Driver til netværkskort væk efter brug af virusprogram (og virusangreb)

Hejsa
Du kan gøre noget indledende for at se om Malware Bytes har fjernet det hele.

check efter de her processor brug ctrl + alt + del og vælg tabben processor
AntivirusPro_2010.exe yxine.exe Uninstall.exe mifiryvele.exe


søg efter disse filer
AntivirusPro_2010.lnk bojag.dl aqepe.dat nyxuj.com Uninstall.lnk ebapepyno.db emuziwe.pif ugozuf._sy uxitavo.dl carugy.com yquxihet.exe ojupegos.pif qanof.bin yrihoka.lib zecorykyp.lib AntivirusPro_2010.cfg AntivirusPro_2010.exe AVEngn.dll daily.cvd htmlayout.dll Microsoft.VC80.CRT.manifest msvcm80.dll msvcp80.dll msvcr80.dll pthreadVC2.dll Uninstall.exe wscui.cpl medoqokeqo.exe ycevykazu.vbs yhabozix.vbs _scui.cpl azasal.bin dinubem.dl exifoton.dll mifiryvele.exe ralun.sys.

mappe
c:\Program Files\AntivirusPro_2010

disse dll´er skal afregistreres men jeg synes du skal vente på en af de rigtige eksperter, jeg har dog fjernet størstedelen af 2009 versionen manuelt før.
AVEngn.dll htmlayout.dll pthreadVC2.dll msvcm80.dll msvcp80.dll msvcr80.dll

Hvis de kører er din maskine stadig under angreb, hvilket sagtens kan forklare en del af det du fortæller.
hvis du har styr på regedit er der også nogle register ting som skal slettes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\PIDs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\[ORIGINAL FILE NAME]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010


Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet omdøb den fra hijack this til et valgfrit navn. er det vista så højreklik og vælg kør som administrator

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

gennemfør denne pakke og smid logs fra henholdsvis malwarebytes og hijackthis op til den ekspert der tager bolden op.

hvis du får liv i netværket og du bliver sendt til sider du ikke selv har valgt (browser hijack) kan du blokere dem via hosts mappen
her er en lille guide til hvordan
http://www.hacktrix.com/easiest-way-to-block-websites-like-orkut-myspace-facebook-twitter-on-your-computer.

Håber noget af infoen har været brugbar.

Hvis det er malwarebytes du har kørt vil jeg gerne se loggen. Du finder den ved at starte malwarebytes, finde fanen med logs og kopiere den nyeste herind.
---------
Hent og gem Combofix på dit skrivebord som alg.exe:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Start alg.exe og følg anvisningerne.

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke

på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her: C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

jeg har ingen proces kørende der hedder noget med antivirus pro 2010.
Mappen i program files var væk.

Jeg er igang med at søge efter de filer du skrev, men det tager tid, også fordi jeg skal indtaste dem mauelt.

Loggen fra malwarebytes er her:
Malwarebytes' Anti-Malware 1.41
Database version: 2916
Windows 5.1.2600 Service Pack 3

06-10-2009 21:52:01
mbam-log-2009-10-06 (21-52-01).txt

Skan type: Hurtig skanning
Objekter skannet: 104592
Tid tilbagelagt: 7 minute(s), 45 second(s)

Inficerede Hukommelses Processer: 5
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 6
Inficerede Registeringsdatabase Værdier: 11
Inficerede Registeringsdatabase Filer: 3
Inficerede Mapper: 4
Inficerede Filer: 30

Inficerede Hukommelses Processer:
C:\Documents and Settings\Pernille\reader_s.exe (Trojan.Cutwail) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Cutwail) -> Unloaded process successfully.
C:\Programmer\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Pernille\Application Data\seres.exe (Rogue.AntiVirusPro) -> Unloaded process successfully.
C:\Documents and Settings\Pernille\Application Data\svcst.exe (Rogue.AntiVirusPro) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Pushbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-24sf-n84p (Trojan.Proxy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010 (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Programmer\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Menuen Start\Programmer\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1858 (Worm.Autorun) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Documents and Settings\Pernille\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Pushbot) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Application Data\lizkavd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\gnllegvj.exe (Trojan.Otlard) -> Delete on reboot.
C:\pgkso.exe (Trojan.Otlard) -> Delete on reboot.
C:\slxohxi.exe (Trojan.Qhost) -> Delete on reboot.
C:\vufjb.exe (Trojan.Qhost) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-5942955609-3174055500-883702756-2394\wnzip32.exe (Worm.Autorun.B) -> Delete on reboot.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Lokale indstillinger\Temp\170.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Lokale indstillinger\Temp\570.exe (Worm.Pushbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Lokale indstillinger\Temp\721.exe (Worm.Pushbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Lokale indstillinger\Temp\751.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Lokale indstillinger\Temp\754.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Lokale indstillinger\Temp\800.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Lokale indstillinger\Temp\837.exe (Worm.Pushbot) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Menuen Start\Programmer\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Menuen Start\Programmer\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1858\Desktop.ini (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Application Data\seres.exe (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Application Data\svcst.exe (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Skrivebord\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pernille\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.


Jeg henter lige combofix og får kørt det, og vender tilbage med en log

selvom du tror at du har fjernet antivirus pro 2010, så ligger den stadig som trojan i dit system. Vi har fået den virus på nogle maskiner på mit arbejde, (arbejder som IT-supporter i billund lufthavn), og det kan ikke betale sig at prøve på at fjerne dem. De duplikerer sig som rotter, lige så snart du fjerner bare lidt af applikationen.

jeg kan ikke hente combofix fra min egen ccomputer.
Har derfor hentet den ned på usb og flyttet filen til mit eget skrivebord.
Derudover registeret den at avast fortsat skulle kører, men windows siger (når jeg forsøger at fjerne det) at det virker til at programmet allerede er fjernet.
der wstå


Loggen fra combofix:

ComboFix 09-10-06.03 - Pernille 07-10-2009  8:45.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.1023.654 [GMT 2:00]
Kører fra: c:\documents and settings\Pernille\Skrivebord\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091005-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ahoweqoz.bin
c:\documents and settings\All Users\Application Data\arihujuwap.dll
c:\documents and settings\All Users\Application Data\byrida.vbs
c:\documents and settings\All Users\Dokumenter\egojicu.dl
c:\documents and settings\All Users\Dokumenter\ucany._dl
c:\documents and settings\Pernille\Application Data\dovizadet.ban
c:\documents and settings\Pernille\Application Data\gysy._dl
c:\documents and settings\Pernille\Cookies\ixivizu.com
c:\documents and settings\Pernille\Cookies\sykud.sys
c:\documents and settings\Pernille\Cookies\vede.sys
c:\documents and settings\Pernille\Lokale indstillinger\Application Data\jeroh.reg
c:\documents and settings\Pernille\Lokale indstillinger\Temporary Internet Files\cuvilyp.dat
c:\documents and settings\Pernille\Lokale indstillinger\Temporary Internet Files\dohir._sy
c:\documents and settings\Pernille\Lokale indstillinger\Temporary Internet Files\nebezyheq.sys
c:\programmer\Fælles filer\inudaz.exe
c:\programmer\Fælles filer\putesykiz.reg
c:\programmer\Fælles filer\wyco.com
c:\programmer\Fælles filer\ywefo.sys
c:\programmer\F‘lles filer\putesykiz.reg
c:\recycler\S-1-5-21-137590187-1923457414-1104879476-1003
c:\recycler\S-1-5-21-3918920808-6013083490-651643841-0887
c:\recycler\S-1-5-21-5942955609-3174055500-883702756-2394
c:\recycler\S-1-5-21-7119600274-2563425775-546354212-8718
c:\windows\axuw.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\21ed68d.msi
c:\windows\Installer\9d441.msi
c:\windows\Installer\9d448.msi
c:\windows\Installer\9d44f.msi
c:\windows\Installer\dc1e1.msp
c:\windows\Installer\dc1eb.msp
c:\windows\Installer\dc221.msp
c:\windows\ipym.scr
c:\windows\obogulinir.dll
c:\windows\system32\catowid.pif
c:\windows\system32\quby.bin
c:\windows\ygegapo.bat

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-09-07 til 2009-10-07  )))))))))))))))))))))))))))))))))))
.

2009-10-06 22:04 . 2009-03-25 12:29    130432    ----a-w-    c:\windows\system32\drivers\Rtnicxp.sys
2009-10-06 22:04 . 2009-03-03 18:18    73728    ----a-w-    c:\windows\system32\RtNicProp32.dll
2009-10-06 22:04 . 2009-10-06 22:04    --------    d-----w-    c:\programmer\Realtek
2009-10-06 19:29 . 2009-10-06 19:29    --------    d-----w-    c:\documents and settings\Pernille\Application Data\Malwarebytes
2009-10-06 19:29 . 2009-09-10 12:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 19:29 . 2009-10-06 19:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 19:29 . 2009-10-06 19:29    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-10-06 19:29 . 2009-09-10 12:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-10-06 19:14 . 2009-10-06 19:14    9728    ----a-w-    C:\qhhi.exe
2009-10-06 18:54 . 2009-10-06 19:14    109056    ----a-w-    C:\dgqosg.exe
2009-10-06 18:54 . 2009-10-06 18:55    189208    ----a-w-    C:\bxim.exe
2009-10-06 18:54 . 2009-10-06 18:54    26936    ----a-w-    C:\faluw.exe
2009-10-06 18:51 . 2009-10-06 18:51    189208    ----a-w-    C:\siyfiejh.exe
2009-10-06 18:51 . 2009-10-06 18:51    109056    ----a-w-    C:\dwwsnyeb.exe
2009-10-06 18:51 . 2009-10-06 18:51    26936    ----a-w-    C:\xyxqavq.exe
2009-09-12 14:18 . 2009-10-07 06:08    --------    d-----w-    c:\documents and settings\Pernille\Tracing
2009-09-12 14:17 . 2009-09-12 14:17    --------    d-----w-    c:\programmer\Microsoft
2009-09-12 14:16 . 2009-09-12 14:16    --------    d-----w-    c:\programmer\Windows Live SkyDrive
2009-09-12 14:13 . 2009-09-12 14:13    --------    d-----w-    c:\programmer\Fælles filer\Windows Live
2009-09-08 18:53 . 2009-06-21 21:48    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 22:19 . 2007-12-27 20:25    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2009-10-06 22:04 . 2002-01-28 06:47    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2009-10-06 18:59 . 2009-10-06 18:59    16620    ----a-w-    c:\programmer\Fælles filer\yneh._sy
2009-10-06 17:56 . 2005-08-16 09:43    43898    ----a-w-    c:\documents and settings\Pernille\Application Data\wklnhst.dat
2009-09-12 14:18 . 2005-08-15 12:08    80840    ----a-w-    c:\documents and settings\Pernille\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 14:16 . 2008-04-13 15:56    --------    d-----w-    c:\programmer\Windows Live
2009-09-09 05:21 . 2008-03-28 09:25    --------    d-----w-    c:\programmer\Microsoft Silverlight
2009-08-25 20:12 . 2002-01-28 06:48    --------    d-----w-    c:\programmer\Picture It! Premium 10
2009-08-17 16:10 . 2005-08-15 12:21    1279456    ----a-w-    c:\windows\system32\aswBoot.exe
2009-08-17 16:03 . 2005-08-15 12:21    26944    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2005-08-15 12:21    97480    ----a-w-    c:\windows\system32\AVASTSS.scr
2009-08-12 20:23 . 2009-06-12 19:45    --------    d-----w-    c:\programmer\SUPERAntiSpyware
2009-08-12 20:19 . 2009-06-12 19:41    --------    d-----w-    c:\programmer\SpywareBlaster
2009-08-12 20:06 . 2009-08-12 20:06    --------    d-----w-    c:\programmer\IObit
2009-08-12 20:06 . 2009-08-12 20:06    --------    d-----w-    c:\documents and settings\Pernille\Application Data\IObit
2009-08-12 19:56 . 2009-08-12 19:56    --------    d-----w-    c:\documents and settings\All Users\Application Data\Fighters
2009-08-06 17:24 . 2002-01-28 06:27    327896    ----a-w-    c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2002-01-28 06:27    209632    ----a-w-    c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2005-05-26 02:16    44768    ----a-w-    c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2002-01-28 06:27    35552    ----a-w-    c:\windows\system32\wups.dll
2009-08-06 17:24 . 2002-01-28 06:27    53472    ----a-w-    c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2005-03-16 19:49    96480    ----a-w-    c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2002-01-28 06:27    575704    ----a-w-    c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2006-08-20 19:23    274288    ----a-w-    c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2005-05-26 02:19    215920    ----a-w-    c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2002-01-28 06:27    1929952    ----a-w-    c:\windows\system32\wuaueng.dll
2009-08-05 09:00 . 2005-03-16 19:49    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-07-26 14:44 . 2009-07-26 14:44    48448    ----a-w-    c:\windows\system32\sirenacm.dll
2009-07-18 22:05 . 2009-07-18 22:03    7156    ----a-w-    c:\windows\system32\d3d9caps.dat
2009-07-17 19:03 . 2005-03-16 19:49    58880    ----a-w-    c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-03-16 19:50    286208    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-07-09 21:54 . 2008-11-09 21:06    0    ----a-w-    c:\documents and settings\Pernille\temp.dat
2005-12-13 15:16 . 2005-12-13 15:16    56    --sh--r-    c:\windows\system32\E6B7CF452F.sys
2006-02-25 12:10 . 2005-12-13 15:16    952    --sha-w-    c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"OM_Monitor"="c:\programmer\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programmer\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"IndexSearch"="c:\programmer\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
"SetDefPrt"="c:\programmer\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\programmer\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"OM_Monitor"="c:\programmer\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2006-07-28 282624]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-03-12 569344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Genvej til egenskabsside for High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-03-02 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-03-04 2803712]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - c:\programmer\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2009-06-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-06-13 12:59    356352    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\MAGIX\\MP3_Maker_Centurion\\MP3Maker.exe"=
"c:\\Programmer\\ASUS\\WL-520GU Wireless Router Utilities\\Discovery.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 ewido security suite driver;ewido security suite driver;c:\programmer\ewido\security suite\guard.sys [22-11-2004 16:15 3072]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [29-02-2008 16:03 9968]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 74480]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [16-03-2005 22:00 698368]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [30-12-2008 15:58 16269]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [27-01-2007 12:54 1527900]
S3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [16-03-2005 22:00 362688]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [20-11-2005 14:42 19677]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{F74453CF-465C-4D7E-BF18-FBC8877D9CF8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/ig?hl=da
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www4.king.com/ctl/kingcomie.cab
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfcrypto.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

AddRemove-avast! - c:\programmer\Alwil Software\Avast4\aswRunDll.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 08:53
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,87,6e,56,07,1e,
  cb,28,cb,e2,63,26,f1,3f,c8,ff,68,a7,0f,72,91,dd,f9,2e,61,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,f4,e5,c9,2a,6e,
  0b,a9,f4,6a,9c,d6,61,af,45,84,18,f0,a3,3d,2b,06,5a,d1,90,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,a7,0a,d1,00,3b,
  99,92,ba,ff,7c,85,e0,43,d4,0e,fe,9e,bb,4c,67,8b,a3,08,73,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,1c,8f,aa,bf,1f,
  61,8f,81,86,8c,21,01,be,91,eb,e7,12,33,2d,fc,a7,13,a4,58,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,14,6c,38,23,0d,
  45,6b,32,f5,1d,4d,73,a8,13,5c,05,99,5b,72,5b,5c,0b,0f,88,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,62,78,48,7f,ce,
  39,ae,d1,df,20,58,62,78,6b,cf,c8,e7,f9,bd,4d,d2,14,9a,73,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,50,c3,f6,0b,04,
  0a,70,0f,fb,a7,78,e6,12,2f,9a,ea,fe,e6,39,51,f6,06,93,f8,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,d0,b4,47,34,5a,
  44,45,11,01,3a,48,fc,e8,04,4a,f1,85,66,ed,77,6e,1d,8b,b1,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,b8,34,df,d0,43,
  bd,e4,1c,f6,0f,4e,58,98,5b,89,c9,22,95,b3,77,e7,21,2b,42,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,6c,a6,72,ee,a0,
  06,ae,26,3d,ce,ea,26,2d,45,aa,78,d0,d6,0f,4b,53,cd,55,d0,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,bf,18,ef,20,67,
  f5,9c,d3,2a,b7,cc,b5,b9,7f,41,e7,c1,37,00,1f,1c,f7,f9,a8,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,7e,b6,01,fc,d2,
  cd,c1,f7,6c,43,2d,1e,aa,22,2f,9c,99,7e,6b,9b,e0,5a,36,2a,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(284)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
.
Gennemført tid: 2009-10-07  8:57
ComboFix-quarantined-files.txt  2009-10-07 06:57

Pre-Kørsel: 138.860.822.528 byte ledig
Post-Kørsel: 139.677.642.752 byte ledig

282    --- E O F ---    2009-09-13 17:20

For øvrigt: programmet lavede ingen genopstart.

@Blandy: antivirus pro 2010 kan nu godt "fixes"

@Pernille; Jeg nægter at kalde dig snutling :-)
Disse to:
C:\Documents and Settings\Pernille\reader_s.exe
C:\WINDOWS\system32\reader_s.exe
gør at jeg tror du har virut på din pc. Læs mere her:
http://www.spywarefri.dk/artikel/ramt-af-virut/

Lyder ikke rart.

Er der nogle løsning, eller skal jeg have fat i et værksted ?

du kan formater din HDD. Eller forsøge dig med forskellige anti-virus programmer. Det kan være at du er heldig at en af dem kan fjerne den virus, men den er rigtig gentridig den du ahr fået. Der er nemlig også en forgænger til den, som hedder XP antivirus.

Men den kunne fjernes simpelt ved at prøve forskellige gratis antivirus programmer.

jeg er ikke selv en ørn til det med at lave back-up og formater.
Særligt da maskinen blev leveret præinstalleret.

Er igang med at pakke ccomputeren sammen.
Har netop snakket med et værksted.

F-arn: vil du ikke lægge et svar, så dette spørgsmål bliver afsluttet. Der er ikke mere at komme efter.

Beklager at det skulle ende sådan :-(

Det er der ikke noget at gøre ved - tak for hjælpen alligevel.