Virus? zeez.exe?

Siden du siger det er en virus, må du have fået noget info fra dit antivirus program?

Jeg bruger avg, og den kan ikke finde noget (desværre)

Prøv at tjekke filen ved at uploade den til disse online virus-scannere:
http://www.virustotal.com/
http://anubis.iseclab.org/

Øøøøhhhh.. Problemet er at jeg ikke fysisk kan finde filen. Når jeg starter min eksterne harddisk op og åbner den, vil den meget gerne starte det program der hedder zeez.exe, hvis jeg så vælger ikke at gøre det, ser det udsom at min harddisk er tom selvom at jeg kan se at der er 68 GB til rådighed ud af 500. Men jeg kan ikke se nogle af de mapper som plejer at være på den, men der er nu kommet en masse genvejs mapper som jeg ikke kender til. så det er vel en slags virus? Jeg har desværre ikke så meget forstand på det her, så alt hjælp kunne være dejligt.

Ifølge en googlesøgning er det en trojansk hest. Hvis du ikke vil ofre penge på antivirussoftware, så prøv ccleaner, malwarebytes eller allerbedst: en prøveversion af et antivirusprogram som koster penge. Mcafee prøveversion er nem at downloade: http://home.mcafee.com/store/free-antivirus-trials

... og her er hele 'pakken' ->

Under hvilket system:
Win98, ME, W2000, XP, Vista, Win7, OS/2, Unix, Linux, ... ?

---

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."

Jeg prøver at hente Mcafee :-)

... hvis du havde forestillet dig at 'bare' install/køre et ANDET Sikkerhedsprogram (Mcafee), så er det ikke smart at have 2 eller flere aktive Sikkerhedsprogrammer samtidig!!!

Og DEN vil ikke finde omtalte 'utøj' !!!

Se og forstå og KØR proceduren i #6 !!!

#6 er det du skal gøre.

Drop ideen med 2 x sikkerhedsprogram. Det giver ikke 2 x sikkerhed...

jeg hopper på #6 :-)

Jeg er gået igang med at skanne med malwarebytes, det kommer nok til at tage noget tid, så når den er færdig hører i nyt.. Tusinde tak for hjælpen indtil videre :-)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6249

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

03-04-2011 00:33:17
mbam-log-2011-04-03 (00-33-00).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|H:\|I:\|)
Objekter skannet: 400709
Tid gået: 1 time(e), 48 minut(ter), 16 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 1
Registreringsdatabasenøgler Inficeret: 6
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 1
Inficerede Mapper: 0
Inficerede Filer: 6

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
c:\Windows\System32\paaxxzvh.dll (Trojan.Boaxxe) -> No action taken.

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\CLSID\{CDD26B5D-0A34-FD71-337F-30ED6DDEB250} (Trojan.Boaxxe) -> No action taken.
HKEY_CLASSES_ROOT\Pwdmxfmx (Trojan.Boaxxe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDD26B5D-0A34-FD71-337F-30ED6DDEB250} (Trojan.Boaxxe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CDD26B5D-0A34-FD71-337F-30ED6DDEB250} (Trojan.Boaxxe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDD26B5D-0A34-FD71-337F-30ED6DDEB250} (Trojan.Boaxxe) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\Windows\System32\paaxxzvh.dll (Trojan.Boaxxe) -> No action taken.
c:\Users\Allan\niaukud.exe (Heuristics.Shuriken) -> No action taken.
c:\Users\Allan\AppData\Local\Temp\5A91.tmp (Rootkit.TDSS) -> No action taken.
c:\Users\Allan\AppData\Local\Temp\BEA1.tmp (Rootkit.TDSS) -> No action taken.
c:\Windows\system\regsrv.exe (Trojan.FakeMS) -> No action taken.
i:\programmer\x-iphone-video-converter-standard.incl.serial\keygen.exe (Trojan.Agent.CK) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:48:44, on 03-04-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Allan\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {CDD26B5D-0A34-FD71-337F-30ED6DDEB250} - c:\windows\system32\paaxxzvh.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=120110 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.diegomaradona.com/juegos/LoaderIII.dcr"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: StupAssist.lnk = C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O15 - Trusted Zone: *.danskebank.dk
O15 - Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.254
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - http://centrebet.com/external/centrebet/static/activex/centrebetpokerlauncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2A7F931-E4B1-4DA1-8A2C-0F59A145066F}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14229 bytes

Så er de begge logs her. Hvad gør jeg så??

i:\programmer\x-iphone-video-converter-standard.incl.serial\keygen.exe
C:\Program Files\uTorrent\uTorrent.exe
O15 - Trusted Zone: *.danskebank.dk

Fin blanding.

Jeg tror ikke den TDSS er væk. Hvis det ikke kun er rester, mangler der nok en driver.

Du 'glemte' denne 'detalje' ->
...og herefter tryk på "Fjern det valgte" -

Sååååå - om igen med MalwareBytes !!!
Opdatér MalwareWare først med - tja fanen Opdatér...

---

[uTorrent] 
Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308

http://www.spywarefri.dk/artikel/farerne-ved-fildeling/

---

Så bruger du en OLDGAMMEL AVG8 !!

---

samt mangler en del opdateringer fra WindowsUpdate !!!

---

Jeg fulgte din guide med at opdatere og fjerne det valgte. Men jeg prøver lige igen :-)

... loggen siger/skriver
-> No action taken ?

Mht.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."

Mener også at jeg gjorde det sådan. Men jeg prøver bare igen :-)

Vi skal se loggen når det er gjort.

Så er der 2 nye logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6253

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

03-04-2011 13:45:35
mbam-log-2011-04-03 (13-45-35).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|H:\|I:\|)
Objekter skannet: 400827
Tid gået: 2 time(e), 30 minut(ter), 22 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:27, on 03-04-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Allan\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {CDD26B5D-0A34-FD71-337F-30ED6DDEB250} - c:\windows\system32\paaxxzvh.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=120110 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.diegomaradona.com/juegos/LoaderIII.dcr"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: StupAssist.lnk = C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O15 - Trusted Zone: *.danskebank.dk
O15 - Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.254
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - http://centrebet.com/external/centrebet/static/activex/centrebetpokerlauncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2A7F931-E4B1-4DA1-8A2C-0F59A145066F}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14173 bytes

Hvordan er status så mht. det oprindlige problem ?

---

Afinstall
* [uTorrent]
* AVG8 http://www.avg.com/eu-da/download-tools
* DAEMON Tools Toolbar
* vShare Toolbar
* McAfee ?
* Bonjour tjeneste (Bonjour Service)

---

Install
* MSE -> http://www.microsoft.com/da-dk/security_essentials/default.aspx

---

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CDD26B5D-0A34-FD71-337F-30ED6DDEB250} - c:\windows\system32\paaxxzvh.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=120110 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Eller bruger du den hele tiden ?)

Genstart normalt...

--

Opdatér din gamle AcrobatReader ->
http://get.adobe.com/dk/reader/  (FRAKLIK GoogleToolbar!!!)

---

Hvordan kører PC'en så nu ?

Problemet er stadigvæk det samme, jeg kan se mine 2 eksterne harddiske er der, men jeg kan ikke se indholdet på dem.

Jeg prøver det du har skrevet, og så hører du nyt bagefter :-)

Desværre er der ikke sket nogen ændring på harddiskene, problemet er der stadigvæk. Nogle andre ideer/Råd?

Men trods alt, så virker det som om at min computer meget godt kunne lide alt det der blev gjort ved den :-)

Jeg har nu skannet mine eksterne harddiske, hvor MSE fandt
1 stk trojan:win32/tikuffed.CA
1 stk trojan:win32/tikuffed.BR
1 stk trojan:win32/tikuffed.BF

Dem har jeg fjernet ved hjælp af MSE.

Mine eksterne harddiske har navn H:musik_progs og I: Film_Billeder.  Jeg har dog lagt mærke til at hvis jeg skanner de to drev med MSE er de navngivet som H:yaivix.exe og I:yaivix.exe, og det er ikke noget som jeg har ændret.

Jeg ved ikke om det er til nogen hjælp?

Beklager hvis det virker irrelevant. Er ikke ekspert i dette...

Kan du højreklikke på harddiskene, og vælge "Stifinder" eller lignende? Hvis det virker, så slå visning af skjulte filer til, og kig på indholdet af "Autorun.ini" (Højreklik og åbn med Notesblok)

Alt hjælp modtages gerne... Hvor slå jeg visning af skjulte filer til??

Sådan ser den ene autorun.ini fil ud.

[zlrtXtZpD]
tmtKAcyaJaAGRFA=cjvQOwYxUh
cjpiUEkWqdgrDmV=wotuVBSvXWw
MxqzmCSufC=QdVPhDh
AozkRhSludC=OVdOFOW
emqZD=xgPloHC
[autorun]
bBqVvPdDUBaGYi=VqWVnYEhzuHE
GqMqBPQWQ=OpiGVVNA
AZZgLz=TJVWJAD
rQWezipIelZw=ChquVbAUcXsWYYi
open=yaIVI.EXE
aTBCci=QNulnFBmwYC
fQzsAQWfKnJAg=GGNxD
EwgmTuHiuTJ=YlLXBcp
fmPJzr=kucHHRm
tAVPMFRwpHIigNp=ZekgnTObPWCpXVl
acTIon=14282
RNsFF=yIIIfMiTBkNno
pYrhzlXXNdJFm=gdXvsBa
tzDIEYaCcjnA=ETOLVnPELyNrGYe
XwGvmdd=YQBmDNWO
ViBJHRqCDoDkb=woqKFTduTK
icON=nyHY.ico
LKKpq=9216
zBjRwsgMFVQ=1173
dCjFbkrdh=8926
useAUtOPLay=1
qxqdh=6104
CucFc=3689
julpucyo=2164
[GFTGKHCATP]
elKGyKWqnESHoMq=phORt
rVsNdwQSacVNSe=aOFDO
ixhrwcyeczIwJN=lnkIgwytzAfeOv
yGinHQBYVSEJg=dlJIDUgaDPL
oKLUswe=LkcWjtdC

Og sådan ser den anden autorun.ini fil ud.

[XVhypCaRwyNj]
lUVplZLcpzvpyO=587
PnOGmDHCHWPQ=8944
[autorun]
VUhPd=7493
nTXZB=55
CcFwIRAayzSTLQ=3127
open=Yaivi.exE
RwyEWjFISPV=kQtRT
plnmFmhv=NGtqGeGMcATxa
MfYOHA=ZiFXk
yfuFsxyxdQ=iICtIKLqUVDhV
acTioN=7679
BlruKazrhR=dJcplN
zdfJzE=pJeRagmNY
IZbNy=EnemUnceIBP
wBuAgDI=GohcJewQmx
iCON=hwlY.ico
PxMmFAjnxrm=8505
fJjrACIEolbrFXw=2377
USEAUToplay=1
jeBAltJteKxqd=349
SAGdEttG=6043
xcDkhUdyUREniC=9310
[lJZdEmFmQLEGKgW]
rIsneYseXeyny=6560
SbGkoj=6402

Og den/de [Autorun.ini] skal SLETTES!!! NU...

(Det havde jeg også mistanke til...)

Jeg sletter dem :-)

de er så blevet slettet. Jeg slukkede mine harddiske ned og tændte dem op igen, for så at se der bare var kommet en ny autorun.ini fil plus en masse nye mapper og filer. en af dem der går igen er teiif.exe

WTF ?

Gør lige samme øvelse med Harddisken tilsluttet en anden PC ?

Okay :-)

Når jeg sætter harddiskene til på en anden pc, åbner den den mere eller mindre normalt. Den eneste forskel er at de gamle mapper jeg har liggenede er blevet til skjulte mapper..
Men umiddelbart dukker der ikke nogle af de andre filer op, som teiif.exe .

Tanke: Med Malwarebytes (på den anden PC!), foretage en fuld scanning at den/de externe HD'er ...

Okay, det prøver jeg lige :-)

Dette skete ofte med elevers usb-sticks på min gamle skole. Desværre ser det ikke ud som om denne virus vil findes lige så nemt...

Begge harddiskene er skannet med malwarebytes, og der bliver ikke fundet nogle inficeret objekter.

Så der ligger vel stadigvæk et eller andet og driller på min egen pc?

Takker for jeres tålmodighed og store hjælp :-)

Prøv lige dette:
Download Lop S&D by Eric_71 og gem det på dit Skrivebord.
http://eric.71.mespages.googlepages.com/lop.sd.en
Klik på - Download knappen til venstre

—Kør LopSD. Tast e - for Engelsk. Tryk Enter.
Tast så 2 = (Fix + Hosts)
Tryk Enter. Så kører scanningen.
Lad programmet gennemføre en rensning.

Når scanningen er færdig, ligger der en log fil her C:lopR txt, som du godt må kopiere ind i dit næste svar.

*Enig* med #42 ...

Så er der kørt en scanning med det førnævnte program.

--------------------\\  Lop S&D 4.2.5-0  XP/Vista

  Microsoft® Windows Vista™ Home Premium  ( v6.0.6002 ) Service Pack 2
  X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-60 )
  BIOS : PhoenixBIOS 4.0 Release 6.1   
  USER : Allan ( Administrator )
  BOOT : Normal boot
  C:\ (Local Disk) - NTFS - Total:139 Go (Free:79 Go)
  D:\ (Local Disk) - NTFS - Total:9 Go (Free:2 Go)
  E:\ (CD or DVD)
  F:\ (CD or DVD)

  "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
  Option : [2] ( 03-04-2011|21:07 )

  [ UAC => 1 ]


  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

  -
  [ Hosts file ] .. Restored!

  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


  --------------------\\  Listing folders in Local

  [02-04-2010|10:58] C:\Users\Allan\AppData\Local\{942002DE-1ADF-4605-B650-2DDACFA8AE59}
  [27-03-2010|16:34] C:\Users\Allan\AppData\Local\{9786DD96-CA07-450D-A03E-6FA033ACF77F}
  [03-04-2011|16:29] C:\Users\Allan\AppData\Local\Adobe
  [19-07-2008|11:07] C:\Users\Allan\AppData\Local\Apple
  [02-03-2010|20:12] C:\Users\Allan\AppData\Local\Apple Computer
  [10-07-2008|18:14] C:\Users\Allan\AppData\Local\Application Data
  [10-07-2008|18:31] C:\Users\Allan\AppData\Local\AtStart.txt
  [02-04-2011|22:43] C:\Users\Allan\AppData\Local\CDD26B5D-0A34-FD71-337F-30ED6DDEB250.txt
  [16-02-2011|19:44] C:\Users\Allan\AppData\Local\Citrix
  [05-04-2010|20:23] C:\Users\Allan\AppData\Local\Cyberlink
  [31-03-2011|19:24] C:\Users\Allan\AppData\Local\d3d9caps.dat
  [03-04-2011|18:59] C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  [12-08-2009|16:34] C:\Users\Allan\AppData\Local\Downloaded Installations
  [10-07-2008|18:31] C:\Users\Allan\AppData\Local\DSwitch.txt
  [02-04-2011|21:39] C:\Users\Allan\AppData\Local\FnF4.txt
  [03-04-2011|18:21] C:\Users\Allan\AppData\Local\GDIPFONTCACHEV1.DAT
  [15-08-2010|14:49] C:\Users\Allan\AppData\Local\Google
  [03-04-2011|21:00] C:\Users\Allan\AppData\Local\IconCache.db
  [03-04-2011|15:37] C:\Users\Allan\AppData\Local\Microsoft
  [01-01-2009|13:08] C:\Users\Allan\AppData\Local\Microsoft Games
  [10-07-2008|18:14] C:\Users\Allan\AppData\Local\Oversigt
  [02-04-2011|20:30] C:\Users\Allan\AppData\Local\PackageAware
  [12-07-2008|15:47] C:\Users\Allan\AppData\Local\Packard Bell
  [09-09-2010|15:06] C:\Users\Allan\AppData\Local\PCM4Everio
  [25-10-2010|20:18] C:\Users\Allan\AppData\Local\Pixology
  [10-07-2008|18:31] C:\Users\Allan\AppData\Local\QSwitch.txt
  [12-08-2009|16:56] C:\Users\Allan\AppData\Local\Qtrax2
  [02-04-2011|19:05] C:\Users\Allan\AppData\Local\QuickPlay
  [16-10-2010|23:28] C:\Users\Allan\AppData\Local\Senstic
  [19-03-2010|19:09] C:\Users\Allan\AppData\Local\Sony
  [11-08-2009|20:12] C:\Users\Allan\AppData\Local\Start++
  [16-10-2010|08:59] C:\Users\Allan\AppData\Local\Sunbelt Software
  [01-10-2010|16:11] C:\Users\Allan\AppData\Local\SupportSoft
  [03-04-2011|21:07] C:\Users\Allan\AppData\Local\Temp
  [10-07-2008|18:14] C:\Users\Allan\AppData\Local\Temporary Internet Files
  [20-11-2009|21:06] C:\Users\Allan\AppData\Local\VirtualStore
  [9|fil(er)] C:\Users\Allan\AppData\Local\byte
  [29|mappe(r)] C:\Users\Allan\AppData\Local\byte ledig

  --------------------\\  Scheduled Tasks located in C:\Windows\Tasks

  [03-04-2011 21:01][--ah-----] C:\Windows\tasks\SA.DAT
  [03-04-2011 21:00][--a------] C:\Windows\tasks\SCHEDLGU.TXT

  --------------------\\  Listing Folders in C:\ProgramData
 
  [21-06-2010|21:20] C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
  [18-12-2009|20:45] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
  [12-08-2009|16:37] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
  [16-10-2010|08:59] C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
  [02-04-2011|22:23] C:\ProgramData\~0
  [08-11-2010|22:02] C:\ProgramData\Ableton
  [03-04-2011|16:29] C:\ProgramData\Adobe
  [17-08-2008|19:39] C:\ProgramData\Ahead
  [18-12-2009|20:47] C:\ProgramData\Apple
  [19-07-2008|11:09] C:\ProgramData\Apple Computer
  [02-11-2006|15:02] C:\ProgramData\Application Data
  [25-04-2008|18:18] C:\ProgramData\Atheros
  [03-09-2010|21:47] C:\ProgramData\CanonCP
  [16-02-2011|19:45] C:\ProgramData\Citrix
  [02-04-2010|23:03] C:\ProgramData\CLDShowX.ini
  [02-04-2011|21:03] C:\ProgramData\clp
  [02-04-2011|20:32] C:\ProgramData\Common Toolkit Suite
  [03-04-2011|15:50] C:\ProgramData\CyberLink
  [08-11-2010|22:12] C:\ProgramData\DAEMON Tools Lite
  [02-11-2006|15:02] C:\ProgramData\Desktop
  [25-09-2010|10:31] C:\ProgramData\DigiCont
  [02-11-2006|15:02] C:\ProgramData\Documents
  [30-08-2010|23:39] C:\ProgramData\EnterNHelp
  [12-07-2008|12:05] C:\ProgramData\e-Safekey
  [02-11-2006|15:02] C:\ProgramData\Favorites
  [02-04-2011|22:24] C:\ProgramData\Fighters
  [03-04-2011|15:47] C:\ProgramData\filter
  [10-08-2009|21:42] C:\ProgramData\Hewlett-Packard
  [10-07-2008|18:37] C:\ProgramData\HP
  [18-02-2009|22:31] C:\ProgramData\Installations
  [26-01-2011|20:07] C:\ProgramData\InstallShield
  [17-11-2009|19:02] C:\ProgramData\Kaspersky Lab Setup Files
  [03-04-2011|15:47] C:\ProgramData\laserjet
  [16-10-2010|09:04] C:\ProgramData\Lavasoft
  [12-07-2008|22:30] C:\ProgramData\LightScribe
  [02-04-2011|20:33] C:\ProgramData\Malwarebytes
  [02-04-2011|22:04] C:\ProgramData\McAfee
  [17-08-2009|18:20] C:\ProgramData\MGS
  [17-08-2009|18:14] C:\ProgramData\Microgaming
  [03-04-2011|16:03] C:\ProgramData\Microsoft
  [30-08-2010|23:40] C:\ProgramData\muvee Technologies
  [15-08-2010|14:44] C:\ProgramData\Nero
  [28-01-2009|21:18] C:\ProgramData\Nokia
  [21-02-2010|13:19] C:\ProgramData\Norton
  [22-04-2010|21:08] C:\ProgramData\ntuser.pol
  [06-04-2010|17:58] C:\ProgramData\NVIDIA
  [03-04-2011|21:02] C:\ProgramData\nvModes.001
  [03-04-2011|21:02] C:\ProgramData\nvModes.dat
  [11-09-2009|08:57] C:\ProgramData\Office Genuine Advantage
  [03-04-2011|15:47] C:\ProgramData\PKP_DLds.DAT
  [17-11-2010|18:43] C:\ProgramData\PKP_DLec.DAT
  [17-11-2010|10:53] C:\ProgramData\regid.1986-12.com.adobe
  [02-04-2011|22:07] C:\ProgramData\Spybot - Search & Destroy
  [02-11-2006|15:02] C:\ProgramData\Start Menu
  [29-09-2010|22:24] C:\ProgramData\Sun
  [14-07-2010|18:37] C:\ProgramData\Symantec
  [01-03-2010|18:29] C:\ProgramData\Telia Music Player
  [02-04-2010|22:58] C:\ProgramData\Temp
  [02-11-2006|15:02] C:\ProgramData\Templates
  [09-08-2009|16:07] C:\ProgramData\TomTom
  [30-08-2010|23:39] C:\ProgramData\Ultima_T15
  [8|fil(er)] C:\ProgramData\byte
  [55|mappe(r)] C:\ProgramData\byte ledig

  --------------------\\  Listing Folders in C:\Program Files

  [03-04-2011|16:29] C:\Program Files\Adobe
  [17-11-2010|10:46] C:\Program Files\Adobe Media Player
  [21-06-2010|21:12] C:\Program Files\Apple Software Update
  [20-04-2010|18:07] C:\Program Files\ASIO4ALL v2
  [14-04-2010|20:39] C:\Program Files\Astonsoft
  [25-04-2008|18:18] C:\Program Files\Atheros
  [06-08-2009|13:59] C:\Program Files\AVG
  [03-04-2011|15:59] C:\Program Files\Bonjour
  [26-07-2010|14:03] C:\Program Files\CCleaner
  [16-02-2011|19:44] C:\Program Files\Citrix
  [03-04-2011|15:47] C:\Program Files\Common Files
  [10-01-2009|12:27] C:\Program Files\CONEXANT
  [03-04-2011|15:55] C:\Program Files\CyberLink
  [20-11-2010|03:34] C:\Program Files\DAEMON Tools Lite
  [03-04-2011|15:37] C:\Program Files\DAEMON Tools Toolbar
  [18-02-2009|22:25] C:\Program Files\DIFX
  [02-04-2011|22:23] C:\Program Files\Fighters
  [26-01-2009|13:04] C:\Program Files\Hewlett-Packard
  [26-01-2009|13:05] C:\Program Files\HP
  [10-07-2008|18:18] C:\Program Files\HPQ
  [17-11-2010|13:46] C:\Program Files\Image-Line
  [03-04-2011|15:56] C:\Program Files\InstallShield Installation Information
  [19-10-2010|03:22] C:\Program Files\Internet Explorer
  [30-01-2011|20:04] C:\Program Files\iPod
  [18-11-2010|18:12] C:\Program Files\iPod(126)
  [30-01-2011|20:05] C:\Program Files\iTunes
  [18-11-2010|18:12] C:\Program Files\iTunes(127)
  [03-04-2011|16:32] C:\Program Files\Java
  [16-10-2010|08:58] C:\Program Files\Lavasoft
  [02-04-2011|22:39] C:\Program Files\Malwarebytes' Anti-Malware
  [18-09-2009|21:03] C:\Program Files\Microsoft
  [02-11-2006|14:37] C:\Program Files\Microsoft Games
  [04-09-2008|19:15] C:\Program Files\Microsoft Office
  [03-04-2011|16:03] C:\Program Files\Microsoft Security Client
  [01-10-2010|17:03] C:\Program Files\Microsoft Silverlight
  [18-09-2009|21:04] C:\Program Files\Microsoft SQL Server Compact Edition
  [12-08-2010|03:04] C:\Program Files\Microsoft Works
  [09-08-2009|16:44] C:\Program Files\Mobile Partner
  [12-08-2010|03:20] C:\Program Files\Movie Maker
  [02-11-2006|14:37] C:\Program Files\MSBuild
  [10-07-2008|19:31] C:\Program Files\MSXML 4.0
  [15-08-2010|14:46] C:\Program Files\Nero
  [25-04-2008|18:16] C:\Program Files\NetWaiting
  [03-04-2011|15:47] C:\Program Files\Nikon
  [10-07-2008|18:23] C:\Program Files\Online Services
  [25-02-2010|20:19] C:\Program Files\Outsim
  [12-07-2008|15:46] C:\Program Files\Packard Bell
  [12-07-2008|15:46] C:\Program Files\Packard Bell External HDD
  [17-01-2011|19:12] C:\Program Files\QuickTime
  [16-10-2010|15:35] C:\Program Files\Readiris10
  [02-11-2006|14:37] C:\Program Files\Reference Assemblies
  [20-11-2010|03:34] C:\Program Files\Safari
  [16-10-2010|23:25] C:\Program Files\Senstic
  [16-10-2010|15:36] C:\Program Files\SmarThru 4
  [19-03-2010|19:06] C:\Program Files\Sony Setup
  [02-04-2011|22:12] C:\Program Files\Spybot - Search & Destroy
  [25-04-2008|18:14] C:\Program Files\Synaptics
  [08-11-2010|22:15] C:\Program Files\TeamViewer
  [02-11-2006|15:01] C:\Program Files\Uninstall Information
  [03-04-2011|15:56] C:\Program Files\uTorrent
  [14-08-2010|19:26] C:\Program Files\VideoLAN
  [05-11-2010|19:15] C:\Program Files\VirtualDJ
  [08-11-2010|21:41] C:\Program Files\VstPlugins
  [12-09-2009|15:20] C:\Program Files\Windows Calendar
  [12-09-2009|15:20] C:\Program Files\Windows Collaboration
  [12-09-2009|15:20] C:\Program Files\Windows Defender
  [12-09-2009|15:20] C:\Program Files\Windows Journal
  [30-01-2011|20:34] C:\Program Files\Windows Live
  [18-09-2009|21:02] C:\Program Files\Windows Live SkyDrive
  [20-09-2010|03:01] C:\Program Files\Windows Mail
  [08-11-2010|22:23] C:\Program Files\Windows Media Components
  [19-10-2010|03:22] C:\Program Files\Windows Media Player
  [02-11-2006|14:37] C:\Program Files\Windows NT
  [02-04-2011|19:05] C:\Program Files\Windows Photo Gallery
  [18-11-2009|14:00] C:\Program Files\Windows Portable Devices
  [12-09-2009|15:20] C:\Program Files\Windows Sidebar
  [04-03-2010|20:52] C:\Program Files\WinRAR
  [25-04-2008|18:18] C:\Program Files\WinTV
  [0|fil(er)] C:\Program Files\byte
  [80|mappe(r)] C:\Program Files\byte ledig

  --------------------\\  Listing Folders in C:\Program Files\Common Files

  [03-04-2011|16:30] C:\Program Files\Common Files\Adobe
  [17-11-2010|10:44] C:\Program Files\Common Files\Adobe AIR
  [17-08-2008|19:51] C:\Program Files\Common Files\Ahead
  [30-01-2011|20:04] C:\Program Files\Common Files\Apple
  [02-04-2010|23:01] C:\Program Files\Common Files\CyberLink
  [16-11-2010|14:12] C:\Program Files\Common Files\InstallShield
  [03-04-2011|16:33] C:\Program Files\Common Files\Java
  [10-07-2008|18:17] C:\Program Files\Common Files\LightScribe
  [03-04-2011|15:39] C:\Program Files\Common Files\microsoft shared
  [15-08-2010|14:46] C:\Program Files\Common Files\Nero
  [03-04-2011|15:47] C:\Program Files\Common Files\Nikon
  [02-11-2006|13:18] C:\Program Files\Common Files\Services
  [02-11-2006|13:18] C:\Program Files\Common Files\SpeechEngines
  [16-10-2010|15:35] C:\Program Files\Common Files\SRC Shared
  [01-10-2010|16:11] C:\Program Files\Common Files\SupportSoft
  [14-07-2010|22:38] C:\Program Files\Common Files\Symantec Shared
  [12-09-2009|15:20] C:\Program Files\Common Files\System
  [18-09-2009|20:58] C:\Program Files\Common Files\Windows Live
  [0|fil(er)] C:\Program Files\Common Files\byte
  [20|mappe(r)] C:\Program Files\Common Files\byte ledig

  --------------------\\  Process

  ( 54 Processes )

  ... OK !

  --------------------\\  Searching with S_Lop

  No Lop folder found !

  --------------------\\  Searching for Lop Files - Folders

  No Lop folder found !

  --------------------\\  Searching within the Registry

  ..... OK !

  --------------------\\  Checking the Hosts file

  Hosts file CLEAN


  --------------------\\  Searching for hidden files with Catchme

  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2011-04-03 21:08:59
  Windows 6.0.6002 Service Pack 2 NTFS
  scanning hidden processes ...
  scanning hidden files ...
  scan completed successfully
  hidden processes: 0
  hidden files: 27

  --------------------\\  Searching for other infections

  --------------------\\  Cracks & Keygens ..

  C:\Users\Allan\AppData\Roaming\uTorrent\Atomix VirtualDJ Pro 7.0 Build 342  + CRACK FULL.torrent
  C:\Users\Allan\AppData\Roaming\uTorrent\Collage.Maker.v3.60.Incl.Keygen-CzW - [ www.torrentday.com ].torrent
  C:\Users\Allan\AppData\Roaming\uTorrent\iPhone Ringtone Maker + Crack.torrent
  C:\Users\Allan\AppData\Roaming\uTorrent\Nero_7_Ultra_Edition_Enhanced_XP__Vista_+_Keygen.torrent
  C:\Users\Allan\AppData\Roaming\uTorrent\PHOTO CEATING SOFTWARE -  Picture Collage Maker Pro 2.3.4.3018 + KEYGEN [h33t] [maxuploader].torrent
  C:\Users\Allan\AppData\Roaming\uTorrent\Picture Collage Maker Pro 2.3.0 build 2912 Software + Keygen.torrent
  C:\Users\Allan\AppData\Roaming\uTorrent\Sticky Password v 5.0.0.185 + Crack.rar.torrent
  C:\Users\Allan\AppData\Roaming\uTorrent\Synapse.Audio.Orion.v7.6.2.0.Incl.Keygen-AiR.torrent


  [F:89][D:36]-> C:\Users\Allan\AppData\Local\Temp
  [F:58][D:1]-> C:\Users\Allan\AppData\Roaming\MICROS~1\Windows\Cookies
  [F:1161][D:6]-> C:\Users\Allan\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
  [F:12][D:4]-> C:\$Recycle.Bin

  1 - "C:\Lop SD\LopR_1.txt" - 03-04-2011|21:10 - Option : [2]

  --------------------\\  Scan completed at 21:10:56
  [ UAC => 1 ]

Punktet "Cracks & Keygens .." viser dig dit problem.
Utorrent kan bruges til fornuftige ting, men også dumme ting - og du har valgt det sidste...

Moralprædiken slut :)

Den viste dog ikke det store (har en backup jeg dog lige kontakter) men prøv en tur med Combofix:
Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

Igen må jeg takke, og ja moralprædiken er altid dejligt :-)
.. Jeg har lært min lærestreg nu.. Jeg prøver det du har skrevet og du hører nyt når jeg engang bliver færdig :-)

Jeg fulgte din vejledning og den begyndte at scanne i ca 3 min og så lukkede min computer ned med denne meddelse:

Problemsignatur:
  Navn på problemhændelse:    BlueScreen
  OS-version:    6.0.6002.2.2.0.768.3
  Landestandard-id:    1030

Flere oplysninger om problemet:
  BCCode:    a
  BCP1:    00000016
  BCP2:    0000001B
  BCP3:    00000000
  BCP4:    820BE7B6
  OS Version:    6_0_6002
  Service Pack:    2_0
  Product:    768_1

Filer, der hjælper med til at beskrive problemet:
  C:\Windows\Minidump\Mini040311-03.dmp
  C:\Users\Allan\AppData\Local\Temp\WER-74552-0.sysdata.xml
  C:\Users\Allan\AppData\Local\Temp\WER82E5.tmp.version.txt

Læs erklæringen om beskyttelse af personlige oplysninger:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0406

Ok.
Vent lige på yderligere info.
Du skal ikke gøre mere pt.

Okay, takker :-)

Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Kør TDSSKiller.exe -> Klik på "Start Scan"

Hvis en inficeret fil bliver fundet, vil "Default action" være Cure, klik på Continue
Hvis en mistænkelig fil opdages, vil "Default action" være Skip, klik på Continue
Hvis den ikke spørger om "Reboot" (genstart) så klik på "Report", kopier den tekst herind i tråden.

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.

Logfilen fra Tdsskiller:

2011/04/04 22:04:33.0323 3448    TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/04 22:04:33.0651 3448    ================================================================================
2011/04/04 22:04:33.0651 3448    SystemInfo:
2011/04/04 22:04:33.0651 3448   
2011/04/04 22:04:33.0651 3448    OS Version: 6.0.6002 ServicePack: 2.0
2011/04/04 22:04:33.0651 3448    Product type: Workstation
2011/04/04 22:04:33.0651 3448    ComputerName: ALLAN-BÆRBAR
2011/04/04 22:04:33.0651 3448    UserName: Allan
2011/04/04 22:04:33.0651 3448    Windows directory: C:\Windows
2011/04/04 22:04:33.0651 3448    System windows directory: C:\Windows
2011/04/04 22:04:33.0651 3448    Processor architecture: Intel x86
2011/04/04 22:04:33.0651 3448    Number of processors: 2
2011/04/04 22:04:33.0651 3448    Page size: 0x1000
2011/04/04 22:04:33.0651 3448    Boot type: Normal boot
2011/04/04 22:04:33.0651 3448    ================================================================================
2011/04/04 22:04:34.0867 3448    Initialize success
2011/04/04 22:04:39.0485 3424    ================================================================================
2011/04/04 22:04:39.0485 3424    Scan started
2011/04/04 22:04:39.0485 3424    Mode: Manual;
2011/04/04 22:04:39.0485 3424    ================================================================================
2011/04/04 22:04:40.0047 3424    ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/04 22:04:40.0140 3424    adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/04 22:04:40.0187 3424    adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/04 22:04:40.0218 3424    adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/04 22:04:40.0249 3424    adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/04 22:04:40.0343 3424    AFD            (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/04 22:04:40.0405 3424    agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/04 22:04:40.0421 3424    aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/04 22:04:40.0468 3424    aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/04 22:04:40.0483 3424    amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/04 22:04:40.0515 3424    amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/04 22:04:40.0546 3424    AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/04 22:04:40.0593 3424    AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/04 22:04:40.0686 3424    arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/04 22:04:40.0733 3424    arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/04 22:04:40.0795 3424    AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/04 22:04:40.0858 3424    atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/04 22:04:40.0936 3424    athr            (fa4e39b289d3a9606f03c90a933b2b1f) C:\Windows\system32\DRIVERS\athr.sys
2011/04/04 22:04:41.0061 3424    BCM43XV        (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/04 22:04:41.0139 3424    Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/04 22:04:41.0217 3424    bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/04 22:04:41.0279 3424    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/04 22:04:41.0295 3424    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/04 22:04:41.0326 3424    Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/04 22:04:41.0357 3424    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/04 22:04:41.0388 3424    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/04 22:04:41.0419 3424    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/04 22:04:41.0544 3424    BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/04 22:04:41.0716 3424    cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/04 22:04:41.0794 3424    cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/04 22:04:41.0841 3424    circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/04 22:04:41.0919 3424    CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/04 22:04:41.0965 3424    CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/04 22:04:41.0997 3424    cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/04 22:04:42.0059 3424    CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2011/04/04 22:04:42.0121 3424    Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/04 22:04:42.0153 3424    crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/04 22:04:42.0168 3424    Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/04 22:04:42.0262 3424    ctxusbm        (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
2011/04/04 22:04:42.0340 3424    DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/04 22:04:42.0433 3424    DgiVecp        (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
2011/04/04 22:04:42.0496 3424    disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/04 22:04:42.0558 3424    drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/04 22:04:42.0636 3424    DXGKrnl        (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/04 22:04:42.0699 3424    E100B          (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/04/04 22:04:42.0745 3424    E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/04 22:04:42.0855 3424    Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/04 22:04:42.0917 3424    elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/04 22:04:43.0011 3424    exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/04 22:04:43.0089 3424    fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/04 22:04:43.0120 3424    fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/04 22:04:43.0213 3424    FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/04 22:04:43.0260 3424    Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/04 22:04:43.0291 3424    flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/04 22:04:43.0369 3424    FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/04 22:04:43.0463 3424    fssfltr        (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/04 22:04:43.0525 3424    Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/04 22:04:43.0557 3424    gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/04 22:04:43.0635 3424    GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/04/04 22:04:43.0666 3424    HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
2011/04/04 22:04:43.0744 3424    HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/04 22:04:43.0791 3424    HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/04 22:04:43.0822 3424    HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/04 22:04:43.0884 3424    HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/04 22:04:43.0947 3424    HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/04 22:04:43.0978 3424    HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/04/04 22:04:44.0009 3424    HpqRemHid      (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/04/04 22:04:44.0071 3424    HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/04 22:04:44.0134 3424    HSF_DPV        (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/04/04 22:04:44.0196 3424    HSXHWAZL        (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/04/04 22:04:44.0227 3424    HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/04 22:04:44.0337 3424    i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/04 22:04:44.0383 3424    i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/04 22:04:44.0446 3424    ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/04 22:04:44.0508 3424    iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/04 22:04:44.0555 3424    iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/04 22:04:44.0617 3424    intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/04 22:04:44.0649 3424    intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/04 22:04:44.0711 3424    IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/04 22:04:44.0773 3424    IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/04 22:04:44.0836 3424    IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/04 22:04:44.0914 3424    IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/04 22:04:44.0945 3424    isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/04 22:04:45.0007 3424    iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/04 22:04:45.0039 3424    iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/04 22:04:45.0085 3424    iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/04 22:04:45.0101 3424    kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/04 22:04:45.0195 3424    kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/04 22:04:45.0273 3424    KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/04 22:04:45.0382 3424    lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/04 22:04:45.0444 3424    LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/04 22:04:45.0475 3424    LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/04 22:04:45.0507 3424    LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/04 22:04:45.0569 3424    luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/04 22:04:45.0616 3424    mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/04 22:04:45.0631 3424    megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/04 22:04:45.0694 3424    mfeapfk        (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2011/04/04 22:04:45.0725 3424    mfehidk        (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2011/04/04 22:04:45.0819 3424    Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/04 22:04:45.0881 3424    monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/04 22:04:45.0928 3424    mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/04 22:04:45.0943 3424    mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/04 22:04:46.0021 3424    MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/04 22:04:46.0053 3424    MpFilter        (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/04 22:04:46.0115 3424    mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/04 22:04:46.0209 3424    MpKsl3dfcae72  (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A11A3DAF-EC44-4E54-90F8-0E5F636464F8}\MpKsl3dfcae72.sys
2011/04/04 22:04:46.0318 3424    MpNWMon        (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/04 22:04:46.0396 3424    mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/04 22:04:46.0458 3424    Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/04 22:04:46.0552 3424    MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/04 22:04:46.0739 3424    mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/04 22:04:46.0786 3424    mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/04 22:04:46.0817 3424    mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/04 22:04:46.0879 3424    msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/04 22:04:46.0911 3424    msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/04 22:04:46.0989 3424    Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/04 22:04:47.0035 3424    msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/04 22:04:47.0098 3424    MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/04 22:04:47.0176 3424    MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/04 22:04:47.0223 3424    MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/04 22:04:47.0285 3424    MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/04 22:04:47.0332 3424    mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/04 22:04:47.0363 3424    MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/04 22:04:47.0425 3424    Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/04 22:04:47.0503 3424    NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/04 22:04:47.0581 3424    NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/04 22:04:47.0659 3424    NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/04 22:04:47.0722 3424    Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/04 22:04:47.0784 3424    NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/04 22:04:47.0847 3424    NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/04 22:04:47.0893 3424    NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/04 22:04:47.0956 3424    netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/04 22:04:48.0034 3424    nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/04 22:04:48.0065 3424    NisDrv          (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/04 22:04:48.0143 3424    Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/04 22:04:48.0237 3424    nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/04 22:04:48.0330 3424    Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/04 22:04:48.0377 3424    ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/04 22:04:48.0408 3424    Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/04 22:04:48.0486 3424    NVENETFD        (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/04 22:04:48.0736 3424    nvlddmkm        (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/04 22:04:49.0001 3424    nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/04 22:04:49.0032 3424    nvsmu          (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/04/04 22:04:49.0063 3424    nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/04 22:04:49.0095 3424    nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/04 22:04:49.0219 3424    ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/04 22:04:49.0282 3424    Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/04 22:04:49.0344 3424    partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/04 22:04:49.0375 3424    Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/04 22:04:49.0422 3424    pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/04/04 22:04:49.0500 3424    pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/04 22:04:49.0516 3424    pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/04 22:04:49.0563 3424    pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/04 22:04:49.0625 3424    PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/04 22:04:49.0765 3424    PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/04 22:04:49.0797 3424    Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/04 22:04:49.0859 3424    PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/04 22:04:49.0937 3424    ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/04 22:04:49.0984 3424    ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/04 22:04:50.0062 3424    QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/04 22:04:50.0140 3424    RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/04 22:04:50.0218 3424    Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/04 22:04:50.0296 3424    RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/04 22:04:50.0374 3424    RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/04 22:04:50.0436 3424    rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/04 22:04:50.0467 3424    RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/04 22:04:50.0514 3424    rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/04 22:04:50.0530 3424    RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/04 22:04:50.0608 3424    RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/04 22:04:50.0670 3424    rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/04 22:04:50.0717 3424    rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/04 22:04:50.0748 3424    rismxdp        (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/04 22:04:50.0826 3424    rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/04 22:04:50.0889 3424    sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/04 22:04:50.0998 3424    sdbus          (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/04 22:04:51.0013 3424    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/04 22:04:51.0060 3424    Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/04 22:04:51.0107 3424    Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/04 22:04:51.0138 3424    sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/04 22:04:51.0216 3424    sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/04 22:04:51.0232 3424    sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/04 22:04:51.0263 3424    sffp_sd        (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/04 22:04:51.0279 3424    sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/04 22:04:51.0325 3424    sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/04 22:04:51.0357 3424    SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/04 22:04:51.0388 3424    SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/04 22:04:51.0481 3424    Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/04 22:04:51.0559 3424    spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/04 22:04:51.0622 3424    sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/04 22:04:51.0622 3424    Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/04 22:04:51.0637 3424    sptd - detected Locked file (1)
2011/04/04 22:04:51.0700 3424    srv            (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/04 22:04:51.0965 3424    srv2            (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/04 22:04:51.0996 3424    srvnet          (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/04 22:04:52.0043 3424    SSPORT          (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys
2011/04/04 22:04:52.0090 3424    swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/04 22:04:52.0137 3424    Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/04 22:04:52.0215 3424    Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/04 22:04:52.0230 3424    Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/04 22:04:52.0277 3424    SynTP          (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/04 22:04:52.0386 3424    Tcpip          (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/04 22:04:52.0433 3424    Tcpip6          (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/04 22:04:52.0495 3424    tcpipreg        (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/04 22:04:52.0573 3424    TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/04 22:04:52.0636 3424    TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/04 22:04:52.0698 3424    tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/04 22:04:52.0761 3424    TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/04 22:04:52.0823 3424    tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/04 22:04:52.0901 3424    tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/04 22:04:52.0948 3424    tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/04 22:04:53.0010 3424    uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/04 22:04:53.0041 3424    udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/04 22:04:53.0104 3424    uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/04 22:04:53.0135 3424    uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/04 22:04:53.0182 3424    UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/04 22:04:53.0197 3424    ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/04 22:04:53.0244 3424    umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/04 22:04:53.0322 3424    USBAAPL        (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/04 22:04:53.0400 3424    usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/04 22:04:53.0447 3424    usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/04 22:04:53.0463 3424    usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/04 22:04:53.0509 3424    usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/04 22:04:53.0556 3424    usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/04 22:04:53.0587 3424    usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/04 22:04:53.0619 3424    usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/04 22:04:53.0665 3424    usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/04 22:04:53.0697 3424    USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/04 22:04:53.0728 3424    usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/04 22:04:53.0775 3424    usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/04 22:04:53.0821 3424    vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/04 22:04:53.0884 3424    VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/04 22:04:53.0915 3424    viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/04 22:04:53.0946 3424    ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/04 22:04:53.0977 3424    viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/04 22:04:54.0024 3424    volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/04 22:04:54.0087 3424    volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/04 22:04:54.0149 3424    volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/04 22:04:54.0180 3424    vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/04 22:04:54.0227 3424    WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/04 22:04:54.0289 3424    Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 22:04:54.0305 3424    Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 22:04:54.0367 3424    Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/04 22:04:54.0445 3424    Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/04 22:04:54.0570 3424    winachsf        (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/04 22:04:54.0664 3424    winusb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/04/04 22:04:54.0695 3424    WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/04 22:04:54.0789 3424    WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/04 22:04:54.0835 3424    ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/04 22:04:54.0929 3424    WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/04 22:04:54.0976 3424    XAudio          (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/04/04 22:04:55.0023 3424    \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/04 22:04:55.0023 3424    ================================================================================
2011/04/04 22:04:55.0023 3424    Scan finished
2011/04/04 22:04:55.0023 3424    ================================================================================
2011/04/04 22:04:55.0038 1056    Detected object count: 2
2011/04/04 22:05:30.0838 1056    Locked file(sptd) - User select action: Skip
2011/04/04 22:05:30.0900 1056    \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/04 22:05:30.0900 1056    \HardDisk0 - ok
2011/04/04 22:05:30.0900 1056    Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/04 22:05:47.0260 1872    Deinitialize success

Slet den ComboFix du har, og hent en ny.

Hent og gem ComboFix på dit skrivebord.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Logfilen fra ComboFix:

ComboFix 11-04-04.01 - Allan 04-04-2011  22:34:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3071.2064 [GMT 2:00]
Kører fra: c:\users\Allan\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Allan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Allan\Documents\cc_20110403_172239.reg
c:\windows\system32\KBL.LOG
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-03-04 til 2011-04-04  )))))))))))))))))))))))))))))))))))
.
.
2011-04-04 20:41 . 2011-04-04 20:45    --------    d-----w-    c:\users\Allan\AppData\Local\temp
2011-04-04 20:41 . 2011-04-04 20:41    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-04-04 20:18 . 2011-04-04 20:18    28752    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A0BF6FF-B451-4F33-9325-766CA9AE7286}\MpKslbe3c07bc.sys
2011-04-04 20:18 . 2011-03-23 08:11    6792528    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-04 20:18 . 2011-03-23 08:11    6792528    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A0BF6FF-B451-4F33-9325-766CA9AE7286}\mpengine.dll
2011-04-03 19:06 . 2011-04-03 19:10    --------    d-----w-    C:\Lop SD
2011-04-03 14:23 . 2010-11-30 09:43    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-03 14:23 . 2010-11-30 09:43    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD44156-AD5F-4F07-8613-37765FE82E31}\gapaengine.dll
2011-04-03 14:02 . 2011-04-03 14:03    --------    d-----w-    c:\program files\Microsoft Security Client
2011-04-03 14:02 . 2010-04-05 20:00    221568    ----a-w-    c:\windows\system32\drivers\netio.sys
2011-04-02 20:39 . 2010-12-20 16:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 20:39 . 2011-04-02 20:39    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-04-02 20:39 . 2010-12-20 16:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-04-02 20:35 . 2011-04-03 14:13    --------    d-----w-    c:\users\Allan\HijackThis
2011-04-02 20:04 . 2010-10-13 20:28    141792    ----a-w-    c:\windows\system32\mfevtps.exe
2011-04-02 18:47 . 2011-04-02 18:47    --------    d-----w-    c:\users\Allan\AppData\Roaming\Malwarebytes
2011-04-02 18:33 . 2011-04-02 18:33    --------    d-----w-    c:\programdata\Malwarebytes
2011-04-02 18:32 . 2011-04-02 19:03    --------    d-----w-    c:\programdata\clp
2011-04-02 18:32 . 2011-04-02 20:23    --------    d-----w-    c:\program files\Fighters
2011-04-02 18:32 . 2011-04-02 18:32    --------    d-----w-    c:\programdata\Common Toolkit Suite
2011-04-02 18:31 . 2011-04-02 20:24    --------    d-----w-    c:\programdata\Fighters
2011-04-02 18:31 . 2011-04-02 20:23    --------    dc-h--w-    c:\programdata\~0
2011-04-02 18:30 . 2011-04-02 20:23    --------    d-----w-    c:\users\Allan\AppData\Roaming\Fighters
2011-04-02 18:30 . 2011-04-02 18:30    --------    d-----w-    c:\users\Allan\AppData\Local\PackageAware
2011-04-02 17:45 . 2011-03-23 08:11    6792528    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{69CA3331-CBDD-4E1F-BB93-B3712B5371B2}\mpengine.dll
2011-03-20 17:40 . 2011-03-20 17:40    --------    d-----w-    c:\users\Allan\AppData\Roaming\StreamTorrent
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 19:40 . 2010-09-29 20:23    472808    ----a-w-    c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Allan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02    932288    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-15 19:02    35736    ----a-w-    c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-08 15:31    47904    ----a-w-    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-10-26 15:35    103768    ----a-w-    c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16    357696    ----a-w-    c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 07:03    75008    ----a-w-    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24    54840    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47    480560    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08    963976    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 11:20    997408    ----a-w-    c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12    3872080    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-04 01:42    13556256    ----a-w-    c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-04 01:42    92704    ----a-w-    c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54    554320    ----a-w-    c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Software Suite]
2007-10-19 07:24    1790776    ----a-w-    c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-10-01 02:34    181544    ----a-w-    c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28    1233920    ----a-w-    c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49    249064    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 01:05    1045800    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29    102400    ----a-w-    c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 14:32    222504    ------w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53    311296    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45    215552    ----a-w-    c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 rovijkau;HpqKbFilter Controller;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2010-09-28 41984]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-08 691696]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-19 65584]
S1 MpKslbe3c07bc;MpKslbe3c07bc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A0BF6FF-B451-4F33-9325-766CA9AE7286}\MpKslbe3c07bc.sys [2011-04-04 28752]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-16 5120]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
WindowsMobile    REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ      WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
rovijkau
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
Trusted Zone: danskebank.dk
Trusted Zone: vinderland.dk
TCP: {A2A7F931-E4B1-4DA1-8A2C-0F59A145066F} = 208.67.222.222,208.67.220.220
DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} - hxxp://centrebet.com/external/centrebet/static/activex/centrebetpokerlauncher.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
MSConfigStartUp-teiif - c:\users\Allan\teiif.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
.
.
**************************************************************************
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer:
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Gennemført tid: 2011-04-04  22:52:57 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-04-04 20:51
.
Pre-Kørsel: 85.766.111.232 byte ledig
Post-Kørsel: 86.011.338.752 byte ledig
.
- - End Of File - - EE6DEFF3E4FEEFD4B3EE30B7BF20F059

Drop fildeling ->
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://www.spywarefri.dk/forum/viewthread/40284/

------

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Folder::
C:\Program Files\uTorrent\
C:\Users\Allan\AppData\Roaming\uTorrent\
Driver::
rovijkau
NetSvc::
rovijkau

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Endnu en log:

ComboFix 11-04-04.01 - Allan 05-04-2011  16:08:00.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3071.1811 [GMT 2:00]
Kører fra: c:\users\Allan\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Allan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrent\
c:\program files\uTorrent\\uTorrent.exe.13858.tmp
c:\users\Allan\AppData\Roaming\uTorrent\
c:\users\Allan\AppData\Roaming\uTorrent\\(NEW).Wu-Tang-Legend_of_the_Wu-Tang_Wu-Tang_Clans_Greatest_Hits.torrent
c:\users\Allan\AppData\Roaming\uTorrent\\[ www.Torrentday.com ] - Jackass.3D.UNRATED.DVDRip.XviD-DEFACED.torrent
c:\users\Allan\AppData\Roaming\uTorrent\\[?????].The.City.Of.Lost.Children.1995.DVDrip.AC3.2CD-WAF.torrent
c:\users\Allan\AppData\Roaming\uTorrent\\[1993] Judgement Night (OST) @320 with Cover Art! [h33t] [Inert01].torrent
c:\users\Allan\AppData\Roaming\uTorrent\\Zombieland.2009.R5.XviD.SWESUB-KickFoot.torrent
c:\users\Allan\AppData\Roaming\uTorrent\\ZZ Top - Greatest Hits [Limited Tour Edition] @320 - Rock music album.torrent
c:\users\Allan\AppData\Roaming\uTorrent\\ZZ Top Greatest Hits (MnM-RG Mp3).torrent
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_rovijkau
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-03-05 til 2011-04-05  )))))))))))))))))))))))))))))))))))
.
.
2011-04-05 14:14 . 2011-04-05 14:19    --------    d-----w-    c:\users\Allan\AppData\Local\temp
2011-04-05 14:14 . 2011-04-05 14:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-04-05 05:20 . 2011-04-05 05:20    28752    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D84EAE-C2F4-4980-8B9E-AFC4494772A0}\MpKsl6c014ee1.sys
2011-04-05 05:05 . 2011-04-05 05:05    --------    d-----w-    c:\windows\da
2011-04-05 05:05 . 2010-09-22 22:21    39272    ----a-w-    c:\windows\system32\drivers\fssfltr.sys
2011-04-05 05:01 . 2009-09-04 15:44    69464    ----a-w-    c:\windows\system32\XAPOFX1_3.dll
2011-04-05 05:01 . 2009-09-04 15:44    515416    ----a-w-    c:\windows\system32\XAudio2_5.dll
2011-04-05 05:01 . 2009-09-04 15:29    453456    ----a-w-    c:\windows\system32\d3dx10_42.dll
2011-04-05 05:00 . 2011-04-05 05:00    15712    ----a-w-    c:\program files\Common Files\Windows Live\.cache\551996501cbf34e20\MeshBetaRemover.exe
2011-04-05 04:59 . 2011-04-05 04:59    525656    ----a-w-    c:\program files\Common Files\Windows Live\.cache\40967d101cbf34e18\DXSETUP.exe
2011-04-05 04:59 . 2011-04-05 04:59    94040    ----a-w-    c:\program files\Common Files\Windows Live\.cache\40967d101cbf34e18\DSETUP.dll
2011-04-05 04:59 . 2011-04-05 04:59    1691480    ----a-w-    c:\program files\Common Files\Windows Live\.cache\40967d101cbf34e18\dsetup32.dll
2011-04-05 04:59 . 2011-04-05 04:59    94040    ----a-w-    c:\program files\Common Files\Windows Live\.cache\3e6e3e101cbf34e17\DSETUP.dll
2011-04-05 04:59 . 2011-04-05 04:59    525656    ----a-w-    c:\program files\Common Files\Windows Live\.cache\3e6e3e101cbf34e17\DXSETUP.exe
2011-04-05 04:59 . 2011-04-05 04:59    1691480    ----a-w-    c:\program files\Common Files\Windows Live\.cache\3e6e3e101cbf34e17\dsetup32.dll
2011-04-05 04:58 . 2011-04-05 04:58    --------    d-----w-    c:\users\Allan\AppData\Local\Windows Live
2011-04-05 04:57 . 2009-08-04 08:02    754688    ----a-w-    c:\windows\system32\webservices.dll
2011-04-05 04:46 . 2009-10-09 21:56    2048    ----a-w-    c:\windows\system32\winrsmgr.dll
2011-04-05 04:46 . 2009-10-09 21:56    12800    ----a-w-    c:\windows\system32\wsmprovhost.exe
2011-04-05 04:46 . 2009-10-09 21:56    20480    ----a-w-    c:\windows\system32\winrshost.exe
2011-04-05 04:46 . 2009-10-09 21:56    40448    ----a-w-    c:\windows\system32\winrs.exe
2011-04-05 04:46 . 2009-10-09 21:56    10240    ----a-w-    c:\windows\system32\wsmplpxy.dll
2011-04-05 04:46 . 2009-10-09 21:56    10240    ----a-w-    c:\windows\system32\winrssrv.dll
2011-04-05 04:46 . 2009-10-09 21:56    41472    ----a-w-    c:\windows\system32\pwrshplugin.dll
2011-04-05 04:46 . 2009-10-09 21:55    79872    ----a-w-    c:\windows\system32\wecutil.exe
2011-04-05 04:46 . 2009-10-09 21:55    54272    ----a-w-    c:\windows\system32\WsmRes.dll
2011-04-05 04:46 . 2009-10-09 21:55    146944    ----a-w-    c:\windows\system32\wecsvc.dll
2011-04-05 04:46 . 2009-10-09 21:55    81408    ----a-w-    c:\windows\system32\wevtfwd.dll
2011-04-05 04:46 . 2009-10-09 21:55    56320    ----a-w-    c:\windows\system32\wecapi.dll
2011-04-05 04:45 . 2009-08-01 06:27    201184    ----a-w-    c:\windows\system32\winrm.vbs
2011-04-05 04:45 . 2009-10-09 21:56    1181696    ----a-w-    c:\windows\system32\WsmSvc.dll
2011-04-05 04:45 . 2009-10-09 21:56    214016    ----a-w-    c:\windows\system32\WsmWmiPl.dll
2011-04-05 04:45 . 2009-10-09 21:56    241152    ----a-w-    c:\windows\system32\winrscmd.dll
2011-04-05 04:45 . 2009-10-09 21:56    246272    ----a-w-    c:\windows\system32\WSManHTTPConfig.exe
2011-04-05 04:45 . 2009-10-09 21:56    145408    ----a-w-    c:\windows\system32\WsmAuto.dll
2011-04-05 04:45 . 2009-10-09 21:55    252416    ----a-w-    c:\windows\system32\WSManMigrationPlugin.dll
2011-04-05 01:02 . 2011-04-05 01:02    --------    d-----w-    c:\program files\Microsoft.NET
2011-04-04 20:54 . 2011-03-23 08:11    6792528    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D84EAE-C2F4-4980-8B9E-AFC4494772A0}\mpengine.dll
2011-04-04 20:18 . 2011-03-23 08:11    6792528    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-03 19:06 . 2011-04-03 19:10    --------    d-----w-    C:\Lop SD
2011-04-03 14:23 . 2010-11-30 09:43    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-03 14:23 . 2010-11-30 09:43    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD44156-AD5F-4F07-8613-37765FE82E31}\gapaengine.dll
2011-04-03 14:02 . 2011-04-03 14:03    --------    d-----w-    c:\program files\Microsoft Security Client
2011-04-03 14:02 . 2010-04-05 20:00    221568    ----a-w-    c:\windows\system32\drivers\netio.sys
2011-04-02 20:39 . 2010-12-20 16:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 20:39 . 2011-04-02 20:39    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-04-02 20:39 . 2010-12-20 16:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-04-02 20:35 . 2011-04-03 14:13    --------    d-----w-    c:\users\Allan\HijackThis
2011-04-02 20:04 . 2010-10-13 20:28    141792    ----a-w-    c:\windows\system32\mfevtps.exe
2011-04-02 18:47 . 2011-04-02 18:47    --------    d-----w-    c:\users\Allan\AppData\Roaming\Malwarebytes
2011-04-02 18:33 . 2011-04-02 18:33    --------    d-----w-    c:\programdata\Malwarebytes
2011-04-02 18:32 . 2011-04-02 19:03    --------    d-----w-    c:\programdata\clp
2011-04-02 18:32 . 2011-04-02 20:23    --------    d-----w-    c:\program files\Fighters
2011-04-02 18:32 . 2011-04-02 18:32    --------    d-----w-    c:\programdata\Common Toolkit Suite
2011-04-02 18:31 . 2011-04-02 20:24    --------    d-----w-    c:\programdata\Fighters
2011-04-02 18:31 . 2011-04-02 20:23    --------    dc-h--w-    c:\programdata\~0
2011-04-02 18:30 . 2011-04-02 20:23    --------    d-----w-    c:\users\Allan\AppData\Roaming\Fighters
2011-04-02 18:30 . 2011-04-02 18:30    --------    d-----w-    c:\users\Allan\AppData\Local\PackageAware
2011-04-02 17:45 . 2011-03-23 08:11    6792528    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{69CA3331-CBDD-4E1F-BB93-B3712B5371B2}\mpengine.dll
2011-03-20 17:40 . 2011-03-20 17:40    --------    d-----w-    c:\users\Allan\AppData\Roaming\StreamTorrent
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 05:01 . 2010-06-24 09:33    18328    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 19:40 . 2010-09-29 20:23    472808    ----a-w-    c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Allan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02    932288    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-15 19:02    35736    ----a-w-    c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-08 15:31    47904    ----a-w-    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-10-26 15:35    103768    ----a-w-    c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16    357696    ----a-w-    c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 07:03    75008    ----a-w-    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24    54840    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47    480560    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08    963976    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 11:20    997408    ----a-w-    c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-22 22:47    4240760    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-04 01:42    13556256    ----a-w-    c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-04 01:42    92704    ----a-w-    c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54    554320    ----a-w-    c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Software Suite]
2007-10-19 07:24    1790776    ----a-w-    c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-10-01 02:34    181544    ----a-w-    c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28    1233920    ----a-w-    c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49    249064    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 01:05    1045800    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29    102400    ----a-w-    c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 14:32    222504    ------w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53    311296    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45    215552    ----a-w-    c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2010-09-28 41984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-08 691696]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-19 65584]
S1 MpKsl6c014ee1;MpKsl6c014ee1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D84EAE-C2F4-4980-8B9E-AFC4494772A0}\MpKsl6c014ee1.sys [2011-04-05 28752]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-16 5120]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
WindowsMobile    REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ      WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
Trusted Zone: danskebank.dk
Trusted Zone: vinderland.dk
TCP: {A2A7F931-E4B1-4DA1-8A2C-0F59A145066F} = 208.67.222.222,208.67.220.220
DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} - hxxp://centrebet.com/external/centrebet/static/activex/centrebetpokerlauncher.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-05 16:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Gennemført tid: 2011-04-05  16:26:40 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-04-05 14:26
ComboFix2.txt  2011-04-04 20:52
.
Pre-Kørsel: 85.605.609.472 byte ledig
Post-Kørsel: 85.235.638.272 byte ledig
.
- - End Of File - - 4EAEC7A90326ABF40F61EFECE235D16C

Vil du godt finde C:\Qoobox\ComboFix-quarantined-files.txt, og kopiere den herind.

Ja da, det er denne her.

2011-04-05 14:12:15 . 2011-04-05 14:12:15            1,812 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_rovijkau.reg.dat
2011-04-04 20:50:46 . 2011-04-04 20:50:46              926 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-TomTomHOME.reg.dat
2011-04-04 20:50:46 . 2011-04-04 20:50:46              834 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-teiif.reg.dat
2011-04-04 20:50:45 . 2011-04-04 20:50:45              934 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QlbCtrl.reg.dat
2011-04-04 20:50:35 . 2011-04-04 20:50:35              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2011-04-04 20:50:35 . 2011-04-04 20:50:35              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2011-04-04 20:50:34 . 2011-04-04 20:50:34              132 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2011-04-04 20:39:46 . 2011-04-05 14:11:52            5,921 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-04-03 19:48:57 . 2011-04-05 14:07:13                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2011-04-03 19:46:35 . 2011-04-05 14:07:12              257 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2011-04-03 15:22:41 . 2011-04-03 15:22:47          249,132 ----a-w-  C:\Qoobox\Quarantine\C\Users\Allan\Documents\cc_20110403_172239.reg.vir
2008-07-10 16:30:46 . 2008-07-10 16:30:47              692 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\KBL.LOG.vir

ComboFix har fjernet noget, jeg ikke mener skulle fjernes.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

DeQuarantine::
C:\Qoobox\Quarantine\C\Users\Allan\Documents\cc_20110403_172239.reg.vir
Quit::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Den laver C:\DeQuarantine_log.txt som du gerne må kopiere herind.

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter: (kun dem)

Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
Enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste indlæg.

---

Jeg vil gerne se:

1. DeQuarantine_log.txt

2. Resultat fra ESET Online Scanner.

Her er resultatet af ComboFix logen:

C:\Qoobox\Quarantine\C\Users\Allan\Documents\cc_20110403_172239.reg.vir -> C:\Users\Allan\Documents\cc_20110403_172239.reg ( 249132 bytes )

Resultat fra ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Det var ikke meget  :-(

1. Hent Defogger og gem programmet på dit Skrivebord:

http://www.jpshortstuff.247fixes.com/Defogger.exe

2. Dobbeltklik på Defogger.exe - et vindue vil åbne sig - klik på "Disable" og klik "Yes" for at fortsætte. Nu vil programmet deaktivere dit CD-emulations program og afslutte med "Finished!" - klik "OK". NB - efter rensning vil vi aktivere dit CD-emulations program igen; ingen grund til bekymring.

3. Defogger vil nu genstarte din computer - klik OK.

------

Hent Rootkit Unhooker og gem den på skrivebordet.

http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE

Start den. Klik på report, klik så på scan.
Lad fluebenet stå i Drivers og Stealth. Fjern de andre.
Klik OK
( Hvis den kommer med denne advarsel "Rootkit Unhooker has detected a parasite inside itself!" ignorer den)
Når den er færdig, klik File -> Save Report
Gem den på Skrivebordet og kopier den herind.

Husk at deaktivere dine sikkerheds programmer.

------

Find og upload nedenstående hos Jotti eller Virustotal:

c:\windows\system32\DRIVERS\avfsfilter.sys

Jotti - Virustotal

Kopier resultatet herind som link eller MD5 Checksum.

Du kan se en guide til Virustotal her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=143&title=virustotal-vejledning

---

Jeg vil gerne se:

1. Log fra Rootkit Unhooker.

2. Resultat fra Jotti eller Virustotal.

3. Høre hvordan PCen kører.

Report fra unhooker:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E808000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9900032 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 187.66 )
0x82235000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82235000 PnpManager 3907584 bytes
0x82235000 RAW 3907584 bytes
0x82235000 WMIxWDM 3907584 bytes
0x98280000 Win32k 2109440 bytes
0x98280000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Win32-flerbrugerdriver)
0x8E604000 C:\Windows\system32\DRIVERS\athr.sys 1200128 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8A405000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT-filsystemdriver)
0x8A078000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F60D000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8E40D000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1052672 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8A209000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x80462000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA0A06000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F710000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9D230000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8E729000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E50E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8A007000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80542000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Driver på kerneniveau for Framework Runtime)
0x9D337000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-protokolstak)
0x80784000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x8A3A1000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9F8BE000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x806AD000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F8B5000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80604000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-driver til NT)
0x80421000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8F40E000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x805C1000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8A354000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F934000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A1AE000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8F1AA000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x9F845000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A51D000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Driver til tjenesten Volume Snapshot)
0x8F533000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82202000 ACPI_HAL 208896 bytes
0x8F579000 C:\Windows\system32\drivers\CHDRT32.sys 208896 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x82202000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80742000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filsystem Filterstyring)
0x8F883000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E7C9000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F5AC000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A183000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8F4E9000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9D2F0000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9F896000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A56D000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8F7D2000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8065B000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI-optælling)
0x8F5D9000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8F47C000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A5A5000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9F805000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F9CD000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8F806000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9F826000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80724000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9D3A4000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A2F6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9D20D000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Filterdriver til LUA-filvirtualisering)
0x8E5B9000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9D3C1000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x807E1000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9F87E000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F97A000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8F45A000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F9A5000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA0B09000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F8FD000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-pakkeplanlægning)
0x8F859000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9D3DA000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8F4C2000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8F991000 C:\Windows\system32\DRIVERS\ctxusbm.sys 81920 bytes (Citrix Systems, Inc., Citrix USB Filter Driver)
0x8F4AE000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E5E2000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8F86F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F187000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, Driver til i8042-port)
0x9D324000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F921000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A594000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F568000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80408000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Driver for platformsspecifik hardwarefejl)
0x8A31A000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x80774000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8A32A000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9D2E0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8070C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8E59B000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8F4D7000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A5D9000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A55E000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80682000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8F49F000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E5D3000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8A392000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8069E000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E5AB000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x984C0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F913000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F842000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806FE000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x805B3000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8F9EE000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F7C5000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Enhedsdriver til modem)
0x8F51D000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xA0AF5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F1F2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F17B000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8E400000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8F19F000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Klassedriver til tastatur)
0x8F1E7000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Klassedriver til mus)
0x8F837000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F471000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8F44F000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A5EF000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80694000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8A5CF000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8F513000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9D31A000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8F970000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA0AE4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A34A000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8A5C6000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F600000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F9BC000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8F52A000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, Filterdriver til HID-tastatur)
0xA0B1F000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8F850000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x984A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A311000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A341000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8064A000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8071C000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80419000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8E800000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8F9C5000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, Filterdriver til HID-mus)
0x80653000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F827000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F82F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A556000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8A515000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0xA0B01000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F400000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8A33A000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F7F9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806F7000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xA0AEE000 C:\Windows\system32\Drivers\SSPORT.sys 28672 bytes (Samsung Electronics, Port Contention Driver)
0x8E5F6000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F19A000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x8A5FA000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9F933000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80691000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8A400000 C:\Windows\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) SMU Microcontroller Driver)
0x8A5FE000 C:\Windows\system32\DRIVERS\HpqRemHid.sys 8192 bytes (Hewlett-Packard Development Company, L.P., HP Remote Control HID Device)
0x8F179000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 187.66 )
0x8F4E7000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F1E5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00AC0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x84BC8020 ] PID: 3412, 110592 bytes

c:\windows\system32\DRIVERS\avfsfilter.sys

Den ovenstående fil eksistere ikke på min pc, kan det passe?
Jeg har været i den mappe som du skrev, og jeg har også søgt efter filen, uden noget held.

Syntes egentlig at min pc fungere meget bedre end den gjorde før. Jeg ved så stadigvæk ikke med mine 2 eksterne harddiske, dem har jeg ikke haft sat til min pc i et par dage nu. De 2 harddiske er blevet tjekket på en anden pc uden at der blev fundet noget virus med MSE eller Malwarebytes.

Skal jeg prøve at sætte dem til min pc, eller er der stadigvæk noget rod på min pc?? :-)

For at sikre at C:\Users\Allan\Documents\cc_20110403_172239.reg, ikke bl'r fjernet igen, bør du flytte den.

------

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
File::
c:\windows\system32\DRIVERS\avfsfilter.sys
Driver::
AVFSFilter

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

------

Prøv så at tilslutte dine eksterne harddiske, og lad os vide hvordan det går.

PS Hvis du har Cracks og Keygens på dem, vil du stensikkert blive geninficeret, hvis du benytter dem!!!

Øh, ved ikke om det er et dumt spørgsmål, men hvor skal jeg flytte filen hen?? (cc_20110403_172239.reg)

Du kan jo lave en mappe i din Documents mappe, og kalde den CCleaner-Backup. Det er nemlig det filen er  :-)

aaahhh, okay, tak, jeg er ikke så klog på det her område :-)

Jeg prøver lige det du har skrevet og så hører du nyt bagefter.

Log fra ComboFix:

ComboFix 11-04-05.02 - Allan 06-04-2011  18:17:45.4.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3071.1986 [GMT 2:00]
Kører fra: c:\users\Allan\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Allan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\avfsfilter.sys"
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVFSFILTER
-------\Service_AVFSFilter
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-03-06 til 2011-04-06  )))))))))))))))))))))))))))))))))))
.
.
2011-04-06 16:24 . 2011-04-06 16:34    --------    d-----w-    c:\users\Allan\AppData\Local\temp
2011-04-06 16:24 . 2011-04-06 16:24    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-04-06 14:02 . 2009-07-14 17:45    445008    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2011-04-06 14:02 . 2009-07-14 17:45    38480    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2011-04-05 21:59 . 2011-03-23 08:11    6792528    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB5AED77-BE8C-40A1-B62C-79137C2DF115}\mpengine.dll
2011-04-05 19:10 . 2011-04-05 19:10    --------    d-----w-    c:\program files\ESET
2011-04-05 05:05 . 2011-04-05 05:05    --------    d-----w-    c:\windows\da
2011-04-05 05:05 . 2010-09-22 22:21    39272    ----a-w-    c:\windows\system32\drivers\fssfltr.sys
2011-04-05 05:01 . 2009-09-04 15:44    69464    ----a-w-    c:\windows\system32\XAPOFX1_3.dll
2011-04-05 05:01 . 2009-09-04 15:44    515416    ----a-w-    c:\windows\system32\XAudio2_5.dll
2011-04-05 05:01 . 2009-09-04 15:29    453456    ----a-w-    c:\windows\system32\d3dx10_42.dll
2011-04-05 05:00 . 2011-04-05 05:00    15712    ----a-w-    c:\program files\Common Files\Windows Live\.cache\551996501cbf34e20\MeshBetaRemover.exe
2011-04-05 04:59 . 2011-04-05 04:59    525656    ----a-w-    c:\program files\Common Files\Windows Live\.cache\40967d101cbf34e18\DXSETUP.exe
2011-04-05 04:59 . 2011-04-05 04:59    94040    ----a-w-    c:\program files\Common Files\Windows Live\.cache\40967d101cbf34e18\DSETUP.dll
2011-04-05 04:59 . 2011-04-05 04:59    1691480    ----a-w-    c:\program files\Common Files\Windows Live\.cache\40967d101cbf34e18\dsetup32.dll
2011-04-05 04:59 . 2011-04-05 04:59    94040    ----a-w-    c:\program files\Common Files\Windows Live\.cache\3e6e3e101cbf34e17\DSETUP.dll
2011-04-05 04:59 . 2011-04-05 04:59    525656    ----a-w-    c:\program files\Common Files\Windows Live\.cache\3e6e3e101cbf34e17\DXSETUP.exe
2011-04-05 04:59 . 2011-04-05 04:59    1691480    ----a-w-    c:\program files\Common Files\Windows Live\.cache\3e6e3e101cbf34e17\dsetup32.dll
2011-04-05 04:58 . 2011-04-05 04:58    --------    d-----w-    c:\users\Allan\AppData\Local\Windows Live
2011-04-05 04:57 . 2009-08-04 08:02    754688    ----a-w-    c:\windows\system32\webservices.dll
2011-04-05 04:46 . 2009-10-09 21:56    2048    ----a-w-    c:\windows\system32\winrsmgr.dll
2011-04-05 04:46 . 2009-10-09 21:56    12800    ----a-w-    c:\windows\system32\wsmprovhost.exe
2011-04-05 04:46 . 2009-10-09 21:56    20480    ----a-w-    c:\windows\system32\winrshost.exe
2011-04-05 04:46 . 2009-10-09 21:56    40448    ----a-w-    c:\windows\system32\winrs.exe
2011-04-05 04:46 . 2009-10-09 21:56    10240    ----a-w-    c:\windows\system32\wsmplpxy.dll
2011-04-05 04:46 . 2009-10-09 21:56    10240    ----a-w-    c:\windows\system32\winrssrv.dll
2011-04-05 04:46 . 2009-10-09 21:56    41472    ----a-w-    c:\windows\system32\pwrshplugin.dll
2011-04-05 04:46 . 2009-10-09 21:55    79872    ----a-w-    c:\windows\system32\wecutil.exe
2011-04-05 04:46 . 2009-10-09 21:55    54272    ----a-w-    c:\windows\system32\WsmRes.dll
2011-04-05 04:46 . 2009-10-09 21:55    146944    ----a-w-    c:\windows\system32\wecsvc.dll
2011-04-05 04:46 . 2009-10-09 21:55    81408    ----a-w-    c:\windows\system32\wevtfwd.dll
2011-04-05 04:46 . 2009-10-09 21:55    56320    ----a-w-    c:\windows\system32\wecapi.dll
2011-04-05 04:45 . 2009-08-01 06:27    201184    ----a-w-    c:\windows\system32\winrm.vbs
2011-04-05 04:45 . 2009-10-09 21:56    1181696    ----a-w-    c:\windows\system32\WsmSvc.dll
2011-04-05 04:45 . 2009-10-09 21:56    214016    ----a-w-    c:\windows\system32\WsmWmiPl.dll
2011-04-05 04:45 . 2009-10-09 21:56    241152    ----a-w-    c:\windows\system32\winrscmd.dll
2011-04-05 04:45 . 2009-10-09 21:56    246272    ----a-w-    c:\windows\system32\WSManHTTPConfig.exe
2011-04-05 04:45 . 2009-10-09 21:56    145408    ----a-w-    c:\windows\system32\WsmAuto.dll
2011-04-05 04:45 . 2009-10-09 21:55    252416    ----a-w-    c:\windows\system32\WSManMigrationPlugin.dll
2011-04-05 01:02 . 2011-04-05 01:02    --------    d-----w-    c:\program files\Microsoft.NET
2011-04-04 20:18 . 2011-03-23 08:11    6792528    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-03 19:06 . 2011-04-03 19:10    --------    d-----w-    C:\Lop SD
2011-04-03 14:23 . 2010-11-30 09:43    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-03 14:23 . 2010-11-30 09:43    439632    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD44156-AD5F-4F07-8613-37765FE82E31}\gapaengine.dll
2011-04-03 14:02 . 2011-04-03 14:03    --------    d-----w-    c:\program files\Microsoft Security Client
2011-04-03 14:02 . 2010-04-05 20:00    221568    ----a-w-    c:\windows\system32\drivers\netio.sys
2011-04-02 20:39 . 2010-12-20 16:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 20:39 . 2011-04-02 20:39    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-04-02 20:39 . 2010-12-20 16:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-04-02 20:35 . 2011-04-03 14:13    --------    d-----w-    c:\users\Allan\HijackThis
2011-04-02 20:04 . 2010-10-13 20:28    141792    ----a-w-    c:\windows\system32\mfevtps.exe
2011-04-02 18:47 . 2011-04-02 18:47    --------    d-----w-    c:\users\Allan\AppData\Roaming\Malwarebytes
2011-04-02 18:33 . 2011-04-02 18:33    --------    d-----w-    c:\programdata\Malwarebytes
2011-04-02 18:32 . 2011-04-02 19:03    --------    d-----w-    c:\programdata\clp
2011-04-02 18:32 . 2011-04-02 20:23    --------    d-----w-    c:\program files\Fighters
2011-04-02 18:32 . 2011-04-02 18:32    --------    d-----w-    c:\programdata\Common Toolkit Suite
2011-04-02 18:31 . 2011-04-02 20:24    --------    d-----w-    c:\programdata\Fighters
2011-04-02 18:31 . 2011-04-02 20:23    --------    dc-h--w-    c:\programdata\~0
2011-04-02 18:30 . 2011-04-02 20:23    --------    d-----w-    c:\users\Allan\AppData\Roaming\Fighters
2011-04-02 18:30 . 2011-04-02 18:30    --------    d-----w-    c:\users\Allan\AppData\Local\PackageAware
2011-04-02 17:45 . 2011-03-23 08:11    6792528    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{69CA3331-CBDD-4E1F-BB93-B3712B5371B2}\mpengine.dll
2011-03-20 17:40 . 2011-03-20 17:40    --------    d-----w-    c:\users\Allan\AppData\Roaming\StreamTorrent
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 05:01 . 2010-06-24 09:33    18328    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 19:40 . 2010-09-29 20:23    472808    ----a-w-    c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Allan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02    932288    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-15 19:02    35736    ----a-w-    c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-08 15:31    47904    ----a-w-    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-10-26 15:35    103768    ----a-w-    c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 07:03    75008    ----a-w-    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24    54840    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47    480560    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08    963976    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 11:20    997408    ----a-w-    c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-11-10 00:54    4240760    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-10-03 09:40    13826664    ----a-w-    c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-10-03 09:40    92776    ----a-w-    c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54    554320    ----a-w-    c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Software Suite]
2007-10-19 07:24    1790776    ----a-w-    c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-10-01 02:34    181544    ----a-w-    c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28    1233920    ----a-w-    c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49    249064    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-27 20:31    1721640    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29    102400    ----a-w-    c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 14:32    222504    ------w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53    311296    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45    215552    ----a-w-    c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2010-09-28 41984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-08 691696]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-19 65584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-16 5120]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
WindowsMobile    REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ      WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
Trusted Zone: danskebank.dk
Trusted Zone: vinderland.dk
TCP: {A2A7F931-E4B1-4DA1-8A2C-0F59A145066F} = 208.67.222.222,208.67.220.220
DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} - hxxp://centrebet.com/external/centrebet/static/activex/centrebetpokerlauncher.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - TOMME GENVEJE FJERNET - - - -
.
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-06 18:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2011-04-06  18:38:03 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-04-06 16:37
ComboFix2.txt  2011-04-05 14:26
ComboFix3.txt  2011-04-04 20:52
.
Pre-Kørsel: 86.708.596.736 byte ledig
Post-Kørsel: 86.321.971.200 byte ledig
.
- - End Of File - - BDAF2A94370370231E7002821397D09D

Den fil jeg gemte i en anden mappe før, skal den tilbage igen nu?

Nu har jeg haft startet begge min harddiske op, og jeg får ikke nogle fejl på nogle af dem, eller tegn på at der skulle være virus tilbage... Jeg har også fjernet alt hvad jeg havde liggende at keygens,cracks og andre mærkelige kopier, for P2P er ikke vejen frem, det har jeg lært nu.!.!.!.!

Det er op til dig. Jeg ville ikke gøre det, da jeg synes det let bli'r noget rod. Jeg holder min dokument mappe fri for filer. De bli'r lagt ud i undermapper. Jeg prøver lige at læse dine logs igennem, for at se om jeg har overset noget.

Okay :-)

Der ligger noget McAfee. Prøvede du #5?

Nej, jeg nåede ikke at prøve #5, opgav inden at jeg nåede at få det installeret.

OK

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"

:Services
mfevtp

:files
c:\windows\system32\mfevtps.exe
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[ClearAllRestorePoints]
[EMPTYFLASH]
[Reboot]

Luk alle andre åbne vinduer og klik på "Run Fix"

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

Så er der en frisk log fra OTL :-)

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named mfevtp was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfevtp deleted successfully.
========== FILES ==========
c:\windows\system32\mfevtps.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Allan\Desktop\cmd.bat deleted successfully.
C:\Users\Allan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Allan
->Temp folder emptied: 11653434 bytes
->Temporary Internet Files folder emptied: 65966598 bytes
->Java cache emptied: 153550126 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 9380 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 2836 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26910 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 221,00 mb



[EMPTYFLASH]

User: All Users

User: Allan
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04082011_184300

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Det ser fint ud. Er der nogen problemer?

Min pc virker super igen, så det er jo bare dejligt :-)

Tak til jer allesammen for den fantastiske hjælp, især john_stigers, karise_larry & f-arn. I er sku nogle stjerner, og rart at man kan henvende sig et sted og få noget hjælp når man kvajer sig :-)

Hvordan fungere det med point??? hvem skal have dem???

Point til <f-arn> !!

Tast  <Windows> + <R> samtidig og kopier dette ind: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

------

Start OTL og klik på CleanUp

Det vil fjerne OTL, og andre værktøjer vi har brugt.