Vista/explorer kan ikke gå på nettet

kan det hjælpe at nogen ser på min ipconfig /all ?
men det er vel ikke smart at smide den på nettet ? :-)

Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "fuld systemskanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra Hijackthis som du finder her:

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Kør HijackThis, klik på "Do a systemscan scan and save a logfile"  kopier loggens tekst og send den herind.

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista - Højreklik på filen - Kør som Administrator.

Godt set...for jeg glemte at nævne at dette skete da vedkommende fik hentet et eller andet snot via messenger... :-)

jeg har hentet programmet og installeret...men jeg må køre uden opdateringer, da jeg ikke kan komme på nettet

der findes ikke et godt antivirus og malware program som er gratis?
AVG dur vel ikke til begge dele?

Den scanner på livet løs...

La' os se/læse reslutatet fra #2 først...

Du kan hente en opdatering til malwarebytes her

http://malwarebytes.gt500.org/database.jsp

Brug den til en ny kørsel.

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe eller herfra

http://subs.geekstogo.com/ComboFix.exe




Højreklik på skrivebordet og vælg ny->tekstdokument og kopier  indholdet mellem  linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt


--------------

Killall::

Snapshot::

-------------


Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

Tjek din host fil.

host fil?

La' os se/læse reslutatet fra #2 først...

så er den færdig...man må sige den fandt noget... logfil kommer snart.

Først malware log:

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6001 Service Pack 1

08-06-2009 20:12:43
mbam-log-2009-06-08 (20-12-43).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 319996
Tid tilbagelagt: 1 hour(s), 42 minute(s), 51 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 5
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 2

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\fe345.fe345mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fe345.fe345mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65768b48-b004-4b26-9bac-a3bac39643d1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Windows\System32\199638 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Filer:
c:\Windows\t55ft3105f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\Windows\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.


Så hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:00, on 08-06-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Inge\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.14/uploader2.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9028 bytes

stadig ikke nogen netadgang :-(

ok..

så hent malware opdatering og opdater program
kør scan igen
fjern evt. hvad den finder
kør hijack

udfør det der combo halløj
indsend alle 3 logfiler?

Først malwarebytes, så combofix. hijackthis skal ikke bruges lige nu.

Og der slal stå

Killall::
Snapshot::

i CFScript.txt

ja ja... det står der også uden linjeafstand mellem de 2 ord hvis det betyder noget :-)
men jeg forstår godt din gentagen :-)))

combo kommer og siger at der kører noget norton antivirus... jeg tror nu ikke det er tilfældet..der ligger nok noget gammelt norton.
Erd er noget med at der skal special værktøj til at afinst. norton?

jeg er i øvrigt blevet bekræftet i at jeg skal beholde min XP indtil MS kommer med noget brugbart...jeg bliver aldrig fan af vista..

Det kan du hente her:

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Husk at højreklikke. kør som administrator

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6001 Service Pack 1

08-06-2009 20:12:43
mbam-log-2009-06-08 (20-12-43).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 319996
Tid tilbagelagt: 1 hour(s), 42 minute(s), 51 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 5
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 2

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\fe345.fe345mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fe345.fe345mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65768b48-b004-4b26-9bac-a3bac39643d1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Windows\System32\199638 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Filer:
c:\Windows\t55ft3105f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\Windows\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
og combo log:

ComboFix 09-06-07.07 - Inge 09-06-2009 10:03.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.45.1030.18.1982.1235 [GMT 2:00]
Kører fra: c:\users\Inge\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Inge\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-05-09 til 2009-06-09  )))))))))))))))))))))))))))))))))))
.

2009-06-09 08:09 . 2009-06-09 08:09    --------    d-sh--w-    \$RECYCLE.BIN
2009-06-09 08:08 . 2009-06-09 08:10    --------    d-----w-    c:\users\Inge\AppData\Local\temp
2009-06-09 08:08 . 2009-06-09 08:08    --------    d-----w-    C:\temp
2009-06-09 08:08 . 2009-06-09 08:08    --------    d-----w-    \temp
2009-06-09 07:59 . 2009-06-09 08:10    --------    d-s---w-    \ComboFix
2009-06-09 07:44 . 2009-06-09 07:44    --------    d-----w-    c:\programdata\NortonInstaller
2009-06-09 07:25 . 2009-06-09 07:31    --------    d-sh--w-    \Config.Msi
2009-06-09 04:53 . 2009-06-09 08:01    --------    d-----w-    \Qoobox
2009-06-08 18:40 . 2009-06-08 18:40    --------    d-----w-    c:\program files\Common Files\L&H
2009-06-08 18:39 . 2009-06-08 18:39    --------    d-----w-    c:\program files\Microsoft ActiveSync
2009-06-08 18:35 . 2009-06-08 18:35    --------    d-----w-    c:\program files\Microsoft.NET
2009-06-08 16:23 . 2009-06-08 16:23    --------    d-----w-    c:\users\Inge\AppData\Roaming\Malwarebytes
2009-06-08 16:23 . 2009-05-26 11:20    40160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 16:23 . 2009-06-08 16:23    --------    d-----w-    c:\programdata\Malwarebytes
2009-06-08 16:23 . 2009-06-08 16:23    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-06-08 16:23 . 2009-05-26 11:19    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-06-08 15:47 . 2009-06-08 15:47    --------    d-----w-    c:\users\Inge\AppData\Local\Mozilla
2009-06-04 13:50 . 2009-06-04 13:50    --------    d-----w-    c:\program files\DAEMON Tools Lite
2009-06-04 13:45 . 2009-06-04 13:45    717296    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-06-04 13:45 . 2009-06-04 13:45    --------    d-----w-    c:\users\Inge\AppData\Roaming\DAEMON Tools
2009-06-04 12:53 . 2009-06-08 15:33    --------    d--h--w-    C:\$AVG8.VAULT$
2009-06-04 12:53 . 2009-06-08 15:33    --------    d--h--w-    \$AVG8.VAULT$
2009-06-04 12:08 . 2009-06-04 12:08    --------    d-----w-    c:\programdata\WindowsSearch
2009-06-04 11:20 . 2009-06-04 11:20    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-06-04 11:20 . 2009-06-04 11:20    108552    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2009-06-04 11:20 . 2009-06-04 11:20    325896    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-06-04 11:20 . 2009-06-04 11:20    27784    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-06-04 11:20 . 2009-06-04 11:20    --------    d-----w-    c:\windows\system32\drivers\Avg
2009-06-04 11:20 . 2009-06-04 11:20    --------    d-----w-    c:\programdata\avg8
2009-06-04 11:20 . 2009-06-04 11:20    --------    d-----w-    c:\program files\AVG
2009-06-04 10:42 . 2009-06-09 08:09    2079162368    --sha-w-    \hiberfil.sys
2009-05-23 17:34 . 2009-05-23 17:35    --------    d-----w-    c:\users\Inge\Ny mappe
2009-05-21 20:54 . 2009-03-19 14:32    23400    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-21 20:54 . 2008-04-17 10:12    107368    ----a-w-    c:\windows\system32\GEARAspi.dll
2009-05-21 20:54 . 2009-05-21 20:54    --------    d-----w-    c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-21 20:52 . 2009-05-21 20:52    75048    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-18 13:42 . 2009-05-18 13:42    --------    d-----w-    c:\program files\Common Files\Control Panels
2009-05-18 13:39 . 2009-05-18 13:39    --------    d-----w-    c:\programdata\ALM
2009-05-12 11:39 . 2009-05-12 11:40    --------    d-----w-    c:\users\Inge\Panda antivirus
2009-05-12 06:38 . 2008-06-19 15:24    28544    ----a-w-    c:\windows\system32\drivers\pavboot.sys
2009-05-12 06:38 . 2009-05-12 06:38    --------    d-----w-    c:\program files\Panda Security

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 08:09 . 2009-06-04 10:42    2079162368    --sha-w-    \hiberfil.sys
2009-06-09 08:09 . 2008-02-05 23:34    2393034752    --sha-w-    \pagefile.sys
2009-06-09 07:56 . 2006-11-21 04:49    77202    ----a-w-    c:\windows\system32\perfc006.dat
2009-06-09 07:56 . 2006-11-21 04:49    463344    ----a-w-    c:\windows\system32\perfh006.dat
2009-06-09 07:49 . 2007-08-20 16:05    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2009-06-09 07:49 . 2008-04-22 19:50    --------    d-----w-    c:\programdata\Symantec
2009-06-09 07:48 . 2008-04-22 19:39    --------    d-----w-    c:\users\Inge\AppData\Roaming\Symantec
2009-06-09 04:44 . 2009-02-21 11:42    27744    ----a-w-    c:\programdata\nvModes.dat
2009-06-08 18:37 . 2007-08-20 16:23    --------    d-----w-    c:\program files\Microsoft Works
2009-06-05 18:03 . 2008-02-05 18:05    118624    ----a-w-    c:\users\Inge\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-04 13:42 . 2005-05-28 07:04    --------    d-----w-    c:\program files\Spyware Stormer
2009-05-21 20:54 . 2008-02-15 13:37    --------    d-----w-    c:\program files\iTunes
2009-05-21 20:54 . 2008-02-15 13:38    --------    d-----w-    c:\program files\iPod
2009-05-21 20:54 . 2008-02-15 13:45    --------    d-----w-    c:\program files\Common Files\Apple
2009-05-19 14:52 . 2008-06-07 06:04    --------    d-----w-    c:\program files\Picasa2
2009-05-18 13:44 . 2008-02-24 13:13    --------    d-----w-    c:\program files\Common Files\Adobe
2009-05-17 07:01 . 2008-12-10 19:11    --------    d-----w-    c:\users\Inge\AppData\Roaming\Skype
2009-05-17 06:07 . 2008-12-10 19:16    --------    d-----w-    c:\users\Inge\AppData\Roaming\skypePM
2009-05-16 13:37 . 2009-04-13 19:20    --------    d-----w-    c:\users\Inge\AppData\Roaming\gtk-2.0
2009-05-06 20:26 . 2008-12-01 12:35    --------    d-----w-    c:\users\Inge\AppData\Roaming\Tunebite
2009-05-01 18:30 . 2009-05-01 18:30    3366912    ----a-w-    c:\windows\system32\GPhotos.scr
2009-05-01 11:52 . 2009-05-01 11:52    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2009-05-01 10:08 . 2009-05-01 10:08    --------    d-----w-    c:\programdata\Office Genuine Advantage
2009-04-17 16:09 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-03-28 16:08 . 2009-02-01 17:30    0    ----a-w-    c:\users\Inge\temp.dat
2009-03-19 14:32 . 2009-03-19 14:32    23400    ----a-w-    c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-16 20:00    13824    ----a-w-    c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:00    24064    ----a-w-    c:\windows\system32\amxread.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-04 1947928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Inge^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ArsClip.exe - Genvej.lnk]
path=c:\users\Inge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip.exe - Genvej.lnk
backup=c:\windows\pss\ArsClip.exe - Genvej.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{25239235-CCE9-4506-BB16-AEDA937E00E7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{447CBEF1-95B8-442E-BC0D-2C32A27AF478}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{BB5D10AA-48F2-4F7B-AFC9-91CE9049526D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{99327DF5-6E89-4C68-AD7A-9BC0EEF88CD1}"= UDP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{02922678-BA62-4998-9260-C647E43593AD}"= TCP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{1E5EC0A3-A2D6-43AF-B8CE-F13AC6E70344}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{8F3C97A6-4FD2-45F1-9742-B5460F987A69}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{73432569-94A2-4BD6-BD79-4D322DF3D7EA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{256A5E47-F090-4D7A-8815-4084C5AD299C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E921830-6162-4991-815B-31C16304D0D3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CC957C77-5208-48EC-BFBF-3A5245FB9894}"= UDP:3703:Adobe Version Cue CS3 Server
"{B50E831A-7668-4716-8645-820E59B86464}"= UDP:3704:Adobe Version Cue CS3 Server
"{3309B07B-928A-4394-84C7-3E0EF78AAA86}"= UDP:50900:Adobe Version Cue CS3 Server
"{D0DD7294-A424-4CB4-A643-7DB71A51900F}"= UDP:50901:Adobe Version Cue CS3 Server
"{FE6EBC8A-B9E1-477B-80DE-F70224B0B7EE}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6824830E-B524-4852-B680-20222CCC00E9}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{476A6D60-2F63-4043-87A7-2E1502DF63A6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{65B95D36-DCDD-4C9B-BB3B-10B07B58EBF6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{89FA277F-A450-4FC8-A758-56BF95A1A4EA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{23764773-FDA0-463F-81C2-C926006D2ACB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B43D531F-AC10-45C7-BAF0-2D03A455C5E7}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{E18AF5C7-1207-4343-927C-0DED9DFBBD0F}"= UDP:c:\users\Inge\AppData\Local\temp\7zSDDA1.tmp\SymNRT.exe:Norton Removal Tool
"{63A18976-001B-4162-BB9A-038222E762A3}"= TCP:c:\users\Inge\AppData\Local\temp\7zSDDA1.tmp\SymNRT.exe:Norton Removal Tool

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12-05-2009 08:38 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04-06-2009 13:20 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04-06-2009 13:20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04-06-2009 13:20 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04-06-2009 13:20 298776]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\System32\drivers\usbaapl.sys [06-03-2009 00:59 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.daemon-search.com/default
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sydbank.dk
Trusted Zone: tdc.dk\udstedelse.certifikat
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\64fzafqk.default\
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 10:09
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\System32\conime.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Gennemført tid: 2009-06-09 10:17 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-06-09 08:17
ComboFix2.txt  2009-06-09 05:15

Pre-Kørsel: 63.884.951.552 byte ledig
Post-Kørsel: 63.704.952.832 byte ledig

222    --- E O F ---    2009-05-08 07:12

Hentede og kørte du den opdatering jeg linkede til?
Den er version 2202 du kører 1982

Virker regedit? Det kan være ret vigtigt

hmm... ja jeg hentede den.. men jegskulle den ikke installere sig et sted eller skulle jeg bare køre den direkte fra opdateringen?

Hvor finder man kør og search i vista? :-)

databaseversion 2202 siger den nu under opdater.. jeg kører den lige igen..

3175 2009 hedder dato på opdatering

Har du installeret Malwarebytes på din egen pc? Hvis du har , så opdater den, og kopier rules.ref over. På en xp plejer den at ligge her.

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

Du skal nok slå vis skjulte filer og mapper til
http://www.it-artikler.dk/2008/03/05/vis-skjulte-filer-og-mapper/

Jeg er ikke helt sikker på hvor rules.ref ligger på en vista mrn hvis du slår skjulte filer og mapper til ligger den nok et sted under c:\users

http://www.it-artikler.dk/2008/06/12/vis-skjulte-filer-og-mapper-i-windows-vista/

Men det gør den ikke,den ligger her:
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

hvis den siger 2202 i malware så er den vel opdateret?
jeg ved ikke lige hvad det der rules er for noget :-)

Når man ikke kan få Programmet til at opdatere sig selv kan man hente den jeg linkede til. Den var desværre ældre end jeg troede. den aktuelle er 2252. Hele databasen liger i filen rules.ref. Hvis du henter og installer malwarebytes på din XP (Husk opdatering) og derefter kopiere din
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
over som erstatnig for
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
Så vil den automatisk være helt opdateret.

nåe... :-)
tak..det gør jeg lige..

I øvrigt tusind tak indtil videre... :-)

Prøv lige med en hurtig skanning i første omgang. Det burde være nok til at få "hul" Hent derefter en ny combofix og kør den med samme CFScript.txt

den er i gang med den lange...skidt med det.
Om 1 times tid eller 2 er der resultat fra begge...

sådan:

Malwarebytes' Anti-Malware 1.37
Database version: 2252
Windows 6.0.6001 Service Pack 1

09-06-2009 15:28:04
mbam-log-2009-06-09 (15-28-04).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 324458
Tid tilbagelagt: 1 hour(s), 36 minute(s), 59 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


og combo:

ComboFix 09-06-07.07 - Inge 09-06-2009 16:35.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.45.1030.18.1982.1269 [GMT 2:00]
Kører fra: c:\users\Inge\Desktop\ComboFix.exe
Kommandoer benyttet :: f:\virus\carsten\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-05-09 til 2009-06-09  )))))))))))))))))))))))))))))))))))
.

2009-06-09 14:41 . 2009-06-09 14:42    --------    d-----w-    c:\users\Inge\AppData\Local\temp
2009-06-09 14:41 . 2009-06-09 14:41    --------    d-----w-    C:\temp
2009-06-09 14:41 . 2009-06-09 14:41    --------    d-----w-    \temp
2009-06-09 14:34 . 2009-06-09 14:42    --------    d-s---w-    \ComboFix
2009-06-09 07:44 . 2009-06-09 07:44    --------    d-----w-    c:\programdata\NortonInstaller
2009-06-09 07:25 . 2009-06-09 07:31    --------    d-sh--w-    \Config.Msi
2009-06-09 04:53 . 2009-06-09 14:34    --------    d-----w-    \Qoobox
2009-06-08 18:40 . 2009-06-08 18:40    --------    d-----w-    c:\program files\Common Files\L&H
2009-06-08 18:39 . 2009-06-08 18:39    --------    d-----w-    c:\program files\Microsoft ActiveSync
2009-06-08 18:35 . 2009-06-08 18:35    --------    d-----w-    c:\program files\Microsoft.NET
2009-06-08 16:23 . 2009-06-08 16:23    --------    d-----w-    c:\users\Inge\AppData\Roaming\Malwarebytes
2009-06-08 16:23 . 2009-05-26 11:20    40160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 16:23 . 2009-06-08 16:23    --------    d-----w-    c:\programdata\Malwarebytes
2009-06-08 16:23 . 2009-06-08 16:23    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-06-08 16:23 . 2009-05-26 11:19    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-06-08 15:47 . 2009-06-08 15:47    --------    d-----w-    c:\users\Inge\AppData\Local\Mozilla
2009-06-04 13:50 . 2009-06-04 13:50    --------    d-----w-    c:\program files\DAEMON Tools Lite
2009-06-04 13:45 . 2009-06-04 13:45    717296    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-06-04 13:45 . 2009-06-04 13:45    --------    d-----w-    c:\users\Inge\AppData\Roaming\DAEMON Tools
2009-06-04 12:53 . 2009-06-08 15:33    --------    d--h--w-    C:\$AVG8.VAULT$
2009-06-04 12:53 . 2009-06-08 15:33    --------    d--h--w-    \$AVG8.VAULT$
2009-06-04 12:08 . 2009-06-04 12:08    --------    d-----w-    c:\programdata\WindowsSearch
2009-06-04 11:20 . 2009-06-04 11:20    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-06-04 11:20 . 2009-06-04 11:20    108552    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2009-06-04 11:20 . 2009-06-04 11:20    325896    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-06-04 11:20 . 2009-06-04 11:20    27784    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-06-04 11:20 . 2009-06-04 11:20    --------    d-----w-    c:\windows\system32\drivers\Avg
2009-06-04 11:20 . 2009-06-04 11:20    --------    d-----w-    c:\programdata\avg8
2009-06-04 11:20 . 2009-06-04 11:20    --------    d-----w-    c:\program files\AVG
2009-06-04 10:42 . 2009-06-09 14:30    2079166464    --sha-w-    \hiberfil.sys
2009-05-23 17:34 . 2009-05-23 17:35    --------    d-----w-    c:\users\Inge\Ny mappe
2009-05-21 20:54 . 2009-03-19 14:32    23400    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-21 20:54 . 2008-04-17 10:12    107368    ----a-w-    c:\windows\system32\GEARAspi.dll
2009-05-21 20:54 . 2009-05-21 20:54    --------    d-----w-    c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-21 20:52 . 2009-05-21 20:52    75048    ----a-w-    c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-18 13:42 . 2009-05-18 13:42    --------    d-----w-    c:\program files\Common Files\Control Panels
2009-05-18 13:39 . 2009-05-18 13:39    --------    d-----w-    c:\programdata\ALM
2009-05-12 11:39 . 2009-05-12 11:40    --------    d-----w-    c:\users\Inge\Panda antivirus
2009-05-12 06:38 . 2008-06-19 15:24    28544    ----a-w-    c:\windows\system32\drivers\pavboot.sys
2009-05-12 06:38 . 2009-05-12 06:38    --------    d-----w-    c:\program files\Panda Security

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 14:37 . 2006-11-21 04:49    77202    ----a-w-    c:\windows\system32\perfc006.dat
2009-06-09 14:37 . 2006-11-21 04:49    463344    ----a-w-    c:\windows\system32\perfh006.dat
2009-06-09 14:30 . 2009-06-04 10:42    2079166464    --sha-w-    \hiberfil.sys
2009-06-09 14:30 . 2008-02-05 23:34    2393034752    --sha-w-    \pagefile.sys
2009-06-09 09:55 . 2009-02-21 11:42    27744    ----a-w-    c:\programdata\nvModes.dat
2009-06-09 07:49 . 2007-08-20 16:05    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2009-06-09 07:49 . 2008-04-22 19:50    --------    d-----w-    c:\programdata\Symantec
2009-06-09 07:48 . 2008-04-22 19:39    --------    d-----w-    c:\users\Inge\AppData\Roaming\Symantec
2009-06-08 18:37 . 2007-08-20 16:23    --------    d-----w-    c:\program files\Microsoft Works
2009-06-05 18:03 . 2008-02-05 18:05    118624    ----a-w-    c:\users\Inge\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-04 13:42 . 2005-05-28 07:04    --------    d-----w-    c:\program files\Spyware Stormer
2009-05-21 20:54 . 2008-02-15 13:37    --------    d-----w-    c:\program files\iTunes
2009-05-21 20:54 . 2008-02-15 13:38    --------    d-----w-    c:\program files\iPod
2009-05-21 20:54 . 2008-02-15 13:45    --------    d-----w-    c:\program files\Common Files\Apple
2009-05-19 14:52 . 2008-06-07 06:04    --------    d-----w-    c:\program files\Picasa2
2009-05-18 13:44 . 2008-02-24 13:13    --------    d-----w-    c:\program files\Common Files\Adobe
2009-05-17 07:01 . 2008-12-10 19:11    --------    d-----w-    c:\users\Inge\AppData\Roaming\Skype
2009-05-17 06:07 . 2008-12-10 19:16    --------    d-----w-    c:\users\Inge\AppData\Roaming\skypePM
2009-05-16 13:37 . 2009-04-13 19:20    --------    d-----w-    c:\users\Inge\AppData\Roaming\gtk-2.0
2009-05-06 20:26 . 2008-12-01 12:35    --------    d-----w-    c:\users\Inge\AppData\Roaming\Tunebite
2009-05-01 18:30 . 2009-05-01 18:30    3366912    ----a-w-    c:\windows\system32\GPhotos.scr
2009-05-01 11:52 . 2009-05-01 11:52    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2009-05-01 10:08 . 2009-05-01 10:08    --------    d-----w-    c:\programdata\Office Genuine Advantage
2009-04-17 16:09 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-03-28 16:08 . 2009-02-01 17:30    0    ----a-w-    c:\users\Inge\temp.dat
2009-03-19 14:32 . 2009-03-19 14:32    23400    ----a-w-    c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-16 20:00    13824    ----a-w-    c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:00    24064    ----a-w-    c:\windows\system32\amxread.dll
.

(((((((((((((((((((((((((((((  SnapShot@2009-06-09_08.10.02  )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-20 15:35 . 2009-06-09 14:32    56716              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-09 14:32    74500              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-02-05 18:58 . 2009-06-09 14:32    12852              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3094295680-2195809920-3410809841-1000_UserData.bin
+ 2008-02-10 15:48 . 2009-06-09 13:29    3042              c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-02-10 15:48 . 2009-06-09 07:30    3042              c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-06-09 14:30 . 2009-06-09 14:30    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-09 14:30 . 2009-06-09 14:30    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-02-09 16:39 . 2009-06-09 09:55    277164              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-06-09 14:37    587178              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-09 07:56    587178              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-09 07:56    101250              c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-09 14:37    101250              c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-04 1947928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Inge^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ArsClip.exe - Genvej.lnk]
path=c:\users\Inge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip.exe - Genvej.lnk
backup=c:\windows\pss\ArsClip.exe - Genvej.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{25239235-CCE9-4506-BB16-AEDA937E00E7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{447CBEF1-95B8-442E-BC0D-2C32A27AF478}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{BB5D10AA-48F2-4F7B-AFC9-91CE9049526D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{99327DF5-6E89-4C68-AD7A-9BC0EEF88CD1}"= UDP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{02922678-BA62-4998-9260-C647E43593AD}"= TCP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{1E5EC0A3-A2D6-43AF-B8CE-F13AC6E70344}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{8F3C97A6-4FD2-45F1-9742-B5460F987A69}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{73432569-94A2-4BD6-BD79-4D322DF3D7EA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{256A5E47-F090-4D7A-8815-4084C5AD299C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E921830-6162-4991-815B-31C16304D0D3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CC957C77-5208-48EC-BFBF-3A5245FB9894}"= UDP:3703:Adobe Version Cue CS3 Server
"{B50E831A-7668-4716-8645-820E59B86464}"= UDP:3704:Adobe Version Cue CS3 Server
"{3309B07B-928A-4394-84C7-3E0EF78AAA86}"= UDP:50900:Adobe Version Cue CS3 Server
"{D0DD7294-A424-4CB4-A643-7DB71A51900F}"= UDP:50901:Adobe Version Cue CS3 Server
"{FE6EBC8A-B9E1-477B-80DE-F70224B0B7EE}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6824830E-B524-4852-B680-20222CCC00E9}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{476A6D60-2F63-4043-87A7-2E1502DF63A6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{65B95D36-DCDD-4C9B-BB3B-10B07B58EBF6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{89FA277F-A450-4FC8-A758-56BF95A1A4EA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{23764773-FDA0-463F-81C2-C926006D2ACB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B43D531F-AC10-45C7-BAF0-2D03A455C5E7}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{E18AF5C7-1207-4343-927C-0DED9DFBBD0F}"= UDP:c:\users\Inge\AppData\Local\temp\7zSDDA1.tmp\SymNRT.exe:Norton Removal Tool
"{63A18976-001B-4162-BB9A-038222E762A3}"= TCP:c:\users\Inge\AppData\Local\temp\7zSDDA1.tmp\SymNRT.exe:Norton Removal Tool

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12-05-2009 08:38 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04-06-2009 13:20 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04-06-2009 13:20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04-06-2009 13:20 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04-06-2009 13:20 298776]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\System32\drivers\usbaapl.sys [06-03-2009 00:59 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.daemon-search.com/default
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sydbank.dk
Trusted Zone: tdc.dk\udstedelse.certifikat
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\64fzafqk.default\
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 16:42
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2009-06-09 16:44
ComboFix-quarantined-files.txt  2009-06-09 14:44
ComboFix2.txt  2009-06-09 08:17
ComboFix3.txt  2009-06-09 05:15

Pre-Kørsel: 63.404.396.544 byte ledig
Post-Kørsel: 63.315.210.240 byte ledig

213    --- E O F ---    2009-05-08 07:12

Start stifinder og find regedit, start den og find :
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 , Højreklik på den og vælg eksporter. Gem den som en tekstfil og kopier indholdet herind.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"VIDC.YVU9"="tsbyuv.dll"
"msacm.l3acm"="C:\\Windows\\System32\\l3codeca.acm"
"vidc.cvid"="iccvid.dll"
"MSVideo8"="VfWWDM32.dll"
"msacm.siren"="sirenacm.dll"
"msacm.l3codecp"=""
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave1"="wdmaud.drv"
"mixer1"="wdmaud.drv"

blev i klogere?
kan jeg bruge det her fremover i andre tilfælde og så lægge det direkte ind til tjek her på eksperten?
sådan at man ikke behøves ulejlige dig og andre hver dag :-)

Nej, jeg ledte efter noget specielt. Desværre var det der ikke.
Lige nu må jeg indrømme at jeg ikke kan se hvorfor internettet ikke virker. Prøv lige at sende en ny hjt log herind.

tja...et eller andet har du gjort..nettet virker nu :-)

Vil du godt slette den combofix du har, hente en ny men denne gang gi den et tilfældigt navn inden du kopierer den over. Kør den uden CFScript.txt. Jeg vil gerne se logs fra begge.

Så er det sidste jo unødvendigt. Jeg troede stadig ikke det virkede ;-)

Du spurgte tidligere om antivirus og antispyware. jeg vil anbefale at du dropper AVG:
http://www.spywarefri.dk/software/avg-anti-virus-free-edition/
Du kan læse mere om andre sikkerheds-programmer her:
http://www.spywarefri.dk/sikkerhedspakken/

tak...så du mener ikke jeg skal køre mere combo..
Jeg er meget taknemmelig og send endelig det svar så du kan få point...

Nej, det var kun fordi jeg troede der var noget der gemte sig, noget der blokerede internettet.