Backdoor.Bot + Rootkit.Agent/Gen-UAC

ComboFix 09-09-28.01 - Rasmus Nielsen 29-09-2009 19:34.1.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.511.249 [GMT 2:00]
Kører fra: c:\documents and settings\Rasmus Nielsen\Skrivebord\ComboFix.exe

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gæst\Application Data\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\Gæst\Application Data\Microsoft\Clip Organizer\Offic10.MGC
c:\documents and settings\Rasmus Nielsen\Application Data\inst.exe
c:\windows\Installer\41f91d4.msi
c:\windows\Installer\50f1d5.msp
c:\windows\Installer\fb03ca.msp

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-08-28 til 2009-09-29  )))))))))))))))))))))))))))))))))))
.

2009-09-11 15:29 . 2009-06-21 21:48    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll
2009-09-10 11:32 . 2009-09-10 11:32    --------    d-sh--w-    c:\documents and settings\Crone\IECompatCache
2009-09-10 11:31 . 2009-09-10 11:31    --------    d-sh--w-    c:\documents and settings\Crone\PrivacIE
2009-09-10 11:28 . 2009-09-10 11:28    --------    d-sh--w-    c:\documents and settings\Crone\IETldCache
2009-09-02 16:08 . 2009-07-03 16:59    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2009-09-02 16:08 . 2009-07-03 16:59    246272    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2009-09-02 16:04 . 2009-09-02 16:08    --------    dc-h--w-    c:\windows\ie8
2009-09-02 15:51 . 2006-06-29 11:07    14048    ------w-    c:\windows\system32\spmsg2.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 17:21 . 2009-03-21 11:07    --------    d-----w-    c:\programmer\Vuze
2009-09-29 17:21 . 2009-03-21 11:10    --------    d-----w-    c:\documents and settings\Rasmus Nielsen\Application Data\Azureus
2009-09-26 12:21 . 2009-02-08 08:03    --------    d-----w-    c:\programmer\SUPERAntiSpyware
2009-09-26 12:12 . 2009-01-08 18:04    --------    d-----w-    c:\programmer\Microsoft
2009-09-11 15:59 . 2008-08-26 10:54    --------    d-----w-    c:\programmer\Microsoft Silverlight
2009-09-11 15:40 . 2009-02-12 16:57    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 11:29 . 2005-01-15 16:39    77880    ----a-w-    c:\documents and settings\Crone\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 15:28 . 2004-10-03 19:04    77880    ----a-w-    c:\documents and settings\Rasmus Nielsen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 15:04 . 2004-07-13 15:46    --------    d-----w-    c:\programmer\Microsoft Works
2009-08-29 09:12 . 2009-08-29 09:12    --------    d-----w-    c:\documents and settings\Rasmus Nielsen\Application Data\IObit
2009-08-29 08:33 . 2009-08-29 08:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\WebcamMax
2009-08-29 08:33 . 2009-08-29 08:33    --------    d-----w-    c:\documents and settings\Rasmus Nielsen\Application Data\WebcamMax
2009-08-25 12:38 . 2004-07-21 23:49    --------    d-----w-    c:\programmer\Java
2009-08-25 12:24 . 2009-06-21 15:33    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-08-25 11:18 . 2009-07-27 10:58    --------    d-----w-    c:\documents and settings\Rasmus Nielsen\Application Data\BSplayer PRO
2009-08-25 11:18 . 2009-08-25 11:18    --------    d-----w-    c:\programmer\Google
2009-08-25 11:18 . 2009-07-30 11:21    --------    d-----w-    c:\programmer\Action Poker(2)
2009-08-25 11:18 . 2009-07-31 12:15    --------    d-----w-    c:\programmer\PokerStars.NET
2009-08-25 11:18 . 2008-01-10 14:50    --------    d-----w-    c:\programmer\PokerStars
2009-08-25 11:17 . 2009-08-11 07:16    --------    d-----w-    c:\documents and settings\Rasmus Nielsen\Application Data\Poker4ever
2009-08-24 12:00 . 2009-08-24 12:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\Video2Webcam
2009-08-21 12:18 . 2009-08-21 12:18    --------    d-----w-    c:\programmer\IObit
2009-08-05 09:00 . 2002-12-12 07:14    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-07-24 09:28    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-07-24 09:28    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-07-25 03:23 . 2008-12-11 19:26    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-07-24 21:16 . 2008-09-09 10:22    77880    ----a-w-    c:\documents and settings\Gæst\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-07-24 15:11 . 2009-07-24 15:11    15641    ----a-w-    c:\programmer\hijackthis.log
2009-07-24 00:02 . 2004-05-20 12:57    92602    ----a-w-    c:\windows\system32\perfc006.dat
2009-07-24 00:02 . 2004-05-20 12:57    483468    ----a-w-    c:\windows\system32\perfh006.dat
2009-07-17 19:03 . 2004-05-20 12:57    58880    ----a-w-    c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-09-06 20:28    286208    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-07-04 22:08 . 2009-07-04 22:07    64426    ----a-w-    c:\windows\system32\prfc0406.dat
2009-07-04 22:08 . 2009-07-04 22:07    399504    ----a-w-    c:\windows\system32\prfh0406.dat
2009-07-03 16:59 . 2004-08-23 18:35    915456    ----a-w-    c:\windows\system32\wininet.dll
2004-09-18 21:20 . 2004-09-18 21:20    56    --sh--r-    c:\windows\system32\1110F69D2F.sys
2004-09-18 21:20 . 2004-09-18 21:20    1682    --sha-w-    c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-26 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\programmer\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"McAfeeUpdaterUI"="c:\programmer\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 135251]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\programmer\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-04-28 66048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-26 12:21    548352    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Programmer\\Windows Media Player\\wmplayer.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Programmer\\Kayako\\LiveResponse\\LiveResponse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [26-05-2009 10:05 9968]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [26-05-2009 10:05 74480]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [29-08-2009 10:30 941784]
R2 FlipShare Service;FlipShare Service;c:\programmer\Pure Digital Technologies\FlipShare\FlipShareService.exe [13-11-2008 14:17 439616]
R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [15-03-2009 15:31 10240]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [26-05-2009 10:05 7408]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE [30-03-2009 16:28 1533808]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [04-01-2009 18:21 90357]
S4 Kwari.xLoader;Kwari.xLoader;c:\documents and settings\Rasmus Nielsen\Lokale indstillinger\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 --> c:\documents and settings\Rasmus Nielsen\Lokale indstillinger\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-09-28 c:\windows\Tasks\SmartDefrag.job
- c:\programmer\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-29 07:22]
.
.
------- Yderligere scanning -------
.
uStart Page = www.msn.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
IE: Append Link Target to Existing PDF - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: tilbudonline.dk\www.admin
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD}
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{03CAB5A9-EC65-4374-898D-2F7F034A4E4F} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Wizard - (no file)
HKLM-Run-FirstSteps - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 19:50
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kwari.xLoader]
"ImagePath"="c:\documents and settings\Rasmus Nielsen\Lokale indstillinger\Application Data\Micro Forte\Kwari\Kwari.xLoader.32"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
.
Gennemført tid: 2009-09-29 19:55
ComboFix-quarantined-files.txt  2009-09-29 17:54

Pre-Kørsel: 100.023.562.240 byte ledig
Post-Kørsel: 100.420.931.584 byte ledig

193    --- E O F ---    2009-02-13 14:43

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:15, on 29-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\3\3Connect\AutoUpdateSrv.exe
C:\Programmer\3\3Connect\wilog.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Rasmus Nielsen\Skrivebord\JhT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CABE9809-6AE6-4E9E-964E-144FEE362622}: NameServer = 80.251.201.177 80.251.201.178
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Programmer\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9962 bytes

det skulle have været 60 points så jeg laver en ekstra tråd når jeg får respons.
Håber i endnu engang vil hjælpe

Hvis du ikke allerede har gjort det så
AFINSTALL
* Azureus
* Vuze

---

Og så denne 'pakke' ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Hej Karise__larry.
"Hvis du ikke allerede har gjort det så
AFINSTALL
* Azureus
* Vuze"
Det var det allerførste jeg gjorde:-)
Smider den lige igang med Mbam skanning, det tager noget tid, vender tilbage med logs

... jeg så bare disse mapper ->
c:\programmer\Vuze
c:\documents and settings\Rasmus Nielsen\Application Data\Azureus

De mapper ka' du jo manuelt nappe/slette i samme omgang!!!

Okay dem havde jeg ikke lige kigget efter, men de ryger også med, tak for tippet:-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:41, on 30-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Rasmus Nielsen\Skrivebord\JhT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Programmer\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9733 bytes

Malwarebytes' Anti-Malware 1.41
Database version: 2874
Windows 5.1.2600 Service Pack 3

30-09-2009 13:56:16
mbam-log-2009-09-30 (13-56-16).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 364855
Tid tilbagelagt: 4 hour(s), 4 minute(s), 46 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Documents and Settings\Rasmus Nielsen\Dokumenter\Webcam Max5.0\WebcamMax\tRUE'sk.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Da jeg i Mbam skulle genstarte for at fjerne den inficerede fil, kom windows med denne meddelelse DWwin.exe kunne ikke initialiseres.

... spøger den [DWwin.exe] stadig efter en genstart eller to ?

Nej har lige prøvet et par genstarter hvor det foregik normalt uden bøvl.
Det er sket de to sidste gange jeg har skulle quarantine and delete infected files i Malware bytes, hvor den vil genstarte computeren for at fuldende processen, der kommer beskeden "DWwin.exe kunne ikke initialiseres".

(Lad den hvile i fred *S*)

hehe ok*S*

Men er maskinen så ren eller langt fra?

Du er velkommen en anden gang...

Afinstall ComboFix ->
[Start][Kør] - I boxen skriver du:

Combofix /u ENTER

Der er ikke mere 'snavs' ifølge din Log...

Efter sådan en omgang skal du lige fjerne de inficerede filer i system restore.

Windows XP:
1. Højreklik på > Denne Computer > Egenskaber > Systemgendannelses.
2. Sæt flueben i > Deaktiver Systemgendannelse> Anvend > OK.
3. Dobbeltklik på > Denne computer > højreklik på (C:) drevet > Egenskaber.
5. Klik på > Diskoprydning > Flere indstillinger.
6. I feltet Systemgendannelse, klik på "Ryd op".
7. Luk alle vinduer og genstart computeren.
8. Efter genstart > Aktiver Systemgendannelse på samme måde du deaktiverede det - Punkt 2 bare omvendt...

Safe Surfing...

--------------

Perfekt:-) mange tak for hjælpen
http://www.eksperten.dk/spm/888071 der er lidt flere points her.