Log fil til gennemsyn

Hej, vil du godt opdatere og køre malwarebytes igen, din database er rimlig forædlet ;)

Den er opdateret ca kl 13,30 idag, er det ikke godt nok.

Malwarebytes ... du skal vælge [Kør en fuldstændig systemscanning] !!!

(PS: Opdatér igen alligevel...)

Der er en del 'mistænkelige' elementer...

Jeg har lige opdateret og sætter nu scanning igang.
Det tager ca 15 timer, så der går lige lidt tid inden jeg vender tilbage.

Så er scanningen langt om længe blevet færdig.

Her er en ny hijack this og mbam efterfølgende.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:22 PM, on 9/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\DU meter\DUMeter.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\QuickTime Alternative\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tdconline.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tdconline.dk/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU meter\DUMeter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'Default user')
O8 - Extra context menu item: Download alle med Free Download Manager - file://C:\Programmer\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download med Free Download Manager - file://C:\Programmer\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download valgte med Free Download Manager - file://C:\Programmer\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Programmer\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SABWinLogon - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10977 bytes


MBAM :

Malwarebytes' Anti-Malware 1.44
Database version: 3709
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/02/2010 4:09:09 PM
mbam-log-2010-02-09 (16-09-09).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 342425
Tid tilbagelagt: 18 hour(s), 12 minute(s), 13 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 6

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Mvh

Hent og installer denne scanner:
http://kortlink.dk/7bgk

Start superantispyware, klik på Check for updates, når det er opdateret skal du lade det skanne din computer
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start så superantispyware, klik på preferences, statistics/logs, view log. Indholdet af denne log må du gerne kopiere herind.

Hej patrick14
Hvorfor skal jeg hente superantispyware når jeg har denne scanner ?
Hvis du nu ser efter i loggene kan du også se at den er der.

Jeg har scannet og den fandt intet.
Hvad er det i mine logs, der gør at du mener jeg skal bruge den ?

Her er sas loggen:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/09/2010 at 09:50 PM

Application Version : 4.33.1000

Core Rules Database Version : 4571
Trace Rules Database Version: 2383

Scan type      : Complete Scan
Total Scan Time : 00:53:08

Memory items scanned      : 498
Memory threats detected  : 0
Registry items scanned    : 9812
Registry threats detected : 0
File items scanned        : 35101
File threats detected    : 6

De seks " file threats detected " var 6 cookies.

Hent Combofix, og gem den på dit skrivebord, som alg.exe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Luk alle andre vinduer ned.

Kør så combofix.exe, og følg anvisningerne.

Du må ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C: Combofix txt

Indholdet af denne fil må du gerne lægge herind

Hej Patrick14
Jeg vil gerne hvorfor jeg skal køre combofix ?
Du nævner ikke noget om hvad der er galt.

Mvh

Her er combo loggen:

ComboFix 10-02-09.04 - 10/02/2010  18:44:39.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2047.1346 [GMT 1:00]
Kører fra: c:\downloads\Software\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100210-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\42KJE738.ocx
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-01-10 til 2010-02-10  )))))))))))))))))))))))))))))))))))
.

2010-02-07 19:05 . 2009-02-09 10:53    719360    ----a-w-    c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
2010-02-07 19:05 . 2009-02-09 10:53    682496    ----a-w-    c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
2010-02-07 18:59 . 2010-02-07 19:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\SecTaskMan
2010-02-07 18:59 . 2010-02-07 18:59    --------    d-----w-    c:\programmer\Security Task Manager
2010-02-06 08:27 . 2010-02-06 08:27    --------    d-----w-    c:\programmer\iPod
2010-02-06 08:27 . 2010-02-06 08:29    --------    d-----w-    c:\programmer\iTunes
2010-02-06 08:14 . 2010-02-06 08:14    72488    ----a-w-    c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 18:05 . 2010-02-05 18:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-05 18:05 . 2010-02-05 18:06    --------    d-----w-    c:\programmer\NVIDIA Corporation
2010-02-05 17:31 . 2010-02-05 17:31    --------    d-----w-    c:\programmer\Microsoft.NET
2010-02-05 17:28 . 2010-02-05 17:28    --------    d-----w-    c:\programmer\Microsoft Visual Studio 8
2010-02-05 17:26 . 2010-02-05 17:26    --------    d-----r-    C:\MSOCache
2010-01-30 17:35 . 2010-01-30 17:35    --------    d-----w-    c:\programmer\Microsoft Office Outlook Connector
2010-01-24 17:34 . 2010-01-24 17:34    --------    d-----w-    c:\documents and settings\Application Data\Office Genuine Advantage
2010-01-18 12:29 . 2010-01-21 14:03    --------    d-----w-    c:\documents and settings\Application Data\LEGO Company
2010-01-12 11:03 . 2010-01-12 11:03    61440    ----a-w-    c:\windows\system32\OpenCL.dll
2010-01-12 11:03 . 2010-01-12 11:03    4077672    ----a-w-    c:\windows\system32\nvcuvenc.dll
2010-01-12 11:03 . 2010-01-12 11:03    2283526    ----a-w-    c:\windows\system32\nvdata.bin
2010-01-12 11:03 . 2010-01-12 11:03    2259560    ----a-w-    c:\windows\system32\nvcuvid.dll
2010-01-12 11:03 . 2010-01-12 11:03    11632640    ----a-w-    c:\windows\system32\nvcompiler.dll
2010-01-11 21:17 . 2010-01-11 21:17    278120    ----a-w-    c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17    154216    ----a-w-    c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17    145000    ----a-w-    c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17    13666408    ----a-w-    c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17    110696    ----a-w-    c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17    81920    ----a-w-    c:\windows\system32\nvwddi.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 17:38 . 2008-12-19 14:35    --------    d-----w-    c:\documents and settings\Application Data\Free Download Manager
2010-02-10 05:54 . 2009-02-26 19:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-09 19:56 . 2009-12-19 20:08    117760    ----a-w-    c:\documents and settings\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-09 15:13 . 2007-10-18 18:58    21368894    ----a-w-    c:\windows\Internet Logs\tvDebug.zip
2010-02-09 02:49 . 2006-09-06 17:43    --------    d-----w-    c:\programmer\Google
2010-02-08 14:39 . 2009-11-11 18:16    139456    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-02-08 14:38 . 2009-11-11 18:13    190160    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-02-07 18:56 . 2006-08-11 19:38    --------    d-----w-    c:\programmer\SuperAdBlocker.com
2010-02-07 15:40 . 2009-12-19 20:08    52224    ----a-w-    c:\documents and settings\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-07 07:47 . 2006-08-31 14:18    --------    d-----w-    c:\programmer\Dvd-cloner
2010-02-06 09:16 . 2006-03-17 17:35    --------    d-----w-    c:\programmer\1Click DVD Copy 4.2
2010-02-06 09:15 . 2006-04-05 14:18    --------    d-----w-    c:\documents and settings\Application Data\CopyToDvd
2010-02-06 08:27 . 2009-01-08 16:23    --------    d-----w-    c:\programmer\Fælles filer\Apple
2010-02-06 08:21 . 2006-04-30 12:23    --------    d-----w-    c:\programmer\QuickTime Alternative
2010-02-05 18:30 . 2005-08-16 18:10    --------    d-----w-    c:\programmer\Microsoft Works
2010-02-05 18:11 . 2004-03-14 09:00    139544    ----a-w-    c:\documents and settings\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-02-05 17:33 . 2007-04-20 16:22    --------    d-----w-    c:\programmer\MSBuild
2010-02-04 19:39 . 2010-02-05 15:55    2408448    ----a-w-    c:\windows\Internet Logs\xDBB0.tmp
2010-02-04 18:39 . 2009-10-12 15:39    --------    d-----w-    c:\documents and settings\Application Data\GARMIN
2010-02-04 18:38 . 2009-11-03 15:15    --------    d-----w-    c:\programmer\Garmin GPS Plugin
2010-02-04 18:09 . 2009-11-03 15:14    --------    d-----w-    c:\programmer\Garmin
2010-01-31 18:16 . 2004-04-06 13:58    --------    d-----w-    c:\programmer\Fælles filer\Adobe
2010-01-30 18:05 . 2006-02-13 16:54    --------    d-----w-    c:\documents and settings\Application Data\Skype
2010-01-30 17:55 . 2008-11-30 11:29    --------    d-----w-    c:\documents and settings\Application Data\skypePM
2010-01-30 17:33 . 2009-01-10 10:35    --------    d-----w-    c:\programmer\Microsoft
2010-01-20 16:09 . 2008-06-01 09:02    --------    d-----w-    c:\programmer\Microsoft Silverlight
2010-01-14 10:12 . 2009-10-03 06:52    181120    ------w-    c:\windows\system32\MpSigStub.exe
2010-01-13 15:36 . 2008-07-27 07:03    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-01-13 15:36 . 2008-08-01 16:37    5115824    ----a-w-    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-12 11:03 . 2008-11-20 10:40    592488    ----a-w-    c:\windows\system32\nvudisp.exe
2010-01-12 11:03 . 2008-11-20 10:40    592488    ----a-w-    c:\windows\system32\NVUNINST.EXE
2010-01-12 11:03 . 2008-09-17 01:55    4104192    ----a-w-    c:\windows\system32\nvcuda.dll
2010-01-12 11:03 . 2008-09-17 01:55    182888    ----a-w-    c:\windows\system32\nvcodins.dll
2010-01-12 11:03 . 2008-09-17 01:55    182888    ----a-w-    c:\windows\system32\nvcod.dll
2010-01-12 11:03 . 2008-09-17 01:55    14458880    ----a-w-    c:\windows\system32\nvoglnt.dll
2010-01-12 11:03 . 2008-09-17 01:55    1081344    ----a-w-    c:\windows\system32\nvapi.dll
2010-01-12 11:03 . 2005-06-15 15:20    6359168    ----a-w-    c:\windows\system32\nv4_disp.dll
2010-01-12 11:03 . 2005-06-15 15:20    10276768    ----a-w-    c:\windows\system32\drivers\nv4_mini.sys
2010-01-07 18:08 . 2006-05-21 06:14    --------    d-----w-    c:\programmer\SUPERAntiSpyware
2010-01-07 15:07 . 2008-07-27 07:03    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-07-27 07:03    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2001-10-09 14:00    353792    ----a-w-    c:\windows\system32\drivers\srv.sys
2009-12-25 09:46 . 2008-11-16 11:19    0    ----a-w-    c:\documents and settings\temp.dat
2009-12-21 19:08 . 2005-10-21 15:49    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-12-19 08:38 . 2009-12-13 18:31    25    ----a-w-    c:\windows\popcinfot.dat
2009-12-17 07:41 . 2004-03-11 08:49    344576    ----a-w-    c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2001-10-09 14:00    33280    ----a-w-    c:\windows\system32\csrsrv.dll
2009-12-09 13:43 . 2001-10-09 14:00    84422    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-09 13:43 . 2001-10-09 14:00    462368    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-09 10:10 . 2001-10-09 14:00    2147840    ----a-w-    c:\windows\system32\ntoskrnl.exe
2009-12-09 10:10 . 2001-10-04 16:42    2026496    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2001-10-09 14:00    455424    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:13 . 2005-08-30 08:14    1295872    ----a-w-    c:\windows\system32\quartz.dll
2009-11-27 17:13 . 2004-03-11 09:52    17920    ----a-w-    c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-03-11 08:49    11264    ----a-w-    c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-03-11 08:42    85504    ----a-w-    c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-03-11 08:04    8704    ----a-w-    c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-03-11 08:03    48128    ----a-w-    c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2001-10-09 14:00    28672    ----a-w-    c:\windows\system32\msvidc32.dll
2009-11-24 23:54 . 2006-02-28 19:21    1280480    ----a-w-    c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2006-02-28 19:21    93424    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2006-02-28 19:21    94160    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-04 13:54    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-04 13:54    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2006-02-28 19:21    48560    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2006-02-28 19:21    23120    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2006-02-28 19:21    27408    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2006-02-28 19:21    97480    ----a-w-    c:\windows\system32\AVASTSS.scr
2009-11-21 15:58 . 2004-03-11 08:41    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
2009-11-14 14:45 . 2009-11-14 16:10    2659328    ----a-w-    c:\windows\Internet Logs\xDBAF.tmp
2005-02-06 17:26 . 2005-02-06 17:26    5303775    ----a-w-    c:\programmer\Galtensparekasse.exe
2000-01-27 08:13 . 2004-05-25 18:52    2334208    ----a-w-    c:\programmer\AcroRd32.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-01-07 2002160]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2009-07-30 11017728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayTrayIcon"="c:\windows\System32\TrayIcon.exe" [2001-10-17 147456]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\programmer\DU meter\DUMeter.exe" [2005-02-01 1469952]
"Windows Defender"="c:\programmer\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ZoneAlarm Client"="c:\programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"QuickTime Task"="c:\programmer\QuickTime Alternative\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= "c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL" [2006-11-20 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-08-23 13:44    176128    ----a-w-    c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 10:24    548352    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57    948672    ----a-r-    c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57    35760    ----a-w-    c:\programmer\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 13:51    177440    ----a-w-    c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44    31072    ----a-w-    c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-01-19 13:10    405583    ----a-w-    c:\programmer\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16    141608    ----a-w-    c:\programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 08:50    19968    ----a-w-    c:\windows\Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-07 15:07    429392    ----a-w-    c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08    417792    ----a-w-    c:\programmer\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2003-05-30 08:42    585728    ----a-w-    c:\programmer\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27    144784    ----a-w-    c:\programmer\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/04/2008 2:54 PM 114768]
R1 SABKUTIL;SABKUTIL;c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS [29/06/2006 3:21 PM 32256]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [16/02/2006 4:51 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [2/03/2006 4:00 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/04/2008 2:54 PM 20560]
R2 WinDefend;Windows Defender;c:\programmer\Windows Defender\MsMpEng.exe [3/11/2006 5:19 PM 13592]
R3 DsAudioDevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [24/12/2008 9:19 AM 16640]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [14/05/2009 6:37 PM 16640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/01/2007 7:29 PM 717296]
S1 SABDIFSV;SABDIFSV;c:\programmer\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys [21/09/2005 10:17 AM 5632]
S2 gupdate;Google Update Service (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [23/11/2009 7:41 PM 135664]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [22/07/2009 8:33 PM 23096]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [26/12/2008 12:30 PM 107264]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [30/05/2007 3:34 PM 39424]
S3 idrmkl;idrmkl;\??\c:\docume~1\LOKALE~1\Temp\idrmkl.sys --> c:\docume~1\LOKALE~1\Temp\idrmkl.sys [?]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [23/02/2008 9:17 AM 513152]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [23/02/2008 9:17 AM 3768]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/12/2008 11:35 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/12/2008 11:35 AM 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 4:51 PM 4096]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
.
Indhold af mappen 'Planlagte Opgaver'

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-11-23 18:41]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-11-23 18:41]

2010-02-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2009-01-23 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-23 13:51]

2010-02-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-02-10 c:\windows\Tasks\User_Feed_Synchronization-{F24A8B84-B0F3-436A-BA71-0189A12C8512}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://tdconline.dk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download alle med Free Download Manager - file://c:\programmer\Free Download Manager\dlall.htm
IE: Download med Free Download Manager - file://c:\programmer\Free Download Manager\dllink.htm
IE: Download valgte med Free Download Manager - file://c:\programmer\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\programmer\Free Download Manager\dlfvideo.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: garmin.com\buy
Trusted Zone: garmin.com\connect
Trusted Zone: garmin.com\mygarmin
Trusted Zone: garmin.com\www8
Trusted Zone: nike.com\nikeplusactive
Trusted Zone: nike.com\nikerunning
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-nwiz - nwiz.exe
HKU-Default-Run-Windows Sound Manager - SndMon32.exe
HKU-Default-Run-swg - c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU-Default-RunOnce-Windows Sound Manager - SndMon32.exe
Notify-AtiExtEvent - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-IDMan - c:\programmer\Internet Download Manager\IDMan.exe
MSConfigStartUp-PC Suite Tray - c:\programmer\Nokia\Nokia PC Suite 6\PCSuite.exe
MSConfigStartUp-StartCCC - c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-TMRUBottedTray - c:\programmer\Trend Micro\RUBotted\TMRUBottedTray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 18:56
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-606747145-2000478354-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-606747145-2000478354-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:56,44,47,25,ae,e3,51,b6,18,91,86,3b,e4,44,93,b2,98,a6,54,99,d4,
  9a,0a,1c,f0,2d,9c,68,60,d6,d4,e6,34,9c,88,47,d6,a4,e9,93,79,31,6e,f9,80,bc,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02416c57-8e2f-42cd-943f-e9e159596331}]
@Denied: (Full) (Everyone)
"Model"=dword:00000160
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):df,7f,8a,79,2c,e0,53,73,0f,91,ce,c6,4e,2c,02,5d,74,5a,28,69,33,
  55,0d,76,94,1a,8b,41,0d,bd,c6,3b,4c,d8,9f,f7,08,32,f2,75,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):46,b0,13,ed,0f,3c,ee,44,be,65,95,ca,47,70,2d,fb,45,6d,c0,5e,68,
  bd,ac,f3,76,63,85,9d,80,fa,b6,2b,f8,e0,85,c9,93,2b,fe,f6,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ff5dada5-a0eb-4b69-b654-fddd84c5cac1}]
@Denied: (Full) (Everyone)
"Model"=dword:00000046
"Therad"=dword:00000012
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,40,02,13,ad,75,b8,fc,03,b5,66,4a,d0,23,02,d0,61,61,83,da,51,1e,12,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
.
Gennemført tid: 2010-02-10  19:00:18
ComboFix-quarantined-files.txt  2010-02-10 18:00

Pre-Kørsel: 24,959,905,792 byte ledig
Post-Kørsel: 24,917,532,672 byte ledig

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E9A3A5D06080055DE68B62DEB2319D9A

Nu har jeg gjort som du skrev patrick14.
Hvad så nu ?

Jeg har lige pinget en cb ekspert da at dr er nogle filer at jeg er i tvivl om.

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
File::
c:\docume~1\LOKALE~1\Temp\idrmkl.sys
Driver::
idrmkl

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Hej Fromsej
Jeg har nu gjort som skrevet står.

Der er nu kommet et problem med at XP ikke har bestået valideringen. Det forstår jeg ikke meget af, indtil nu har der ikke været noget galt med XP, ved du hvorfor det nu ikke virker og hvad jeg skal gøre ?

Her er log filen efter jeg har kørt combofix igen :

ComboFix 10-02-12.01 - 14/02/2010  13:31:26.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2047.1437 [GMT 1:00]
Kører fra: c:\documents and settings\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Skrivebord\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100213-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!

FILE ::
"c:\docume~1\LOKALE~1\Temp\idrmkl.sys"
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IDRMKL
-------\Service_idrmkl


(((((((((((((((((((((((((((((  Filer skabt fra 2010-01-14 til 2010-02-14  )))))))))))))))))))))))))))))))))))
.

2010-02-11 17:44 . 2010-02-11 17:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
2010-02-11 17:44 . 2010-02-11 17:44    --------    d-----w-    c:\programmer\NOS
2010-02-07 18:59 . 2010-02-07 19:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\SecTaskMan
2010-02-07 18:59 . 2010-02-07 18:59    --------    d-----w-    c:\programmer\Security Task Manager
2010-02-06 08:27 . 2010-02-06 08:27    --------    d-----w-    c:\programmer\iPod
2010-02-06 08:27 . 2010-02-06 08:29    --------    d-----w-    c:\programmer\iTunes
2010-02-05 18:05 . 2010-02-05 18:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-05 18:05 . 2010-02-05 18:06    --------    d-----w-    c:\programmer\NVIDIA Corporation
2010-02-05 17:31 . 2010-02-05 17:31    --------    d-----w-    c:\programmer\Microsoft.NET
2010-02-05 17:28 . 2010-02-05 17:28    --------    d-----w-    c:\programmer\Microsoft Visual Studio 8
2010-02-05 17:26 . 2010-02-05 17:26    --------    d-----r-    C:\MSOCache
2010-01-30 17:35 . 2010-01-30 17:35    --------    d-----w-    c:\programmer\Microsoft Office Outlook Connector
2010-01-24 17:34 . 2010-01-24 17:34    --------    d-----w-    c:\documents and settings\Application Data\Office Genuine Advantage
2010-01-18 12:29 . 2010-01-21 14:03    --------    d-----w-    c:\documents and settings\Application Data\LEGO Company

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 18:57 . 2008-12-19 14:35    --------    d-----w-    c:\documents and settings\Application Data\Free Download Manager
2010-02-13 13:56 . 2008-11-16 11:19    0    ----a-w-    c:\documents and settings\temp.dat
2010-02-13 07:41 . 2007-10-18 18:58    21730456    ----a-w-    c:\windows\Internet Logs\tvDebug.zip
2010-02-11 17:46 . 2006-06-24 14:24    --------    d-----w-    c:\programmer\Fælles filer\Java
2010-02-11 17:46 . 2010-02-11 17:46    503808    ----a-w-    c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e5664ab-n\msvcp71.dll
2010-02-11 17:46 . 2010-02-11 17:46    499712    ----a-w-    c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e5664ab-n\jmc.dll
2010-02-11 17:46 . 2010-02-11 17:46    348160    ----a-w-    c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5e5664ab-n\msvcr71.dll
2010-02-11 17:46 . 2010-02-11 17:46    61440    ----a-w-    c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54307a99-n\decora-sse.dll
2010-02-11 17:46 . 2010-02-11 17:46    12800    ----a-w-    c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54307a99-n\decora-d3d.dll
2010-02-11 17:46 . 2006-06-24 14:25    --------    d-----w-    c:\programmer\Java
2010-02-10 05:54 . 2009-02-26 19:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-09 19:56 . 2009-12-19 20:08    117760    ----a-w-    c:\documents and settings\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-09 02:49 . 2006-09-06 17:43    --------    d-----w-    c:\programmer\Google
2010-02-08 14:39 . 2009-11-11 18:16    139456    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-02-08 14:38 . 2009-11-11 18:13    190160    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-02-07 18:56 . 2006-08-11 19:38    --------    d-----w-    c:\programmer\SuperAdBlocker.com
2010-02-07 15:40 . 2009-12-19 20:08    52224    ----a-w-    c:\documents and settings\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-07 07:47 . 2006-08-31 14:18    --------    d-----w-    c:\programmer\Dvd-cloner
2010-02-06 09:16 . 2006-03-17 17:35    --------    d-----w-    c:\programmer\1Click DVD Copy 4.2
2010-02-06 09:15 . 2006-04-05 14:18    --------    d-----w-    c:\documents and settings\Application Data\CopyToDvd
2010-02-06 08:27 . 2009-01-08 16:23    --------    d-----w-    c:\programmer\Fælles filer\Apple
2010-02-06 08:21 . 2006-04-30 12:23    --------    d-----w-    c:\programmer\QuickTime Alternative
2010-02-06 08:14 . 2010-02-06 08:14    72488    ----a-w-    c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 18:30 . 2005-08-16 18:10    --------    d-----w-    c:\programmer\Microsoft Works
2010-02-05 18:11 . 2004-03-14 09:00    139544    ----a-w-    c:\documents and settings\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-02-05 17:33 . 2007-04-20 16:22    --------    d-----w-    c:\programmer\MSBuild
2010-02-04 19:39 . 2010-02-05 15:55    2408448    ----a-w-    c:\windows\Internet Logs\xDBB0.tmp
2010-02-04 18:39 . 2009-10-12 15:39    --------    d-----w-    c:\documents and settings\Application Data\GARMIN
2010-02-04 18:38 . 2009-11-03 15:15    --------    d-----w-    c:\programmer\Garmin GPS Plugin
2010-02-04 18:09 . 2009-11-03 15:14    --------    d-----w-    c:\programmer\Garmin
2010-01-31 18:16 . 2004-04-06 13:58    --------    d-----w-    c:\programmer\Fælles filer\Adobe
2010-01-30 18:05 . 2006-02-13 16:54    --------    d-----w-    c:\documents and settings\Application Data\Skype
2010-01-30 17:55 . 2008-11-30 11:29    --------    d-----w-    c:\documents and settings\Application Data\skypePM
2010-01-30 17:33 . 2009-01-10 10:35    --------    d-----w-    c:\programmer\Microsoft
2010-01-20 16:09 . 2008-06-01 09:02    --------    d-----w-    c:\programmer\Microsoft Silverlight
2010-01-14 10:12 . 2009-10-03 06:52    181120    ------w-    c:\windows\system32\MpSigStub.exe
2010-01-13 15:36 . 2008-07-27 07:03    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-01-13 15:36 . 2008-08-01 16:37    5115824    ----a-w-    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-11 21:17 . 2010-01-11 21:17    278120    ----a-w-    c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17    154216    ----a-w-    c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17    145000    ----a-w-    c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17    13666408    ----a-w-    c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17    110696    ----a-w-    c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17    81920    ----a-w-    c:\windows\system32\nvwddi.dll
2010-01-07 18:08 . 2006-05-21 06:14    --------    d-----w-    c:\programmer\SUPERAntiSpyware
2010-01-07 15:07 . 2008-07-27 07:03    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-07-27 07:03    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2001-10-09 14:00    353792    ----a-w-    c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2005-10-21 15:49    916480    ------w-    c:\windows\system32\wininet.dll
2009-12-19 08:38 . 2009-12-13 18:31    25    ----a-w-    c:\windows\popcinfot.dat
2009-12-17 16:14 . 2009-01-29 20:26    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-12-17 07:41 . 2004-03-11 08:49    344576    ----a-w-    c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2001-10-09 14:00    33280    ----a-w-    c:\windows\system32\csrsrv.dll
2009-12-09 13:43 . 2001-10-09 14:00    84422    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-09 13:43 . 2001-10-09 14:00    462368    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-09 10:10 . 2001-10-09 14:00    2147840    ------w-    c:\windows\system32\ntoskrnl.exe
2009-12-09 10:10 . 2001-10-04 16:42    2026496    ------w-    c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2001-10-09 14:00    455424    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:13 . 2005-08-30 08:14    1295872    ----a-w-    c:\windows\system32\quartz.dll
2009-11-27 17:13 . 2004-03-11 09:52    17920    ----a-w-    c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-03-11 08:49    11264    ----a-w-    c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-03-11 08:42    85504    ----a-w-    c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-03-11 08:04    8704    ----a-w-    c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-03-11 08:03    48128    ----a-w-    c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2001-10-09 14:00    28672    ----a-w-    c:\windows\system32\msvidc32.dll
2009-11-24 23:54 . 2006-02-28 19:21    1280480    ----a-w-    c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2006-02-28 19:21    93424    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2006-02-28 19:21    94160    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-04 13:54    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-04 13:54    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2006-02-28 19:21    48560    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2006-02-28 19:21    23120    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2006-02-28 19:21    27408    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2006-02-28 19:21    97480    ----a-w-    c:\windows\system32\AVASTSS.scr
2009-11-21 15:58 . 2004-03-11 08:41    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
2005-02-06 17:26 . 2005-02-06 17:26    5303775    ----a-w-    c:\programmer\Galtensparekasse.exe
2000-01-27 08:13 . 2004-05-25 18:52    2334208    ----a-w-    c:\programmer\AcroRd32.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-01-07 2002160]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2009-07-30 11017728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayTrayIcon"="c:\windows\System32\TrayIcon.exe" [2001-10-17 147456]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DU Meter"="c:\programmer\DU meter\DUMeter.exe" [2005-02-01 1469952]
"Windows Defender"="c:\programmer\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ZoneAlarm Client"="c:\programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"QuickTime Task"="c:\programmer\QuickTime Alternative\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= "c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL" [2006-11-20 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-08-23 13:44    176128    ----a-w-    c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 10:24    548352    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57    948672    ----a-r-    c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57    35760    ----a-w-    c:\programmer\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 13:51    177440    ----a-w-    c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44    31072    ----a-w-    c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-01-19 13:10    405583    ----a-w-    c:\programmer\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16    141608    ----a-w-    c:\programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 08:50    19968    ----a-w-    c:\windows\Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-07 15:07    429392    ----a-w-    c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08    417792    ----a-w-    c:\programmer\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2003-05-30 08:42    585728    ----a-w-    c:\programmer\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21    246504    ----a-w-    c:\programmer\Fælles filer\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/01/2007 7:29 PM 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/04/2008 2:54 PM 114768]
R1 SABKUTIL;SABKUTIL;c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS [29/06/2006 3:21 PM 32256]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [16/02/2006 4:51 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [2/03/2006 4:00 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/04/2008 2:54 PM 20560]
R2 WinDefend;Windows Defender;c:\programmer\Windows Defender\MsMpEng.exe [3/11/2006 5:19 PM 13592]
R3 DsAudioDevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [24/12/2008 9:19 AM 16640]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 4:51 PM 4096]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [14/05/2009 6:37 PM 16640]
S1 SABDIFSV;SABDIFSV;c:\programmer\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys [21/09/2005 10:17 AM 5632]
S2 gupdate;Google Update Service (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [23/11/2009 7:41 PM 135664]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [22/07/2009 8:33 PM 23096]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [26/12/2008 12:30 PM 107264]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [30/05/2007 3:34 PM 39424]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [23/02/2008 9:17 AM 513152]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [23/02/2008 9:17 AM 3768]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/12/2008 11:35 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/12/2008 11:35 AM 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper    REG_MULTI_SZ      getPlusHelper
.
Indhold af mappen 'Planlagte Opgaver'

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-11-23 18:41]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-11-23 18:41]

2010-02-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2009-01-23 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-23 13:51]

2010-02-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{F24A8B84-B0F3-436A-BA71-0189A12C8512}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://tdconline.dk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download alle med Free Download Manager - file://c:\programmer\Free Download Manager\dlall.htm
IE: Download med Free Download Manager - file://c:\programmer\Free Download Manager\dllink.htm
IE: Download valgte med Free Download Manager - file://c:\programmer\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\programmer\Free Download Manager\dlfvideo.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: garmin.com\buy
Trusted Zone: garmin.com\connect
Trusted Zone: garmin.com\mygarmin
Trusted Zone: garmin.com\www8
Trusted Zone: nike.com\nikeplusactive
Trusted Zone: nike.com\nikerunning
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 13:43
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spnp.sys >>UNKNOWN [0x8AA34938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-606747145-2000478354-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-606747145-2000478354-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:56,44,47,25,ae,e3,51,b6,18,91,86,3b,e4,44,93,b2,98,a6,54,99,d4,
  9a,0a,1c,f0,2d,9c,68,60,d6,d4,e6,34,9c,88,47,d6,a4,e9,93,79,31,6e,f9,80,bc,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{02416c57-8e2f-42cd-943f-e9e159596331}]
@Denied: (Full) (Everyone)
"Model"=dword:00000160
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):df,7f,8a,79,2c,e0,53,73,0f,91,ce,c6,4e,2c,02,5d,74,5a,28,69,33,
  55,0d,76,94,1a,8b,41,0d,bd,c6,3b,4c,d8,9f,f7,08,32,f2,75,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):46,b0,13,ed,0f,3c,ee,44,be,65,95,ca,47,70,2d,fb,45,6d,c0,5e,68,
  bd,ac,f3,76,63,85,9d,80,fa,b6,2b,f8,e0,85,c9,93,2b,fe,f6,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ff5dada5-a0eb-4b69-b654-fddd84c5cac1}]
@Denied: (Full) (Everyone)
"Model"=dword:00000046
"Therad"=dword:00000012
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,40,02,13,ad,75,b8,fc,03,b5,66,4a,d0,23,02,d0,61,61,83,da,51,1e,12,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(944)
c:\programmer\Fælles filer\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WgaTray.exe
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\programmer\CyberLink\Shared Files\RichVideo.exe
c:\programmer\Analog Devices\SoundMAX\SMAgent.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Gennemført tid: 2010-02-14  13:57:22 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-02-14 12:57
ComboFix2.txt  2010-02-14 12:22

Pre-Kørsel: 24,391,524,352 byte ledig
Post-Kørsel: 24,095,051,776 byte ledig

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3D14674EA99C77B8FB40241C0DB374B1

Hej
Nu er services. exe tilbage igen bruger ca 10 % hele tiden.
Her er en ny hijacklog :

Hvad skal jeg nu gøre, er det det hele forfra ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:42 PM, on 15/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\DU meter\DUMeter.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\QuickTime Alternative\qttask.exe
C:\Programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tdconline.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU meter\DUMeter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download alle med Free Download Manager - file://C:\Programmer\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download med Free Download Manager - file://C:\Programmer\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download valgte med Free Download Manager - file://C:\Programmer\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Programmer\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SABWinLogon - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10862 bytes

Din log er ren

Jeg mangler stadig svar på #15

Lukker spørgsmålet, da der ikke er nogle der har svaret