Kan ikke fjerne virus

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

skrevet af karise-larry

lyder som en virus jeg fjernede for et stykke tid siden på en pc. Mener spyware doctor kunne fjerne den, men den lagde i bootsektionen på harddisken, så du skal have disken ud og sidde den til en anden pc som slave.
Prøv i første omgang karise-larry's løsning. . jeg antager jo trods alt kun det er den samme! held og lykke med fjernelsen :)

Malwarebytes' Anti-Malware 1.28
Database version: 1242
Windows 5.1.2600 Service Pack 3

08-10-2008 19:43:36
mbam-log-2008-10-08 (19-43-36).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 392924
Tid tilbagelagt: 2 hour(s), 39 minute(s), 5 second(s)

Inficerede Hukommelses Processer: 1
Inficerede Hukommelses Moduler: 2
Inficerede Registeringsdatabase Nøgler: 24
Inficerede Registeringsdatabase Værdier: 4
Inficerede Registeringsdatabase Filer: 17
Inficerede Mapper: 0
Inficerede Filer: 18

Inficerede Hukommelses Processer:
C:\Programmer\SAV\SAV.exe (Rogue.SystemAntivirus) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
C:\WINDOWS\qmafxprs.dll (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{711193d0-a234-4208-bbd8-6483ad9154b5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efccrohh (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{711193d0-a234-4208-bbd8-6483ad9154b5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61d9448a-4d25-402c-b6ff-1490af7b1cc0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qmafxprs (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76381-OEM-0011903-00106) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\system32\efcCrOhh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\qmafxprs.dll (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP315\A0153785.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP315\A0153786.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP315\A0153787.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP315\A0153791.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP315\A0153792.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\etvm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programmer\SAV\SAV.exe (Rogue.SystemAntivirus) -> Delete on reboot.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Programmer\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Programmer\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Programmer\SAV\sav.ooo (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ejer\Application Data\TmpRecentIcons\System Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ejer\Skrivebord\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ejer\Skrivebord\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Ejer\Skrivebord\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:49, on 08-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmer\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\RAPTOR-GAMING\RAPTOR-ADJUST M3  V1\Panel.exe
C:\Programmer\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Ejer\Skrivebord\hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: QXK Olive - {6D593058-82DE-44EA-A611-07B26CFC20DC} - C:\WINDOWS\vortsgbqtkr.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programmer\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: (no name) - {AA5C4A2F-F5F5-44D0-95E3-E65A39B3DD38} - C:\WINDOWS\system32\urqOHYPI.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmer\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: olnmraew - {32FD8D0E-71BE-457D-A318-DD8AB6709DE7} - C:\WINDOWS\olnmraew.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RAPTOR-GAMING M3] "C:\Programmer\RAPTOR-GAMING\RAPTOR-ADJUST M3  V1\Panel.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Programmer\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/4066/defaults/activex/IPSUploader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5400/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: lfstbwvd - {04DC832A-8D3D-4A4C-8ABB-C7D0FCA5C4B4} - C:\WINDOWS\lfstbwvd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--
End of file - 9727 bytes

hvordan kører maskinen nu? jeg prøver at få en hijackexpert til at se loggen.

Fix:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: QXK Olive - {6D593058-82DE-44EA-A611-07B26CFC20DC} - C:\WINDOWS\vortsgbqtkr.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programmer\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmer\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: olnmraew - {32FD8D0E-71BE-457D-A318-DD8AB6709DE7} - C:\WINDOWS\olnmraew.dll
O8 - Extra context menu item: &Search - ?p=ZK
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: lfstbwvd - {04DC832A-8D3D-4A4C-8ABB-C7D0FCA5C4B4} - C:\WINDOWS\lfstbwvd.dll

--------------------------------------------------------------------------------------

Find og slet filen:
C:\WINDOWS\vortsgbqtkr.dll
C:\WINDOWS\olnmraew.dll
C:\WINDOWS\lfstbwvd.dll

Find og slet mappen: C:\Programmer\BearShare Applications

Kan du ikke slette i normal tilstand, så genstart i fejlsikker og slet derfra.

--------------------------------------------------------------------------------------

Genstart pc og ny log.

(Enig) - Sådan går det let når man 'leger' med reslutater fra Bearshare !

har haft bearshare, men den bliv slettet for lang tid siden, skal nok søger efter de dele, der er tilbage af den.
hvorden fixer jeg de overnavnte filer?
hvorden få jeg fat på dll filer under windows

start hijsckthis - klik på "Do a systemscan only" - Sæt vinge i de nævnte linier, og klik på fix checked.

Du sletter filerne ved at klikke dig frem til dem og slette.
(>Denne computer - C: - windows - find og slet.

har slettet de omtalte filer, kun lfstbwvd.dll vil ikke slettes

her kommer en ny log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:56, on 08-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\TortoiseSVN\bin\TSVNCache.exe
C:\windows\system\hpsysdrv.exe
C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\RAPTOR-GAMING\RAPTOR-ADJUST M3  V1\Panel.exe
C:\Programmer\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\HP_Ejer\Skrivebord\hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: (no name) - {AA5C4A2F-F5F5-44D0-95E3-E65A39B3DD38} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RAPTOR-GAMING M3] "C:\Programmer\RAPTOR-GAMING\RAPTOR-ADJUST M3  V1\Panel.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Programmer\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp10.photoprintit.de/microsite/4066/defaults/activex/IPSUploader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5400/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: lfstbwvd - {EAAD4D41-B34B-458B-A282-31D23656E483} - C:\WINDOWS\lfstbwvd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--
End of file - 8533 bytes

Jeg er ikke færdig endnu med virus, stadig dukker en virus program(Virusremover) og når jeg prøver at lukke den, går programmet igang med at skanne.

Det er (stadig) denne der spøger ->
O21 - SSODL: lfstbwvd - {EAAD4D41-B34B-458B-A282-31D23656E483} - C:\WINDOWS\lfstbwvd.dll

Ref.: http://www.prevx.com/filenames/X1708344216406372000-X1/LFSTBWVD2EDLL.html

Vi prøver at lede denne fixe det + hvad der ellers kunne være ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
-- Hent Combofix, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

ComboFix 08-10-08.02 - HP_Ejer 2008-10-09  8:22:08.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1030.18.1564 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Ejer\Skrivebord\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\lfstbwvd.dll
C:\WINDOWS\system32\hook.dll
C:\WINDOWS\system32\IPYHOqru.ini
C:\WINDOWS\system32\IPYHOqru.ini2
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2008-09-09 to 2008-10-09  )))))))))))))))))))))))))))))))
.

2008-10-08 16:57 . 2008-10-08 16:58    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2008-10-08 16:57 . 2008-10-08 16:57    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\Malwarebytes
2008-10-08 16:57 . 2008-10-08 16:57    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 16:57 . 2008-09-10 00:04    38,528    --a------    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 16:57 . 2008-09-10 00:03    17,200    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 12:43 . 2008-10-08 12:43    <DIR>    d--------    C:\WINDOWS\McAfee.com
2008-10-08 08:51 . 2008-10-08 08:51    <DIR>    d--------    C:\Programmer\Lavasoft
2008-10-08 08:51 . 2008-10-08 08:53    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-07 22:34 . 2008-10-08 09:21    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-07 15:37 . 2008-10-07 10:37    86,016    --a------    C:\WINDOWS\qkeftmxn.exe
2008-09-17 11:43 . 2008-09-17 11:43    <DIR>    d--------    C:\WINDOWS\system32\da
2008-09-17 11:43 . 2008-09-17 11:43    <DIR>    d--------    C:\WINDOWS\system32\bits
2008-09-17 11:43 . 2008-09-17 11:43    <DIR>    d--------    C:\WINDOWS\l2schemas
2008-09-17 11:40 . 2008-09-17 11:40    <DIR>    d--------    C:\WINDOWS\ServicePackFiles
2008-09-17 11:33 . 2008-09-17 11:33    <DIR>    d--------    C:\WINDOWS\EHome
2008-09-16 17:34 . 2008-09-16 17:34    <DIR>    d--------    C:\Programmer\DivX
2008-09-16 08:15 . 2004-08-03 22:29    63,663    ---------    C:\WINDOWS\system32\drivers\ati1rvxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    56,623    ---------    C:\WINDOWS\system32\drivers\ati1btxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    36,463    ---------    C:\WINDOWS\system32\drivers\ati1tuxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    30,671    ---------    C:\WINDOWS\system32\drivers\ati1raxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    29,455    ---------    C:\WINDOWS\system32\drivers\ati1xbxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    26,367    ---------    C:\WINDOWS\system32\drivers\ati1snxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    21,343    ---------    C:\WINDOWS\system32\drivers\ati1ttxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    12,047    ---------    C:\WINDOWS\system32\drivers\ati1pdxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    11,615    ---------    C:\WINDOWS\system32\drivers\ati1mdxx.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 06:51    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-09-21 17:57    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\LimeWire
2008-09-21 16:54    ---------    d-----w    C:\Programmer\LimeWire
2008-09-21 16:54    ---------    d-----w    C:\Programmer\Incomplete
2008-09-12 20:16    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\BitTorrent
2008-09-02 12:27    ---------    d-----w    C:\Programmer\VstPlugins
2008-09-02 08:07    97,928    ----a-w    C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-02 08:01    76,040    ----a-w    C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-02 08:01    ---------    d-----w    C:\Programmer\AVG
2008-09-02 08:01    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\avg8
2008-09-02 07:53    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-02 07:36    ---------    d-----w    C:\Programmer\Spybot - Search & Destroy
2008-09-02 07:36    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-01 11:47    ---------    d-----w    C:\Programmer\Sun
2008-09-01 11:47    ---------    d-----w    C:\Programmer\Java
2008-08-30 11:06    ---------    d-----w    C:\Programmer\Battlezone II
2008-08-26 19:45    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-08-26 19:06    ---------    d-----w    C:\Programmer\ASTRA32
2008-08-26 16:54    ---------    d-----w    C:\Programmer\Ligos
2008-08-10 09:12    ---------    d-----w    C:\Programmer\MSECache
2008-07-18 18:39    586,752    ----a-w    C:\WINDOWS\WLXPGSS.SCR
2007-01-09 21:01    204,800    ----a-w    C:\Programmer\GCFScape.exe
2007-01-07 13:50    0    ----a-w    C:\Documents and Settings\HP_Ejer\Application Data\wklnhst.dat
2006-05-24 14:35    15,062    ----a-w    C:\Programmer\provider.txt
2004-06-07 08:26    315,392    ----a-w    C:\Programmer\Code Calculator 5.4.exe
2004-05-22 08:42    69,632    ----a-w    C:\Programmer\calc.dll
2004-04-28 09:31    326    ----a-w    C:\Programmer\GID1.txt
2002-09-11 14:26    63,730    ----a-w    C:\Programmer\viewsonicinstruct_xp.pdf
1999-07-13 12:46    209,408    ----a-w    C:\Programmer\tabctl32.ocx
2006-02-06 10:22    22    --sha-w    C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\programmer\valve\steam\steam.exe" [2008-10-05 1410296]
"CTSyncU.exe"="C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD08"="c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2005-05-05 278528]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"RAPTOR-GAMING M3"="C:\Programmer\RAPTOR-GAMING\RAPTOR-ADJUST M3  V1\Panel.exe" [2006-10-05 73728]
"CTCheck"="C:\Programmer\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2005-01-03 98304]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
VPN Client.lnk - C:\WINDOWS\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-05-15 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Ejer^Menuen Start^Programmer^Start^Xfire.lnk]
path=C:\Documents and Settings\HP_Ejer\Menuen Start\Programmer\Start\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]
--a------ 2008-01-02 16:38 8770864 C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 18:05 1695232 C:\Programmer\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-01-03 06:34 98304 C:\Programmer\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-01-03 06:07 36972 C:\Programmer\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\source sdk base 2007\\hl2.exe"=
"C:\\Programmer\\BitTorrent\\bittorrent.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\garrysmod\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\source sdk base\\hl2.exe"=
"C:\\Programmer\\Valve\\Steam\\steam.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\half-life\\hl.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\synergy\\hl2.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\half-life 2 deathmatch\\hl2.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-02 97928]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;C:\Programmer\ASTRA32\ASTRA32.sys [2007-02-22 30864]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-02 76040]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2006-10-04 26240]
S3 lredbooo;lredbooo;C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\lredbooo.sys [ ]
.
- - - - ORPHANS REMOVED - - - -

BHO-{AA5C4A2F-F5F5-44D0-95E3-E65A39B3DD38} - (no file)
ShellExecuteHooks-{711193D0-A234-4208-BBD8-6483AD9154B5} - (no file)
SSODL-lfstbwvd-{EAAD4D41-B34B-458B-A282-31D23656E483} - C:\WINDOWS\lfstbwvd.dll
MSConfigStartUp-updateMgr - C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll

O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp10.photoprintit.de/microsite/4066/defaults/activex/IPSUploader.cab
C:\WINDOWS\Downloaded Program Files\IPSUploader.inf
C:\WINDOWS\Downloaded Program Files\ImageUploader_3.ocx
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 08:28:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmer\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-10-09  8:36:01 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-09 06:35:55

Pre-Run: 65.476.501.504 byte ledig
Post-Run: 65,403,752,448 byte ledig

250    --- E O F ---    2008-09-17 18:50:43

Maskinen kører godt. tak for hjælpen.
John,karise og reinelt kommer med svarene for at få points.

her er mit svar selvtak.

Og mit :)

Ping...

Combofix-loggen er da ikke ren...

Jeg har ikke forstand på combofix-loggen, men hvis du forklarer hvis skal jeg lave
mere, så jeg skal nok give dig points.

Det var egentlig ikke for at blande mig. Jeg undrede mig bare over, at man indkalder en combofixlog, og så ikke gør mere ved den, når den faktisk kommer. Men prøv så følgende:

Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
File::
C:\WINDOWS\qkeftmxn.exe
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\lredbooo.sys

RootKit::
C:\WINDOWS\qkeftmxn.exe
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\lredbooo.sys

Driver::
lredbooo
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn

når jeg gemmer de overnavnte tekst, får jeg ikke filtyper, der hedder "alle filer"
jeg får:
1: richtext format (RTF)
2: tekstdodument
3:tekstdokument-MS-DOS-format
4:unicode-tekstdokument
Hvilket skal jeg vælge?.

opret txt dokument og gem som CFScript.txt  - følg vejledning.

Har skrivet den overnavnte texst i wordpad og kaidte den CFCscript.txt
og gemte den som tekst dokument og overførte med musen over combfix,
combfix fik teksten, men startede ikke.

ComboFix 08-10-08.02 - HP_Ejer 2008-10-12 12:35:49.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1030.18.1479 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Ejer\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Ejer\Skrivebord\CFScript.txt
* Created a new restore point

FILE ::
C:\DOCME~1\HP_Ejer\LOKALE~1\Temp\Iredbooo.sys
C:\WINDOWS\qkeftmxn.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\qkeftmxn.exe
C:\WINDOWS\system32\hook.dll

.
(((((((((((((((((((((((((  Files Created from 2008-09-12 to 2008-10-12  )))))))))))))))))))))))))))))))
.

2008-10-09 13:57 . 2008-10-09 13:57    <DIR>    d--------    C:\Programmer\RAPTOR-GAMING
2008-10-09 13:57 . 2006-10-04 14:31    18,620,416    --a------    C:\WINDOWS\system32\XControlPad.dll
2008-10-09 13:57 . 2006-09-21 10:38    2,576,384    --a------    C:\WINDOWS\system32\XWheel.dll
2008-10-09 13:57 . 2006-09-21 10:38    593,920    --a------    C:\WINDOWS\system32\XIndicator.dll
2008-10-09 13:57 . 2006-10-04 11:27    413,696    --a------    C:\WINDOWS\system32\XDPI.dll
2008-10-09 13:57 . 2006-10-04 14:20    26,240    --a------    C:\WINDOWS\system32\drivers\GMFilter.sys
2008-10-09 13:57 . 2004-11-25 15:44    1,701    --a------    C:\WINDOWS\system32\drivers\GMFilter.inf
2008-10-08 16:57 . 2008-10-08 16:58    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2008-10-08 16:57 . 2008-10-08 16:57    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\Malwarebytes
2008-10-08 16:57 . 2008-10-08 16:57    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 16:57 . 2008-09-10 00:04    38,528    --a------    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 16:57 . 2008-09-10 00:03    17,200    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 12:43 . 2008-10-08 12:43    <DIR>    d--------    C:\WINDOWS\McAfee.com
2008-10-08 08:51 . 2008-10-08 08:51    <DIR>    d--------    C:\Programmer\Lavasoft
2008-10-08 08:51 . 2008-10-08 08:53    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-07 22:34 . 2008-10-08 09:21    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-17 11:43 . 2008-09-17 11:43    <DIR>    d--------    C:\WINDOWS\system32\da
2008-09-17 11:43 . 2008-09-17 11:43    <DIR>    d--------    C:\WINDOWS\system32\bits
2008-09-17 11:43 . 2008-09-17 11:43    <DIR>    d--------    C:\WINDOWS\l2schemas
2008-09-17 11:40 . 2008-09-17 11:40    <DIR>    d--------    C:\WINDOWS\ServicePackFiles
2008-09-17 11:33 . 2008-09-17 11:33    <DIR>    d--------    C:\WINDOWS\EHome
2008-09-16 17:34 . 2008-09-16 17:34    <DIR>    d--------    C:\Programmer\DivX
2008-09-16 08:15 . 2004-08-03 22:29    63,663    ---------    C:\WINDOWS\system32\drivers\ati1rvxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    56,623    ---------    C:\WINDOWS\system32\drivers\ati1btxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    36,463    ---------    C:\WINDOWS\system32\drivers\ati1tuxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    30,671    ---------    C:\WINDOWS\system32\drivers\ati1raxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    29,455    ---------    C:\WINDOWS\system32\drivers\ati1xbxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    26,367    ---------    C:\WINDOWS\system32\drivers\ati1snxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    21,343    ---------    C:\WINDOWS\system32\drivers\ati1ttxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    12,047    ---------    C:\WINDOWS\system32\drivers\ati1pdxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    11,615    ---------    C:\WINDOWS\system32\drivers\ati1mdxx.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 11:57    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-10-08 06:51    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-09-21 17:57    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\LimeWire
2008-09-21 16:54    ---------    d-----w    C:\Programmer\LimeWire
2008-09-21 16:54    ---------    d-----w    C:\Programmer\Incomplete
2008-09-12 20:16    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\BitTorrent
2008-09-02 12:27    ---------    d-----w    C:\Programmer\VstPlugins
2008-09-02 08:07    97,928    ----a-w    C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-02 08:01    76,040    ----a-w    C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-02 08:01    ---------    d-----w    C:\Programmer\AVG
2008-09-02 08:01    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\avg8
2008-09-02 07:53    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-02 07:36    ---------    d-----w    C:\Programmer\Spybot - Search & Destroy
2008-09-02 07:36    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-01 11:47    ---------    d-----w    C:\Programmer\Sun
2008-09-01 11:47    ---------    d-----w    C:\Programmer\Java
2008-08-30 11:06    ---------    d-----w    C:\Programmer\Battlezone II
2008-08-26 19:06    ---------    d-----w    C:\Programmer\ASTRA32
2008-08-26 16:54    ---------    d-----w    C:\Programmer\Ligos
2008-07-18 18:39    586,752    ----a-w    C:\WINDOWS\WLXPGSS.SCR
2007-01-09 21:01    204,800    ----a-w    C:\Programmer\GCFScape.exe
2007-01-07 13:50    0    ----a-w    C:\Documents and Settings\HP_Ejer\Application Data\wklnhst.dat
2006-05-24 14:35    15,062    ----a-w    C:\Programmer\provider.txt
2004-06-07 08:26    315,392    ----a-w    C:\Programmer\Code Calculator 5.4.exe
2004-05-22 08:42    69,632    ----a-w    C:\Programmer\calc.dll
2004-04-28 09:31    326    ----a-w    C:\Programmer\GID1.txt
2002-09-11 14:26    63,730    ----a-w    C:\Programmer\viewsonicinstruct_xp.pdf
1999-07-13 12:46    209,408    ----a-w    C:\Programmer\tabctl32.ocx
2006-02-06 10:22    22    --sha-w    C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\programmer\valve\steam\steam.exe" [2008-10-05 1410296]
"CTSyncU.exe"="C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD08"="c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2005-05-05 278528]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"CTCheck"="C:\Programmer\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2005-01-03 98304]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"RAPTOR-GAMING M3"="C:\Programmer\RAPTOR-GAMING\RAPTOR-ADJUST M3  V1\Panel.exe" [2006-10-05 73728]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
VPN Client.lnk - C:\WINDOWS\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-05-15 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Ejer^Menuen Start^Programmer^Start^Xfire.lnk]
path=C:\Documents and Settings\HP_Ejer\Menuen Start\Programmer\Start\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]
--a------ 2008-01-02 16:38 8770864 C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 18:05 1695232 C:\Programmer\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-01-03 06:34 98304 C:\Programmer\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-01-03 06:07 36972 C:\Programmer\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\source sdk base 2007\\hl2.exe"=
"C:\\Programmer\\BitTorrent\\bittorrent.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\garrysmod\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\source sdk base\\hl2.exe"=
"C:\\Programmer\\Valve\\Steam\\steam.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\half-life\\hl.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\synergy\\hl2.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\half-life 2 deathmatch\\hl2.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-02 97928]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;C:\Programmer\ASTRA32\ASTRA32.sys [2007-02-22 30864]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-02 76040]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2006-10-04 26240]
S3 lredbooo;lredbooo;C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\lredbooo.sys [ ]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 12:41:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmer\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Programmer\TortoiseSVN\iconv\windows-1252.so
-> C:\Programmer\TortoiseSVN\iconv\utf-8.so
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmer\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-10-12 12:49:50 - machine was rebooted [HP_Ejer]
ComboFix-quarantined-files.txt  2008-10-12 10:49:43
ComboFix2.txt  2008-10-09 06:36:06

Pre-Run: 63.731.605.504 byte ledig
Post-Run: 63,729,983,488 byte ledig

244    --- E O F ---    2008-09-17 18:50:43

-- Hent Swandog46' Avenger2 her:
http://swandog46.geekstogo.com/avenger2/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe. Nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\lredbooo.sys

Drivers to delete:
lredbooo
-----------------------------

-- Klik på knappen Execute. Følg vejledningen og svar ja på spørgsmålene - programmet vil opfordre dig til at genstarte computeren, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes her: C:\avenger.txt.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\lredbooo.sys" not found!
Deletion of file "C:\DOCUME~1\HP_Ejer\LOKALE~1\Temp\lredbooo.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\lredbooo" not found!
Deletion of driver "lredbooo" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

Ok, avenger fandt ikke noget. Prøv så lige dette:

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet på skrivebordet som batregfix.bat. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".
------------------------------
sc stop "lredbooo"
sc delete "lredbooo"
------------------------------
Dobbeltklik så på den fil, som du lige har lavet. Et sort vindue vil kort poppe op og lukkes ned igen.

Genstart så computeren, og lav en ny logfil med Combofix, som du lægger herind til nyt gennemsyn.

ComboFix 08-10-08.02 - HP_Ejer 2008-10-15 18:25:29.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1030.18.1594 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Ejer\Skrivebord\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2008-09-15 to 2008-10-15  )))))))))))))))))))))))))))))))
.

2008-10-15 10:39 . 2008-10-15 10:44    24    --a------    C:\Documents and Settings\HP_Ejer\jagex_runescape_preferences.dat
2008-10-13 10:57 . 2008-10-13 10:57    3,867    --a------    C:\AsAddon
2008-10-12 15:18 . 2008-10-12 15:29    <DIR>    d--------    C:\Programmer\BearShare Applications
2008-10-12 15:09 . 2008-10-12 17:22    <DIR>    d--------    C:\Documents and Settings\All Users\Incomplete
2008-10-12 15:08 . 2008-10-12 15:08    <DIR>    d--------    C:\Programmer\P2P_Energy
2008-10-12 15:08 . 2008-10-12 15:08    <DIR>    d--------    C:\Programmer\Conduit
2008-10-12 15:08 . 2008-10-12 15:08    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Incomplete
2008-10-12 15:08 . 2008-10-12 15:18    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\LimeWire Music
2008-10-12 15:07 . 2008-10-12 15:08    <DIR>    d--------    C:\Programmer\LimeWire Music
2008-10-09 13:57 . 2008-10-09 13:57    <DIR>    d--------    C:\Programmer\RAPTOR-GAMING
2008-10-09 13:57 . 2006-10-04 14:31    18,620,416    --a------    C:\WINDOWS\system32\XControlPad.dll
2008-10-09 13:57 . 2006-09-21 10:38    2,576,384    --a------    C:\WINDOWS\system32\XWheel.dll
2008-10-09 13:57 . 2006-09-21 10:38    593,920    --a------    C:\WINDOWS\system32\XIndicator.dll
2008-10-09 13:57 . 2006-10-04 11:27    413,696    --a------    C:\WINDOWS\system32\XDPI.dll
2008-10-09 13:57 . 2006-10-04 14:20    26,240    --a------    C:\WINDOWS\system32\drivers\GMFilter.sys
2008-10-09 13:57 . 2004-11-25 15:44    1,701    --a------    C:\WINDOWS\system32\drivers\GMFilter.inf
2008-10-08 16:57 . 2008-10-08 16:58    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2008-10-08 16:57 . 2008-10-08 16:57    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\Malwarebytes
2008-10-08 16:57 . 2008-10-08 16:57    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 16:57 . 2008-09-10 00:04    38,528    --a------    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 16:57 . 2008-09-10 00:03    17,200    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 12:43 . 2008-10-08 12:43    <DIR>    d--------    C:\WINDOWS\McAfee.com
2008-10-08 08:51 . 2008-10-08 08:51    <DIR>    d--------    C:\Programmer\Lavasoft
2008-10-08 08:51 . 2008-10-08 08:53    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-07 22:34 . 2008-10-08 09:21    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-17 11:43 . 2008-09-17 11:43    <DIR>    d--------    C:\WINDOWS\system32\da
2008-09-17 11:43 . 2008-09-17 11:43    <DIR>    d--------    C:\WINDOWS\system32\bits
2008-09-17 11:43 . 2008-09-17 11:43    <DIR>    d--------    C:\WINDOWS\l2schemas
2008-09-17 11:40 . 2008-09-17 11:40    <DIR>    d--------    C:\WINDOWS\ServicePackFiles
2008-09-17 11:33 . 2008-09-17 11:33    <DIR>    d--------    C:\WINDOWS\EHome
2008-09-16 17:34 . 2008-09-16 17:34    <DIR>    d--------    C:\Programmer\DivX
2008-09-16 08:15 . 2004-08-03 22:29    63,663    ---------    C:\WINDOWS\system32\drivers\ati1rvxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    56,623    ---------    C:\WINDOWS\system32\drivers\ati1btxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    36,463    ---------    C:\WINDOWS\system32\drivers\ati1tuxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    30,671    ---------    C:\WINDOWS\system32\drivers\ati1raxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    29,455    ---------    C:\WINDOWS\system32\drivers\ati1xbxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    26,367    ---------    C:\WINDOWS\system32\drivers\ati1snxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    21,343    ---------    C:\WINDOWS\system32\drivers\ati1ttxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    12,047    ---------    C:\WINDOWS\system32\drivers\ati1pdxx.sys
2008-09-16 08:15 . 2004-08-03 22:29    11,615    ---------    C:\WINDOWS\system32\drivers\ati1mdxx.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 19:39    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\LimeWire
2008-10-12 16:54    ---------    d-----w    C:\Programmer\LimeWire
2008-10-12 16:54    ---------    d-----w    C:\Programmer\Incomplete
2008-10-09 11:57    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-10-08 06:51    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-09-12 20:16    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\BitTorrent
2008-09-02 12:27    ---------    d-----w    C:\Programmer\VstPlugins
2008-09-02 08:07    97,928    ----a-w    C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-02 08:01    76,040    ----a-w    C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-02 08:01    10,520    ----a-w    C:\WINDOWS\system32\avgrsstx.dll
2008-09-02 08:01    ---------    d-----w    C:\Programmer\AVG
2008-09-02 08:01    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\avg8
2008-09-02 07:53    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-02 07:36    ---------    d-----w    C:\Programmer\Spybot - Search & Destroy
2008-09-02 07:36    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-01 11:47    ---------    d-----w    C:\Programmer\Sun
2008-09-01 11:47    ---------    d-----w    C:\Programmer\Java
2008-08-30 11:06    ---------    d-----w    C:\Programmer\Battlezone II
2008-08-26 19:06    ---------    d-----w    C:\Programmer\ASTRA32
2008-08-26 16:54    ---------    d-----w    C:\Programmer\Ligos
2008-07-23 16:48    200,704    ----a-w    C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48    1,044,480    ----a-w    C:\WINDOWS\system32\libdivx.dll
2008-07-18 20:10    94,920    ----a-w    C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10    94,920    ----a-w    C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10    53,448    ----a-w    C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10    53,448    ----a-w    C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10    45,768    ----a-w    C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10    36,552    ----a-w    C:\WINDOWS\system32\wups.dll
2008-07-18 20:10    36,552    ----a-w    C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09    563,912    ----a-w    C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09    563,912    ----a-w    C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09    325,832    ----a-w    C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09    325,832    ----a-w    C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09    205,000    ----a-w    C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09    205,000    ----a-w    C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09    1,811,656    ----a-w    C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09    1,811,656    ----a-w    C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07    270,880    ----a-w    C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07    210,976    ----a-w    C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39    586,752    ----a-w    C:\WINDOWS\WLXPGSS.SCR
2007-01-09 21:01    204,800    ----a-w    C:\Programmer\GCFScape.exe
2007-01-07 13:50    0    ----a-w    C:\Documents and Settings\HP_Ejer\Application Data\wklnhst.dat
2006-05-24 14:35    15,062    ----a-w    C:\Programmer\provider.txt
2004-06-07 08:26    315,392    ----a-w    C:\Programmer\Code Calculator 5.4.exe
2004-05-22 08:42    69,632    ----a-w    C:\Programmer\calc.dll
2004-04-28 09:31    326    ----a-w    C:\Programmer\GID1.txt
2002-09-11 14:26    63,730    ----a-w    C:\Programmer\viewsonicinstruct_xp.pdf
1999-07-13 12:46    209,408    ----a-w    C:\Programmer\tabctl32.ocx
2006-02-06 10:22    22    --sha-w    C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((  snapshot@2008-10-09_ 8.35.38.64  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-15 08:39:35    315,392    ----a-w    C:\WINDOWS\.jagex_cache_32\runescape\jogl.dll
+ 2008-10-15 08:39:35    20,480    ----a-w    C:\WINDOWS\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-10-15 08:51:36    53,248    ----a-w    C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-09-15 06:47    1784856    --a------    C:\Programmer\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-07-07 11:27    398776    --a------    C:\Programmer\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Programmer\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Programmer\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40    536576    --a------    C:\Programmer\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\programmer\valve\steam\steam.exe" [2008-10-05 1410296]
"CTSyncU.exe"="C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-10-15 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD08"="c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2005-05-05 278528]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"CTCheck"="C:\Programmer\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2005-01-03 98304]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"RAPTOR-GAMING M3"="C:\Programmer\RAPTOR-GAMING\RAPTOR-ADJUST M3  V1\Panel.exe" [2006-10-05 73728]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
VPN Client.lnk - C:\WINDOWS\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-05-15 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Ejer^Menuen Start^Programmer^Start^Xfire.lnk]
path=C:\Documents and Settings\HP_Ejer\Menuen Start\Programmer\Start\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]
--a------ 2008-01-02 16:38 8770864 C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 18:05 1695232 C:\Programmer\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-01-03 06:34 98304 C:\Programmer\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-01-03 06:07 36972 C:\Programmer\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\source sdk base 2007\\hl2.exe"=
"C:\\Programmer\\BitTorrent\\bittorrent.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\garrysmod\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\source sdk base\\hl2.exe"=
"C:\\Programmer\\Valve\\Steam\\steam.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\half-life\\hl.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\synergy\\hl2.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\counter-strike source\\hl2.exe"=
"C:\\Programmer\\Valve\\Steam\\SteamApps\\sejadam\\deathmatch classic\\hl.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-02 97928]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;C:\Programmer\ASTRA32\ASTRA32.sys [2007-02-22 30864]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-02 76040]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2006-10-04 26240]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://www.google.dk/webhp?sourceid=navclient&ie=UTF-8
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll

O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp10.photoprintit.de/microsite/4066/defaults/activex/IPSUploader.cab
C:\WINDOWS\Downloaded Program Files\IPSUploader.inf
C:\WINDOWS\Downloaded Program Files\ImageUploader_3.ocx
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 18:31:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmer\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Programmer\TortoiseSVN\iconv\windows-1252.so
-> C:\Programmer\TortoiseSVN\iconv\utf-8.so
.
Completion time: 2008-10-15 18:35:31
ComboFix-quarantined-files.txt  2008-10-15 16:35:27
ComboFix2.txt  2008-10-12 10:49:54
ComboFix3.txt  2008-10-09 06:36:06

Pre-Run: 62.108.868.608 byte ledig
Post-Run: 62,095,826,944 byte ledig

281    --- E O F ---    2008-09-17 18:50:43

Så forsvandt det sidste, og der er ikke tegn på mere infektion i logfilerne. Jeg kan dog se, at du bruger fildeling (bl.a. Limewire og Bearshare). Hvis du vil det, så vil jeg i det mindste anbefale, at du holder dig fra Bearshare, og bruger alternativer, idet Bearshare har ry for at være lidt småinficeret i sig selv.

Angående point, så skal du ikke tænke mere over det. Jeg har rigeligt, og du har desuden også allerede givet så mange point for sagen, som du må.

Bearshare har jeg fjernet, og jeg skal nok overtale børn at limewire skal også fjernes.
Tak for hjælpen ejvindh og points skal du have.
Jeg opretter en ny spørgsmål med points til dig.