ruffe66 Nybegynder
06. februar 2010 - 09:44 Der er 7 kommentarer og
1 løsning

Tjek venligst denne log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:32, on 06-02-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\msa.exe
C:\Users\ruffe66\AppData\Local\Temp\Nhx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
E:\Download\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kvikstart.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\Users\ruffe66\AppData\Local\Temp\Nhx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7126 bytes
f-arn Seniormester
06. februar 2010 - 09:51 #1
Afinstaller uTorrent

------

Hent og installér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Den bør du sige nej til.
Lad programmer foretage en oprydning.

http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

------

Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe
Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Fuldstændig systemskan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og gem loggen på skrivebordet.

Hent og installer denne scanner:
http://kortlink.dk/7bgk

Start superantispyware, klik på Check for updates, når det er opdateret skal du lade det skanne din computer
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start så superantispyware, klik på preferences, statistics/logs, view log. Indholdet af denne log må du gerne kopiere herind, sammen med loggen fra Malwarebytes og en log fra fra DDS som du finder her:

http://download.bleepingcomputer.com/sUBs/dds.scr

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

Mht.: Vista og Windows7- Højreklik på filen - Kør som Administrator.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet.

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.
ruffe66 Nybegynder
06. februar 2010 - 12:40 #2
Hej igen
Jeg håber det er gjort korrekt......Der er ialt 4 logs


Malwarebytes' Anti-Malware 1.44
Database version: 3697
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06-02-2010 11:55:00
mbam-log-2010-02-06 (11-55-00).txt

Skan type: Fuldstændig skanning (C:\|E:\|)
Objekter skannet: 240178
Tid tilbagelagt: 53 minute(s), 59 second(s)

Inficerede Hukommelses Processer: 1
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 4
Inficerede Registeringsdatabase Værdier: 2
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 6

Inficerede Hukommelses Processer:
C:\Windows\msa.exe (Trojan.Agent) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f5jmwnzthi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Program Files\WinZip\Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Download\Clone DVD 2.9.1.0 & Clone CD 5.3.0.1\CloneDVD 2.9.1.0 Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/06/2010 at 12:24 PM

Application Version : 4.33.1000

Core Rules Database Version : 4561
Trace Rules Database Version: 2373

Scan type      : Quick Scan
Total Scan Time : 00:18:26

Memory items scanned      : 646
Memory threats detected  : 1
Registry items scanned    : 540
Registry threats detected : 0
File items scanned        : 17716
File threats detected    : 37

Trojan.Agent/Gen-SSHNas[FakeAlert]
    C:\WINDOWS\SYSTEM32\SSHNAS21.DLL
    C:\WINDOWS\SYSTEM32\SSHNAS21.DLL

Adware.Tracking Cookie
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@kontera[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@tradedoubler[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@adviva[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@eas.apm.emediate[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@fastclick[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@bs.serving-sys[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@teliasonera.112.2o7[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@apmebf[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@serving-sys[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@mediaplex[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@adbrite[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@track.adform[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@eas4.emediate[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@pro-market[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@ad.yieldmanager[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@bluestreak[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@adserver3.openadex[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@media6degrees[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@d2.zedo[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@zedo[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@ads.gamersmedia[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@ad1.emediate[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@adserver.adtechus[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@ehg-linksys.hitbox[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@yadro[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@elkjop.112.2o7[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@valueclick[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@specificclick[2].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@eboks.112.2o7[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@content.yieldmanager[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@mmedia.t134[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@adtech[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@content.yieldmanager[3].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@hitbox[1].txt
    C:\Users\ruffe66\AppData\Roaming\Microsoft\Windows\Cookies\ruffe66@doubleclick[1].txt

Trojan.Agent/Gen-HackPatch
    E:\DOWNLOAD\GOOGLE EARTH PRO 4.2\GOOGLE EARTH PRO 4.2 LOGO REMOVER.EXE








DDS (Ver_09-12-01.01) - NTFSx86 
Run by ruffe66 at 12:33:43,91 on 06-02-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.45.1030.18.2942.2069 [GMT 1:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Users\ruffe66\AppData\Local\Temp\Nhx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ruffe66\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 30-01-2010 11:29:21
System Uptime: 02-06-2010 12:25:18 (-2784 hours ago)

Motherboard: Acer            |  | JM70PU                       
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket S1G2 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 456 GiB total, 419,059 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP24: 03-02-2010 20:05:43 - Advanced System Optimizer - First Install
RP25: 04-02-2010 21:57:49 - Windows Update
RP27: 05-02-2010 09:45:35 - Avg8 Update
RP28: 06-02-2010 12:02:15 - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
ACDSee 10 Photo Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3 - Dansk
Any Video Converter Professional 2.7.8
Ashampoo WinOptimizer 6.50
AVG 9.0
Boris Graffiti
CCleaner
CyberLink PowerDVD 8
Digital Signatur
Dream Aquarium 1.234
DVD Shrink 3.2
DVDFab 6.2.0.5 (11/11/2009)
Easy DVD/CD Burner
Free Mp3 Wma Converter V 1.9
Full Tilt Poker
Google Earth
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.27022)
Hauppauge WinTV Infrared Remote
HijackThis 2.0.2
ImgBurn
IncrediMail
IncrediMail 2.0
IsoBuster 2.5
IsoBuster Toolbar
Java Auto Updater
Java(TM) 6 Update 18
Magic Bullet Looks Studio
MailWasher Pro
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (Danish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Groove MUI (Danish) 2007
Microsoft Office InfoPath MUI (Danish) 2007
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Publisher MUI (Danish) 2007
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Opdatering til Microsoft Office Excel 2007 Help (KB963678)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669)
Opdatering til Microsoft Office Word 2007 Help (KB963665)
Pacific Poker
PhotoMail Maker
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video-driver
proDAD Vitascene 1.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ 4.1
SopCast 3.2.4
Stream Torrent 1.0
SUPERAntiSpyware Free Edition
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Total Commander (Remove or Repair)
TVUPlayer 2.4.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb977839)
WinAVI Video Converter
WinRAR arkivering
WinZip 11.2

==== End Of File ===========================
f-arn Seniormester
06. februar 2010 - 12:52 #3
Vil du godt køre DDS igen og kopiere hele DDS.txt herind. Jeg er ikke interesseret i Attach.txt
ruffe66 Nybegynder
06. februar 2010 - 13:04 #4
DDS (Ver_09-12-01.01) - NTFSx86 
Run by ruffe66 at 13:02:25,62 on 06-02-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.45.1030.18.2942.2014 [GMT 1:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Users\ruffe66\AppData\Local\Temp\Nhx.exe
C:\Download\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.kvikstart.dk/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - No File
uRun: [Device Detector] DevDetect.exe -autorun
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [F5JMWNZTHI] c:\users\ruffe66\appdata\local\temp\Nhx.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autostart ir.lnk - c:\program files\wintv\Ir.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ruffe66\appdata\roaming\mozilla\firefox\profiles\kfsbvw3j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kvikstart.dk/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-1-30 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-30 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-30 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-30 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-8-8 41456]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-30 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-30 285392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-2-3 406016]
S3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\drivers\hcw66xxx.sys [2010-2-5 673664]

=============== Created Last 30 ================

2010-02-06 11:02:45    0    d-----w-    c:\programdata\SUPERAntiSpyware.com
2010-02-06 11:02:32    0    d-----w-    c:\users\ruffe66\appdata\roaming\SUPERAntiSpyware.com
2010-02-06 11:02:32    0    d-----w-    c:\program files\SUPERAntiSpyware
2010-02-06 11:01:56    0    d-----w-    c:\program files\common files\Wise Installation Wizard
2010-02-06 09:11:04    0    d-----w-    c:\users\ruffe66\appdata\roaming\Malwarebytes
2010-02-06 09:11:00    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-06 09:10:59    0    d-----w-    c:\programdata\Malwarebytes
2010-02-06 09:10:58    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-02-06 09:10:58    0    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-02-06 09:00:37    0    d-----w-    c:\program files\CCleaner
2010-02-06 08:48:49    401720    ----a-w-    C:\HiJackThis.exe
2010-02-05 19:39:35    0    d-----w-    c:\windows\system32\Hauppauge
2010-02-05 19:39:17    303160    ------w-    c:\windows\system32\hcwpnp32_priv.dll
2010-02-05 19:04:57    36921    ------w-    c:\windows\system32\hcwutl32_priv.dll
2010-02-05 18:54:32    33865    ----a-w-    c:\windows\Irremote.ini
2010-02-05 18:54:27    0    d-----w-    c:\program files\WinTV
2010-02-05 18:53:44    36921    ----a-w-    c:\windows\system32\hcwutl32.dll
2010-02-05 18:53:44    307256    ----a-w-    c:\windows\system32\hcwpnp32.dll
2010-02-05 18:53:44    106552    ----a-w-    c:\windows\system32\hcwi2c32.dll
2010-02-05 18:53:18    4738    ----a-w-    c:\windows\HCWPNP.INI
2010-02-05 18:51:47    96256    ----a-w-    c:\windows\system32\hcwCP.ax
2010-02-05 18:51:47    673664    ----a-w-    c:\windows\system32\drivers\hcw66xxx.sys
2010-02-05 18:18:06    0    d-----w-    c:\program files\B2BPOKER
2010-02-05 17:24:57    0    d-----w-    c:\program files\FireTrust
2010-02-05 14:32:45    3    --sha-r-    C:\win7ldr
2010-02-05 14:32:45    3    ----a-w-    c:\windows\7Loader.TAG
2010-02-05 14:32:45    203316    --sha-r-    C:\grldr
2010-02-04 20:58:16    0    d-----w-    c:\program files\MSXML 4.0
2010-02-03 19:11:43    28160    ----a-w-    c:\windows\system32\DfSdkBt.exe
2010-02-03 19:05:21    0    d-----w-    c:\windows\Repair
2010-02-03 19:05:20    0    d-----w-    c:\users\ruffe66\appdata\roaming\Systweak
2010-02-03 19:05:08    0    d-----w-    c:\programdata\MyDefrag
2010-02-03 19:05:00    0    d-----w-    c:\program files\Advanced System Optimizer 3
2010-02-03 18:36:14    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2010-02-03 16:56:28    0    d-----w-    c:\users\ruffe66\appdata\roaming\proDAD
2010-02-03 16:56:24    0    d-----w-    c:\program files\proDAD
2010-02-03 16:56:22    90112    ----a-w-    c:\windows\unvise32.exe
2010-02-03 16:56:20    0    d-----w-    c:\program files\LooksBuilderSE
2010-02-03 16:55:53    69632    ----a-w-    c:\windows\system32\MtxPreview.dll
2010-02-03 16:55:53    49152    ----a-w-    c:\windows\system32\MtxParhBFXPreview.dll
2010-02-03 16:55:53    49152    ----a-w-    c:\windows\system32\CvoAPI.dll
2010-02-03 16:55:53    45056    ----a-w-    c:\windows\system32\BFXSrcFilter.ax
2010-02-03 16:55:53    237568    ----a-r-    c:\windows\system32\qtmlClient.dll
2010-02-03 16:55:53    0    ----a-w-    c:\windows\Graffiti5.2Pin.ini
2010-02-03 16:55:32    0    d-----w-    c:\program files\Boris FX, Inc
2010-02-03 16:52:56    0    d-----w-    c:\program files\common files\Pinnacle
2010-02-03 16:52:22    0    d-----w-    c:\programdata\Pinnacle Studio Ultimate
2010-02-03 16:48:51    0    d-----w-    c:\programdata\Studio 12
2010-02-03 16:48:51    0    d-----w-    c:\programdata\Pinnacle Studio Plus
2010-02-03 16:48:51    0    d-----w-    c:\program files\Pinnacle
2010-02-03 16:48:51    0    d-----w-    c:\program files\common files\Yahoo!
2010-02-03 16:44:54    0    d-----w-    c:\programdata\Pinnacle
2010-02-02 17:56:13    0    d-----w-    c:\program files\SopCast
2010-02-01 14:36:36    0    d-----w-    c:\users\ruffe66\appdata\roaming\Dream Aquarium
2010-02-01 14:36:24    0    d-----w-    c:\program files\Dream Aquarium
2010-01-31 20:59:39    0    ----a-w-    c:\users\ruffe66\temp.dat
2010-01-31 20:59:38    0    d-----w-    c:\users\ruffe66\.oces
2010-01-31 18:40:37    0    d-----w-    C:\Dokumenter
2010-01-31 17:04:39    0    d-----w-    c:\program files\Full Tilt Poker
2010-01-31 16:58:38    0    d-----w-    c:\users\ruffe66\appdata\roaming\PacificPoker
2010-01-31 16:57:03    0    d-----w-    c:\program files\PacificPoker
2010-01-31 15:55:30    0    d-----w-    c:\programdata\TVU Networks
2010-01-31 15:20:19    0    d-----w-    c:\users\ruffe66\appdata\roaming\TomTom
2010-01-31 15:20:08    0    d-----w-    c:\program files\TomTom International B.V
2010-01-31 15:19:59    0    d-----w-    c:\program files\TomTom HOME 2
2010-01-31 11:08:13    0    d-----r-    c:\program files\Skype
2010-01-31 11:08:11    0    d-----w-    c:\programdata\Skype
2010-01-31 10:53:01    0    d-----w-    c:\program files\WinAVI Video Converter
2010-01-31 10:46:19    0    d-----w-    c:\programdata\WinZip
2010-01-31 10:42:42    0    d-----w-    c:\program files\Conduit
2010-01-31 10:38:32    0    d-----w-    c:\program files\IsoBuster
2010-01-31 10:32:48    0    d-----w-    c:\users\ruffe66\appdata\roaming\StreamTorrent
2010-01-31 10:32:47    0    d-----w-    c:\program files\StreamTorrent 1.0
2010-01-31 10:31:00    0    d-----w-    c:\program files\Ant Creation
2010-01-31 10:30:26    0    d-----w-    c:\users\ruffe66\appdata\roaming\FreeAudioPack
2010-01-31 10:30:26    0    d-----w-    c:\program files\Free Audio Pack
2010-01-31 10:26:12    0    d-----w-    c:\program files\TVUPlayer
2010-01-31 09:36:59    0    d-----w-    C:\Driver
2010-01-31 09:29:19    87608    ----a-w-    c:\users\ruffe66\appdata\roaming\inst.exe
2010-01-31 09:29:19    47360    ----a-w-    c:\windows\system32\drivers\pcouffin.sys
2010-01-31 09:29:19    47360    ----a-w-    c:\users\ruffe66\appdata\roaming\pcouffin.sys
2010-01-31 09:29:11    0    d-----w-    c:\program files\DVDFab 6
2010-01-31 08:43:27    0    d-----w-    c:\program files\Easy DVD CD Burner
2010-01-31 08:39:54    0    d-----w-    c:\programdata\DVD Shrink
2010-01-31 08:39:54    0    d-----w-    c:\program files\DVD Shrink
2010-01-31 08:36:10    0    d-----w-    C:\Download
2010-01-31 08:10:01    0    d-----w-    C:\Hauppauge
2010-01-31 08:00:39    0    d-----w-    c:\users\ruffe66\appdata\roaming\MailWasherPro
2010-01-31 05:41:59    257024    ----a-w-    c:\windows\system32\msv1_0.dll
2010-01-31 05:36:16    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-01-30 19:37:11    47691084    ----a-w-    C:\Windows 7 Bible (2009).pdf
2010-01-30 19:29:13    0    d-----w-    C:\WEBBANK
2010-01-30 19:25:15    0    d-----w-    c:\programdata\Sun
2010-01-30 19:24:58    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-01-30 19:17:57    0    d-----w-    c:\users\ruffe66\appdata\roaming\Cryptomathic
2010-01-30 19:12:26    11078    ----a-w-    C:\Jette.html
2010-01-30 19:12:26    11046    ----a-w-    C:\Keld.html
2010-01-30 17:22:50    0    d-----w-    c:\programdata\PhotoMail
2010-01-30 17:22:50    0    d-----w-    c:\program files\PhotoMail Maker
2010-01-30 17:21:25    0    d-----w-    c:\programdata\IncrediMail
2010-01-30 17:21:25    0    d-----w-    c:\programdata\IM
2010-01-30 17:21:25    0    d-----w-    c:\program files\IncrediMail
2010-01-30 17:17:47    0    dc-h--w-    c:\programdata\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2010-01-30 17:17:45    0    d-----w-    c:\program files\DanID
2010-01-30 17:13:28    0    d-----w-    c:\programdata\Temp
2010-01-30 17:07:59    0    d-----w-    c:\programdata\CyberLink
2010-01-30 17:07:41    0    d-----w-    c:\program files\common files\CyberLink
2010-01-30 17:06:45    505128    ----a-w-    c:\windows\system32\msvcp71.dll
2010-01-30 17:06:45    353576    ----a-w-    c:\windows\system32\msvcr71.dll
2010-01-30 17:06:45    29480    ----a-w-    c:\windows\system32\msxml3a.dll
2010-01-30 17:02:33    0    d-----w-    c:\program files\Ashampoo
2010-01-30 16:58:29    0    d-----w-    c:\users\ruffe66\appdata\roaming\Any Video Converter Professional
2010-01-30 16:58:26    0    d-----w-    c:\program files\Any Video Converter Professional
2010-01-30 16:33:38    0    d-----w-    c:\programdata\Office Genuine Advantage
2010-01-30 16:19:16    32656    ----a-w-    c:\windows\system32\msonpmon.dll
2010-01-30 16:17:19    0    d-----w-    c:\windows\PCHEALTH
2010-01-30 16:15:58    0    d-----w-    c:\program files\Microsoft Visual Studio 8
2010-01-30 16:15:19    0    d-----w-    c:\programdata\Microsoft Help
2010-01-30 14:06:06    0    d-----w-    c:\programdata\Adobe
2010-01-30 13:58:16    0    d-----w-    c:\programdata\ACD Systems
2010-01-30 13:58:11    0    d-----w-    c:\program files\common files\ACD Systems
2010-01-30 13:58:11    0    d-----w-    c:\program files\ACD Systems
2010-01-30 13:47:31    0    d-----w-    c:\program files\uTorrent
2010-01-30 12:43:35    0    d--h--w-    C:\$AVG
2010-01-30 12:43:34    360584    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2010-01-30 12:43:34    333192    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2010-01-30 12:43:34    161800    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2010-01-30 12:43:34    12464    ----a-w-    c:\windows\system32\avgrsstx.dll
2010-01-30 12:43:33    0    d-----w-    c:\windows\system32\drivers\Avg
2010-01-30 12:43:24    0    d-----w-    c:\programdata\AVG Security Toolbar
2010-01-30 12:43:15    0    d-----w-    c:\programdata\avg9
2010-01-30 12:43:15    0    d-----w-    c:\program files\AVG
2010-01-30 12:42:45    0    d-sh--w-    c:\windows\Installer
2010-01-30 12:37:15    560    ----a-w-    C:\4201211.usf
2010-01-30 12:37:15    501    ----a-w-    C:\77345620.key
2010-01-30 12:37:15    500    ----a-w-    C:\01620312.key
2010-01-30 12:36:39    0    d-----w-    C:\WinFamily
2010-01-30 12:36:14    0    d-----w-    C:\Windows 7 bible badbits
2010-01-30 12:35:30    0    d-----w-    C:\Slægtsforskning
2010-01-30 12:35:19    0    d-----w-    C:\Koder
2010-01-30 12:34:53    0    d-----w-    C:\Nordea
2010-01-30 12:33:12    0    d-----w-    C:\EikBank
2010-01-30 12:33:04    1240086    ----a-w-    c:\windows\system32\PerfStringBackup.INI
2010-01-30 12:32:27    0    d-----w-    c:\windows\system32\wbem\Performance
2010-01-30 12:31:28    545    ----a-w-    c:\windows\UC.PIF
2010-01-30 12:31:28    545    ----a-w-    c:\windows\RAR.PIF
2010-01-30 12:31:28    545    ----a-w-    c:\windows\PKZIP.PIF
2010-01-30 12:31:28    545    ----a-w-    c:\windows\PKUNZIP.PIF
2010-01-30 12:31:28    545    ----a-w-    c:\windows\NOCLOSE.PIF
2010-01-30 12:31:28    545    ----a-w-    c:\windows\LHA.PIF
2010-01-30 12:31:28    545    ----a-w-    c:\windows\ARJ.PIF
2010-01-30 12:31:28    0    d-----w-    c:\users\ruffe66\appdata\roaming\GHISLER
2010-01-30 12:31:28    0    d-----w-    C:\totalcmd
2010-01-30 12:30:39    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-30 10:29:18    0    d-sh--we    c:\programdata\Skrivebord
2010-01-30 10:29:18    0    d-sh--we    c:\programdata\Skabeloner
2010-01-30 10:29:18    0    d-sh--we    c:\programdata\Menuen Start
2010-01-30 10:29:18    0    d-sh--we    c:\programdata\Favoritter
2010-01-30 10:29:18    0    d-sh--we    c:\programdata\Dokumenter
2010-01-30 10:29:18    0    d-sh--we    c:\program files\Fælles filer
2010-01-30 10:23:05    0    ----a-w-    c:\windows\ativpsrm.bin
2010-01-30 10:20:38    0    d-----w-    c:\windows\Panther
2010-01-30 10:20:26    8192    --sha-r-    C:\BOOTSECT.BAK
2010-01-30 10:20:24    383562    --sha-r-    C:\bootmgr
2010-01-30 10:20:24    0    d-sh--w-    C:\Boot
2010-01-10 16:52:14    106496    ----a-w-    c:\windows\DreamAquarium.scr

==================== Find3M  ====================

2010-02-06 11:29:54    76742    ----a-w-    c:\windows\system32\perfc006.dat
2010-02-06 11:29:54    461276    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-19 09:02:55    977920    ----a-w-    c:\windows\system32\wininet.dll
2009-12-02 17:07:28    13250448    ----a-w-    c:\users\ruffe66\appdata\roaming\DVDFabSetup.exe
2009-07-14 08:37:57    39236    ----a-w-    c:\windows\inf\perflib\0406\perfd.dat
2009-07-14 08:37:57    39236    ----a-w-    c:\windows\inf\perflib\0406\perfc.dat
2009-07-14 08:37:57    306636    ----a-w-    c:\windows\inf\perflib\0406\perfi.dat
2009-07-14 08:37:57    306636    ----a-w-    c:\windows\inf\perflib\0406\perfh.dat
2009-07-14 04:41:57    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:02:45,17 ===============
f-arn Seniormester
06. februar 2010 - 14:09 #5
Find og upload nedenstående hos Jotti eller Virustotal:

c:\users\ruffe66\appdata\local\temp\Nhx.exe
c:\program files\wintv\Ir.exe
C:\grldrc:\windows\system32\sfcfiles.dll


http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Kopier resultatet herind
ruffe66 Nybegynder
06. februar 2010 - 15:04 #6
Jeg kan kun finde den ene fil. Min windows7 er dansk, har det nogen betydning i den måde du har skrevet de 2 andre filer?

File Ir.exe received on 2010.02.06 13:28:22 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 50 and 71 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:    
   
Antivirus     Version     Last Update     Result
a-squared    4.5.0.50    2010.02.06    -
AhnLab-V3    5.0.0.2    2010.02.06    -
AntiVir    7.9.1.158    2010.02.05    -
Antiy-AVL    2.0.3.7    2010.02.05    -
Authentium    5.2.0.5    2010.02.05    -
Avast    4.8.1351.0    2010.02.06    -
AVG    9.0.0.730    2010.02.06    -
BitDefender    7.2    2010.02.06    -
CAT-QuickHeal    10.00    2010.02.06    -
ClamAV    0.96.0.0-git    2010.02.06    -
Comodo    3841    2010.02.06    -
DrWeb    5.0.1.12222    2010.02.06    -
eSafe    7.0.17.0    2010.02.04    -
eTrust-Vet    35.2.7286    2010.02.05    -
F-Prot    4.5.1.85    2010.02.05    -
F-Secure    9.0.15370.0    2010.02.06    -
Fortinet    4.0.14.0    2010.02.06    -
GData    19    2010.02.06    -
Ikarus    T3.1.1.80.0    2010.02.06    -
Jiangmin    13.0.900    2010.02.06    -
K7AntiVirus    7.10.968    2010.02.06    -
Kaspersky    7.0.0.125    2010.02.06    -
McAfee    5883    2010.02.05    -
McAfee+Artemis    5883    2010.02.05    -
McAfee-GW-Edition    6.8.5    2010.02.06    -
Microsoft    1.5406    2010.02.06    -
NOD32    4841    2010.02.06    -
Norman    6.04.03    2010.02.06    -
nProtect    2009.1.8.0    2010.02.06    -
Panda    10.0.2.2    2010.02.05    -
PCTools    7.0.3.5    2010.02.06    -
Rising    22.33.05.04    2010.02.06    -
Sophos    4.50.0    2010.02.06    -
Sunbelt    3.2.1858.2    2010.02.06    -
TheHacker    6.5.1.0.181    2010.02.06    -
TrendMicro    9.120.0.1004    2010.02.06    -
VBA32    3.12.12.1    2010.02.05    -
ViRobot    2010.2.5.2174    2010.02.05    -
VirusBuster    5.0.21.0    2010.02.06    -
Additional information
File size: 117344 bytes
MD5...: fabc451394fdb77dd7135241de56ead9
SHA1..: 1ca0b89750752bb52662a19deb8680d6087eb827
SHA256: 8279ce6b4d9fc87ff94dd2f496373d97ac377c0df2c15362a82d5df2cae0497f
ssdeep: 1536:WBnJsPnRcy+21DaPmyHd290elQ2Hvo4tncmwz/yDLCPH:WxGyy+2cj92U2H
voKncmw+cH
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x79ae
timedatestamp.....: 0x4ac3bd04 (Wed Sep 30 20:18:12 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd2a4 0xe000 6.25 5007df991097fdc0dcb462827425bd2f
.rdata 0xf000 0x235e 0x3000 4.60 d8d992351b34681617ecacf79cda2f9d
.data 0x12000 0xa184 0x5000 2.02 3f706f619d34c6fc64f4301b635eafdc
.rsrc 0x1d000 0x3cc4 0x4000 3.62 bdb5a6fdc04fd26d1111d46ce9b0491f

( 5 imports )
> HCWUTL32.dll: -, -, -, -
> KERNEL32.dll: Sleep, lstrcpynA, FindNextFileA, FindClose, GetShortPathNameA, GetProcAddress, LoadLibraryA, GetWindowsDirectoryA, GetTickCount, SetThreadExecutionState, GetPrivateProfileStringA, GetLastError, GetCurrentThreadId, MultiByteToWideChar, lstrcpyA, GetVersion, FreeLibrary, SetErrorMode, FindFirstFileA, RaiseException, InterlockedExchange, LocalAlloc, SetConsoleCtrlHandler, ReadFile, SetEndOfFile, GetOEMCP, GetACP, HeapAlloc, HeapFree, RtlUnwind, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, ExitProcess, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, TerminateProcess, GetCurrentProcess, CloseHandle, WideCharToMultiByte, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, WriteFile, GetStringTypeA, GetStringTypeW, SetStdHandle, FlushFileBuffers, CreateFileA, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, SetFilePointer, GetCPInfo, LocalFree
> GDI32.dll: StretchBlt, SelectObject, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC
> SHELL32.dll: ShellExecuteA, Shell_NotifyIconA, SHAppBarMessage
> ole32.dll: CoUninitialize, CoInitialize, CoCreateInstance

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Hauppauge Computer Works
copyright....: Copyright (c) 1999-2009 Hauppauge Computer Works
product......: Hauppauge Computer Works IR
description..: IR
original name: IR.exe
internal name: IR32
file version.: 2.65.27223
comments.....:
signers......: Hauppauge Computer Works
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 2:36 PM 10/29/2009
verified.....: -
f-arn Seniormester
06. februar 2010 - 16:12 #7
Når man "leger" med sådan noget, lever man livet farligt:

E:\Download\Clone DVD 2.9.1.0 & Clone CD 5.3.0.1\CloneDVD 2.9.1.0 Keygen.exe

------

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Kopier det fremhævede ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

Killall::
Snapshot::
DDS::
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
TB: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - No File
uRun: [F5JMWNZTHI] c:\users\ruffe66\appdata\local\temp\Nhx.exe


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
ruffe66 Nybegynder
17. juli 2010 - 16:58 #8
Et forsinket tak
Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links

Opret Preview

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester





Premium
Coop ansætter ny digital direktør: Her er hans vigtigste opgave
Interview: Den danske supermarkedskoncern Coop skifter ud i topledelsen og ansætter Morten Viktor i en nyoprettet stilling som direktør for digital & e-commerce. "Min rolle bliver at få samlet hele det digitale kundemøde," fortæller han.
Computerworld
Stein Bagger gør comeback i ny branche: "De lignede et mafiahold, førte sig frem som nyrige og plaprede løs om urealistiske drømme"
Stein Bagger har skiftet navn og fører sig nu frem i store biler i en helt ny branche, skriver en dansk avis.
CIO
Podcast: Her er seks gode råd om ledelse og digitalisering fra danske top-CIO'er
The Digital Edge: Vi har talt med 17 af Danmarks dygtigste digitale ledere - og samlet deres seks bedste råd om digitalisering og ledelse. Få alle rådene på 26 minutter i denne episode af podcasten The Digital Edge.
Job & Karriere
Se Waoos forklaring: Derfor har selskabet fyret topchef Jørgen Stensgaard med omgående virkning
Waaos bestyrelse opsiger fiberselskabets topchef, Jørgen Stensgaard, der fratræder med omgående virkning. Se hele forklaringen fra Waao her.
White paper
Overser du muligheder for at optimere din Dynamics-investering?
Der er omfattende og ofte oversete muligheder for at understøtte centrale forretningsprocesser med Dynamics 365 Finance & Operations. For eksempel i form af fuld EDI-integration, som optimerer logistik og forsyning. Eller ved at automatisere håndteringen af konsignation eller centrale processer vedrørende elektronisk dokumentflow og dropshipping. Læs mere i dette whitepaper, der også går i dybden med fire konkrete cases.