Kan ikke få fjerne KIWEE på min pc

*S*

Du skal sansynligvis bruge trixet med ->

HøjreMusseTast - "Kør som Administrator..." på MalwareBytes programmet.

Ja, har prøvet at få den til det 5 gange ialt. Men den vil ikke køre en fuld scan, kan godt få den til at køre en hurtig scan, men det viser jo ikke meget.

Har også prøvet at slette og hente prg. ned 2 gange + lukke både virusprg. og alt andet ned inden forsøget, men den vil altså ikke.

I betragtning af at Malwarebytes eget forum selv anbefaler at man bruger "hurtig skan" tror jeg nu den viser en del.

Prøv at lægge en log fra en hurtig skan herind sammen med en log fra Combofix.

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

eller herfra

http://subs.geekstogo.com/ComboFix.exe

Kør så combofix.exe og følg anvisningerne.

Vigtigt--> Deaktiver dit antivirusprogram da det kan forstyrrer combofix
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her:  C:\Combofix.txt

ok, her kommer de

Malwarebytes' Anti-Malware 1.44
Database version: 3925
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29-03-2010 16:24:23
mbam-log-2010-03-29 (16-24-23).txt

Skan type: Hurtig skanning
Objekter skannet: 110815
Tid tilbagelagt: 5 minute(s), 10 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


ComboFix 10-03-28.03 - Jan 29-03-2010  16:30:28.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.45.1030.18.3005.1955 [GMT 2:00]
Kører fra: c:\users\Jan\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((  Filer skabt fra 2010-02-28 til 2010-03-29  )))))))))))))))))))))))))))))))))))
.

2010-03-29 14:35 . 2010-03-29 14:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-03-29 09:38 . 2010-03-29 09:38    --------    d-----w-    c:\windows\PCHEALTH
2010-03-29 07:59 . 2010-01-07 14:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 07:59 . 2010-03-29 07:59    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-03-29 07:59 . 2010-01-07 14:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-03-28 03:06 . 2010-03-28 03:06    --------    d-----w-    c:\users\Jan\AppData\Roaming\Malwarebytes
2010-03-27 11:08 . 2010-03-27 11:08    537    ----a-w-    c:\windows\system32\KiweeChatbarCleanup.bat
2010-03-27 11:00 . 2010-03-27 11:00    --------    d-----w-    c:\users\Jan\AppData\Local\Kiwee Toolbar
2010-03-27 10:59 . 2010-03-27 11:15    --------    d--h--w-    c:\windows\AxInstSV
2010-03-23 18:33 . 2010-03-23 18:33    --------    d-----w-    c:\program files\AnvSoft
2010-03-16 22:01 . 2010-03-16 22:01    --------    d-----w-    c:\users\Jan\AppData\Local\HP
2010-03-16 21:59 . 2010-03-16 22:00    76767    ----a-w-    c:\windows\hpqins06.dat
2010-03-16 21:57 . 2010-03-16 21:58    83245    ----a-w-    c:\windows\hpqins13.dat
2010-03-16 09:47 . 2009-12-03 06:09    44080    ----a-r-    c:\windows\system32\drivers\SymIMV.sys
2010-03-14 00:34 . 2010-03-14 00:34    --------    d-----w-    c:\program files\Earth Resource Mapping
2010-03-13 10:49 . 2010-03-28 17:33    --------    d-----w-    c:\program files\CCleaner
2010-03-11 11:17 . 2010-03-11 11:18    --------    d-----w-    c:\users\Jan\AppData\Roaming\U3
2010-03-10 10:30 . 2010-02-11 07:10    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2010-03-10 10:30 . 2010-03-10 10:30    --------    d-----w-    c:\windows\system32\x64
2010-03-09 16:57 . 2010-03-09 16:58    23685    ----a-w-    c:\windows\hpqins15.dat
2010-03-09 01:41 . 2009-05-18 22:17    26600    ----a-r-    c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-09 01:41 . 2008-04-17 21:12    107368    ----a-r-    c:\windows\system32\GEARAspi.dll
2010-03-09 01:41 . 2010-03-09 01:41    124976    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-09 01:41 . 2010-03-09 02:28    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2010-03-09 01:41 . 2010-03-09 01:41    --------    d-----w-    c:\program files\Symantec
2010-03-09 01:40 . 2010-03-09 01:40    --------    d-----w-    c:\windows\system32\drivers\N360
2010-03-09 01:40 . 2010-03-09 01:40    --------    d-----w-    c:\program files\Norton 360
2010-03-06 10:18 . 2010-03-06 10:18    --------    d-----w-    c:\program files\WinDirStat
2010-03-02 16:03 . 2010-03-02 16:03    --------    d-----w-    c:\users\Jan\AppData\Roaming\HP
2010-03-02 15:58 . 2009-07-14 01:15    280064    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2010-03-02 15:53 . 2010-03-02 15:53    --------    d-----w-    c:\program files\Common Files\HP
2010-03-02 15:53 . 2010-03-02 15:53    --------    d-----w-    c:\program files\Common Files\Hewlett-Packard
2010-03-02 15:53 . 2010-03-02 15:54    --------    d-----w-    c:\program files\HP
2010-03-02 15:50 . 2010-03-16 21:11    183987    ----a-w-    c:\windows\hpoins14.dat
2010-03-02 15:50 . 2009-10-08 02:00    1498    ------w-    c:\windows\hpomdl14.dat
2010-03-02 15:50 . 2009-07-08 10:51    675840    ----a-w-    c:\windows\system32\hpowiax3.dll
2010-03-02 15:50 . 2009-07-08 10:51    569344    ----a-w-    c:\windows\system32\hpotscl3.dll
2010-03-02 15:50 . 2009-07-08 10:51    452408    ----a-w-    c:\windows\system32\hpzids01.dll
2010-03-02 15:50 . 2009-07-08 10:51    364544    ----a-w-    c:\windows\system32\hppldcoi.dll
2010-03-02 15:50 . 2009-07-08 10:51    303104    ----a-w-    c:\windows\system32\hpovst10.dll
2010-03-02 03:57 . 2010-03-02 03:57    1006624    ----a-w-    c:\windows\system32\drivers\rtl8192se.sys
2010-02-27 22:34 . 2010-03-28 17:33    --------    d-----w-    c:\program files\YouTube Downloader

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 14:28 . 2010-02-03 21:00    --------    d-----w-    c:\users\Jan\AppData\Roaming\Skype
2010-03-29 13:24 . 2009-07-14 08:38    76742    ----a-w-    c:\windows\system32\perfc006.dat
2010-03-29 13:24 . 2009-07-14 08:38    461276    ----a-w-    c:\windows\system32\perfh006.dat
2010-03-29 09:38 . 2009-11-08 09:01    --------    d-----w-    c:\program files\Windows Live
2010-03-28 17:33 . 2010-02-04 16:00    --------    d-----w-    c:\program files\Common Files\Adobe
2010-03-28 17:33 . 2010-02-04 13:08    --------    d-----w-    c:\program files\Google
2010-03-28 17:33 . 2010-02-10 23:51    --------    d-----w-    c:\program files\Mobilt Bredbånd
2010-03-28 17:33 . 2009-11-08 08:53    --------    d-----w-    c:\program files\Microsoft Works
2010-03-28 17:33 . 2009-11-08 07:37    --------    d-----w-    c:\program files\Intel
2010-03-28 17:33 . 2010-02-24 16:07    --------    d-----w-    c:\program files\Opera
2010-03-28 17:33 . 2010-02-07 13:57    --------    d-----r-    c:\program files\Skype
2010-03-28 17:33 . 2010-02-04 17:31    --------    d-----w-    c:\program files\SIW
2010-03-28 05:58 . 2010-02-19 17:25    0    ----a-w-    c:\users\Jan\temp.dat
2010-03-28 01:35 . 2010-02-06 21:14    --------    d-----w-    c:\users\Jan\AppData\Roaming\IObit
2010-03-24 14:29 . 2010-02-03 21:37    392    ----a-w-    c:\users\Jan\AppData\Roaming\wklnhst.dat
2010-03-17 14:41 . 2010-02-03 20:07    88784    ----a-w-    c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-17 14:39 . 2010-02-04 17:40    --------    d-----w-    c:\users\Jan\AppData\Roaming\Corel
2010-03-17 14:39 . 2009-11-08 09:47    --------    d-----w-    c:\program files\Corel
2010-03-17 14:33 . 2010-02-15 21:45    1    ----a-w-    c:\users\Jan\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-17 00:52 . 2010-02-04 17:47    2828    --sha-w-    c:\windows\system32\KGyGaAvL.sys
2010-03-09 01:41 . 2010-03-09 01:41    805    ----a-w-    c:\windows\system32\drivers\SYMEVENT.INF
2010-03-09 01:41 . 2010-03-09 01:41    7443    ----a-w-    c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-27 00:46 . 2010-02-27 00:46    --------    d-----w-    c:\program files\Nero
2010-02-22 13:00 . 2010-02-22 13:00    --------    d-----w-    c:\program files\Secunia
2010-02-22 10:24 . 2010-02-06 21:14    --------    d-----w-    c:\program files\IObit
2010-02-19 17:21 . 2010-02-19 17:21    --------    d-----w-    c:\users\Jan\AppData\Roaming\Cryptomathic
2010-02-19 17:11 . 2010-02-19 17:11    --------    d-----w-    c:\program files\DanID
2010-02-15 21:45 . 2010-02-15 21:45    --------    d-----w-    c:\users\Jan\AppData\Roaming\OpenOffice.org
2010-02-15 21:41 . 2010-02-15 21:41    --------    d-----w-    c:\program files\OpenOffice.org 3
2010-02-14 15:55 . 2010-02-04 17:14    --------    d-----w-    c:\users\Jan\AppData\Roaming\TeamViewer
2010-02-12 04:24 . 2010-02-12 04:24    --------    d-----w-    c:\users\Jan\AppData\Roaming\Template
2010-02-11 01:35 . 2010-02-11 01:35    --------    d-----w-    c:\program files\NortonInstaller
2010-02-11 00:08 . 2010-02-11 00:08    8198680    ----a-w-    c:\windows\system32\TVWSetup.exe
2010-02-11 00:08 . 2010-02-11 00:08    268312    ----a-w-    c:\windows\system32\igfxsrvc.exe
2010-02-11 00:08 . 2010-02-11 00:08    141848    ----a-w-    c:\windows\system32\igfxtray.exe
2010-02-11 00:08 . 2010-02-11 00:08    167448    ----a-w-    c:\windows\system32\igfxpers.exe
2010-02-11 00:08 . 2010-02-11 00:08    178200    ----a-w-    c:\windows\system32\igfxext.exe
2010-02-11 00:08 . 2010-02-11 00:08    175640    ----a-w-    c:\windows\system32\hkcmd.exe
2010-02-11 00:08 . 2010-02-11 00:08    3126808    ----a-w-    c:\windows\system32\GfxUI.exe
2010-02-10 23:59 . 2010-02-10 23:59    81920    ----a-w-    c:\windows\system32\igfxCoIn_v2082.dll
2010-02-10 23:50 . 2010-02-10 23:50    6282752    ----a-w-    c:\windows\system32\drivers\igdkmd32.sys
2010-02-10 23:50 . 2009-11-06 05:45    4502016    ----a-w-    c:\windows\system32\igdumd32.dll
2010-02-10 23:45 . 2009-11-06 05:45    550912    ----a-w-    c:\windows\system32\igdumdx32.dll
2010-02-10 23:41 . 2009-11-06 05:45    3890688    ----a-w-    c:\windows\system32\igd10umd32.dll
2010-02-10 23:33 . 2010-02-10 23:33    4079616    ----a-w-    c:\windows\system32\ig4dev32.dll
2010-02-10 23:32 . 2010-02-10 23:32    6061568    ----a-w-    c:\windows\system32\ig4icd32.dll
2010-02-10 23:16 . 2010-02-10 23:16    59392    ----a-w-    c:\windows\system32\oemdspif.dll
2010-02-10 23:16 . 2010-02-10 23:16    23552    ----a-w-    c:\windows\system32\igfxexps.dll
2010-02-10 23:16 . 2010-02-10 23:16    260096    ----a-w-    c:\windows\system32\igfxTMM.dll
2010-02-10 23:16 . 2010-02-10 23:16    200704    ----a-w-    c:\windows\system32\igfxpph.dll
2010-02-10 23:15 . 2009-11-06 05:45    56832    ----a-w-    c:\windows\system32\igfxsrvc.dll
2010-02-10 23:15 . 2010-02-10 23:15    130560    ----a-w-    c:\windows\system32\igfxdo.dll
2010-02-10 23:15 . 2009-11-06 05:45    94720    ----a-w-    c:\windows\system32\hccutils.dll
2010-02-10 23:14 . 2010-02-10 23:14    119808    ----a-w-    c:\windows\system32\gfxSrvc.dll
2010-02-10 23:14 . 2010-02-10 23:14    4096    ----a-w-    c:\windows\system32\IGFXDEVLib.dll
2010-02-10 23:14 . 2009-11-06 05:45    9030656    ----a-w-    c:\windows\system32\igfxress.dll
2010-02-10 23:14 . 2009-11-06 05:45    225792    ----a-w-    c:\windows\system32\igfxdev.dll
2010-02-10 15:17 . 2009-11-08 07:55    398336    ----a-w-    c:\windows\system32\TVWizudlg.exe
2010-02-10 15:16 . 2009-11-08 07:55    140288    ----a-w-    c:\windows\system32\igfxtvcx.dll
2010-02-07 21:07 . 2010-02-07 21:07    --------    d-----w-    c:\users\Jan\AppData\Roaming\AnvSoft
2010-02-06 16:08 . 2010-02-03 21:03    --------    d-----w-    c:\users\Jan\AppData\Roaming\skypePM
2010-02-05 23:33 . 2010-02-05 23:33    45126    ----a-r-    c:\users\Jan\AppData\Roaming\Microsoft\Installer\{882C685B-3735-452E-9B77-D562A6A6AFE3}\_C0EDDA7A92A80D14F7FA33.exe
2010-02-05 23:33 . 2010-02-05 23:33    45126    ----a-r-    c:\users\Jan\AppData\Roaming\Microsoft\Installer\{882C685B-3735-452E-9B77-D562A6A6AFE3}\_6FEFF9B68218417F98F549.exe
2010-02-05 23:33 . 2010-02-05 23:33    --------    d-----w-    c:\program files\MetaGeek
2010-02-04 17:53 . 2010-02-04 11:58    --------    d-----w-    c:\users\Jan\AppData\Roaming\CyberLink
2010-02-04 17:47 . 2010-02-04 17:47    8    --sh--r-    c:\windows\system32\4FDF347989.sys
2010-02-04 17:14 . 2010-02-04 17:14    --------    d-----w-    c:\program files\TeamViewer
2010-02-04 15:37 . 2010-02-04 15:37    --------    d-----w-    c:\program files\Common Files\Java
2010-02-04 15:37 . 2009-11-08 09:55    --------    d-----w-    c:\program files\Java
2010-02-04 12:14 . 2010-02-04 12:14    --------    d-----w-    c:\users\Jan\AppData\Roaming\InstallShield
2010-02-03 22:36 . 2010-02-03 22:36    --------    d-----w-    c:\users\Jan\AppData\Roaming\CoSoSys
2010-02-03 22:27 . 2009-11-08 09:03    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-02-03 21:42 . 2010-02-03 21:42    --------    d-----w-    c:\users\Jan\AppData\Roaming\Windows Live Writer
2010-02-03 19:36 . 2010-02-03 19:36    --------    d-sh--we    c:\program files\Fælles filer
2010-02-03 19:29 . 2009-11-12 09:25    --------    d-----w-    c:\program files\FSP
2010-02-02 07:45 . 2010-02-23 18:25    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-01-18 23:29 . 2010-02-11 00:30    85504    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-11 00:30    85504    ----a-w-    c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-11 00:30    365568    ----a-w-    c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-11 00:30    369152    ----a-w-    c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-11 00:30    324608    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-11 00:30    277504    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-11 00:30    320512    ----a-w-    c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-11 00:30    280064    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2010-01-14 10:12 . 2009-11-08 09:11    181120    ------w-    c:\windows\system32\MpSigStub.exe
2010-01-08 03:18 . 2010-02-11 00:30    221184    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-11 00:30    123392    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-08-19 192000]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-07-07 343552]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2009-08-05 413696]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-24 495728]
"fspuip"="c:\program files\FSP\fspuip.exe" [2009-11-12 3342336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-11 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-11 167448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate1caa59b1b457da1;Tjenesten Google Update (gupdate1caa59b1b457da1);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 133104]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-07-30 1488096]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-03-04 113152]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0400000.07F\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0400000.07F\SYMEFA.SYS [2009-11-26 172592]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [2010-02-11 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0400000.07F\ccHPx86.sys [2009-12-09 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100326.001\IDSvix86.sys [2009-11-17 343088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0400000.07F\Ironx86.SYS [2009-11-26 116272]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\N360\0400000.07F\SYMTDIV.SYS [2009-11-22 340016]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe [2009-12-09 126392]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-03-08 102448]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-11-12 42496]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 116136]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Indhold af mappen 'Planlagte Opgaver'

2010-03-29 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-03-13 13:11]

2010-03-29 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-13 10:02]

2010-03-29 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-03-13 12:38]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 13:08]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 13:08]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://tdconline.dk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: danid.dk
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.0.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(6064)
c:\program files\Norton 360\Engine\4.0.0.127\ccIPC.dll
c:\program files\Norton 360\Engine\4.0.0.127\ccGEvt.dll
.
Gennemført tid: 2010-03-29  16:38:09
ComboFix-quarantined-files.txt  2010-03-29 14:38

Pre-Kørsel: 399.642.611.712 byte ledig
Post-Kørsel: 399.650.865.152 byte ledig

- - End Of File - - 8EBC000F45CA3B538CDFBF55FE5AFD45

Den viser den ikke ordentligt.

Klik start, kør og kopier dettte: combofix /uninstall
Tryk enter
Det vil fjerne Combofix.

Hent dette i stedet:
http://download.sysinternals.com/Files/Autoruns.zip

Så kan du bruge Autoruns til at deaktivere KIWEE under IE da det er en såkaldt BHO.

Det kan fjernes helt ved at systemgendanne til før du installerede det.

Ok, har kørt autoruns, men KIWEE findes ikke under IE, eller såkaldte BHO eller under noget andet.

KIWEE står stadig på nye faner, kan jeg have lavet noget forkert, for den sidder stadig i min pc.

Desværre John, for min systemgendandelse vil ikke tilbage stille min pc, den siger at der er en fejlkode.

Hent Oldtimer's OTS herfra, gem den på skrivebordet.
http://oldtimer.geekstogo.com/OTS.exe

Dobbeltklik på OTS, > Klik på "Quick Scan" der vil nu åbne en logfil, kopier teksten herind

[code]
OTS logfile created on: 29-03-2010 20:40:08 - Run 1
OTS by OldTimer - Version 3.1.27.1    Folder = C:\Users\Jan\Desktop
Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 372,20 Gb Free Space | 87,65% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 28,90 Gb Free Space | 72,25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAN-PC
Current User Name: Jan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan

[Processes - Safe List]
ots.exe -> C:\Users\Jan\Desktop\OTS.exe -> [2010-03-29 20:39:38 | 000,637,440 | ---- | M] (OldTimer Tools)
teamviewer_service.exe -> C:\Programmer\TeamViewer\Version5\TeamViewer_Service.exe -> [2010-03-18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH)
awc.exe -> C:\Programmer\IObit\Advanced SystemCare 3\AWC.exe -> [2010-02-08 12:02:10 | 002,343,632 | ---- | M] (IObit)
flashutil10e.exe -> C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe -> [2010-01-27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.)
ccsvchst.exe -> C:\Programmer\Norton 360\Engine\4.0.0.127\ccSvcHst.exe -> [2009-12-09 11:05:51 | 000,126,392 | R--- | M] (Symantec Corporation)
fspuip.exe -> C:\Programmer\FSP\FspUip.exe -> [2009-11-12 14:50:00 | 003,342,336 | ---- | M] (Sentelic Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
psi.exe -> C:\Programmer\Secunia\PSI\psi.exe -> [2009-08-21 10:15:32 | 000,900,816 | ---- | M] (Secunia)
hotkeyapp.exe -> C:\Programmer\Launch Manager\HotkeyApp.exe -> [2009-08-19 16:42:56 | 000,192,000 | ---- | M] (Wistron)
wbutton.exe -> C:\Programmer\Launch Manager\WButton.exe -> [2009-08-05 17:08:40 | 000,413,696 | ---- | M] (Wistron Corp.)
wmpnetwk.exe -> C:\Programmer\Windows Media Player\wmpnetwk.exe -> [2009-07-14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation)
taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation)
sidebar.exe -> C:\Programmer\Windows Sidebar\sidebar.exe -> [2009-07-14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
sppsvc.exe -> C:\Windows\System32\sppsvc.exe -> [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation)
osd.exe -> C:\Programmer\Launch Manager\OSD.exe -> [2009-07-07 11:44:44 | 000,343,552 | ---- | M] (Wistron Corp.)
iaanotif.exe -> C:\Programmer\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2009-06-04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009-06-04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
clmlsvc.exe -> C:\Programmer\CyberLink\Power2Go\CLMLSvc.exe -> [2009-06-03 21:59:02 | 000,103,720 | ---- | M] (CyberLink)
seaport.exe -> C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
wislmsvc.exe -> C:\Programmer\Launch Manager\WisLMSvc.exe -> [2009-03-04 10:27:42 | 000,113,152 | ---- | M] (Wistron Corp.)
psiservice.exe -> C:\Windows\System32\PSIService.exe -> [2007-06-05 14:20:32 | 000,177,704 | ---- | M] ()
isuspm.exe -> C:\Programmer\Common Files\InstallShield\UpdateService\ISUSPM.exe -> [2006-09-11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation)
x10nets.exe -> C:\Programmer\Common Files\X10\Common\X10nets.exe -> [2001-11-12 15:31:48 | 000,020,480 | ---- | M] (X10)

[Modules - Safe List]
ots.exe -> C:\Users\Jan\Desktop\OTS.exe -> [2010-03-29 20:39:38 | 000,637,440 | ---- | M] (OldTimer Tools)
sspicli.dll -> C:\Windows\System32\sspicli.dll -> [2009-07-14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation)
sechost.dll -> C:\Windows\System32\sechost.dll -> [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation)
samcli.dll -> C:\Windows\System32\samcli.dll -> [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation)
profapi.dll -> C:\Windows\System32\profapi.dll -> [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation)
netutils.dll -> C:\Windows\System32\netutils.dll -> [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation)
kernelbase.dll -> C:\Windows\System32\KernelBase.dll -> [2009-07-14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation)
dwmapi.dll -> C:\Windows\System32\dwmapi.dll -> [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation)
devobj.dll -> C:\Windows\System32\devobj.dll -> [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation)
cryptbase.dll -> C:\Windows\System32\cryptbase.dll -> [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation)
cfgmgr32.dll -> C:\Windows\System32\cfgmgr32.dll -> [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(TeamViewer5) TeamViewer 5 [Auto | Running] -> C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -> [2010-03-18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH)
(N360) Norton 360 [Unknown | Running] -> C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe -> [2009-12-09 11:05:51 | 000,126,392 | R--- | M] (Symantec Corporation)
(STacSV) Audio Service [Auto | Stopped] -> c:\Programmer\IDT\WDM\stacsv.exe -> [2009-10-24 07:46:18 | 000,225,382 | ---- | M] (IDT, Inc.)
(WwanSvc) WWAN AutoConfig [On_Demand | Stopped] -> C:\Windows\System32\wwansvc.dll -> [2009-07-14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation)
(WbioSrvc) Tjenesten Windows Biometri [On_Demand | Stopped] -> C:\Windows\System32\wbiosrvc.dll -> [2009-07-14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
(Power) Strøm [Auto | Running] -> C:\Windows\System32\umpo.dll -> [2009-07-14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation)
(Themes) Temaer [Auto | Running] -> C:\Windows\System32\themeservice.dll -> [2009-07-14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation)
(sppuinotify) SPP-meddelelsestjeneste [On_Demand | Stopped] -> C:\Windows\System32\sppuinotify.dll -> [2009-07-14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation)
(RpcEptMapper) RPC-slutpunktsafbildning [Unknown | Running] -> C:\Windows\System32\RpcEpMap.dll -> [2009-07-14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation)
(SensrSvc) Tilpasset lysstyrke [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation)
(PNRPsvc) PNRP (Peer Name Resolution Protocol) [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(p2pimsvc) Identitetsstyring for peer-netværk [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(HomeGroupProvider) Udbyder af hjemmegruppe [On_Demand | Stopped] -> C:\Windows\System32\provsvc.dll -> [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)
(PNRPAutoReg) PNRP - Tjeneste til udgivelse af computernavn [On_Demand | Stopped] -> C:\Windows\System32\pnrpauto.dll -> [2009-07-14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Programmer\Windows Defender\MpSvc.dll -> [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)
(HomeGroupListener) Lyttefunktion til hjemmegruppe [On_Demand | Stopped] -> C:\Windows\System32\ListSvc.dll -> [2009-07-14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation)
(FontCache) Tjenesten Windows-skrifttypecache [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009-07-14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP-klientprogram [Auto | Running] -> C:\Windows\System32\dhcpcore.dll -> [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
(defragsvc) Diskdefragmentering [On_Demand | Stopped] -> C:\Windows\System32\defragsvc.dll -> [2009-07-14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
(BDESVC) Tjenesten BitLocker-drevkryptering [Unknown | Stopped] -> C:\Windows\System32\bdesvc.dll -> [2009-07-14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation)
(AxInstSV) ActiveX-installationsprogram (AxInstSV) [On_Demand | Stopped] -> C:\Windows\System32\AxInstSv.dll -> [2009-07-14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation)
(AppIDSvc) Program-id [On_Demand | Stopped] -> C:\Windows\System32\appidsvc.dll -> [2009-07-14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation)
(sppsvc) Softwarebeskyttelse [Auto | Running] -> C:\Windows\System32\sppsvc.exe -> [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009-06-04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
(WisLMSvc) WisLMSvc [On_Demand | Running] -> C:\Program Files\Launch Manager\WisLMSvc.exe -> [2009-03-04 10:27:42 | 000,113,152 | ---- | M] (Wistron Corp.)
(ProtexisLicensing) ProtexisLicensing [Auto | Running] -> C:\Windows\System32\PSIService.exe -> [2007-06-05 14:20:32 | 000,177,704 | ---- | M] ()
(x10nets) X10 Device Network Service [Auto | Running] -> C:\Programmer\Common Files\X10\Common\X10nets.exe -> [2001-11-12 15:31:48 | 000,020,480 | ---- | M] (X10)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Secondary_Page_URL" -> http://medion.msn.com [binary data] ->
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://tdconline.dk/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN\] -> [2010-03-09 03:42:03 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN\] -> [2010-03-09 03:42:03 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Programmer\HP\Digital Imaging\smart web printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010-03-09 18:58:13 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2009-06-10 23:39:37 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Programmer\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2009-10-22 06:29:58 | 000,328,248 | ---- | M] (Hewlett-Packard Co.)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Programmer\Norton 360\Engine\4.0.0.127\CoIEPlg.dll [Symantec NCO BHO] -> [2009-12-10 05:16:00 | 000,394,608 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Programmer\Norton 360\Engine\4.0.0.127\IPSBHO.dll [Symantec Intrusion Prevention] -> [2009-11-17 02:51:14 | 000,079,224 | R--- | M] (Symantec Corporation)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009-05-19 12:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Programmer\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Hjælp til tilmelding til Windows Live] -> [2009-01-22 16:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Programmer\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2009-10-22 06:29:56 | 000,517,688 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Programmer\Norton 360\Engine\4.0.0.127\CoIEPlg.dll [Norton Toolbar] -> [2009-12-10 05:16:00 | 000,394,608 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Programmer\Norton 360\Engine\4.0.0.127\CoIEPlg.dll [Norton Toolbar] -> [2009-12-10 05:16:00 | 000,394,608 | R--- | M] (Symantec Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"CLMLServer" -> C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe ["C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"] -> [2009-06-03 21:59:02 | 000,103,720 | ---- | M] (CyberLink)
"fspuip" -> C:\Program Files\FSP\fspuip.exe ["C:\Program Files\FSP\fspuip.exe"] -> [2009-11-12 14:50:00 | 003,342,336 | ---- | M] (Sentelic Corporation)
"HotkeyApp" -> C:\Program Files\Launch Manager\HotkeyApp.exe ["C:\Program Files\Launch Manager\HotkeyApp.exe"] -> [2009-08-19 16:42:56 | 000,192,000 | ---- | M] (Wistron)
"IAAnotif" -> C:\Programmer\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2009-06-04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
"LMgrVolOSD" -> C:\Program Files\Launch Manager\OSD.exe ["C:\Program Files\Launch Manager\OSD.exe"] -> [2009-07-07 11:44:44 | 000,343,552 | ---- | M] (Wistron Corp.)
"MDS_Menu" -> C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"] -> [2009-02-25 15:40:48 | 000,218,408 | ---- | M] (CyberLink Corp.)
"PDVD9LanguageShortcut" -> C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe ["C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"] -> [2009-04-27 18:50:24 | 000,050,472 | ---- | M] (CyberLink Corp.)
"SysTrayApp" -> C:\Programmer\IDT\WDM\sttray.exe [%ProgramFiles%\IDT\WDM\sttray.exe] -> [2009-10-24 07:46:18 | 000,495,728 | ---- | M] (IDT, Inc.)
"UCam_Menu" -> C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe ["C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"] -> [2009-05-19 23:16:16 | 000,222,504 | ---- | M] (CyberLink Corp.)
"Wbutton" -> C:\Program Files\Launch Manager\Wbutton.exe ["C:\Program Files\Launch Manager\Wbutton.exe"] -> [2009-08-05 17:08:40 | 000,413,696 | ---- | M] (Wistron Corp.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ISUSPM" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006-09-11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&ksporter til Microsoft Excel -> C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Programmer\HP\Digital Imaging\smart web printing\hpswp_BHO.dll [Button: Vis eller skjul HP Smart Web Printing] -> [2009-10-22 06:29:56 | 000,517,688 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
danid.dk .[http] -> Trusted sites ->
danid.dk .[https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4811 domain(s) found. ->
danid.dk .[http] -> Websteder, du har tillid til ->
danid.dk .[https] -> Websteder, du har tillid til ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->
{6F15128C-E66A-490C-B848-5000B5ABEEAC} [HKLM] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [HP Download Manager] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Value error.] ->
{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldda-dk.cab [Windows Live Hotmail Photo Upload Tool] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 193.162.153.164 194.239.134.83 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{A98524AB-699E-4694-B1F5-A5B28BB64796}\\DhcpNameServer -> 193.162.153.164 194.239.134.83  (Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\Windows\explorer.exe -> [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009-07-14 03:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2010-02-11 01:14:52 | 000,225,792 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
pku2u -> C:\Windows\System32\pku2u.dll -> [2009-07-14 03:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Cd-rom-driver ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009-06-10 23:42:20 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 14 Days]
OTS.exe -> C:\Users\Jan\Desktop\OTS.exe -> [2010-03-29 20:39:34 | 000,637,440 | ---- | C] (OldTimer Tools)
Autoruns -> C:\Users\Jan\Desktop\Autoruns -> [2010-03-29 18:45:42 | 000,000,000 | ---D | C]
Autoruns[1] -> C:\Users\Jan\Documents\Autoruns[1] -> [2010-03-29 18:39:13 | 000,000,000 | ---D | C]
temp -> C:\Windows\temp -> [2010-03-29 16:38:12 | 000,000,000 | ---D | C]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010-03-29 16:37:43 | 000,000,000 | -HSD | C]
ERDNT -> C:\Windows\ERDNT -> [2010-03-29 16:29:48 | 000,000,000 | ---D | C]
PCHEALTH -> C:\Windows\PCHEALTH -> [2010-03-29 11:38:05 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010-03-29 09:59:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010-03-29 09:59:02 | 000,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Programmer\Malwarebytes' Anti-Malware -> [2010-03-29 09:59:02 | 000,000,000 | ---D | C]
backups -> C:\Users\Jan\Desktop\backups -> [2010-03-28 06:24:18 | 000,000,000 | ---D | C]
HiJackThis.exe -> C:\Users\Jan\Desktop\HiJackThis.exe -> [2010-03-28 06:01:53 | 000,401,720 | ---- | C] (Trend Micro Inc.)
Malwarebytes -> C:\Users\Jan\AppData\Roaming\Malwarebytes -> [2010-03-28 05:06:08 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010-03-28 05:06:02 | 000,000,000 | ---D | C]
Kiwee Toolbar -> C:\Users\Jan\AppData\Local\Kiwee Toolbar -> [2010-03-27 13:00:06 | 000,000,000 | ---D | C]
AxInstSV -> C:\Windows\AxInstSV -> [2010-03-27 12:59:10 | 000,000,000 | -H-D | C]
AnvSoft -> C:\Programmer\AnvSoft -> [2010-03-23 20:33:50 | 000,000,000 | ---D | C]
HP -> C:\Users\Jan\AppData\Local\HP -> [2010-03-17 00:01:00 | 000,000,000 | ---D | C]
SymIMV.sys -> C:\Windows\System32\drivers\SymIMV.sys -> [2010-03-16 11:47:42 | 000,044,080 | R--- | C] (Symantec Corporation)
IGFXDEVLib.dll -> C:\Windows\System32\IGFXDEVLib.dll -> [2010-02-11 01:14:52 | 000,004,096 | ---- | C] ( )

[Files/Folders - Modified Within 14 Days]
OTS.exe -> C:\Users\Jan\Desktop\OTS.exe -> [2010-03-29 20:39:38 | 000,637,440 | ---- | M] (OldTimer Tools)
AWC AutoSweep.job -> C:\Windows\tasks\AWC AutoSweep.job -> [2010-03-29 20:37:49 | 000,000,372 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010-03-29 20:37:27 | 000,000,916 | ---- | M] ()
AWC Startup.job -> C:\Windows\tasks\AWC Startup.job -> [2010-03-29 20:37:27 | 000,000,366 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010-03-29 20:37:04 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010-03-29 20:36:54 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010-03-29 20:36:37 | 2363,125,760 | -HS- | M] ()
ntuser.dat -> C:\Users\Jan\ntuser.dat -> [2010-03-29 20:35:49 | 003,407,872 | -HS- | M] ()
IconCache.db -> C:\Users\Jan\AppData\Local\IconCache.db -> [2010-03-29 20:35:45 | 003,880,160 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010-03-29 20:34:00 | 000,000,920 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010-03-29 20:18:42 | 000,015,568 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010-03-29 20:18:42 | 000,015,568 | -H-- | M] ()
Autoruns.zip -> C:\Users\Jan\Desktop\Autoruns.zip -> [2010-03-29 18:41:33 | 000,595,499 | ---- | M] ()
Test Støvsugere.pdf -> C:\Users\Jan\Desktop\Test Støvsugere.pdf -> [2010-03-29 18:19:27 | 000,641,481 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2010-03-29 16:36:02 | 000,000,215 | ---- | M] ()
Kontaktpersoner - Genvej.lnk -> C:\Users\Jan\Kontaktpersoner - Genvej.lnk -> [2010-03-29 15:34:52 | 000,000,690 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010-03-29 15:24:20 | 001,240,086 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010-03-29 15:24:20 | 000,607,190 | ---- | M] ()
perfh006.dat -> C:\Windows\System32\perfh006.dat -> [2010-03-29 15:24:20 | 000,461,276 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010-03-29 15:24:20 | 000,103,568 | ---- | M] ()
perfc006.dat -> C:\Windows\System32\perfc006.dat -> [2010-03-29 15:24:20 | 000,076,742 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010-03-29 09:59:06 | 000,000,987 | ---- | M] ()
temp.dat -> C:\Users\Jan\temp.dat -> [2010-03-28 07:58:36 | 000,000,000 | ---- | M] ()
HiJackThis.exe -> C:\Users\Jan\Desktop\HiJackThis.exe -> [2010-03-28 06:01:53 | 000,401,720 | ---- | M] (Trend Micro Inc.)
cc_20100328_045937.reg -> C:\Users\Jan\Documents\cc_20100328_045937.reg -> [2010-03-28 04:59:42 | 000,001,110 | ---- | M] ()
cc_20100328_045906.reg -> C:\Users\Jan\Documents\cc_20100328_045906.reg -> [2010-03-28 04:59:12 | 000,001,110 | ---- | M] ()
cc_20100328_045839.reg -> C:\Users\Jan\Documents\cc_20100328_045839.reg -> [2010-03-28 04:58:45 | 000,005,402 | ---- | M] ()
CCleaner.lnk -> C:\Users\Jan\Desktop\CCleaner.lnk -> [2010-03-28 04:57:42 | 000,001,839 | ---- | M] ()
Marine world mw09kap06.pdf -> C:\Users\Jan\Desktop\Marine world mw09kap06.pdf -> [2010-03-26 19:30:41 | 005,690,283 | ---- | M] ()
Påhængsmotor4  10170a50.zip -> C:\Users\Jan\Desktop\Påhængsmotor4  10170a50.zip -> [2010-03-25 21:35:34 | 002,748,468 | ---- | M] ()
Påhængsmotor3 10170a50.zip -> C:\Users\Jan\Desktop\Påhængsmotor3 10170a50.zip -> [2010-03-25 21:33:13 | 002,748,468 | ---- | M] ()
Stribe-1811_cop_527776a (1).jpg -> C:\Users\Jan\Desktop\Stribe-1811_cop_527776a (1).jpg -> [2010-03-25 16:45:10 | 000,040,634 | ---- | M] ()
STRIBE_2612_528362a (1).jpg -> C:\Users\Jan\Desktop\STRIBE_2612_528362a (1).jpg -> [2010-03-25 16:44:58 | 000,128,208 | ---- | M] ()
STRIBE_2612_528362a (2).jpg -> C:\Users\Jan\Desktop\STRIBE_2612_528362a (2).jpg -> [2010-03-25 16:44:39 | 000,175,930 | ---- | M] ()
Stribe-1811_cop_527776a (2).jpg -> C:\Users\Jan\Desktop\Stribe-1811_cop_527776a (2).jpg -> [2010-03-25 16:44:21 | 000,128,501 | ---- | M] ()
STRIBE-2412_529435a.jpg -> C:\Users\Jan\Desktop\STRIBE-2412_529435a.jpg -> [2010-03-25 16:43:51 | 000,155,651 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010-03-25 04:25:29 | 000,013,312 | ---- | M] ()
Iskort 24.03.2010.pdf -> C:\Users\Jan\Desktop\Iskort 24.03.2010.pdf -> [2010-03-25 02:21:24 | 001,842,808 | ---- | M] ()
Opera.lnk -> C:\Users\Public\Desktop\Opera.lnk -> [2010-03-25 02:07:55 | 000,000,807 | ---- | M] ()
Jensen's Seng.jpg -> C:\Users\Jan\Desktop\Jensen's Seng.jpg -> [2010-03-25 01:55:54 | 000,042,806 | ---- | M] ()
wklnhst.dat -> C:\Users\Jan\AppData\Roaming\wklnhst.dat -> [2010-03-24 16:29:35 | 000,000,392 | ---- | M] ()
Baby kvalt i slynge.pdf -> C:\Users\Jan\Desktop\Baby kvalt i slynge.pdf -> [2010-03-21 00:15:25 | 000,143,387 | ---- | M] ()
TeamViewer 5.lnk -> C:\Users\Public\Desktop\TeamViewer 5.lnk -> [2010-03-20 01:10:13 | 000,001,128 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010-03-18 07:56:43 | 000,363,984 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010-03-17 16:41:43 | 000,088,784 | ---- | M] ()
¨ó% -> C:\Windows\¨ó% -> [2010-03-17 15:25:56 | 000,000,020 | ---- | M] ()
Philips mit TV.pdf -> C:\Users\Jan\Desktop\Philips mit TV.pdf -> [2010-03-17 04:13:21 | 001,065,973 | ---- | M] ()
KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2010-03-17 02:52:10 | 000,002,828 | -HS- | M] ()
hpqins06.dat -> C:\Windows\hpqins06.dat -> [2010-03-17 00:00:12 | 000,076,767 | ---- | M] ()
hpqins13.dat -> C:\Windows\hpqins13.dat -> [2010-03-16 23:58:52 | 000,083,245 | ---- | M] ()
HP Photosmart Essential 3.5.lnk -> C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk -> [2010-03-16 23:58:18 | 000,002,129 | ---- | M] ()
hpoins14.dat -> C:\Windows\hpoins14.dat -> [2010-03-16 23:11:33 | 000,183,987 | ---- | M] ()
Ti somaliere har fået karantæne på værtshus.rtf -> C:\Users\Jan\Desktop\Ti somaliere har fået karantæne på værtshus.rtf -> [2010-03-16 14:45:45 | 000,001,637 | ---- | M] ()

[Files - No Company Name]
Autoruns.zip -> C:\Users\Jan\Desktop\Autoruns.zip -> [2010-03-29 18:41:22 | 000,595,499 | ---- | C] ()
Test Støvsugere.pdf -> C:\Users\Jan\Desktop\Test Støvsugere.pdf -> [2010-03-29 18:19:27 | 000,641,481 | ---- | C] ()
Kontaktpersoner - Genvej.lnk -> C:\Users\Jan\Kontaktpersoner - Genvej.lnk -> [2010-03-29 15:34:52 | 000,000,690 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010-03-29 09:59:06 | 000,000,987 | ---- | C] ()
cc_20100328_045937.reg -> C:\Users\Jan\Documents\cc_20100328_045937.reg -> [2010-03-28 04:59:39 | 000,001,110 | ---- | C] ()
cc_20100328_045906.reg -> C:\Users\Jan\Documents\cc_20100328_045906.reg -> [2010-03-28 04:59:08 | 000,001,110 | ---- | C] ()
cc_20100328_045839.reg -> C:\Users\Jan\Documents\cc_20100328_045839.reg -> [2010-03-28 04:58:43 | 000,005,402 | ---- | C] ()
Marine world mw09kap06.pdf -> C:\Users\Jan\Desktop\Marine world mw09kap06.pdf -> [2010-03-26 19:30:39 | 005,690,283 | ---- | C] ()
Påhængsmotor4  10170a50.zip -> C:\Users\Jan\Desktop\Påhængsmotor4  10170a50.zip -> [2010-03-25 21:35:28 | 002,748,468 | ---- | C] ()
Påhængsmotor3 10170a50.zip -> C:\Users\Jan\Desktop\Påhængsmotor3 10170a50.zip -> [2010-03-25 21:33:07 | 002,748,468 | ---- | C] ()
Stribe-1811_cop_527776a (1).jpg -> C:\Users\Jan\Desktop\Stribe-1811_cop_527776a (1).jpg -> [2010-03-25 16:45:10 | 000,040,634 | ---- | C] ()
STRIBE_2612_528362a (1).jpg -> C:\Users\Jan\Desktop\STRIBE_2612_528362a (1).jpg -> [2010-03-25 16:44:58 | 000,128,208 | ---- | C] ()
STRIBE_2612_528362a (2).jpg -> C:\Users\Jan\Desktop\STRIBE_2612_528362a (2).jpg -> [2010-03-25 16:44:39 | 000,175,930 | ---- | C] ()
Stribe-1811_cop_527776a (2).jpg -> C:\Users\Jan\Desktop\Stribe-1811_cop_527776a (2).jpg -> [2010-03-25 16:44:21 | 000,128,501 | ---- | C] ()
STRIBE-2412_529435a.jpg -> C:\Users\Jan\Desktop\STRIBE-2412_529435a.jpg -> [2010-03-25 16:43:51 | 000,155,651 | ---- | C] ()
Iskort 24.03.2010.pdf -> C:\Users\Jan\Desktop\Iskort 24.03.2010.pdf -> [2010-03-25 02:21:24 | 001,842,808 | ---- | C] ()
Opera.lnk -> C:\Users\Public\Desktop\Opera.lnk -> [2010-03-25 02:07:54 | 000,000,807 | ---- | C] ()
Jensen's Seng.jpg -> C:\Users\Jan\Desktop\Jensen's Seng.jpg -> [2010-03-25 01:56:09 | 000,042,806 | ---- | C] ()
Baby kvalt i slynge.pdf -> C:\Users\Jan\Desktop\Baby kvalt i slynge.pdf -> [2010-03-21 00:15:25 | 000,143,387 | ---- | C] ()
TeamViewer 5.lnk -> C:\Users\Public\Desktop\TeamViewer 5.lnk -> [2010-03-20 01:10:13 | 000,001,128 | ---- | C] ()
¨ó% -> C:\Windows\¨ó% -> [2010-03-17 15:25:55 | 000,000,020 | ---- | C] ()
Philips mit TV.pdf -> C:\Users\Jan\Desktop\Philips mit TV.pdf -> [2010-03-17 04:13:20 | 001,065,973 | ---- | C] ()
hpqins06.dat -> C:\Windows\hpqins06.dat -> [2010-03-16 23:59:14 | 000,076,767 | ---- | C] ()
HP Photosmart Essential 3.5.lnk -> C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk -> [2010-03-16 23:58:18 | 000,002,129 | ---- | C] ()
hpqins13.dat -> C:\Windows\hpqins13.dat -> [2010-03-16 23:57:15 | 000,083,245 | ---- | C] ()
hpomdl14.dat.temp -> C:\Windows\hpomdl14.dat.temp -> [2010-03-16 23:11:32 | 000,001,498 | ---- | C] ()
Ti somaliere har fået karantæne på værtshus.rtf -> C:\Users\Jan\Desktop\Ti somaliere har fået karantæne på værtshus.rtf -> [2010-03-16 14:45:45 | 000,001,637 | ---- | C] ()
KGyGaAvL.sys -> C:\Windows\System32\KGyGaAvL.sys -> [2010-02-04 19:47:09 | 000,002,828 | -HS- | C] ()
4FDF347989.sys -> C:\Windows\System32\4FDF347989.sys -> [2010-02-04 19:47:09 | 000,000,008 | RHS- | C] ()
iglhsip32.dll -> C:\Windows\System32\iglhsip32.dll -> [2009-12-15 02:42:44 | 000,208,896 | ---- | C] ()
iglhcp32.dll -> C:\Windows\System32\iglhcp32.dll -> [2009-12-15 02:42:44 | 000,143,360 | ---- | C] ()
igfxtvcx.dll -> C:\Windows\System32\igfxtvcx.dll -> [2009-11-08 09:55:45 | 000,140,288 | ---- | C] ()
716xCoInstaller.dll -> C:\Windows\System32\716xCoInstaller.dll -> [2009-11-06 07:46:08 | 000,009,824 | ---- | C] ()
HdmiCoin.dll -> C:\Windows\System32\HdmiCoin.dll -> [2009-11-06 07:45:34 | 000,004,608 | ---- | C] ()
yk62x86.sys -> C:\Windows\System32\drivers\yk62x86.sys -> [2009-09-28 10:22:00 | 000,315,392 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009-08-03 16:07:42 | 000,403,816 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009-07-14 06:52:31 | 000,043,318 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009-07-14 06:52:31 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009-07-14 06:52:31 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009-07-14 06:52:31 | 000,026,040 | ---- | C] ()
BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009-07-14 01:51:43 | 000,073,728 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009-07-14 01:42:10 | 000,064,000 | ---- | C] ()

[File - Lop Check]
AnvSoft -> C:\Users\Jan\AppData\Roaming\AnvSoft -> [2010-02-07 23:07:07 | 000,000,000 | ---D | M]
CoSoSys -> C:\Users\Jan\AppData\Roaming\CoSoSys -> [2010-02-04 00:36:06 | 000,000,000 | ---D | M]
Cryptomathic -> C:\Users\Jan\AppData\Roaming\Cryptomathic -> [2010-02-19 19:21:13 | 000,000,000 | ---D | M]
IObit -> C:\Users\Jan\AppData\Roaming\IObit -> [2010-03-28 03:35:01 | 000,000,000 | ---D | M]
OpenOffice.org -> C:\Users\Jan\AppData\Roaming\OpenOffice.org -> [2010-02-15 23:45:44 | 000,000,000 | ---D | M]
Opera -> C:\Users\Jan\AppData\Roaming\Opera -> [2010-02-24 18:07:56 | 000,000,000 | ---D | M]
TeamViewer -> C:\Users\Jan\AppData\Roaming\TeamViewer -> [2010-02-14 17:55:10 | 000,000,000 | ---D | M]
Template -> C:\Users\Jan\AppData\Roaming\Template -> [2010-02-12 06:24:55 | 000,000,000 | ---D | M]
Windows Live Writer -> C:\Users\Jan\AppData\Roaming\Windows Live Writer -> [2010-02-03 23:42:30 | 000,000,000 | ---D | M]
AWC AutoSweep.job -> C:\Windows\Tasks\AWC AutoSweep.job -> [2010-03-29 20:37:49 | 000,000,372 | ---- | M] ()
AWC Startup.job -> C:\Windows\Tasks\AWC Startup.job -> [2010-03-29 20:37:27 | 000,000,366 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010-03-23 05:39:22 | 000,032,594 | ---- | M] ()

[File - Purity Scan]

< End of report >
[/code]

Det duer det forum her altså ikke til. Det skærer for meget væk. Hvis jeg begyndte at lave noget med den log, ville det være gætteri. Du kan prøve at omdøbe denne:
c:\users\Jan\AppData\Local\Kiwee Toolbar, eller du kan lægge loggen ind på Spywarefri under "andet". Vedhæft loggen da jeg ikke tror der er plads nok i ét svar.

Jeg beklager meget ulejligheden og takker for jeres store hjælpsomhed.

Men nu der er også noget helt galt med min systemgendandelse, så jeg tør desværre ikke tro eller stole mere, på denne pc og føler jeg bliver nødt til at slette og geninstallere den.

Som sagt beklager jeg meget, at jeg har været til ulejlighed.

Med venlig hilsen Jan