dwwin fejlmeddelelse ved lukning af computer

har desuden prøvet at kører min CCleaner i håbet om at der var noget der skulle/kunne renses, men ikke nogen effekt.

Jeg kører med "AVG internet security"hvis det har nogen relevans

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Ikke nødvendigvis pga virus ell. lign. men så ka' jeg se hvad der er i din opstart mm.

Her er en HiJackThis - det er første gang jeg gør dét så håber det er rigtigt. Er det også her man kan se om der er andet i vejen med computeren? (og hvis ja, kan du så se om der er noget som skal rettes/slettes for synes ikke den kører 100% optimalt)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:19, on 31-01-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\Programmer\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Microsoft IntelliPoint\dpupdchk.exe
C:\Programmer\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\AVG\AVG9\avgfws9.exe
C:\Programmer\AVG\AVG9\avgam.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmer\MagicTune Premium\MagicTuneEngine.exe
C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\Programmer\MagicTune Premium\MagicTune.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Windows Live\Toolbar\wltuser.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\bruger\Skrivebord\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238582068312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238582053953
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - http://91.199.104.31/cab/ActiveQscan.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1EF70B8-D4E2-4DD6-915F-05AA79535DD6}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Programmer\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 13301 bytes

... nu viser en HiJackThis log på ingen måde alle elementer så derfor ->

Ta' en oprydning med CCleaner...

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

----

her er først loggen fra malwarebytes scanningen (har efterfølgende valgt "fjern det valgte"):

Malwarebytes' Anti-Malware 1.44
Database version: 3672
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01-02-2010 20:54:01
mbam-log-2010-02-01 (20-53-55).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 349498
Tid tilbagelagt: 4 hour(s), 37 minute(s), 18 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 4

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
D:\Programmer\WinRar 3.71 final + keygen (Works 100% )\keygen.exe (Trojan.Agent) -> No action taken.
D:\RECYCLER\S-1-5-21-854245398-1284227242-682003330-1003\Dd1\i386\system32\smss.exe (Worm.Autorun.B) -> No action taken.
D:\RECYCLER\S-1-5-21-854245398-1284227242-682003330-1003\Dd2\i386\system32\smss.exe (Worm.Autorun.B) -> No action taken.
D:\RECYCLER\S-1-5-21-854245398-1284227242-682003330-1003\Dd3\i386\system32\smss.exe (Worm.Autorun.B) -> No action taken.

her er en frisk log fra HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:43, on 01-02-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\Programmer\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Microsoft IntelliPoint\dpupdchk.exe
C:\Programmer\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\AVG\AVG9\avgfws9.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\AVG\AVG9\avgam.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmer\MagicTune Premium\MagicTuneEngine.exe
C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\MagicTune Premium\MagicTune.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\bruger\Skrivebord\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238582068312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238582053953
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - http://91.199.104.31/cab/ActiveQscan.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1EF70B8-D4E2-4DD6-915F-05AA79535DD6}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Programmer\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 13477 bytes

Sådan går det let når man roder med Keygen/Cracks/... filer !!!

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

NB: Du må ikke døbe den Combofix.exe, men eksempelvis BANAN.exe

-- Kør så combofix.exe (BANAN.exe), som du hentede tidligere, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

her er combofix loggen:

ComboFix 10-02-01.03 - bruger 02-02-2010  16:02:38.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2047.1513 [GMT 1:00]
Kører fra: c:\documents and settings\bruger\Skrivebord\ekspertenprogram.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-01-02 til 2010-02-02  )))))))))))))))))))))))))))))))))))
.

2010-02-01 14:40 . 2010-02-01 14:40    --------    d-----w-    c:\documents and settings\bruger\Application Data\Malwarebytes
2010-02-01 14:40 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 14:40 . 2010-02-01 14:40    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-02-01 14:40 . 2010-02-01 14:40    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 14:40 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-02-01 10:29 . 2010-02-01 10:29    --------    d-----w-    c:\programmer\Microsoft CAPICOM 2.1.0.2
2010-01-31 15:52 . 2010-01-31 15:52    --------    d-----w-    c:\documents and settings\bruger\Lokale indstillinger\Application Data\LogiShrd
2010-01-31 15:52 . 2009-04-30 23:02    539160    ----a-r-    c:\windows\system32\LVUI2RC.dll
2010-01-31 15:52 . 2009-04-30 23:02    539160    ----a-r-    c:\windows\system32\LVUI2.dll
2010-01-31 15:52 . 2009-04-30 22:57    416280    ----a-r-    c:\windows\system32\lvcodec2.dll
2010-01-31 15:52 . 2009-04-30 23:03    6754712    ----a-r-    c:\windows\system32\drivers\lvuvc.sys
2010-01-31 15:51 . 2009-04-30 23:01    265496    ----a-r-    c:\windows\system32\drivers\lvrs.sys
2010-01-31 15:51 . 2009-04-30 22:57    199192    ----a-r-    c:\windows\system32\lvci1201278.dll
2010-01-31 15:51 . 2009-04-30 22:39    34068    ----a-r-    c:\windows\system32\Repository.reg
2010-01-31 15:51 . 2009-04-30 23:03    23832    ----a-r-    c:\windows\system32\drivers\lvuvcflt.sys
2010-01-31 14:57 . 2010-01-31 14:57    1956528    ----a-w-    c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-31 14:47 . 2010-01-31 14:47    503808    ----a-w-    c:\documents and settings\bruger\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5bb29cc5-n\msvcp71.dll
2010-01-31 14:47 . 2010-01-31 14:47    499712    ----a-w-    c:\documents and settings\bruger\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5bb29cc5-n\jmc.dll
2010-01-31 14:47 . 2010-01-31 14:47    348160    ----a-w-    c:\documents and settings\bruger\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5bb29cc5-n\msvcr71.dll
2010-01-31 14:47 . 2010-01-31 14:47    61440    ----a-w-    c:\documents and settings\bruger\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a912bd2-n\decora-sse.dll
2010-01-31 14:47 . 2010-01-31 14:47    12800    ----a-w-    c:\documents and settings\bruger\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a912bd2-n\decora-d3d.dll
2010-01-27 09:48 . 2010-01-15 09:28    1260800    ----a-w-    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-27 09:48 . 2010-01-15 09:28    3777280    ----a-w-    c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-21 16:17 . 2010-01-21 16:17    --------    d-----w-    c:\documents and settings\bruger\Application Data\Logitech
2010-01-21 16:16 . 2010-01-21 16:16    --------    d-----w-    c:\documents and settings\bruger\Application Data\Leadertech
2010-01-21 16:15 . 2008-09-26 08:52    10384    ----a-w-    c:\windows\system32\drivers\LBeepKE.sys
2010-01-21 16:14 . 2008-11-07 15:37    301656    ----a-w-    c:\windows\system32\BtCoreIf.dll
2010-01-21 16:14 . 2008-11-07 15:38    84496    ----a-w-    c:\windows\system32\KemXML.dll
2010-01-21 16:14 . 2008-11-07 15:38    117264    ----a-w-    c:\windows\system32\KemWnd.dll
2010-01-21 16:14 . 2008-11-07 15:38    145936    ----a-w-    c:\windows\system32\KemUtil.dll
2010-01-21 16:14 . 2008-11-07 15:38    170512    ----a-w-    c:\windows\system32\kemutb.dll
2010-01-21 16:13 . 2010-01-21 16:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\Logitech
2010-01-21 16:13 . 2010-01-31 15:52    --------    d-----w-    c:\programmer\Fælles filer\Logishrd
2010-01-21 16:13 . 2010-01-31 15:52    --------    d-----w-    c:\programmer\Logitech
2010-01-21 16:13 . 2010-01-31 15:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-21 16:10 . 2008-04-14 17:05    21504    -c--a-w-    c:\windows\system32\dllcache\hidserv.dll
2010-01-21 16:10 . 2008-04-14 17:05    21504    ----a-w-    c:\windows\system32\hidserv.dll
2010-01-21 16:10 . 2008-04-14 16:42    14720    -c--a-w-    c:\windows\system32\dllcache\kbdhid.sys
2010-01-21 16:10 . 2008-04-14 16:42    14720    ----a-w-    c:\windows\system32\drivers\kbdhid.sys
2010-01-19 22:34 . 2008-10-24 16:55    13184    ----a-w-    c:\windows\system32\drivers\MTiCtwl.sys
2010-01-19 22:34 . 2010-01-19 22:34    --------    d-----w-    c:\programmer\MagicTune Premium
2010-01-19 22:33 . 2010-01-19 22:33    --------    d-----w-    c:\programmer\MultiScreen
2010-01-19 22:33 . 2010-01-19 22:33    --------    d-----w-    c:\documents and settings\bruger\Application Data\InstallShield

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 16:17 . 2010-01-31 15:52    0    ----a-w-    c:\windows\system32\drivers\lvuvc.hs
2010-01-31 16:17 . 2010-01-31 15:51    0    ----a-w-    c:\windows\system32\drivers\logiflt.iad
2010-01-31 15:00 . 2009-10-01 16:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
2010-01-31 14:47 . 2008-02-23 19:15    --------    d-----w-    c:\programmer\Fælles filer\Java
2010-01-31 14:47 . 2008-02-23 19:16    --------    d-----w-    c:\programmer\Java
2010-01-22 17:34 . 2008-03-01 22:16    --------    d-----w-    c:\documents and settings\bruger\Application Data\dvdcss
2010-01-21 16:15 . 2010-01-21 16:15    0    ---ha-w-    c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-21 16:15 . 2010-01-21 16:15    0    ---ha-w-    c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-21 16:13 . 2008-02-19 15:42    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2010-01-20 22:02 . 2009-10-11 11:24    --------    d-----w-    c:\programmer\Microsoft Silverlight
2010-01-13 11:10 . 2008-02-23 16:51    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-10 01:16 . 2008-02-23 19:16    --------    d-----w-    c:\documents and settings\bruger\Application Data\Azureus
2010-01-08 19:59 . 2009-11-20 12:06    --------    d-----w-    c:\programmer\Vuze
2010-01-02 16:34 . 2008-02-21 12:45    74184    ----a-w-    c:\documents and settings\bruger\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 11:01 . 2010-01-02 11:01    --------    d-----w-    c:\programmer\Microsoft IntelliPoint
2009-12-21 19:08 . 2004-08-26 15:53    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-12-18 15:09 . 2009-12-18 15:09    --------    d-----w-    c:\documents and settings\bruger\Application Data\ArcSoft
2009-12-18 15:08 . 2009-12-18 15:08    1025    ----a-w-    c:\windows\system32\sysprs7.dll
2009-12-18 15:08 . 2009-12-18 15:08    1025    ----a-w-    c:\windows\system32\clauth2.dll
2009-12-18 15:08 . 2009-12-18 15:08    1025    ----a-w-    c:\windows\system32\clauth1.dll
2009-12-18 15:08 . 2009-12-18 15:08    --------    d-----w-    c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2009-12-17 16:14 . 2009-05-15 21:00    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-12-11 10:02 . 2001-10-09 11:00    83484    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-11 10:02 . 2001-10-09 11:00    459330    ----a-w-    c:\windows\system32\perfh006.dat
2009-11-26 17:15 . 2009-11-07 11:11    0    ----a-w-    c:\documents and settings\bruger\temp.dat
2009-11-21 15:58 . 2004-08-26 15:53    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
2009-11-09 17:37 . 2009-11-01 11:19    360584    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2009-11-06 08:40 . 2009-11-06 08:40    152576    ----a-w-    c:\documents and settings\bruger\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmer\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 11:28    1115392    ----a-w-    c:\programmer\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmer\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmer\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"NVIDIA nTune"="c:\programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-01-11 246504]
"IntelliPoint"="c:\programmer\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2010-1-21 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-01 11:19    12464    ----a-w-    c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 15:41    72208    ----a-w-    c:\programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^GammaTray.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^bruger^Menuen Start^Programmer^Start^Logitech . Produktregistrering.lnk]
path=c:\documents and settings\bruger\Menuen Start\Programmer\Start\Logitech . Produktregistrering.lnk
backup=c:\windows\pss\Logitech . Produktregistrering.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32    640376    ----a-w-    c:\programmer\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08    38768    ----a-w-    c:\programmer\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58    611712    ----a-w-    c:\programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 14:03    36864    ----a-w-    c:\programmer\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05    81920    ----a-w-    c:\programmer\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44    31072    ----a-w-    c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 09:13    267048    ----a-w-    c:\programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 09:35    2780432    ----a-w-    c:\programmer\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 15:07    1394000    ----a-w-    c:\programmer\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen]
2008-06-30 09:41    114688    ----a-w-    c:\programmer\MultiScreen\MultiScreen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50    155648    ----a-w-    c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25    81920    ----a-w-    c:\programmer\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-11-07 12:51    54576    ----a-w-    c:\programmer\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 08:29    729088    ----a-w-    c:\programmer\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00    49152    ----a-w-    c:\programmer\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50    413696    ----a-w-    c:\programmer\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-04-16 11:36    24264488    ----a-r-    c:\programmer\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"d:\\spil\\farcry 2\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\spil\\farcry 2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\spil\\farcry 2\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"d:\\spil\\street fighter IV\\StreetFighterIV.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgam.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmer\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [01-11-2009 12:18 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [01-11-2009 12:18 161800]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [23-02-2008 18:54 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [23-02-2008 18:54 5248]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [22-02-2008 09:19 5248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01-11-2009 12:18 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01-11-2009 12:19 360584]
R2 avg9wd;AVG WatchDog;c:\programmer\AVG\AVG9\avgwdsvc.exe [01-11-2009 12:18 285392]
R2 avgfws9;AVG Firewall;c:\programmer\AVG\AVG9\avgfws9.exe [09-11-2009 18:36 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\programmer\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [01-11-2009 13:00 5832712]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [21-01-2010 17:15 10384]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [19-02-2008 16:43 38656]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [01-11-2009 12:18 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\programmer\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [01-11-2009 12:18 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\programmer\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [01-11-2009 12:18 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\programmer\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [01-11-2009 12:18 25736]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmer\Fælles filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-08-2008 04:46 284016]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [01-11-2009 12:18 30104]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [22-02-2008 09:19 159616]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.msn.dk/
IE: Append Link Target to Existing PDF - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: microsoft.com\www.update
TCP: {A1EF70B8-D4E2-4DD6-915F-05AA79535DD6} = 208.67.222.222,208.67.220.220
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-A00F399EF - c:\docume~1\bruger\LOKALE~1\Temp\_A00F399EF.exe
MSConfigStartUp-cafwc - c:\programmer\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe
MSConfigStartUp-CAVRID - c:\programmer\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
MSConfigStartUp-cctray - c:\programmer\CA\CA Internet Security Suite\cctray\cctray.exe
MSConfigStartUp-QOELOADER - c:\programmer\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
AddRemove-Bubble Bobble Gold Edition - d:\spil\bubblebobblegold\uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 16:11
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2A7298]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x8a2a7298
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xba5dfbb0
PacketIndicateHandler -> NDIS.sys @ 0xba5eca21
SendHandler -> NDIS.sys @ 0xba5ca87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1214440339-562591055-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:a2,b5,9e,17,a0,bd,f8,c6,25,e4,38,d8,33,d8,b5,1a,27,ac,eb,2d,55,
  25,75,54,5d,e6,e1,db,ef,ad,41,89,e0,25,c8,54,79,e0,51,eb,25,4a,77,33,30,10,\
"rkeysecu"=hex:b6,f2,96,53,15,12,bf,77,05,6c,75,4d,e1,fe,8b,e4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:07,18,a2,8f,46,c8,6d,a7,13,b8,c3,d1,37,36,6e,10,29,f3,51,d3,6d,
  95,ad,d3,d0,98,64,15,04,15,b1,e7,b2,a8,b6,29,9c,58,59,a5,30,d4,20,f1,0c,55,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:07,18,a2,8f,46,c8,6d,a7,13,b8,c3,d1,37,36,6e,10,29,f3,51,d3,6d,
  95,ad,d3,d0,98,64,15,04,15,b1,e7,b2,a8,b6,29,9c,58,59,a5,30,d4,20,f1,0c,55,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
c:\programmer\fælles filer\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(6064)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\AVG\AVG9\avgchsvx.exe
c:\programmer\AVG\AVG9\avgrsx.exe
c:\programmer\AVG\AVG9\avgcsrvx.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\AVG\AVG9\avgnsx.exe
c:\programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmer\MagicTune Premium\MagicTuneEngine.exe
c:\programmer\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\programmer\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\programmer\Microsoft IntelliPoint\dpupdchk.exe
c:\programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
c:\programmer\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Gennemført tid: 2010-02-02  16:16:11 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-02-02 15:16

Pre-Kørsel: 18.427.912.192 byte ledig
Post-Kørsel: 18.689.777.664 byte ledig

- - End Of File - - 934B267A3923A9A822A082309D5F3774

Hvordan kører dyret så nu ?

---

Slet følgende mapper:
c:\documents and settings\bruger\Application Data\Azureus
c:\programmer\Azureus

- Har ikke umiddelbart kunne mærke forskel, men har heller ikke brugt/testet den

- den kommer desværre stadig med samme fejlmeddelelse når jeg lukker computeren ned.

- hvad er det combofix gør? (jeg kan bl.a. se at mit AVG bakkeikon - det ikon der plejer at være nede i højre hjørne ved siden af uret, er væk! hvordan går jeg dette igen?)

- og er der andet den har slettet?

- Hvilken forskel vil det gøre hvis jeg sletter Azureus?

(Hmmm... andre i denne tråd ?)

det er vist ikke andre end dig der har været aktiv i denne tråd indtil videre - men kan du svare / hjælpe med nogle af spørgsmålene i #10 ?

AVG burde komme tilbage ved Genstart...

Hvad bruger du [Azureus] til ?
http://www.spywarefri.dk/forum/viewthread/47308/

---
Mht.: "DWWIN" fejl ->

Det er tilsyneladende en " Dr. Watson " ting som der er lidt kludder i...

1. Sæt Windows cd'en i drevet. Når den popper op så luk den ned med krydset i øverste højre hjørne
2. Gå i Start > Kør > Skriv: sfc /scannow - bemærk mellemrummet efter sfc > Tryk OK
3. Der kommer en bjælke så længe scanningen kører, og når den er færdig, forsvinder den igen, og du får ikke andre meldinger.
4. Genstart computeren

--- og/eller ---

Evt. ->
http://support.microsoft.com/default.aspx?scid=kb;EN-US;188296

jeg har genstartet flere gange uden at AVG kommer frem i hjørnet. Hvis jeg ser filerne i jobliste og processer så ser det fint ud til at AVG kører, men det er selve bakkeikonet der ikke kommer frem. Går jeg ind i msconfig og start så er den heller ikke på listen af ting som skal starte op (den er helt væk fra listen). Den plejer at stå på denne liste. hvordan får jeg den på listen igen? Og når den nu har fjernet dén - hva kan den så mere have fjernet?

Jeg har som det allerførste (inden jeg oprettede dette spørgsmål) kørt en sfc /scannow uden effekt

i forhold til den der DR. Watson - hvad vil der ske ved at disable den? og hvad gør den godt for?

Skulle ellers være denne
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
der skulle være igang ?

---

http://support.microsoft.com/default.aspx?scid=kb;EN-US;188296 - prøv den alligevel...

Jeg har prøvet at google det der dr. watson, og det lader til at være et temmelig ligegyldigt program, så tror du ikke det vil være helt fint at deaktivere (disable) den, lige som det link du skriver?

Når combofix har fjernet AVG fra start - hva kan den så mere have fjernet?


her er en ny HiJackThis - og der kan du se at der ikke er avgtray i - ved du hvordan jeg får den deri igen?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:55, on 02-02-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\Programmer\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Microsoft IntelliPoint\ipoint.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft IntelliPoint\dpupdchk.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\AVG\AVG9\avgfws9.exe
C:\Programmer\AVG\AVG9\avgam.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmer\MagicTune Premium\MagicTuneEngine.exe
C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\MagicTune Premium\MagicTune.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\AVG\AVG9\avgtray.exe
C:\Programmer\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Windows Live\Toolbar\wltuser.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\bruger\Skrivebord\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238582068312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238582053953
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - http://91.199.104.31/cab/ActiveQscan.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1EF70B8-D4E2-4DD6-915F-05AA79535DD6}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Programmer\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 13052 bytes

Hmmm... det har jeg ikke oplevet før.
Man kunne sige/skrive geninstall AVG9 + efterfølgende opdatering af samme...

ja det kan jeg selvf gøre - vil jeg bare kunne smide en genvej af avgtray ind under start, programmer og start når nu den ikke kommer ind under den startop der er i msconfig?

og mht #16 :

Jeg har prøvet at google det der dr. watson, og det lader til at være et temmelig ligegyldigt program, så tror du ikke det vil være helt fint at deaktivere (disable) den, lige som det link du skriver?

Når combofix har fjernet AVG fra start - hva kan den så mere have fjernet?

Jeg har lige disabled (slettet) DR. Watson efter de forskrifter som der stod i linket. MEN på trods af at jeg har slettet DR. Watson fra regedit så kommer den stadig med samme fejlmeddelelse ved lukning af computeren!!! (har prøvet at starte computeren op og lukke den igen et par gange) forstår det ikke helt - hva kan jeg gøre?


Jeg har desuden lige smidt avgtray ind under start,programmer,start - og det virker perfekt, så det er som det skal være.


Er der nogen steder jeg kan se hvad Combofix har fjernet?

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll



Men det er 'snavs' elementer som SKAL SLETTES !!!

---

Hvad med #13 ->
sfc /scannow
proceduren ?

jeg har kørt sfc /scannow et par gange og senest i dag uden effekt.


er der andet jeg kan gøre for at fåDR. Watson fejlmeddelelsen væk (forstår ikke den kommer når jeg har slettet den via regedit (som dit link guidede mig igennem)

(Hmmm... andre i denne tyråd ?)

det er da ærgeligt at der ikke er andre som deltager i tråden hvis vi ikke kan finde en løsning - du har ellers gjort et godt forsøg må jeg sige

hjæælp :o(  det er ret overraskende og ikke mindst frustrerende, at der ikke er mere respons på tråden... er der virkelig ikke nogen som kan hjælpe (ud over karise larry)?

StandBy ...

.