d-----w- c:\program files\RealVNC
2009-07-29 23:53 . 2009-07-29 23:59 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\TeamViewer
2009-07-29 23:53 . 2009-07-29 23:53 -------- d-----w- c:\program files\TeamViewer
2009-07-29 23:52 . 2009-07-29 23:52 -------- d-----w- c:\documents and settings\Bo Mortensen\temp
2009-07-28 21:28 . 2009-07-28 21:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-28 21:27 . 2009-07-28 21:27 152576 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-18 19:31 . 2009-08-03 19:36 -------- d-----w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Temp
2009-07-18 19:31 . 2009-07-18 19:31 -------- d-----w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google
2009-07-18 19:31 . 2009-07-18 19:31 -------- d-----w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Deployment
2009-07-15 23:05 . 2009-03-19 08:42 217088 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\NPDyyno@dyyno.com\Plugins\npDyyno.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 21:38 . 2008-05-24 08:58 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Skype
2009-08-06 21:06 . 2008-05-24 08:58 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\skypePM
2009-08-05 00:07 . 2008-05-11 11:43 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\uTorrent
2009-08-04 21:54 . 2008-05-10 10:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-04 19:15 . 2008-05-10 02:36 71936 ----a-w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-04 19:13 . 2008-05-24 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-04 14:17 . 2008-05-11 12:43 -------- d-----w- c:\program files\REAPER
2009-08-04 14:17 . 2008-05-11 12:49 -------- d-----w- c:\program files\VstPlugins
2009-08-04 14:17 . 2008-10-23 14:17 -------- d-----w- c:\program files\Native Instruments
2009-08-04 14:15 . 2009-05-15 19:34 -------- d-----w- c:\program files\Bonjour
2009-08-04 14:15 . 2009-05-15 19:32 -------- d-----w- c:\program files\Common Files\Apple
2009-08-04 14:14 . 2008-05-10 02:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 14:12 . 2008-06-20 11:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-04 14:11 . 2008-06-14 20:33 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-08-04 13:58 . 2008-06-21 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-04 13:48 . 2008-11-22 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-04 13:45 . 2008-11-22 12:28 -------- d-----w- c:\program files\Microsoft Works
2009-08-04 13:22 . 2008-05-10 07:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-03 22:00 . 2008-06-20 18:29 -------- d-----w- c:\program files\CCleaner
2009-07-31 20:18 . 2009-02-26 00:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 14:28 . 2008-12-19 23:58 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Digidesign
2009-07-29 00:48 . 2008-11-26 19:22 18368 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-07-29 00:48 . 2008-11-26 19:22 2106720 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-07-29 00:46 . 2008-11-26 19:15 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-28 21:27 . 2008-05-16 21:09 -------- d-----w- c:\program files\Java
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 13:12 . 2009-07-01 13:07 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Propellerhead Software
2009-07-01 13:07 . 2009-07-01 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-07-01 13:06 . 2009-07-01 13:06 -------- d-----w- c:\program files\Propellerhead
2009-06-17 21:31 . 2009-06-10 07:24 -------- d-----w- c:\program files\MasterWriter 2.0
2009-06-16 17:47 . 2009-06-13 12:56 16 ----a-w- c:\windows\msocreg32.dat
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 12:56 . 2009-06-13 12:56 -------- d-----w- c:\program files\IK Multimedia
2009-06-12 19:19 . 2009-06-12 19:19 -------- d-----w- c:\program files\NETGEAR
2009-06-12 19:19 . 2008-05-10 02:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 15:39 . 2009-05-28 15:39 82944 ----a-w- c:\windows\system32\usbkt1x1.dll
2009-05-28 15:39 . 2009-05-28 15:39 22304 ----a-w- c:\windows\system32\drivers\usbkt1x1.sys
2009-05-28 15:39 . 2009-05-28 15:39 13504 ----a-w- c:\windows\system32\drivers\uks11ldr.sys
2009-05-28 15:39 . 2008-06-14 19:29 724992 ----a-w- c:\windows\iun6002.exe
2009-05-18 18:36 . 2009-05-14 17:48 334912 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-05-18 18:36 . 2009-05-14 17:48 171072 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-05-18 18:02 . 2008-05-10 16:25 138944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-18 18:02 . 2008-05-10 16:25 189784 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-18 18:02 . 2009-05-14 17:48 874660 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-05-18 18:02 . 2009-05-14 17:48 57344 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-05-18 18:02 . 2009-05-14 17:48 479232 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbsv.dll
2009-05-18 18:02 . 2009-05-14 17:48 2669632 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-05-15 13:45 . 2009-05-14 17:48 441408 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2009-05-14 18:21 . 2008-05-10 16:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-14 17:48 . 2009-05-14 17:48 874660 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbcls.dll
2009-05-14 17:48 . 2009-05-14 17:48 57344 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbags.dll
2009-05-14 17:43 . 2008-05-10 16:25 22328 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\PnkBstrK.sys
2009-05-14 17:43 . 2008-05-10 16:25 22328 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\PnkBstrK.sys
2009-05-14 17:43 . 2009-05-14 17:41 2246144 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-04 22:43 . 2009-05-15 13:31 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2005-09-20 155648]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13508608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-27 413696]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v3 Wireless Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk
backup=c:\windows\pss\NETGEAR WG311v3 Wireless Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bo Mortensen^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Bo Mortensen\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"e:\\Games\\Steam\\SteamApps\\kvazr\\day of defeat\\hl.exe"=
"f:\\Games\\UO\\client.exe"=
"f:\\IRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\mIRC\\mirc.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Games\\COD4_old\\iw3mp.exe"=
"c:\\Documents and Settings\\Bo Mortensen\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Steam\\SteamApps\\kvazr\\counter-strike\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MasterWriter 2.0\\jre\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [20-12-2008 01:50 16384]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04-08-2009 15:59 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [01-02-2008 17:24 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04-08-2009 15:59 20560]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [10-04-2007 04:21 12160]
R3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [28-05-2009 17:39 22304]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [28-05-2009 17:39 13504]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [04-09-2007 17:53 55664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1220945662-839522115-1003Core.job
- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-18 19:31]

2009-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1220945662-839522115-1003UA.job
- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-18 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://stage.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.25.CAB
DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} - hxxps://www.mesh.com/0.9.4014.7/TSWeb.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\
FF - component: c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 23:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-06 23:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 21:43
ComboFix2.txt 2009-08-04 22:05

Pre-Run: 4.312.080.384 bytes free
Post-Run: 4.463.726.592 bytes free

322 --- E O F --- 2009-08-04 13:31

Synes godt om

fromsej Praktikant

07. august 2009 - 19:20 #24

Det er så mig der er "alternativ". ;-)

Desværre har min hukommelse snydt mig, så du fik en forkert kommando, vi prøver en gang til.

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Reglock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ •€|ù•A~ *]

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Synes godt om

bmdk Nybegynder

09. august 2009 - 21:08 #25

fromsej, beklager ventetiden - har ikke været hjemme hele weekenden :)

Jeg prøver lige en combofix mere og smider en log til dig så, hehe.

Synes godt om

bmdk Nybegynder

09. august 2009 - 21:29 #26

.. og her var loggen :)

ComboFix 09-08-04.02 - Bo Mortensen 09-08-2009 21:10.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1624 [GMT 2:00]
Running from: c:\documents and settings\Bo Mortensen\Desktop\combofix\ComboFix.exe
Command switches used :: c:\documents and settings\Bo Mortensen\Desktop\combofix\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090808-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 09:14 . 2009-08-09 11:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-06 21:08 . 2009-08-06 21:08 -------- d-sh--w- c:\documents and settings\Bo Mortensen\IECompatCache
2009-08-04 19:13 . 2009-08-04 19:13 -------- d-----w- c:\program files\Common Files\Skype
2009-08-04 19:13 . 2009-08-04 19:14 -------- d-----r- c:\program files\Skype
2009-08-04 14:25 . 2009-08-04 14:25 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Malwarebytes
2009-08-04 14:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 14:25 . 2009-08-04 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 14:25 . 2009-08-04 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 14:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 14:12 . 2009-08-04 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-08-04 13:59 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-04 13:59 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-04 13:59 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-04 13:59 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-04 13:59 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-04 13:59 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-04 13:59 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-04 13:59 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-04 13:58 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-04 13:29 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-04 13:28 . 2009-08-04 13:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\system32\scripting
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\system32\en
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\system32\bits
2009-08-04 13:20 . 2009-08-04 13:20 -------- d-----w- c:\windows\l2schemas
2009-08-04 13:17 . 2009-08-04 13:17 -------- d-----w- c:\windows\ServicePackFiles
2009-08-04 12:43 . 2009-07-19 16:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-04 12:43 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-04 12:43 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-04 12:43 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-04 12:43 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-04 12:43 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-04 12:41 . 2009-08-04 12:42 -------- dc-h--w- c:\windows\ie8
2009-08-03 23:32 . 2009-08-04 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-03 23:20 . 2009-08-03 23:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-02 13:49 . 2008-02-17 15:16 90112 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-08-02 13:49 . 2007-12-28 09:15 172032 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-08-02 13:49 . 2007-10-07 23:57 307200 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-08-02 12:50 . 2008-12-03 23:25 120832 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-07-30 19:40 . 2009-07-30 19:41 -------- d-----w- c:\program files\Dreamweaver
2009-07-30 05:51 . 2009-07-30 05:51 -------- d-----w- c:\program files\IDM Computer Solutions
2009-07-30 05:51 . 2009-07-30 05:51 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\IDMComp
2009-07-30 05:45 . 2009-07-30 05:46 -------- d-----w- C:\wamp
2009-07-30 00:11 . 2009-03-16 22:04 26624 ----a-w- c:\windows\system32\VNCpm.dll
2009-07-30 00:10 . 2009-03-16 22:04 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2009-07-30 00:10 . 2009-03-16 22:04 20992 ----a-w- c:\windows\system32\vncmirror.dll
2009-07-30 00:10 . 2009-07-30 00:10 -------- d-----w- c:\program files\RealVNC
2009-07-29 23:53 . 2009-07-29 23:59 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\TeamViewer
2009-07-29 23:53 . 2009-07-29 23:53 -------- d-----w- c:\program files\TeamViewer
2009-07-29 23:52 . 2009-07-29 23:52 -------- d-----w- c:\documents and settings\Bo Mortensen\temp
2009-07-28 21:28 . 2009-07-28 21:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-28 21:27 . 2009-07-28 21:27 152576 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-18 19:31 . 2009-08-03 19:36 -------- d-----w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Temp
2009-07-18 19:31 . 2009-07-18 19:31 -------- d-----w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google
2009-07-18 19:31 . 2009-07-18 19:31 -------- d-----w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Deployment
2009-07-15 23:05 . 2009-03-19 08:42 217088 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\NPDyyno@dyyno.com\Plugins\npDyyno.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 19:00 . 2008-05-24 08:58 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Skype
2009-08-09 18:41 . 2008-05-24 08:58 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\skypePM
2009-08-08 16:12 . 2008-05-11 11:43 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\uTorrent
2009-08-08 15:18 . 2009-06-13 12:56 32 ----a-w- c:\windows\msocreg32.dat
2009-08-08 15:05 . 2008-05-11 12:49 -------- d-----w- c:\program files\VstPlugins
2009-08-08 15:05 . 2008-05-10 02:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 15:04 . 2009-06-13 12:56 -------- d-----w- c:\program files\IK Multimedia
2009-08-08 01:13 . 2008-05-10 10:55 -------- d-----w- c:\program files\Common Files\Adobe-BackupByDreamweaverPortable
2009-08-04 19:15 . 2008-05-10 02:36 71936 ----a-w- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-04 19:13 . 2008-05-24 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-04 14:17 . 2008-05-11 12:43 -------- d-----w- c:\program files\REAPER
2009-08-04 14:17 . 2008-10-23 14:17 -------- d-----w- c:\program files\Native Instruments
2009-08-04 14:15 . 2009-05-15 19:34 -------- d-----w- c:\program files\Bonjour
2009-08-04 14:15 . 2009-05-15 19:32 -------- d-----w- c:\program files\Common Files\Apple
2009-08-04 14:12 . 2008-06-20 11:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-04 14:11 . 2008-06-14 20:33 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-08-04 13:58 . 2008-06-21 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-04 13:48 . 2008-11-22 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-04 13:45 . 2008-11-22 12:28 -------- d-----w- c:\program files\Microsoft Works
2009-08-04 13:22 . 2008-05-10 07:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-03 22:00 . 2008-06-20 18:29 -------- d-----w- c:\program files\CCleaner
2009-07-31 20:18 . 2009-02-26 00:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 14:28 . 2008-12-19 23:58 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Digidesign
2009-07-29 00:48 . 2008-11-26 19:22 18368 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-07-29 00:48 . 2008-11-26 19:22 2106720 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-07-29 00:46 . 2008-11-26 19:15 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-28 21:27 . 2008-05-16 21:09 -------- d-----w- c:\program files\Java
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 13:12 . 2009-07-01 13:07 -------- d-----w- c:\documents and settings\Bo Mortensen\Application Data\Propellerhead Software
2009-07-01 13:07 . 2009-07-01 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-07-01 13:06 . 2009-07-01 13:06 -------- d-----w- c:\program files\Propellerhead
2009-06-17 21:31 . 2009-06-10 07:24 -------- d-----w- c:\program files\MasterWriter 2.0
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 19:19 . 2009-06-12 19:19 -------- d-----w- c:\program files\NETGEAR
2009-06-12 19:19 . 2008-05-10 02:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 15:39 . 2009-05-28 15:39 82944 ----a-w- c:\windows\system32\usbkt1x1.dll
2009-05-28 15:39 . 2009-05-28 15:39 22304 ----a-w- c:\windows\system32\drivers\usbkt1x1.sys
2009-05-28 15:39 . 2009-05-28 15:39 13504 ----a-w- c:\windows\system32\drivers\uks11ldr.sys
2009-05-28 15:39 . 2008-06-14 19:29 724992 ----a-w- c:\windows\iun6002.exe
2009-05-18 18:36 . 2009-05-14 17:48 334912 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-05-18 18:36 . 2009-05-14 17:48 171072 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-05-18 18:02 . 2008-05-10 16:25 138944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-18 18:02 . 2008-05-10 16:25 189784 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-18 18:02 . 2009-05-14 17:48 874660 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-05-18 18:02 . 2009-05-14 17:48 57344 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-05-18 18:02 . 2009-05-14 17:48 479232 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbsv.dll
2009-05-18 18:02 . 2009-05-14 17:48 2669632 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-05-15 13:45 . 2009-05-14 17:48 441408 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2009-05-14 18:21 . 2008-05-10 16:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-14 17:48 . 2009-05-14 17:48 874660 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbcls.dll
2009-05-14 17:48 . 2009-05-14 17:48 57344 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\id Software\quakelive\home\pb\pbags.dll
2009-05-14 17:43 . 2008-05-10 16:25 22328 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\PnkBstrK.sys
2009-05-14 17:43 . 2008-05-10 16:25 22328 ----a-w- c:\documents and settings\Bo Mortensen\Application Data\PnkBstrK.sys
2009-05-14 17:43 . 2009-05-14 17:41 2246144 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-04 22:43 . 2009-05-15 13:31 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2005-09-20 155648]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13508608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-27 413696]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v3 Wireless Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk
backup=c:\windows\pss\NETGEAR WG311v3 Wireless Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bo Mortensen^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Bo Mortensen\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"e:\\Games\\Steam\\SteamApps\\kvazr\\day of defeat\\hl.exe"=
"f:\\Games\\UO\\client.exe"=
"f:\\IRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\mIRC\\mirc.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Games\\COD4_old\\iw3mp.exe"=
"c:\\Documents and Settings\\Bo Mortensen\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Steam\\SteamApps\\kvazr\\counter-strike\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MasterWriter 2.0\\jre\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Games\\wotlk\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [20-12-2008 01:50 16384]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04-08-2009 15:59 114768]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [01-02-2008 17:24 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04-08-2009 15:59 20560]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [10-04-2007 04:21 12160]
R3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [28-05-2009 17:39 22304]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [28-05-2009 17:39 13504]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [04-09-2007 17:53 55664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1220945662-839522115-1003Core.job
- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-18 19:31]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1220945662-839522115-1003UA.job
- c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-18 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://stage.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.25.CAB
DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} - hxxps://www.mesh.com/0.9.4014.7/TSWeb.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\
FF - component: c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Bo Mortensen\Application Data\Mozilla\Firefox\Profiles\0x3f14f4.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\Bo Mortensen\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 21:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-08-09 21:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-09 19:23
ComboFix2.txt 2009-08-06 21:43
ComboFix3.txt 2009-08-04 22:05

Pre-Run: 4.291.026.944 bytes free
Post-Run: 4.879.323.136 bytes free

330 --- E O F --- 2009-08-04 13:31

Synes godt om

fromsej Praktikant

10. august 2009 - 07:53 #27

Jeg har læst lidt op på den "Locked registry key" og har ikke fundet noget mistænkeligt på den.
Så lad den hvile i fred, der er ikke mere at komme efter.

Synes godt om

bmdk Nybegynder

10. august 2009 - 14:04 #28

Det lyder jo bare godt! Comp'en kører også rigtig godt nu synes jeg :)

Vil du ikke have nogle point, som tak for hjælpen?

Synes godt om

fromsej Praktikant

10. august 2009 - 15:13 #29

Nej, fred være med det. :-)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

10:45

AI er blevet forretningskritisk: Her er de fem skift, der definerer 2026

26/12

Nørgaard: Jeg har sparet MANGE penge for jer

24/12

AI-lab #17: Jeg mistede en af mine AI-superkræfter – men fandt en endnu stærkere en midt i juletravlheden

23/12

Dansk pensionskæmpe køber op i hemmelighedsfuld it-komet fra Aalborg

23/12

Vil publicere millioner af hackede sange fra Spotify: Enhver vil kunne lave sin egen version af musiktjenesten, advarer eksperter

23/12

Hackerangreb rammer dansk a-kasse med 86.000 medlemmer: Cpr-numre og personlige oplysninger i fare for misbrug

23/12

Fransk postvæsen ramt af omfattende cyberangreb midt i juleræset

23/12

Investeringerne i datacentre slår alle rekorder - så mange milliarder bruges der i år

23/12

Flygiganten Airbus vil flytte sin kritiske it-systemer til en suveræn europæisk cloud: På vej med stort udbud

23/12

Vil du have fuldt udbytte af AI, så skal du lære dette nye begreb

23/12

Film: Too rich to care

Vis flere artikler

IT-JOB

Region Midtjylland

Forretningsarkitekt der vil forme fremtidens digitale sundhedsvæsen

Rambøll Management Consulting

Senior Software Engineer

Everllence

Python & AI Developer - Engine Lifecycle Management

Capgemini Danmark A/S

Experienced SAP S/4HANA consultant - Financial accounting

PensionDanmark

Scrum Master

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 19:21	Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
I dag 11:31	TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
I går 13:05	Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
23/1221:36	Gøre Ikonerne lidt større i proceslinjen (Windows 10) Af Ikke-ekspert i Windows
23/1218:05	Glemt kodeord til BitLocker Af valby i Windows

White papers

Revolutionér kundeoplevelsen med AI og automatisering
Sabio
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
Sabio
Er I klar til at tage næste skridt på den digitale retailrejse?
TDC Erhverv

Flere white papers »