Fået Virus på min PC, køre op og ned i cpu

http://www.mcafee.com/freescan

Prøv at køre en scan. Dette kræver et activex som kun kan køres i Internet Explorer.

er ved at køre den scan nu, men den har siddet fast de sidste 10 min nu på denne fil C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab det er en windows installer-pakke. Men den har fundet frem til 19 filer indtil vidre. men kan man slette dem med den Mcafee som scanner nu.? eller skal man købe den.?

Hmm, jeg ved faktisk ikke om den giver mulighed for at slette dem, men jeg ville ihvertfald skrive ned hvilke filer det handler om, enten i hånden eller i en tekstfil som du gemmer på computeren.

Hvis du -ikke- kan slette dem med McAfee online scan, så ville jeg prøve at hente AVG Free og prøve at installere dette, og hvis det heller ikke virker, så ville jeg nok brænde en ubuntu live-cd og så fjerne filerne manuelt med mindre det er nogle system filer.

Generelt - skal vi gætte:
Win98, W2000, XP, Vista, ... , ... ?

Du får lige 'talen' ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

her er listen fra mcafee efter endt scanning : C:\Documents and Settings\...\srosa2.sys              Generic.dx
C:\Documents and Settings\...\b64_3[1].jpg      W32/Bagle.gen
C:\Documents and Settings\...\b64[1].jpg        W32/Bagle.gen
C:\Documents and Settings\...\b64[1].jpg        W32/Bagle.gen
C:\Documents and Settings\...\b64_2[1].jpg      Generic.dx
C:\Documents and Settings\...\b64_6[1].jpg      Generic BackDoor
C:\Documents and Settings\...\b64_1[1].jpg      Generic.dx
C:\Documents and Settings\...\b64_2[1].jpg      Generic.dx
C:\Documents and Settings\...\b64_3[1].jpg      W32/Bagle.gen
C:\Documents and Settings\...\b64_3[2].jpg      W32/Bagle.gen
C:\Documents and Settings\...\b64_1[1].jpg      Generic.dx
C:\Documents and Settings\...\b64_2[1].jpg      Generic.dx
C:\Documents and Settings\...\b64[1].jpg        W32/Bagle.gen
C:\Documents and Settings\...\b64_1[1].jpg      Generic.dx
C:\Documents and Settings\...\b64_6[1].jpg      Generic BackDoor
C:\Documents and Settings\...\b64_1[1].jpg      Generic.dx
C:\Documents and Settings\...\b64_3[1].jpg      W32/Bagle.gen
C:\Documents and Settings\...\b64[1].jpg        W32/Bagle.gen
C:\Documents and Settings\...\b64_6[1].jpg      Generic BackDoor
C:\WINDOWS\system32\drivers\down\3741281.exe    Generic.dx
C:\WINDOWS\system32\drivers\down\3913062.exe    Generic.dx



karise_larry: jeg vil forsøge at gøre det du siger, er dog ikke for meget inde i it. Men giver lige en melding senere om hvordan det går. P.S det er win xp jeg har.

karise_larry: er stødt på første problem nu. den har installeret CCleaner, men når jeg åbner for den, kommer den frem, men lukker sig selv efter 1 sek. igen.

Gennemfør det du kan ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:36:53, on 01-01-2002
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Programmer\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Programmer\DNA\btdna.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\programmer\steam\steam.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Simon\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bilgalleri.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmer\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Simon\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://qp.cvuvita.dk/qp2.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail1.cvuvita.dk/iNotes6W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5564/mcfscan.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://C:\Programmer\The Tournament Director\comdlg32.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9442 bytes


-----------------------------------------------



Malwarebytes' Anti-Malware 1.34
Database version: 1902
Windows 5.1.2600 Service Pack 3

01-01-2002 09:35:59
log3

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 126118
Tid tilbagelagt: 14 minute(s), 5 second(s)

Inficerede Hukommelses Processer: 2
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 2
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 5

Inficerede Hukommelses Processer:
C:\Documents and Settings\Simon\Application Data\drivers\winupgro.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> No action taken.

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Trojan.Spammer) -> No action taken.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Documents and Settings\Simon\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> No action taken.
C:\Documents and Settings\Simon\Application Data\drivers\winupgro.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> No action taken.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> No action taken.
C:\Documents and Settings\Simon\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> No action taken.


var det de rigtige log-filer ?

og så var der også lige den her fra en anden hdd:
Malwarebytes' Anti-Malware 1.34
Database version: 1902
Windows 5.1.2600 Service Pack 3

01-01-2002 09:49:41
mbam-log-2002-01-01 (09-49-41).txt

Skan type: Fuldstændig skanning (F:\|)
Objekter skannet: 74360
Tid tilbagelagt: 3 minute(s), 59 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Documents and Settings\Simon\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Quarantined and deleted successfully.

Under alle omstændigheder så har du glemt denne 'detalje' ->
Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" -

Så en ny omgang...

(Og du behøver/skal ikke dele det i to omgange...)

Afinstaller
* BitTorrent DNA
Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer reslutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

... og en frisk log fra HiJackThis til sidst... Det skal nok være mere 'snavs' !!!

jeg har afinstalleret bitTorrent nu. Og jeg har også kørt scanneren igen hvor den ikke fandt flere inficerede filer. Jeg har også genstartet. Nu har jeg forsøgt at køre HiJackThis, men computeren siger nu det samme som den gør til avast, altså: c:\Documents and Settings\Simon\skrivebord\HiJackThis.exe er ikke et gyldigt Win32-program

så har jeg scannet computeren igen, og her er en frisk log: Malwarebytes' Anti-Malware 1.34
Database version: 1902
Windows 5.1.2600 Service Pack 3

01-01-2002 12:18:33
mbam-log-2002-01-01 (12-18-33).txt

Skan type: Fuldstændig skanning (C:\|D:\|F:\|)
Objekter skannet: 116737
Tid tilbagelagt: 14 minute(s), 0 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 9

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Delete on reboot.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Documents and Settings\Simon\Application Data\m (Trojan.Agent) -> Delete on reboot.

Inficerede Filer:
C:\Documents and Settings\Simon\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Simon\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Simon\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Simon\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.


har scannet den 3-4 gange nu, og syns bare den bliver ved med at finde nogle.

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

-----------

Det ser ud til at din AVG8 er gået i 'ged' ?
Bør nok afinstall -> Install ->
http://www.avg.com/filedir/inst/avg_free_stf_en_85_285a1462.exe

-----------

Hvordan kører HiJackThis / CCleaner derefter ?

Så har jeg kørt Combofix, og her er logfil:

ComboFix 09-03-26.03 - Simon 2002-01-02  0:23:12.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.3071.2661 [GMT 1:00]
Kører fra: c:\documents and settings\Simon\Skrivebord\ComboFix.exe
* Dannede nyt systemgendannelsespunkt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Simon\Application Data\drivers\downld
c:\documents and settings\Simon\Application Data\drivers\downld\101046.exe
c:\documents and settings\Simon\Application Data\drivers\downld\102406.exe
c:\documents and settings\Simon\Application Data\drivers\downld\103531.exe
c:\documents and settings\Simon\Application Data\drivers\downld\104734.exe
c:\documents and settings\Simon\Application Data\drivers\downld\104781.exe
c:\documents and settings\Simon\Application Data\drivers\downld\106000.exe
c:\documents and settings\Simon\Application Data\drivers\downld\106437.exe
c:\documents and settings\Simon\Application Data\drivers\downld\107156.exe
c:\documents and settings\Simon\Application Data\drivers\downld\107328.exe
c:\documents and settings\Simon\Application Data\drivers\downld\107546.exe
c:\documents and settings\Simon\Application Data\drivers\downld\107671.exe
c:\documents and settings\Simon\Application Data\drivers\downld\108468.exe
c:\documents and settings\Simon\Application Data\drivers\downld\113343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\113875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\118296.exe
c:\documents and settings\Simon\Application Data\drivers\downld\120468.exe
c:\documents and settings\Simon\Application Data\drivers\downld\121609.exe
c:\documents and settings\Simon\Application Data\drivers\downld\123593.exe
c:\documents and settings\Simon\Application Data\drivers\downld\125078.exe
c:\documents and settings\Simon\Application Data\drivers\downld\126140.exe
c:\documents and settings\Simon\Application Data\drivers\downld\126187.exe
c:\documents and settings\Simon\Application Data\drivers\downld\129515.exe
c:\documents and settings\Simon\Application Data\drivers\downld\136937.exe
c:\documents and settings\Simon\Application Data\drivers\downld\137421.exe
c:\documents and settings\Simon\Application Data\drivers\downld\154687.exe
c:\documents and settings\Simon\Application Data\drivers\downld\155234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\155343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\165109.exe
c:\documents and settings\Simon\Application Data\drivers\downld\166734.exe
c:\documents and settings\Simon\Application Data\drivers\downld\167265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\176703.exe
c:\documents and settings\Simon\Application Data\drivers\downld\178265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\179359.exe
c:\documents and settings\Simon\Application Data\drivers\downld\193140.exe
c:\documents and settings\Simon\Application Data\drivers\downld\196265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\218718.exe
c:\documents and settings\Simon\Application Data\drivers\downld\241968.exe
c:\documents and settings\Simon\Application Data\drivers\downld\247625.exe
c:\documents and settings\Simon\Application Data\drivers\downld\251796.exe
c:\documents and settings\Simon\Application Data\drivers\downld\284046.exe
c:\documents and settings\Simon\Application Data\drivers\downld\284671.exe
c:\documents and settings\Simon\Application Data\drivers\downld\284750.exe
c:\documents and settings\Simon\Application Data\drivers\downld\297968.exe
c:\documents and settings\Simon\Application Data\drivers\downld\298500.exe
c:\documents and settings\Simon\Application Data\drivers\downld\299093.exe
c:\documents and settings\Simon\Application Data\drivers\downld\299343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\299843.exe
c:\documents and settings\Simon\Application Data\drivers\downld\302359.exe
c:\documents and settings\Simon\Application Data\drivers\downld\303734.exe
c:\documents and settings\Simon\Application Data\drivers\downld\303765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\303875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\309953.exe
c:\documents and settings\Simon\Application Data\drivers\downld\310703.exe
c:\documents and settings\Simon\Application Data\drivers\downld\311265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\311375.exe
c:\documents and settings\Simon\Application Data\drivers\downld\329406.exe
c:\documents and settings\Simon\Application Data\drivers\downld\334500.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3494875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3495140.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3495453.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3513046.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3515296.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3515781.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3525171.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3527125.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3528250.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3556953.exe
c:\documents and settings\Simon\Application Data\drivers\downld\364906.exe
c:\documents and settings\Simon\Application Data\drivers\downld\370546.exe
c:\documents and settings\Simon\Application Data\drivers\downld\371031.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3735109.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3736265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3736312.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3741500.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3743031.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3743562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3744171.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3745015.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3745546.exe
c:\documents and settings\Simon\Application Data\drivers\downld\380562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\382125.exe
c:\documents and settings\Simon\Application Data\drivers\downld\383046.exe
c:\documents and settings\Simon\Application Data\drivers\downld\383265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\383718.exe
c:\documents and settings\Simon\Application Data\drivers\downld\383875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\383906.exe
c:\documents and settings\Simon\Application Data\drivers\downld\384734.exe
c:\documents and settings\Simon\Application Data\drivers\downld\384765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3865500.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3866343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3866687.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3887859.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3889765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3890328.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3894062.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3895406.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3895687.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3913296.exe
c:\documents and settings\Simon\Application Data\drivers\downld\391390.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3915234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3916562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3917796.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3920656.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3921640.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3923500.exe
c:\documents and settings\Simon\Application Data\drivers\downld\392812.exe
c:\documents and settings\Simon\Application Data\drivers\downld\393750.exe
c:\documents and settings\Simon\Application Data\drivers\downld\394093.exe
c:\documents and settings\Simon\Application Data\drivers\downld\394453.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3948171.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3949296.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3949453.exe
c:\documents and settings\Simon\Application Data\drivers\downld\395390.exe
c:\documents and settings\Simon\Application Data\drivers\downld\395671.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3984062.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3984421.exe
c:\documents and settings\Simon\Application Data\drivers\downld\3984468.exe
c:\documents and settings\Simon\Application Data\drivers\downld\399937.exe
c:\documents and settings\Simon\Application Data\drivers\downld\400046.exe
c:\documents and settings\Simon\Application Data\drivers\downld\400093.exe
c:\documents and settings\Simon\Application Data\drivers\downld\405109.exe
c:\documents and settings\Simon\Application Data\drivers\downld\405281.exe
c:\documents and settings\Simon\Application Data\drivers\downld\4055421.exe
c:\documents and settings\Simon\Application Data\drivers\downld\4057234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\405765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\4057671.exe
c:\documents and settings\Simon\Application Data\drivers\downld\406000.exe
c:\documents and settings\Simon\Application Data\drivers\downld\406562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\406718.exe
c:\documents and settings\Simon\Application Data\drivers\downld\406765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\4090437.exe
c:\documents and settings\Simon\Application Data\drivers\downld\4101656.exe
c:\documents and settings\Simon\Application Data\drivers\downld\4103093.exe
c:\documents and settings\Simon\Application Data\drivers\downld\4103406.exe
c:\documents and settings\Simon\Application Data\drivers\downld\412859.exe
c:\documents and settings\Simon\Application Data\drivers\downld\413187.exe
c:\documents and settings\Simon\Application Data\drivers\downld\413796.exe
c:\documents and settings\Simon\Application Data\drivers\downld\429359.exe
c:\documents and settings\Simon\Application Data\drivers\downld\430421.exe
c:\documents and settings\Simon\Application Data\drivers\downld\430593.exe
c:\documents and settings\Simon\Application Data\drivers\downld\433812.exe
c:\documents and settings\Simon\Application Data\drivers\downld\435687.exe
c:\documents and settings\Simon\Application Data\drivers\downld\436250.exe
c:\documents and settings\Simon\Application Data\drivers\downld\440062.exe
c:\documents and settings\Simon\Application Data\drivers\downld\441343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\441671.exe
c:\documents and settings\Simon\Application Data\drivers\downld\449531.exe
c:\documents and settings\Simon\Application Data\drivers\downld\450953.exe
c:\documents and settings\Simon\Application Data\drivers\downld\451875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\454203.exe
c:\documents and settings\Simon\Application Data\drivers\downld\455765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\457171.exe
c:\documents and settings\Simon\Application Data\drivers\downld\457625.exe
c:\documents and settings\Simon\Application Data\drivers\downld\471609.exe
c:\documents and settings\Simon\Application Data\drivers\downld\473156.exe
c:\documents and settings\Simon\Application Data\drivers\downld\473437.exe
c:\documents and settings\Simon\Application Data\drivers\downld\473953.exe
c:\documents and settings\Simon\Application Data\drivers\downld\475234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\476328.exe
c:\documents and settings\Simon\Application Data\drivers\downld\480703.exe
c:\documents and settings\Simon\Application Data\drivers\downld\480875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\480906.exe
c:\documents and settings\Simon\Application Data\drivers\downld\484375.exe
c:\documents and settings\Simon\Application Data\drivers\downld\487515.exe
c:\documents and settings\Simon\Application Data\drivers\downld\488343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\489125.exe
c:\documents and settings\Simon\Application Data\drivers\downld\499093.exe
c:\documents and settings\Simon\Application Data\drivers\downld\499265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\499312.exe
c:\documents and settings\Simon\Application Data\drivers\downld\527656.exe
c:\documents and settings\Simon\Application Data\drivers\downld\529015.exe
c:\documents and settings\Simon\Application Data\drivers\downld\529343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\530234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\530921.exe
c:\documents and settings\Simon\Application Data\drivers\downld\531078.exe
c:\documents and settings\Simon\Application Data\drivers\downld\532750.exe
c:\documents and settings\Simon\Application Data\drivers\downld\534453.exe
c:\documents and settings\Simon\Application Data\drivers\downld\535031.exe
c:\documents and settings\Simon\Application Data\drivers\downld\536375.exe
c:\documents and settings\Simon\Application Data\drivers\downld\536968.exe
c:\documents and settings\Simon\Application Data\drivers\downld\537546.exe
c:\documents and settings\Simon\Application Data\drivers\downld\538484.exe
c:\documents and settings\Simon\Application Data\drivers\downld\539640.exe
c:\documents and settings\Simon\Application Data\drivers\downld\539921.exe
c:\documents and settings\Simon\Application Data\drivers\downld\540468.exe
c:\documents and settings\Simon\Application Data\drivers\downld\541062.exe
c:\documents and settings\Simon\Application Data\drivers\downld\541343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\546625.exe
c:\documents and settings\Simon\Application Data\drivers\downld\547468.exe
c:\documents and settings\Simon\Application Data\drivers\downld\547968.exe
c:\documents and settings\Simon\Application Data\drivers\downld\548734.exe
c:\documents and settings\Simon\Application Data\drivers\downld\549687.exe
c:\documents and settings\Simon\Application Data\drivers\downld\550421.exe
c:\documents and settings\Simon\Application Data\drivers\downld\550968.exe
c:\documents and settings\Simon\Application Data\drivers\downld\551687.exe
c:\documents and settings\Simon\Application Data\drivers\downld\551765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\552281.exe
c:\documents and settings\Simon\Application Data\drivers\downld\552484.exe
c:\documents and settings\Simon\Application Data\drivers\downld\552828.exe
c:\documents and settings\Simon\Application Data\drivers\downld\552859.exe
c:\documents and settings\Simon\Application Data\drivers\downld\553156.exe
c:\documents and settings\Simon\Application Data\drivers\downld\553875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\556015.exe
c:\documents and settings\Simon\Application Data\drivers\downld\556609.exe
c:\documents and settings\Simon\Application Data\drivers\downld\557062.exe
c:\documents and settings\Simon\Application Data\drivers\downld\558718.exe
c:\documents and settings\Simon\Application Data\drivers\downld\558984.exe
c:\documents and settings\Simon\Application Data\drivers\downld\563625.exe
c:\documents and settings\Simon\Application Data\drivers\downld\564218.exe
c:\documents and settings\Simon\Application Data\drivers\downld\564906.exe
c:\documents and settings\Simon\Application Data\drivers\downld\566015.exe
c:\documents and settings\Simon\Application Data\drivers\downld\567984.exe
c:\documents and settings\Simon\Application Data\drivers\downld\568109.exe
c:\documents and settings\Simon\Application Data\drivers\downld\568500.exe
c:\documents and settings\Simon\Application Data\drivers\downld\569875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\570296.exe
c:\documents and settings\Simon\Application Data\drivers\downld\577921.exe
c:\documents and settings\Simon\Application Data\drivers\downld\579640.exe
c:\documents and settings\Simon\Application Data\drivers\downld\580765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\592937.exe
c:\documents and settings\Simon\Application Data\drivers\downld\602234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\603234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\603562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\603890.exe
c:\documents and settings\Simon\Application Data\drivers\downld\6141781.exe
c:\documents and settings\Simon\Application Data\drivers\downld\6142109.exe
c:\documents and settings\Simon\Application Data\drivers\downld\6142203.exe
c:\documents and settings\Simon\Application Data\drivers\downld\6154859.exe
c:\documents and settings\Simon\Application Data\drivers\downld\6156625.exe
c:\documents and settings\Simon\Application Data\drivers\downld\6157093.exe
c:\documents and settings\Simon\Application Data\drivers\downld\6166593.exe
c:\documents and settings\Simon\Application Data\drivers\downld\6168140.exe
c:\documents and settings\Simon\Application Data\drivers\downld\6169265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\630359.exe
c:\documents and settings\Simon\Application Data\drivers\downld\630953.exe
c:\documents and settings\Simon\Application Data\drivers\downld\631234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\637812.exe
c:\documents and settings\Simon\Application Data\drivers\downld\638984.exe
c:\documents and settings\Simon\Application Data\drivers\downld\639562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\640046.exe
c:\documents and settings\Simon\Application Data\drivers\downld\640421.exe
c:\documents and settings\Simon\Application Data\drivers\downld\640734.exe
c:\documents and settings\Simon\Application Data\drivers\downld\640906.exe
c:\documents and settings\Simon\Application Data\drivers\downld\643468.exe
c:\documents and settings\Simon\Application Data\drivers\downld\644140.exe
c:\documents and settings\Simon\Application Data\drivers\downld\644546.exe
c:\documents and settings\Simon\Application Data\drivers\downld\654703.exe
c:\documents and settings\Simon\Application Data\drivers\downld\655328.exe
c:\documents and settings\Simon\Application Data\drivers\downld\655531.exe
c:\documents and settings\Simon\Application Data\drivers\downld\656062.exe
c:\documents and settings\Simon\Application Data\drivers\downld\656125.exe
c:\documents and settings\Simon\Application Data\drivers\downld\657906.exe
c:\documents and settings\Simon\Application Data\drivers\downld\658031.exe
c:\documents and settings\Simon\Application Data\drivers\downld\660062.exe
c:\documents and settings\Simon\Application Data\drivers\downld\662109.exe
c:\documents and settings\Simon\Application Data\drivers\downld\675812.exe
c:\documents and settings\Simon\Application Data\drivers\downld\675968.exe
c:\documents and settings\Simon\Application Data\drivers\downld\676015.exe
c:\documents and settings\Simon\Application Data\drivers\downld\679171.exe
c:\documents and settings\Simon\Application Data\drivers\downld\681562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\682078.exe
c:\documents and settings\Simon\Application Data\drivers\downld\682671.exe
c:\documents and settings\Simon\Application Data\drivers\downld\684312.exe
c:\documents and settings\Simon\Application Data\drivers\downld\685781.exe
c:\documents and settings\Simon\Application Data\drivers\downld\702421.exe
c:\documents and settings\Simon\Application Data\drivers\downld\703062.exe
c:\documents and settings\Simon\Application Data\drivers\downld\703234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\704531.exe
c:\documents and settings\Simon\Application Data\drivers\downld\705828.exe
c:\documents and settings\Simon\Application Data\drivers\downld\705875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\706343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\708343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\708890.exe
c:\documents and settings\Simon\Application Data\drivers\downld\730312.exe
c:\documents and settings\Simon\Application Data\drivers\downld\730515.exe
c:\documents and settings\Simon\Application Data\drivers\downld\730562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\731234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\732515.exe
c:\documents and settings\Simon\Application Data\drivers\downld\732687.exe
c:\documents and settings\Simon\Application Data\drivers\downld\736000.exe
c:\documents and settings\Simon\Application Data\drivers\downld\737765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\738359.exe
c:\documents and settings\Simon\Application Data\drivers\downld\750796.exe
c:\documents and settings\Simon\Application Data\drivers\downld\751296.exe
c:\documents and settings\Simon\Application Data\drivers\downld\751421.exe
c:\documents and settings\Simon\Application Data\drivers\downld\75921.exe
c:\documents and settings\Simon\Application Data\drivers\downld\76187.exe
c:\documents and settings\Simon\Application Data\drivers\downld\77265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\77343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\773718.exe
c:\documents and settings\Simon\Application Data\drivers\downld\775281.exe
c:\documents and settings\Simon\Application Data\drivers\downld\775656.exe
c:\documents and settings\Simon\Application Data\drivers\downld\78187.exe
c:\documents and settings\Simon\Application Data\drivers\downld\78296.exe
c:\documents and settings\Simon\Application Data\drivers\downld\785937.exe
c:\documents and settings\Simon\Application Data\drivers\downld\787390.exe
c:\documents and settings\Simon\Application Data\drivers\downld\791890.exe
c:\documents and settings\Simon\Application Data\drivers\downld\793265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\793484.exe
c:\documents and settings\Simon\Application Data\drivers\downld\794656.exe
c:\documents and settings\Simon\Application Data\drivers\downld\795203.exe
c:\documents and settings\Simon\Application Data\drivers\downld\79578.exe
c:\documents and settings\Simon\Application Data\drivers\downld\796968.exe
c:\documents and settings\Simon\Application Data\drivers\downld\79781.exe
c:\documents and settings\Simon\Application Data\drivers\downld\800531.exe
c:\documents and settings\Simon\Application Data\drivers\downld\800921.exe
c:\documents and settings\Simon\Application Data\drivers\downld\802375.exe
c:\documents and settings\Simon\Application Data\drivers\downld\803562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\805125.exe
c:\documents and settings\Simon\Application Data\drivers\downld\806265.exe
c:\documents and settings\Simon\Application Data\drivers\downld\806453.exe
c:\documents and settings\Simon\Application Data\drivers\downld\808171.exe
c:\documents and settings\Simon\Application Data\drivers\downld\810109.exe
c:\documents and settings\Simon\Application Data\drivers\downld\810468.exe
c:\documents and settings\Simon\Application Data\drivers\downld\810625.exe
c:\documents and settings\Simon\Application Data\drivers\downld\812000.exe
c:\documents and settings\Simon\Application Data\drivers\downld\81281.exe
c:\documents and settings\Simon\Application Data\drivers\downld\813109.exe
c:\documents and settings\Simon\Application Data\drivers\downld\81375.exe
c:\documents and settings\Simon\Application Data\drivers\downld\81468.exe
c:\documents and settings\Simon\Application Data\drivers\downld\814906.exe
c:\documents and settings\Simon\Application Data\drivers\downld\81515.exe
c:\documents and settings\Simon\Application Data\drivers\downld\820687.exe
c:\documents and settings\Simon\Application Data\drivers\downld\822296.exe
c:\documents and settings\Simon\Application Data\drivers\downld\822453.exe
c:\documents and settings\Simon\Application Data\drivers\downld\822890.exe
c:\documents and settings\Simon\Application Data\drivers\downld\823328.exe
c:\documents and settings\Simon\Application Data\drivers\downld\82375.exe
c:\documents and settings\Simon\Application Data\drivers\downld\824437.exe
c:\documents and settings\Simon\Application Data\drivers\downld\824640.exe
c:\documents and settings\Simon\Application Data\drivers\downld\824953.exe
c:\documents and settings\Simon\Application Data\drivers\downld\828562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\835000.exe
c:\documents and settings\Simon\Application Data\drivers\downld\839843.exe
c:\documents and settings\Simon\Application Data\drivers\downld\840390.exe
c:\documents and settings\Simon\Application Data\drivers\downld\841250.exe
c:\documents and settings\Simon\Application Data\drivers\downld\84406.exe
c:\documents and settings\Simon\Application Data\drivers\downld\844546.exe
c:\documents and settings\Simon\Application Data\drivers\downld\84515.exe
c:\documents and settings\Simon\Application Data\drivers\downld\845750.exe
c:\documents and settings\Simon\Application Data\drivers\downld\846171.exe
c:\documents and settings\Simon\Application Data\drivers\downld\848781.exe
c:\documents and settings\Simon\Application Data\drivers\downld\850828.exe
c:\documents and settings\Simon\Application Data\drivers\downld\850984.exe
c:\documents and settings\Simon\Application Data\drivers\downld\851031.exe
c:\documents and settings\Simon\Application Data\drivers\downld\860859.exe
c:\documents and settings\Simon\Application Data\drivers\downld\862078.exe
c:\documents and settings\Simon\Application Data\drivers\downld\862375.exe
c:\documents and settings\Simon\Application Data\drivers\downld\871234.exe
c:\documents and settings\Simon\Application Data\drivers\downld\874625.exe
c:\documents and settings\Simon\Application Data\drivers\downld\874765.exe
c:\documents and settings\Simon\Application Data\drivers\downld\875250.exe
c:\documents and settings\Simon\Application Data\drivers\downld\876875.exe
c:\documents and settings\Simon\Application Data\drivers\downld\880562.exe
c:\documents and settings\Simon\Application Data\drivers\downld\88734.exe
c:\documents and settings\Simon\Application Data\drivers\downld\903218.exe
c:\documents and settings\Simon\Application Data\drivers\downld\90453.exe
c:\documents and settings\Simon\Application Data\drivers\downld\904531.exe
c:\documents and settings\Simon\Application Data\drivers\downld\904578.exe
c:\documents and settings\Simon\Application Data\drivers\downld\90890.exe
c:\documents and settings\Simon\Application Data\drivers\downld\90968.exe
c:\documents and settings\Simon\Application Data\drivers\downld\91968.exe
c:\documents and settings\Simon\Application Data\drivers\downld\920343.exe
c:\documents and settings\Simon\Application Data\drivers\downld\921484.exe
c:\documents and settings\Simon\Application Data\drivers\downld\92171.exe
c:\documents and settings\Simon\Application Data\drivers\downld\921921.exe
c:\documents and settings\Simon\Application Data\drivers\downld\92937.exe
c:\documents and settings\Simon\Application Data\drivers\downld\93203.exe
c:\documents and settings\Simon\Application Data\drivers\downld\94078.exe
c:\documents and settings\Simon\Application Data\drivers\downld\94390.exe
c:\documents and settings\Simon\Application Data\drivers\downld\94687.exe
c:\documents and settings\Simon\Application Data\drivers\downld\949062.exe
c:\documents and settings\Simon\Application Data\drivers\downld\95437.exe
c:\documents and settings\Simon\Application Data\drivers\downld\95484.exe
c:\documents and settings\Simon\Application Data\drivers\downld\95656.exe
c:\documents and settings\Simon\Application Data\drivers\downld\95781.exe
c:\documents and settings\Simon\Application Data\drivers\downld\959125.exe
c:\documents and settings\Simon\Application Data\drivers\downld\95984.exe
c:\documents and settings\Simon\Application Data\drivers\downld\960484.exe
c:\documents and settings\Simon\Application Data\drivers\downld\960812.exe
c:\documents and settings\Simon\Application Data\drivers\downld\96828.exe
c:\documents and settings\Simon\Application Data\drivers\downld\97203.exe
c:\documents and settings\Simon\Application Data\drivers\downld\97296.exe
c:\documents and settings\Simon\Application Data\drivers\srosa2.sys
c:\documents and settings\Simon\Application Data\drivers\winupgro.exe
c:\documents and settings\Simon\Application Data\m
c:\documents and settings\Simon\Application Data\m\data.oct
c:\documents and settings\Simon\Application Data\m\flec006.exe
c:\documents and settings\Simon\Application Data\m\list.oct
c:\documents and settings\Simon\Application Data\m\shared\[SOFT.ITA].nod32.antivirus.v2.000.7.italiano.con.cura.zip
c:\documents and settings\Simon\Application Data\m\shared\4x4 Evolution GeForce3 patch.zip
c:\documents and settings\Simon\Application Data\m\shared\A-POPUPKILLER 0.8.0618 With Crack.zip
c:\documents and settings\Simon\Application Data\m\shared\ABCFastDirectory 1.5.zip
c:\documents and settings\Simon\Application Data\m\shared\AbridgeInsert 1.1 Cracked.zip
c:\documents and settings\Simon\Application Data\m\shared\Acura TL Concept Screensaver.zip
c:\documents and settings\Simon\Application Data\m\shared\Advanced File Worker 2.3.zip
c:\documents and settings\Simon\Application Data\m\shared\Advanced PDF2HTM (PDF to HTML) 2.00.zip
c:\documents and settings\Simon\Application Data\m\shared\AmoK Exif Sorter 2.5.1.zip
c:\documents and settings\Simon\Application Data\m\shared\Arc DVD Copy 1.5.31.zip
c:\documents and settings\Simon\Application Data\m\shared\Articulation 1.1.zip
c:\documents and settings\Simon\Application Data\m\shared\Atomic Newsgroup Explorer 4.30.zip
c:\documents and settings\Simon\Application Data\m\shared\Attachment Executive 2003.zip
c:\documents and settings\Simon\Application Data\m\shared\Auto Dialer Pro 3.8 Key.zip
c:\documents and settings\Simon\Application Data\m\shared\Baby Boom 1.1.zip
c:\documents and settings\Simon\Application Data\m\shared\Blood Eye Remove 2.3 (Serial).zip
c:\documents and settings\Simon\Application Data\m\shared\Blue Binary Clock 1.2.zip
c:\documents and settings\Simon\Application Data\m\shared\Blue Commander 2.1.6.zip
c:\documents and settings\Simon\Application Data\m\shared\BW Gislet 1.0 1.00.051.zip
c:\documents and settings\Simon\Application Data\m\shared\Caillou Four Seasons of Fun.zip
c:\documents and settings\Simon\Application Data\m\shared\Classic Pack of Color Schemes 1.5.zip
c:\documents and settings\Simon\Application Data\m\shared\Colin McRae Rally 2.0 demo.zip
c:\documents and settings\Simon\Application Data\m\shared\CRM-Express Professional 3.69.0.0.zip
c:\documents and settings\Simon\Application Data\m\shared\CruxP2P 3.2.8.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Cute Translator 3.01 (Serial).zip
c:\documents and settings\Simon\Application Data\m\shared\Decimal Calculator 1.3.zip
c:\documents and settings\Simon\Application Data\m\shared\DecryptSQL 2.9.2 (Key+Serial).zip
c:\documents and settings\Simon\Application Data\m\shared\DepositWiz 2.0.8.27.zip
c:\documents and settings\Simon\Application Data\m\shared\DocPixie 1.1.zip
c:\documents and settings\Simon\Application Data\m\shared\Docsvault Professional 3.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Drum Station DT-010 1.09.zip
c:\documents and settings\Simon\Application Data\m\shared\DVD Snapshot 1.5.11.15.zip
c:\documents and settings\Simon\Application Data\m\shared\EasyGallery 1.1.82.185.zip
c:\documents and settings\Simon\Application Data\m\shared\EF Multi File Renamer 2.10.zip
c:\documents and settings\Simon\Application Data\m\shared\Express Archiver 3.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Farsight Icon Pack.zip
c:\documents and settings\Simon\Application Data\m\shared\FileHamster 1.6.0.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Flash Video Studio 2.0.zip
c:\documents and settings\Simon\Application Data\m\shared\FlyAway - Catch Me If You Can! 1.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Football Mogul Demo 2006 4.zip
c:\documents and settings\Simon\Application Data\m\shared\Forecastfox Enhanced 0.8.5.2.zip
c:\documents and settings\Simon\Application Data\m\shared\GeoDataSource World Cities Database Basic Edition August 2007.zip
c:\documents and settings\Simon\Application Data\m\shared\H264 WebCam 2.31.zip
c:\documents and settings\Simon\Application Data\m\shared\Headquarters The Basecamp Widget 1.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Horse Racing Software 1.0 [Serial].zip
c:\documents and settings\Simon\Application Data\m\shared\HotDog Professional 7.0.3.28 With Crack.zip
c:\documents and settings\Simon\Application Data\m\shared\IDEA! Free Edition 2.1.5.67.zip
c:\documents and settings\Simon\Application Data\m\shared\Image2db 2.1 Key+Serial.zip
c:\documents and settings\Simon\Application Data\m\shared\iPOPMusic 2.5.zip
c:\documents and settings\Simon\Application Data\m\shared\iResize 2.0.zip
c:\documents and settings\Simon\Application Data\m\shared\iterasi for Firefox 3 1.3.2.0.zip
c:\documents and settings\Simon\Application Data\m\shared\itsourtree.com Home Edition 1.0.1.zip
c:\documents and settings\Simon\Application Data\m\shared\Jake's Alarm Clock 1.6.zip
c:\documents and settings\Simon\Application Data\m\shared\Jarf 0.1.zip
c:\documents and settings\Simon\Application Data\m\shared\JDBaccess for MySql 1.0 With Crack.zip
c:\documents and settings\Simon\Application Data\m\shared\JDVoiceMail 2.47.zip
c:\documents and settings\Simon\Application Data\m\shared\Konforum 2.1.zip
c:\documents and settings\Simon\Application Data\m\shared\KUpload+ AJAX ProgressBar 1.1.zip
c:\documents and settings\Simon\Application Data\m\shared\MacroVirus 3.6.0.5.058.zip
c:\documents and settings\Simon\Application Data\m\shared\MagicBeamer 1.2.zip
c:\documents and settings\Simon\Application Data\m\shared\McAfee.Internet.Security.Suite.+.parche.español.2007.zip
c:\documents and settings\Simon\Application Data\m\shared\McAfee.VirusScan.Professional.Edition.10.0.25.zip
c:\documents and settings\Simon\Application Data\m\shared\Media Digitalizer 3.zip
c:\documents and settings\Simon\Application Data\m\shared\Media Encoder Console 2.2.zip
c:\documents and settings\Simon\Application Data\m\shared\Minister Scheduler Pro 1.0 With Crack.zip
c:\documents and settings\Simon\Application Data\m\shared\Miracle Drumlooper -.zip
c:\documents and settings\Simon\Application Data\m\shared\Mobile Navigator Software 2.0.zip
c:\documents and settings\Simon\Application Data\m\shared\MP3 Rocket 4.9.6.zip
c:\documents and settings\Simon\Application Data\m\shared\My Diary 8.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Myplaycity Antispyware 4.2.zip
c:\documents and settings\Simon\Application Data\m\shared\Net Profiles 2.0.1.zip
c:\documents and settings\Simon\Application Data\m\shared\ohol.zip
c:\documents and settings\Simon\Application Data\m\shared\Oklahoma Zoo Screensaver.zip
c:\documents and settings\Simon\Application Data\m\shared\Origin Webminer 1.5.686.zip
c:\documents and settings\Simon\Application Data\m\shared\Orkut Toolbar for IE & Firefox 1.zip
c:\documents and settings\Simon\Application Data\m\shared\OTTracker 1.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Password-It 3.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Password Reveal Pro 1.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Password Safe Pro 4.10.8.56.zip
c:\documents and settings\Simon\Application Data\m\shared\PC OMR 7.zip
c:\documents and settings\Simon\Application Data\m\shared\PDFapps Security and Privacy Audit 2.0.zip
c:\documents and settings\Simon\Application Data\m\shared\PIPL 2.50 D.zip
c:\documents and settings\Simon\Application Data\m\shared\Project-Eo Multi Diary - Day Edition 1.0.2 Key+Serial.zip
c:\documents and settings\Simon\Application Data\m\shared\Purchase Gateway 2.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Rain UK 1.00.zip
c:\documents and settings\Simon\Application Data\m\shared\Registry First Aid 6.0.0.1387.zip
c:\documents and settings\Simon\Application Data\m\shared\River Past MOV Booster Pack 7.7.16.1904.zip
c:\documents and settings\Simon\Application Data\m\shared\SaveCD 0.9 Key+Serial.zip
c:\documents and settings\Simon\Application Data\m\shared\Screen Seizer 1.00 beta.zip
c:\documents and settings\Simon\Application Data\m\shared\ShadowProtect Server Edition 3.3.zip
c:\documents and settings\Simon\Application Data\m\shared\Shareview 4.7.zip
c:\documents and settings\Simon\Application Data\m\shared\SMTP Server Pro 1.72.zip
c:\documents and settings\Simon\Application Data\m\shared\Ssuite Personal Office 3.2.zip
c:\documents and settings\Simon\Application Data\m\shared\Steel Tide.zip
c:\documents and settings\Simon\Application Data\m\shared\Super WhatWord.zip
c:\documents and settings\Simon\Application Data\m\shared\Sydney 2000 demo.zip
c:\documents and settings\Simon\Application Data\m\shared\Symantec.Winfax.Pro.v10.03.patch.crack.multiLanguage.with.serial.by.ParadoX.zip
c:\documents and settings\Simon\Application Data\m\shared\Tape Banner 1.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Teleport VLX 1.49 KeyGen.zip
c:\documents and settings\Simon\Application Data\m\shared\TextCrypt.zip
c:\documents and settings\Simon\Application Data\m\shared\TextMaster 2.0.2752.24646 [Cracked].zip
c:\documents and settings\Simon\Application Data\m\shared\TIMER 12 1.0.1 With Crack.zip
c:\documents and settings\Simon\Application Data\m\shared\Together Trailer.zip
c:\documents and settings\Simon\Application Data\m\shared\Ultra Video To iPod Converter 2.0.2006.819.zip
c:\documents and settings\Simon\Application Data\m\shared\Universal Explorer 4.2 [Patch].zip
c:\documents and settings\Simon\Application Data\m\shared\Unreal Tournament 2003 - Forest of Giants CTF map.zip
c:\documents and settings\Simon\Application Data\m\shared\Unreal Tournament 2004 CTF Dana Map.zip
c:\documents and settings\Simon\Application Data\m\shared\Updiet 1.0.0.3.zip
c:\documents and settings\Simon\Application Data\m\shared\Various Animals 2 Screensaver.zip
c:\documents and settings\Simon\Application Data\m\shared\ViViDVD Player 2.0.8 Build 20070506 Key.zip
c:\documents and settings\Simon\Application Data\m\shared\W32.Spybot.ANDM-Tool 1.0.0.zip
c:\documents and settings\Simon\Application Data\m\shared\WildPresenter Lite 2.214.zip
c:\documents and settings\Simon\Application Data\m\shared\Window Transparency 1.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Windows Time Fixer 0.1a.zip
c:\documents and settings\Simon\Application Data\m\shared\Winged Steed Photo Album 1.0.0.3.zip
c:\documents and settings\Simon\Application Data\m\shared\WinPure ListCleaner Pro 2.20.zip
c:\documents and settings\Simon\Application Data\m\shared\WizzTones 2.0.13.zip
c:\documents and settings\Simon\Application Data\m\shared\WLM-OSD Plugin 2.6.zip
c:\documents and settings\Simon\Application Data\m\shared\World of Warcraft official movie 2.zip
c:\documents and settings\Simon\Application Data\m\shared\X-Tools for Eudora 1.4.zip
c:\documents and settings\Simon\Application Data\m\shared\Xythos Drive 4.3.30.zip
c:\documents and settings\Simon\Application Data\m\shared\Yaldex PopUp 4.9.zip
c:\documents and settings\Simon\Application Data\m\shared\YMedia 1.0.zip
c:\documents and settings\Simon\Application Data\m\shared\Zodiac for Windows.zip
c:\documents and settings\Simon\Application Data\m\srvlist.oct
c:\programmer\DAEMON Tools\daemon.exe
c:\windows\system32\ban_list.txt

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Legacy_SK9OU0S
-------\Legacy_SROSA


(((((((((((((((((((((((((((((  Filer skabt fra 2009-02-25 til 2009-03-25  )))))))))))))))))))))))))))))))))))
.

2009-03-12 14:24 . 2009-03-12 14:24    <DIR>    d--------    c:\programmer\Java
2009-03-12 14:24 . 2009-03-12 14:24    73,728    --a------    c:\windows\system32\javacpl.cpl
2009-03-09 09:16 . 2009-03-09 09:16    <DIR>    d--------    c:\programmer\Attansic
2009-03-05 11:50 . 2009-03-05 12:24    <DIR>    d--------    c:\programmer\Bet24
2009-03-04 08:49 . 2009-03-04 08:53    42    --a------    c:\windows\system32\SpywareCease.lie
2009-03-03 19:54 . 2009-03-03 20:16    <DIR>    d--------    c:\documents and settings\Simon\Application Data\FileZilla
2009-03-03 12:06 . 2009-03-03 12:06    <DIR>    d--------    c:\documents and settings\Simon\Application Data\vlc
2009-02-25 11:37 . 2009-03-18 22:36    <DIR>    d--------    C:\klovn.s06e01.xvid-dtv
2009-02-25 11:33 . 2009-02-25 11:33    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 23:26    ---------    d-----w    c:\programmer\Steam
2009-03-25 23:26    ---------    d-----w    c:\programmer\DNA
2009-03-25 23:26    ---------    d-----w    c:\documents and settings\Simon\Application Data\DNA
2009-03-25 23:24    ---------    d--h--w    c:\documents and settings\Simon\Application Data\drivers
2009-03-25 23:24    ---------    d-----w    c:\programmer\DAEMON Tools
2009-03-21 18:27    ---------    d-----w    c:\programmer\Fælles filer\Adobe
2009-03-12 02:00    ---------    d-----w    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 09:04    ---------    d-----w    c:\documents and settings\Simon\Application Data\Uniblue
2009-03-09 09:04    ---------    d-----w    c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-09 08:59    ---------    d-----w    c:\programmer\Google
2009-03-09 08:58    ---------    d--h--w    c:\programmer\InstallShield Installation Information
2009-02-11 11:48    22,328    ----a-w    c:\windows\system32\drivers\PnkBstrK.sys
2009-02-11 11:48    22,328    ----a-w    c:\documents and settings\Simon\Application Data\PnkBstrK.sys
2009-02-11 09:19    38,496    ----a-w    c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19    15,504    ----a-w    c:\windows\system32\drivers\mbam.sys
2009-02-10 22:54    ---------    d-----w    c:\programmer\Fælles filer\Wise Installation Wizard
2009-02-10 22:54    ---------    d-----w    c:\programmer\AGEIA Technologies
2009-02-10 21:46    ---------    d-----w    c:\programmer\Microsoft Games for Windows - LIVE
2009-02-10 10:20    ---------    d-----w    c:\programmer\Fælles filer\InstallShield
2009-02-10 07:36    ---------    d-----w    c:\programmer\Logitech
2009-02-10 07:36    ---------    d-----w    c:\documents and settings\All Users\Application Data\Logitech
2009-02-08 19:08    ---------    d-----w    c:\programmer\MSBuild
2009-02-08 19:05    ---------    d-----w    c:\programmer\Reference Assemblies
2009-01-29 17:52    ---------    d-----w    c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2002-01-08 05:04    32,768    --sha-w    c:\windows\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012002010820020109\index.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\programmer\DNA\btdna.exe" [2002-01-06 342848]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2002-01-09 68856]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Steam"="c:\programmer\steam\steam.exe" [2009-02-10 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"WinampAgent"="c:\programmer\Winamp\winampa.exe" [2008-08-04 36352]
"NeroFilterCheck"="c:\programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\programmer\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Launch LCDMon"="c:\programmer\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 1687824]
"Launch LGDCore"="c:\programmer\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-12 148888]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2002-01-01 81000]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Simon\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages    REG_MULTI_SZ      msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Steam\\steamapps\\krulumut\\counter-strike\\hl.exe"=
"c:\\Programmer\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"f:\\Spil\\Flatout\\FlatOut2.exe"=
"f:\\Spil\\cod4\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-10 150568]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-26 14336]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-12-08 38656]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Indhold af mappen 'Planlagte Opgaver'

2009-03-25 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-DAEMON Tools - c:\programmer\DAEMON Tools\daemon.exe
HKCU-Run-msnmsgr - c:\programmer\Windows Live\Messenger\msnmsgr.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.bilgalleri.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: portalbank.dk\www
Trusted Zone: sparhim.dk\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 00:26:37
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1326574676-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:0b,a8,4f,37,ac,a8,27,c6,bc,9c,7f,82,9c,22,c4,d3,6c,98,41,42,81,
  79,01,e0,72,ea,34,c5,aa,0b,98,62,a3,d6,e7,50,fe,4e,1d,5f,a5,fc,4e,51,54,5d,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\WgaTray.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\rundll32.exe
c:\programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\windows\system32\wscntfy.exe
c:\programmer\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Gennemført tid: 2009-03-26  0:28:24 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-03-25 23:28:21

Pre-Kørsel: 23.324.762.112 byte ledig
Post-Kørsel: 24,202,625,024 byte ledig

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
684    --- E O F ---    2009-03-21 02:01:03


Jeg kan ikke installere AVG, den siger dette:

Local machine: installation failed
Installation: Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key.... Error 0x80070005

CCleaner køre uden problemer, fjerner hvert fald det den skal tror jeg.

HiJackThis siger det samme som før, altså det ikke er et godkendt win32-program.

Combofix + Malwarebytes'  fik da nappet en hel del !!!

Der ka' du selv se hvor meget L*** som P2P programmer (bitTorrent mm.) 'forærer' dig!!!

Slet mapperne:
c:\programmer\DNA\
c:\documents and settings\Simon\Application Data\DNA
c:\documents and settings\Simon\Application Data\drivers
c:\documents and settings\Simon\Application Data\m\shared\

-----

Lige en hurtig: Hent HiJackThis programmet igen ->
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
- og gem et passende sted ...

Og rul den igen ?

stien c:\documents and settings\Simon\Application Data\m\shared\
findes ikke. Men har slettet de andre. Ja kan godt se at p2p programmer giver en masse lort, troede godt nok bare ikke det var så meget.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36, on 2009-03-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Programmer\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\programmer\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Simon\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bilgalleri.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmer\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://qp.cvuvita.dk/qp2.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail1.cvuvita.dk/iNotes6W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5564/mcfscan.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://C:\Programmer\The Tournament Director\comdlg32.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8928 bytes

har lige kørt en scan igen fra Malwarebytes og den fandt ingenting:

Malwarebytes' Anti-Malware 1.34
Database version: 1902
Windows 5.1.2600 Service Pack 3

2009-03-29 12:15:18
mbam-log-2009-03-29 (12-15-18).txt

Skan type: Fuldstændig skanning (C:\|D:\|F:\|)
Objekter skannet: 117198
Tid tilbagelagt: 13 minute(s), 44 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


tror du har fixet mit problem nu.?

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmer\DNA\btdna.exe" - ser da ud til at leve endnu ?

C:\Programmer\DNA\btdna.exe findes altså ikke, eller jow det gør den jo nok når den står der, men jeg kan ikke finde den. Har også forsøgt at søge i skjulte filer og mapper.

sorry my bad, har vist fået den væk nu med HiJackThis.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:20, on 2009-03-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\programmer\steam\steam.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Documents and Settings\Simon\Skrivebord\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bilgalleri.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://qp.cvuvita.dk/qp2.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail1.cvuvita.dk/iNotes6W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5564/mcfscan.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://C:\Programmer\The Tournament Director\comdlg32.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9482 bytes

Mest i oprydningen tegn ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll (file missing)

Genstart normalt...

------------------------------------------------------------------------

Ta' en oprydning med nævnte CCleaner...

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

Malwarebytes' Anti-Malware 1.34
Database version: 1902
Windows 5.1.2600 Service Pack 3

2009-04-01 01:42:44
mbam-log-2009-04-01 (01-42-44).txt

Skan type: Fuldstændig skanning (C:\|D:\|F:\|)
Objekter skannet: 114643
Tid tilbagelagt: 17 minute(s), 35 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


---------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:43, on 2009-04-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Programmer\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\programmer\steam\steam.exe
C:\Programmer\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Documents and Settings\Simon\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bilgalleri.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: www.portalbank.dk
O15 - Trusted Zone: www.sparhim.dk
O15 - Trusted Zone: http://www.sparhim.dk
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://qp.cvuvita.dk/qp2.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail1.cvuvita.dk/iNotes6W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5564/mcfscan.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - file://C:\Programmer\The Tournament Director\comdlg32.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8296 bytes

--------------------------------------------------

CPU køre stabilt (0%-1%)

Da jeg kørte Malware, fandt mit virusprogram 3 virusser, som den så slettede.

Der er lige en 'oprydning' hænger ->
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
som du 'lige' ka' fixe i HJT...

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...

--------------

så er det gjort.

kan ikke sige nok TAK for hjælpen, det var meget professionelt og brugervenlig udført af dig. Mange TAK herfra.

Takker for Point...