Jeg har fjernet mappen med MyWebSearch
Jeg har kørt combofiox som du sagde. Loggen er her
"Leo" - 07-04-27 9:54:27 Service Pack 2 [SAFE MODE]
ComboFix 07-04-25.4V - Running from: "G:\Downloads\"
((((((((((((((((((((((((((((((( Files Created from 2007-03-27 to 2007-04-27 ))))))))))))))))))))))))))))))))))
2007-04-27 09:18 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-26 15:21 <DIR> d-------- C:\DOCUME~1\Leo\APPLIC~1\SUPERAntiSpyware.com
2007-04-26 15:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-04-24 16:27 78,336 --a------ C:\WINDOWS\system32\ATX32PIC.DLL
2007-04-24 16:27 346,112 --a------ C:\WINDOWS\system32\PPRO100.DLL
2007-04-24 16:27 29,696 --a------ C:\WINDOWS\system32\VB5STKIT.DLL
2007-04-24 16:27 28,160 --a------ C:\WINDOWS\system32\ATX32OLE.DLL
2007-04-24 16:27 237,568 --a------ C:\WINDOWS\system32\CompPl32.dll
2007-04-24 16:27 124,416 --a------ C:\WINDOWS\system32\ix1Setup.exe
2007-04-14 13:26 <DIR> d-------- C:\DOCUME~1\Leo\cbt
2007-04-11 16:07 6,291,456 --a------ C:\DOCUME~1\Leo\ntuser.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-26 16:29 -------- d-------- C:\DOCUME~1\Leo\APPLIC~1\zoombrowser ex
2007-04-26 15:20 -------- d-------- C:\Programmer\F‘lles filer\wise installation wizard
2007-04-26 14:51 4534 --a------ C:\DOCUME~1\Leo\APPLIC~1\wklnhst.dat
2007-03-25 09:02 82152 --a------ C:\WINDOWS\system32\perfc006.dat
2007-03-25 09:02 453456 --a------ C:\WINDOWS\system32\perfh006.dat
2007-03-23 06:07 583504 --------- C:\WINDOWS\system32\xpsshhdr.dll
2007-03-23 06:07 1683280 --------- C:\WINDOWS\system32\xpssvcs.dll
2007-03-22 20:25 124928 --------- C:\WINDOWS\system32\prntvpt.dll
2007-03-17 15:45 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-12 13:44 -------- d-------- C:\DOCUME~1\Leo\APPLIC~1\canon
2007-03-08 17:38 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:35 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-01 22:29 -------- d--h----- C:\Programmer\installshield installation information
2007-02-17 14:15 127034 -r------- C:\WINDOWS\bwunin-8.1.1.50-8876480sl.exe
2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-28 11:17 796672 --------- C:\WINDOWS\gpinstall.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} D:\Programmer\Spybot - Search & Destroy\SDHelper.dll
{601ED020-FB6C-11D3-87D8-0050DA59922B} D:\Programmer\WS_FTP Pro\wsbho2k0.dll
{724d43a9-0d85-11d4-9908-00400523e39a} C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} D:\Programmer\TweakMASTER\TweakBHO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Ulead AutoDetector v2"="C:\\Programmer\\Fælles filer\\Ulead Systems\\AutoDetector\\monitor.exe"
"TrueImageMonitor.exe"="C:\\Programmer\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"TomTomHOME.exe"="\"C:\\Programmer\\TomTom HOME\\TomTomHOME.exe\" -s"
"Run StartupMonitor"="StartupMonitor.exe"
"RTHDCPL"="RTHDCPL.EXE"
"RegistryMechanic"=""
"QuickTime Task"="\"D:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"My Web Search Bar Search Scope Monitor"="\"C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\m3SrchMn.exe\" /m=0"
"mspwr"="C:\\WINDOWS\\system32\\PuXpMan2.exe"
"Microsoft Works Update Detection"="C:\\Programmer\\Fælles filer\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Lto Manager"="\"C:\\Programmer\\Quick GPS Connection Data Download Manager\\DesktopLtoManager.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"DU Meter"="C:\\Programmer\\DU Meter\\DUMeter.exe"
"DiskeeperSystray"="\"D:\\Programmer\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"DefragTaskBar"="\"D:\\Programmer\\Ashampoo\\Ashampoo Magical Defrag 2\\bin\\defragTaskBar.exe\""
"Comodo Firewall"="\"D:\\Programmer\\Comodo\\Firewall\\CPF.exe\" /background"
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Alcmtr"="ALCMTR.EXE"
"AcronisTimounterMonitor"="C:\\Programmer\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Programmer\\Fælles filer\\Acronis\\Schedule2\\schedhlp.exe\""
"Adobe Photo Downloader"="\"D:\\Programmer\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""
"HP Component Manager"="\"C:\\Programmer\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="C:\\Programmer\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"IM"="C:\\Programmer\\IM\\IMLauncher.exe /boot:1"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"D:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SUPERAntiSpyware"="D:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"SpybotSD TeaTimer"="D:\\Programmer\\Spybot - Search & Destroy\\TeaTimer.exe"
"RoboForm"="\"C:\\Programmer\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
"MSMSGS"="\"C:\\Programmer\\Messenger\\msmsgs.exe\" /background"
"LDM"="D:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"HDDHealth"="D:\\Programmer\\HDD Health\\HDDHealth.exe -wl"
"H/PC Connection Agent"="\"C:\\Programmer\\Microsoft ActiveSync\\wcescomm.exe\""
"dlmMgr"="\"C:\\Programmer\\Fælles filer\\Adobe\\ESD\\AdobeDownloadManager.exe\" restart=1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Copernic Desktop Search 2"="\"D:\\Programmer\\Copernic Desktop Search 2\\DesktopSearchService.exe\" /tray"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programmer\\Fælles filer\\Ahead\\lib\\NMBgMonitor.exe\""
"AshSnap"="C:\\Programme\\Ashampoo\\Ashampoo Magical Snap\\ashsnap.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=dword:00000000
"NoPropertiesMyComputer"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoFileAssociate"=dword:00000000
"NoFind"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"StartMenuLogoff"=dword:00000000
"NoSMHelp"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"HideClock"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0relog_ap\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Programmer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Programmer\FeedReader30]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Programmer\FeedReader30\feedreader.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="feedreader"
"hkey"="HKCU"
"command"="D:\\Programmer\\FeedReader30\\feedreader.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ccb7818-747f-11db-8f73-00a0c595a7b5}]
Shell\AutoRun\command K:\PortableRoboForm.exe
Shell\RoboForm2Go\command K:\PortableRoboForm.exe
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-04-27 09:55:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-27 9:55:45
C:\ComboFix-quarantined-files.txt ... 07-04-27 09:55
C:\ComboFix2.txt ... 07-04-27 09:18
Jeg har prøvet at køre ewido sm du bad om. Da jeg downloadede den i første omgang og opdaterede den, kom den med en log.
I fejlsikret tilstand kunne den ikke køre, men viste blot et ewido vindue med "Error"
Derfor får du istedet loggen fra en ny scanning i almindelig tilstand. Den tog sin tid til det.
Der var 7 infektioner af medium typen. De er nu fjernet. En del attributter er blevet ændret af ewido.
Før fjernelse af infektionerne så loggen sådan ud:
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Com
Path: C:\Documents and Settings\Leo\Cookies\leo@com[1].txt
Risk: Medium
Name: TrackingCookie.Gemius
Path: C:\Documents and Settings\Leo\Cookies\leo@hit.gemius[2].txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: C:\Documents and Settings\Leo\Cookies\leo@revsci[2].txt
Risk: Medium
Name: TrackingCookie.Onestat
Path: C:\Documents and Settings\Leo\Cookies\leo@stat.onestat[2].txt
Risk: Medium
Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\Leo\Cookies\leo@statistik-gallup[1].txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Leo\Cookies\leo@zedo[1].txt
Risk: Medium
Name: Adware.Cydoor
Path: G:\Alfabetiske installionsfiler\ashampoo Renseprogram\Ashampoo UnInstaller 2000\02cd_install_148.exe/cd_load.exe
Risk: Medium
Det ser ud som om du også vil have en HiJack log. den er her
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:21:03, on 27-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
D:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Programmer\Comodo\Firewall\cmdagent.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmer\TomTom HOME\TomTomHOME.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\PuXpMan2.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
D:\Programmer\Comodo\Firewall\CPF.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Acronis\TrueImageHome\TimounterMonitor.exe
D:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programmer\Messenger\msmsgs.exe
D:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Programmer\HDD Health\HDDHealth.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmer\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Programmer\Logitech\SetPoint\SetPoint.exe
D:\Programmer\ZyXEL\G360\Gcc.exe
D:\Programmer\ZyXEL\G360\OdHost.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\MICROS~1\OFFICE11\OUTLOOK.EXE
D:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
D:\Programmer\HiJackThis\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Programmer\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - D:\Programmer\TweakMASTER\TweakBHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - D:\Programmer\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmer\Fælles filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmer\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Programmer\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DefragTaskBar] "D:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "D:\Programmer\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmer\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] D:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [HDDHealth] D:\Programmer\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [dlmMgr] "C:\Programmer\Fælles filer\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "D:\Programmer\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AshSnap] C:\Programme\Ashampoo\Ashampoo Magical Snap\ashsnap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: ZyXEL G-360 Wireless Adapter Utility.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYDK
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - D:\Programmer\adgangforalle\adgangforalle.exe
O9 - Extra 'Tools' menuitem: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - D:\Programmer\adgangforalle\adgangforalle.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://admin.aeldresagen.dk
O15 - Trusted Zone:
http://www.aeldresagen.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {392168CD-6B0A-4A72-9718-21B7CC594EDA} (WindowController Class) -
http://admin.aeldresagen.dk/_components/ClientUtil.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
http://picasaweb.google.co.uk/s/v/14.11/uploader2.cab
O16 - DPF: {62B7C733-B696-439F-A7D5-6F3BE2D8B18B} (BClipboardCtrl Class) -
http://admin.aeldresagen.dk/_components/BClipboard.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163158860984
O16 - DPF: {6885DB98-9C9D-4CA8-B609-95CEA86C1CE0} (UploadControl Class) -
http://admin.aeldresagen.dk/_components/BUploadControl.cab
O16 - DPF: {6D42D52D-0E55-4867-AF2F-43A92D51FB82} (PasswordCtrl Class) -
http://admin.aeldresagen.dk/_components/BPassword.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163158854515
O16 - DPF: {7B459E90-4940-4518-87DB-E9341744E991} (FileList Class) -
http://admin.aeldresagen.dk/_components/NCMS_fileclient.cab
O16 - DPF: {8A9CEDF8-45B1-11D3-9BCC-00001CD052BE} (Calender Class) -
http://admin.aeldresagen.dk/_components/BCalendar.cab
O16 - DPF: {99A5C76E-229C-11D5-B954-0002A500E9C2} (Main Class) -
http://admin.aeldresagen.dk/_components/Commandbar.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {E2811D18-2A33-4E7F-A064-36ADB39350C6} (Main Class) -
http://admin.aeldresagen.dk/_components/BHTMLEditDesigner.cab
O16 - DPF: {EEFB7660-DBE5-11D3-90DF-006008502BF8} (TransferComponent Class) -
http://admin.aeldresagen.dk/_components/BTransferComponent.cab
O16 - DPF: {F5ACA780-E068-11D3-90E1-006008502BF8} (URLFetcher Class) -
http://admin.aeldresagen.dk/_components/BURLFetcher.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AshampooDefragService - - D:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Programmer\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 15242 bytes
leob