SystemTool virus

Det kan desværre ikke lade sig gøre at rense den. Eneste løsning er formatering.

------

Nå OK - det er ikke første April  - så prøv dette:

Genstart i "Fejlsikret med Netværk" (Tryk F8 flere gange under opstart)

Hent så disse filer.

Klik på dem flere gange, til en af dem virker.

Rkill.com - http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr - http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/iExplore.exe (Omdøbt rkill)
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe (Omdøbt rkill)
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe (Omdøbt rkill)

http://www.raktor.net/exeHelper/exeHelper.com
http://www.raktor.net/exeHelper/exeHelper.scr

------

Hent "Malwarebytes' Anti-Malware" her

Eller her

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "fuld systemskan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte", gem loggen og send den herind sammen med en log fra HiJackThis som du finder her:
HiJackThis

Kør HijackThis, klik på "Do a systemscan scan and save a logfile" kopier loggens tekst og send den herind.

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.

------

Hvis du mister Internetforbindelsen, så start HijackThis, klik på "do a system scan only" og tjek for linier der ligner de fremhævede.
Sæt flueben ved dem, hvis de findes.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25567

Luk så alle andre vinduer og klik "fix checked"

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5570

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

22-01-2011 14:00:31
mbam-log-2011-01-22 (14-00-31).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 213160
Tid gået: 17 minut(ter), 48 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

Malwarebytes stoppede med et hvidt vindue så jeg måtte starte det igen for at få en log file.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:14:05, on 22-01-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
C:\Programmer\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmer\Fælles filer\Teleca Shared\Generic.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ZeroTracks\ZeroTracks.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmer\Norton Ghost\Agent\VProTray.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\uTorrent\uTorrent.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Norton Ghost\Shared\Drivers\SymSnapService.exe
F:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Programmer\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ZeroTracks] C:\Programmer\ZeroTracks\ZeroTracks.exe /h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Programmer\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Programmer\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266004834760
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Programmer\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programmer\Fælles filer\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SymSnapService - Symantec - C:\Programmer\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 12542 bytes

Hent og gem ComboFix på dit skrivebord.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

ComboFix 11-01-22.02 - JT41AP 23-01-2011  7:08.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1535.1006 [GMT 1:00]
Kører fra: c:\documents and settings\JT41AP\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\JT41AP\Skrivebord\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JT41AP\Application Data\inst.exe
c:\documents and settings\JT41AP\Application Data\PriceGong
c:\documents and settings\JT41AP\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\JT41AP\Menuen Start\Programmer\System Tool

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-12-23 til 2011-01-23  )))))))))))))))))))))))))))))))))))
.

2011-01-22 12:41 . 2011-01-22 12:41    --------    d-sh--w-    c:\documents and settings\Administrator\PrivacIE
2011-01-22 12:39 . 2011-01-22 12:39    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-22 12:38 . 2011-01-22 12:38    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Sony Ericsson
2011-01-22 12:38 . 2011-01-22 12:38    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2011-01-22 12:03 . 2011-01-22 12:03    --------    d-----w-    c:\documents and settings\JT41AP\Application Data\Malwarebytes
2011-01-22 12:03 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-22 12:03 . 2011-01-22 12:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-22 12:03 . 2011-01-22 12:39    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2011-01-22 12:03 . 2010-12-20 17:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-01-22 11:41 . 2011-01-22 11:41    --------    d-----w-    c:\programmer\Fælles filer\Java
2011-01-22 11:41 . 2011-01-22 11:40    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2011-01-22 10:25 . 2011-01-22 10:25    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\Teleca
2011-01-20 22:53 . 2011-01-22 10:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\bHkMe01804
2011-01-16 10:45 . 2011-01-16 10:46    --------    d-----w-    c:\programmer\IZArc
2011-01-11 09:12 . 2011-01-21 20:18    --------    d-----w-    c:\programmer\Allok AVI to DVD SVCD VCD Converter
2011-01-10 23:59 . 2011-01-10 23:59    --------    d-----w-    c:\programmer\Xvid
2011-01-10 23:59 . 2009-06-07 15:25    77824    ----a-w-    c:\windows\system32\xvid.ax
2011-01-10 23:58 . 2011-01-10 23:58    --------    d-----w-    c:\programmer\Haali
2011-01-10 23:57 . 2011-01-10 23:57    33019    ----a-w-    c:\windows\system32\CoreAAC-uninstall.exe
2011-01-10 23:57 . 2011-01-10 23:57    --------    d-----w-    c:\programmer\AC3Filter
2011-01-10 23:57 . 2009-08-11 20:18    497664    ----a-w-    c:\windows\system32\ac3filter.acm
2011-01-10 23:56 . 2011-01-10 23:56    --------    d-----w-    c:\programmer\AviSynth 2.5
2011-01-10 23:55 . 2011-01-11 00:10    --------    d-----w-    c:\programmer\Avi2Dvd
2011-01-10 17:27 . 2010-02-09 15:37    65602    ----a-w-    c:\windows\system32\cook3260.dll
2011-01-10 17:27 . 2010-02-09 15:37    217127    ----a-w-    c:\windows\system32\drv43260.dll
2011-01-10 17:27 . 2010-02-09 15:37    208935    ----a-w-    c:\windows\system32\drv33260.dll
2011-01-10 17:27 . 2010-02-09 15:37    176165    ----a-w-    c:\windows\system32\drv23260.dll
2011-01-10 17:27 . 2010-02-09 15:37    102439    ----a-w-    c:\windows\system32\sipr3260.dll
2011-01-10 17:27 . 2010-02-09 15:37    626688    ----a-w-    c:\windows\system32\vp7vfw.dll
2011-01-10 17:27 . 2010-02-09 15:37    1184984    ----a-w-    c:\windows\system32\wvc1dmod.dll
2011-01-10 17:27 . 2011-01-10 17:27    --------    d-----w-    c:\programmer\VSO
2011-01-08 20:21 . 2011-01-08 20:21    --------    d-----w-    c:\documents and settings\JT41AP\Lokale indstillinger\Application Data\SubtitleCreator
2011-01-08 20:17 . 2011-01-08 20:17    --------    d-----w-    c:\programmer\DVD
2011-01-08 19:45 . 2011-01-08 19:45    --------    d-----w-    c:\programmer\DVD Decrypter
2011-01-08 18:46 . 2011-01-08 18:46    --------    d-----w-    C:\VobSub Virtuel
2011-01-08 18:46 . 2011-01-08 18:46    --------    d-----w-    c:\programmer\Gabest
2011-01-04 20:06 . 2011-01-04 20:07    --------    d-----w-    c:\programmer\PicPick
2011-01-02 11:23 . 2011-01-02 11:23    --------    d-----w-    c:\programmer\Magical Jelly Bean
2011-01-01 20:12 . 2011-01-01 20:12    --------    d-----w-    c:\programmer\TubeDownloader
2010-12-24 21:21 . 2010-12-24 21:21    --------    d-----w-    c:\documents and settings\JT41AP\Lokale indstillinger\Application Data\Symantec_Corporation
2010-12-24 21:21 . 2010-12-24 21:21    --------    d-----w-    c:\documents and settings\JT41AP\Application Data\Symantec
2010-12-24 20:26 . 2010-03-03 18:59    131000    ----a-w-    c:\windows\system32\drivers\WimFltr.sys
2010-12-24 20:25 . 2010-02-11 01:34    138592    ----a-w-    c:\windows\system32\drivers\symsnap.sys
2010-12-24 20:25 . 2009-09-21 19:40    15096    ----a-w-    c:\windows\system32\drivers\vproeventmonitor.sys
2010-12-24 20:25 . 2011-01-04 15:26    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2010-12-24 20:25 . 2010-12-24 20:25    --------    d-----w-    c:\programmer\Norton Ghost
2010-12-24 20:25 . 2010-12-24 20:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-12-24 12:27 . 2010-12-24 12:27    --------    d-----w-    c:\documents and settings\JT41AP\Application Data\IsolatedStorage
2010-12-24 12:05 . 2011-01-22 10:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2010-12-24 12:03 . 2010-12-24 20:27    --------    d-----w-    c:\programmer\Symantec

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-22 11:40 . 2010-04-22 07:55    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-01-13 08:47 . 2010-06-29 16:15    38848    ----a-w-    c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-02-12 20:38    188216    ----a-w-    c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-02-12 20:38    294608    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-02-12 20:38    47440    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-02-12 20:38    100176    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-02-12 20:38    94544    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-02-12 20:38    23632    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-02-12 20:38    29392    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-02-12 20:38    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2011-01-10 17:28 . 2010-06-27 21:44    47360    ----a-w-    c:\windows\system32\drivers\pcouffin.sys
2011-01-10 17:28 . 2010-06-27 21:44    47360    ----a-w-    c:\documents and settings\JT41AP\Application Data\pcouffin.sys
2010-11-18 18:15 . 2002-10-18 14:38    81920    ----a-w-    c:\windows\system32\isign32.dll
2010-11-09 14:52 . 1979-12-31 23:00    249856    ----a-w-    c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 1979-12-31 23:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-11-06 00:23 . 1979-12-31 23:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 1979-12-31 23:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2010-02-12 14:30    385024    ----a-w-    c:\windows\system32\html.iec
2010-11-02 15:17 . 1979-12-31 23:00    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:08 . 1979-12-31 23:00    290048    ----a-w-    c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 1979-12-31 23:00    1853312    ----a-w-    c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50    1197448    ----a-w-    c:\programmer\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmer\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmer\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\programmer\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"uTorrent"="c:\programmer\uTorrent\uTorrent.exe" [2010-12-12 395640]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-15 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 69632]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-01-24 94208]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-01-17 64000]
"BMMLREF"="c:\programmer\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 20480]
"TPKMAPMN"="c:\programmer\ThinkPad\Utilities\TpKmapMn.exe" [2003-02-16 32835]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-12-24 204800]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-16 294912]
"ibmmessages"="c:\programmer\IBM\Messages By IBM\ibmmessages.exe" [2003-01-07 495616]
"StorageGuard"="c:\programmer\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 155648]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-01-10 106551]
"QCWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-02-24 53248]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"NeroFilterCheck"="c:\programmer\Fælles filer\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Sony Ericsson PC Suite"="c:\programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"ZeroTracks"="c:\programmer\ZeroTracks\ZeroTracks.exe" [2003-03-21 450560]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-09-08 421888]
"Norton Ghost 15.0"="c:\programmer\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - c:\programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-13 113664]
Microsoft Office.lnk - c:\programmer\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2010-06-08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-06-08 07:02    548352    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmer\\Fælles filer\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Programmer\\uTorrent\\uTorrent.exe"=
"c:\\Programmer\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmer\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Fjernadministration

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12-02-2010 21:38 294608]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [29-02-2008 15:03 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 15:03 67656]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [12-02-2010 14:39 15360]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12-02-2010 21:38 17744]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [12-02-2010 07:10 57840]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [30-09-2010 20:58 27632]
R3 SymSnapService;SymSnapService;c:\programmer\Norton Ghost\Shared\Drivers\SymSnapService.exe [11-02-2010 02:34 1964528]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [29-04-2010 14:38 515803]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 12:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [29-08-2010 11:13 136176]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [31-07-2006 13:44 580992]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\programmer\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [12-02-2010 07:09 1574408]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [30-09-2010 20:57 13224]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [15-02-2010 20:01 102656]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 15:51 12872]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [01-01-1980 5120]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [20-02-2010 11:10 41984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [01-01-1980 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 12:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM    REG_MULTI_SZ      WINRM
.
Indhold af mappen 'Planlagte Opgaver'

2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-20 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2010-02-12 00:32]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-08-29 10:13]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-08-29 10:13]

2011-01-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmer\Ask.com\UpdateTask.exe [2010-02-04 15:50]

2011-01-23 c:\windows\Tasks\User_Feed_Synchronization-{D26D57B0-4BE3-45B0-A006-05950F4898C5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-UC_SMB - (no file)
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-23 07:17
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3344)
c:\programmer\Sony Ericsson\Mobile2\File Manager\FM.dll
c:\programmer\Fælles filer\Teleca Shared\tlib_log.dll
c:\programmer\Fælles filer\Teleca Shared\boost_log-vc71-mt-1_33.dll
c:\programmer\Fælles filer\Teleca Shared\TC Device Mgmt.dll
c:\programmer\Microsoft Office\Office10\msohev.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Alwil Software\Avast5\AvastSvc.exe
c:\programmer\Fælles filer\Teleca Shared\Generic.exe
c:\programmer\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\programmer\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDll32.exe
c:\windows\AGRSMMSG.exe
c:\programmer\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmer\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\System32\QCONSVC.EXE
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Gennemført tid: 2011-01-23  07:21:47 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-01-23 06:21

Pre-Kørsel: 22.803.632.128 byte ledig
Post-Kørsel: 23.032.086.528 byte ledig

- - End Of File - - FF429681C7EAAB9F50DAC33C6E118AA8

Den fjernede 2 filer og 2 undemapper i Documents and Setting

Det ser fint ud.

Drop fildeling ->
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://www.spywarefri.dk/forum/viewthread/40284/

Du bør også afinstallere Ask Toolbar.

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter: (kun dem)

Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
Enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste indlæg.

# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=a42b9ec626445244b56542d504b1c93f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-25 04:12:56
# local_time=2011-01-25 05:12:56 (+0100, Rom, normaltid)
# country="Denmark"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 29963336 29963336 0 0
# compatibility_mode=8192 67108863 100 0 17945 17945 0 0
# scanned=65187
# found=2
# cleaned=0
# scan_time=5151
C:\DATO\Trojan Remover 1.2\iexplore.exe    a variant of Win32/1AntiVirus application (unable to clean)    00000000000000000000000000000000    I
C:\DATO\XP og Off\WIN XP\WXG.rar    a variant of Win32/PSWTool.RAS.A application (unable to clean)    00000000000000000000000000000000    I

Som du kan se har den fundet 2.

Trojan Remover kan jeg jo bare afinstallere, men det der ligger i mappen med kopi af WIN XP og Office 2007 kan jeg ikke lige se hvad er.

Jeg bryder mig ikke on C:\DATO\XP og Off\WIN XP\WXG.rar, da den ligner et Crack. Det gør den anden sådan set også.

Find og upload nedenstående hos Jotti eller Virustotal:

C:\DATO\XP og Off\WIN XP\WXG.rar

http://virusscan.jotti.org/ - http://www.virustotal.com/

Du skal måske slå vis skjulte filer og mapper til.
Hvis du ikke ved hvordan så se her:

http://www.it-artikler.dk/2008/03/05/vis-skjulte-filer-og-mapper/

Kopier resultatet herind som link eller MD5 Checksum.

Og så snupper den ikke særlig smarte software selvfølgelig linket til Virustotal:

http://www.virustotal.com/

Jeg gider snart ikke mere.

2010-12-30 Riskware.Pswtool.Ras.G  2010-12-30 Found nothing
  2010-12-30 Found nothing  2010-12-30 not-a-virus.Keyfinder.Findkey
  2010-12-30 HackTool.EEG  2010-12-30 not-a-virus:PSWTool.Win32.RAS.g
  2010-12-30 Found nothing  2010-12-30 Win32/PSWTool.RAS.A
  2010-12-30 Found nothing  2010-12-29 Found nothing
  2010-12-30 Found nothing  2010-12-30 Trojan.Agent.irc
  2010-12-29 PSWTool.W32.RAS.A  2010-12-30 Mal/Generic-L
  2010-12-30 Found nothing  2010-12-28 Found nothing
  2010-12-30 W32/FindKey.A  2010-12-30 Trojan.PSWTool!NQ2Yc+V+uPg

Det var en fil på 613 Kb.

Jeg har erased dem, så jeg kan ikke køre Virustotal.

Det fik du ikke gjort.

------

Hent og gem CKScanner på dit skrivebord.
Det skal være på dit skrivebord.
Start CKScanner og klik på "Search for files".
Når markøren forsvinder, skal du gemme resultatet til en fil.
Kopier CKFiles.txt herind i dit næste indlæg.

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

Det tog ikke mange sekunder, så jeg her prøvet at slette ckfiles.txt og køre programmet igen, med samme resultat.

Hvis du fjerner Fildeling, og Ask Toolbar, ser det pænt ud.

Hvordan kører PCen nu?

Den kører rigtig godt, faktisk er opstarten hurtigere end den længe har været.

Takker rigtig mange gange.

Du skal ikke selv lægge et "svar". Det er til "(til løsninger og pointgivning)"

http://www.eksperten.dk/faq#faq-3

------

Klik start, kør og kopier dette: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

Combofix er afinstalleret.

Nulstillin af systemgendannelse kender jeg ikke,jag kan til og frakoble den i SYSTEM.