Avatar billede moffa Nybegynder
28. oktober 2011 - 19:25 Der er 39 kommentarer og
1 løsning

AVG har fundet Trojan/Modzilla crasher

Hejsa.
Jeg har behov for lidt hjælp.
Det hele startede med at min Firefox hele tiden lukkede ned ("Firefox stødte på en fejl og gik ned"). Jeg valgte så at køre en AVG scan, den fadt en masse trojans, men det virker som om den ikke kan fjerne dem.

"bonus info" jeg kan kun åbne Modzilla og Explorer i få sekunder inden de crasher, så dette er skrevet fra konens pc.
Avatar billede moffa Nybegynder
28. oktober 2011 - 19:26 #1
Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8030

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.10.2011 19:07:28
mbam-log-2011-10-28 (19-07-28).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 257551
Tid gået: 41 minut(ter), 48 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
Avatar billede moffa Nybegynder
28. oktober 2011 - 19:26 #2
HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:57, on 28.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\ATK Hotkey\ASLDRSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programfiler\AVG\AVG10\avgtray.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programfiler\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programfiler\AVG\AVG10\avgwdsvc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\TomTom HOME 2\TomTomHOMEService.exe
C:\Programfiler\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programfiler\AVG\AVG10\avgcsrvx.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marlene\Skrivebord\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG10\avgssie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programfiler\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA5ADAANAA2ADAANwAwADIALQBGAFAAOQArADIALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programfiler\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-1844237615-1364589140-1417001333-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Programfiler\PokerStars.FR\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ladbrokes Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\LadbrokesMPP\MPPoker.exe (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283066100703
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Programfiler\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programfiler\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programfiler\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google-oppdatering-tjenesten (gupdatem) (gupdatem) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programfiler\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8584 bytes
Avatar billede teknik Juniormester
28. oktober 2011 - 19:53 #3
prøv engang at starte op i fejlsikret tilstand, med netværk, og se om du kan få lov at arbejde der?

Browser crash af denne type er ofte relateret til en beskadiget eller inkompatibel browser toolbar, men i to browsere så forekommer det ikek så sandsynligt.
Avatar billede teknik Juniormester
28. oktober 2011 - 20:02 #4
En anden mulighed er, vha. hijackthis, midlertidigt?)
at disable alle Linier med BHO (Browser Helper Objects)

De stå i de her linier
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG10\avgssie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
Avatar billede moffa Nybegynder
28. oktober 2011 - 20:10 #5
Når jeg gør det, så går det fint et par minutter, så åbnes der et nyt firefox vindue med 5 faneblade, hvor der står alt muligt med underlige tegn. Et af fanebladene viser dog: Indeks over file:///C:/Programfiler/modzilla Firefox
Avatar billede moffa Nybegynder
28. oktober 2011 - 20:19 #6
#4, nu har jeg hakket dem af, men hvordan disabler jeg dem?
Avatar billede teknik Juniormester
28. oktober 2011 - 20:54 #7
Jeg er desvære ikke hijackthis haj, har aldrig brugt det.
Men jeg mener at hele ideen med at man kan "sætte hak" er, at man på den måde midlertidigt kan disble funktionerne
og "udfør" kommandoen gives ved
fx. at klikke "ok" et sted nede for neden
Avatar billede moffa Nybegynder
28. oktober 2011 - 20:56 #8
Jeg kan vælge "Fix checked"
Avatar billede moffa Nybegynder
28. oktober 2011 - 21:00 #9
... og hvis jeg vælger den, spørger den om jeg vil permanent slette og/eller reparere
Avatar billede f-arn Guru
29. oktober 2011 - 07:47 #10
@ moffa
Jeg synes du skal vente på en, der faktisk ved hvordan HijackThis, DDS, OTL og lignende bruges!!!!
Avatar billede moffa Nybegynder
29. oktober 2011 - 09:13 #11
@f-arn
Det gør jeg, valgte også ikke at gå videre.
Avatar billede f-arn Guru
29. oktober 2011 - 10:01 #12
Ok - jeg vil gerne se logs fra DDS.

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af begge herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet.
Avatar billede moffa Nybegynder
29. oktober 2011 - 11:27 #13
Tak, det prøver jeg.

De to logs er her:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_29
Run by Marlene at 11:24:15 on 2011-10-29
Microsoft Windows XP Professional  5.1.2600.3.1252.47.1044.18.2047.1430 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programfiler\ATK Hotkey\ASLDRSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programfiler\AVG\AVG10\avgtray.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programfiler\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programfiler\AVG\AVG10\avgwdsvc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programfiler\TomTom HOME 2\TomTomHOMEService.exe
C:\Programfiler\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programfiler\avg\avg10\avgssie.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programfiler\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\programfiler\tomtom home 2\TomTomHOMERunner.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SMSERIAL] c:\programfiler\motorola\smserial\sm56hlpr.exe
mRun: [AVG_TRAY] c:\programfiler\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\programfiler\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programfiler\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\programfiler\fellesfiler\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\programfiler\fellesfiler\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA5ADAANAA2ADAANwAwADIALQBGAFAAOQArADIALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEA"&"prod=90"&"ver=9.0.894
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\programfiler\pokerstars\PokerStarsUpdate.exe
IE: {90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\programfiler\pokerstars.fr\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programfiler\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283066100703
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6EBDD9FE-ED8E-4C27-814A-4818869FDFF3} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programfiler\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programfiler\skype\toolbars\internet explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\marlene\programdata\mozilla\firefox\profiles\zih1z43a.default\
FF - plugin: c:\programfiler\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programfiler\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\programfiler\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programfiler\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\programfiler\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programfiler\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\programfiler\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\programfiler\tvuplayer\npTVUAx.dll
FF - plugin: c:\programfiler\veetle\player\npvlc.dll
FF - plugin: c:\programfiler\veetle\plugins\npVeetle.dll
FF - plugin: c:\programfiler\veetle\vlcbroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\programfiler\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\programfiler\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programfiler/PostgreSQL/8.4/data" -w --> C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\programfiler\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programfiler\google\update\GoogleUpdate.exe [2010-7-16 136176]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\programfiler\google\update\GoogleUpdate.exe [2010-7-16 136176]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2011-4-18 41984]
.
=============== Created Last 30 ================
.
2011-10-28 16:08:44    --------    d--h--r-    c:\documents and settings\marlene\Siste
2011-10-10 09:09:40    4550304    ----a-w-    c:\programfiler\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M  ====================
.
2011-10-03 03:06:03    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-10-03 00:37:52    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2011-08-31 15:00:50    22216    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500BEKT-00A25T0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D08EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8756f872; SUB DWORD [EBP-0x4], 0x8756f12e; PUSH EDI; CALL 0xffffffffffffdf33;  }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89D70AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000071[0x89DEA9E8]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DEAD98]
[0x89DE6B10] -> IRP_MJ_CREATE -> 0x89D08EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD2500BEKT-00A25T0__________________01.01A01#5&1e3acd75&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D08AEA
user & kernel MBR OK
sectors 488397166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:25:47,87 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 05.07.2010 12:57:19
System Uptime: 29.10.2011 11:21:50 (0 hours ago)
.
Motherboard: Packard Bell BV |  | EasyNote_MX65
Processor: Intel(R) Core(TM)2 CPU        T5200  @ 1.60GHz | CPU 1 | 1580/532mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 210,678 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP305: 31.07.2011 12:27:33 - Kontrollpunkt for system
RP306: 01.08.2011 16:07:15 - Kontrollpunkt for system
RP307: 02.08.2011 20:44:00 - Kontrollpunkt for system
RP308: 04.08.2011 17:06:59 - Kontrollpunkt for system
RP309: 05.08.2011 17:50:51 - Kontrollpunkt for system
RP310: 07.08.2011 12:34:35 - Kontrollpunkt for system
RP311: 08.08.2011 12:39:28 - Kontrollpunkt for system
RP312: 09.08.2011 16:14:13 - Kontrollpunkt for system
RP313: 09.08.2011 22:15:36 - Installed Camtasia Studio 7
RP314: 11.08.2011 17:31:10 - Kontrollpunkt for system
RP315: 13.08.2011 10:59:33 - Kontrollpunkt for system
RP316: 14.08.2011 11:48:50 - Kontrollpunkt for system
RP317: 15.08.2011 16:44:43 - Kontrollpunkt for system
RP318: 17.08.2011 18:45:33 - Kontrollpunkt for system
RP319: 18.08.2011 19:12:32 - Kontrollpunkt for system
RP320: 20.08.2011 08:08:29 - Kontrollpunkt for system
RP321: 21.08.2011 16:56:58 - Kontrollpunkt for system
RP322: 22.08.2011 18:28:54 - Kontrollpunkt for system
RP323: 25.08.2011 18:06:50 - Kontrollpunkt for system
RP324: 26.08.2011 18:11:19 - Kontrollpunkt for system
RP325: 27.08.2011 19:56:00 - Kontrollpunkt for system
RP326: 29.08.2011 18:11:49 - Kontrollpunkt for system
RP327: 30.08.2011 20:11:14 - Kontrollpunkt for system
RP328: 01.09.2011 18:20:13 - Kontrollpunkt for system
RP329: 02.09.2011 18:31:37 - Kontrollpunkt for system
RP330: 03.09.2011 19:49:09 - Kontrollpunkt for system
RP331: 08.09.2011 19:59:40 - Kontrollpunkt for system
RP332: 09.09.2011 20:07:40 - Kontrollpunkt for system
RP333: 10.09.2011 20:24:52 - Kontrollpunkt for system
RP334: 12.09.2011 08:34:08 - Kontrollpunkt for system
RP335: 12.09.2011 10:10:28 - Removed Camtasia Studio 7
RP336: 12.09.2011 16:03:20 - Installed Camtasia Studio 7
RP337: 18.09.2011 21:17:41 - Kontrollpunkt for system
RP338: 21.09.2011 18:28:39 - Kontrollpunkt for system
RP339: 23.09.2011 17:53:29 - Kontrollpunkt for system
RP340: 24.09.2011 18:45:42 - Kontrollpunkt for system
RP341: 25.09.2011 18:54:33 - Kontrollpunkt for system
RP342: 26.09.2011 19:05:38 - Kontrollpunkt for system
RP343: 28.09.2011 19:09:44 - Kontrollpunkt for system
RP344: 29.09.2011 19:44:59 - Kontrollpunkt for system
RP345: 30.09.2011 20:28:21 - Kontrollpunkt for system
RP346: 01.10.2011 20:35:26 - Kontrollpunkt for system
RP347: 02.10.2011 20:50:01 - Kontrollpunkt for system
RP348: 04.10.2011 19:40:33 - Kontrollpunkt for system
RP349: 05.10.2011 20:28:09 - Kontrollpunkt for system
RP350: 07.10.2011 20:24:20 - Kontrollpunkt for system
RP351: 09.10.2011 17:12:58 - Kontrollpunkt for system
RP352: 10.10.2011 17:39:40 - Kontrollpunkt for system
RP353: 11.10.2011 18:39:40 - Kontrollpunkt for system
RP354: 12.10.2011 20:02:47 - Kontrollpunkt for system
RP355: 13.10.2011 20:59:02 - Kontrollpunkt for system
RP356: 15.10.2011 11:53:13 - Kontrollpunkt for system
RP357: 16.10.2011 12:54:47 - Kontrollpunkt for system
RP358: 17.10.2011 18:11:07 - Kontrollpunkt for system
RP359: 18.10.2011 20:13:59 - Kontrollpunkt for system
RP360: 21.10.2011 19:59:47 - Installed Java(TM) 6 Update 29
RP361: 23.10.2011 01:38:56 - Kontrollpunkt for system
RP362: 25.10.2011 19:26:51 - Kontrollpunkt for system
RP363: 27.10.2011 23:57:30 - Kontrollpunkt for system
RP364: 28.10.2011 18:07:30 - Gjenopprettingsoperasjon
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1) - Dansk
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATK Hotkey
AVG 2011
Betfair Poker
Bonjour
Camtasia Studio 7
CarbonPoker
CCleaner
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
Download Updater (AOL LLC)
DVDFab 8.0.0.5 (25/08/2010)
Full Tilt Poker
Google Earth
Google Update Helper
High Pulse
HijackThis 2.0.2
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hurtigreparasjon for Windows XP (KB952287)
Hurtigreparasjon for Windows XP (KB981793)
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Labbe Langøre 1-2
Ladbrokes Poker
Malwarebytes' Anti-Malware version 1.51.2.1300
Mermaid Poker
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NOR
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NOR
Microsoft .NET Framework 3.5 Language Pack SP1 - nor
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Motorola SM56 Data Fax Modem
Mozilla Firefox 7.0.1 (x86 da)
MSVCRT
NoProPoker
NVIDIA Drivers
NVIDIA PhysX
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB951978)
Oppdatering for Windows XP (KB955759)
Oppdatering for Windows XP (KB967715)
Oppdatering for Windows XP (KB968389)
Oppdatering for Windows XP (KB973687)
Oppdatering for Windows XP (KB973815)
Overførselsværktøj til Windows Live
ParadisePoker
PartyPoker
PokerStars
PokerStars.fr
PostgreSQL 8.4
Power4Gear eXtreme
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
RedKings Poker
Segoe UI
Sikkerhetsoppdatering for Windows Media Player (KB952069)
Sikkerhetsoppdatering for Windows Media Player (KB954155)
Sikkerhetsoppdatering for Windows Media Player (KB978695)
Sikkerhetsoppdatering for Windows Media Player (KB979402)
Sikkerhetsoppdatering for Windows XP (KB923561)
Sikkerhetsoppdatering for Windows XP (KB923789)
Sikkerhetsoppdatering for Windows XP (KB946648)
Sikkerhetsoppdatering for Windows XP (KB950760)
Sikkerhetsoppdatering for Windows XP (KB950762)
Sikkerhetsoppdatering for Windows XP (KB950974)
Sikkerhetsoppdatering for Windows XP (KB951376-v2)
Sikkerhetsoppdatering for Windows XP (KB951748)
Sikkerhetsoppdatering for Windows XP (KB952004)
Sikkerhetsoppdatering for Windows XP (KB952954)
Sikkerhetsoppdatering for Windows XP (KB954459)
Sikkerhetsoppdatering for Windows XP (KB955069)
Sikkerhetsoppdatering for Windows XP (KB956744)
Sikkerhetsoppdatering for Windows XP (KB956802)
Sikkerhetsoppdatering for Windows XP (KB956803)
Sikkerhetsoppdatering for Windows XP (KB956844)
Sikkerhetsoppdatering for Windows XP (KB958644)
Sikkerhetsoppdatering for Windows XP (KB958869)
Sikkerhetsoppdatering for Windows XP (KB959426)
Sikkerhetsoppdatering for Windows XP (KB960225)
Sikkerhetsoppdatering for Windows XP (KB960803)
Sikkerhetsoppdatering for Windows XP (KB961501)
Sikkerhetsoppdatering for Windows XP (KB969059)
Sikkerhetsoppdatering for Windows XP (KB970238)
Sikkerhetsoppdatering for Windows XP (KB971468)
Sikkerhetsoppdatering for Windows XP (KB971657)
Sikkerhetsoppdatering for Windows XP (KB972270)
Sikkerhetsoppdatering for Windows XP (KB973507)
Sikkerhetsoppdatering for Windows XP (KB973869)
Sikkerhetsoppdatering for Windows XP (KB973904)
Sikkerhetsoppdatering for Windows XP (KB974112)
Sikkerhetsoppdatering for Windows XP (KB974318)
Sikkerhetsoppdatering for Windows XP (KB974392)
Sikkerhetsoppdatering for Windows XP (KB974571)
Sikkerhetsoppdatering for Windows XP (KB975025)
Sikkerhetsoppdatering for Windows XP (KB975467)
Sikkerhetsoppdatering for Windows XP (KB975561)
Sikkerhetsoppdatering for Windows XP (KB975562)
Sikkerhetsoppdatering for Windows XP (KB975713)
Sikkerhetsoppdatering for Windows XP (KB977816)
Sikkerhetsoppdatering for Windows XP (KB977914)
Sikkerhetsoppdatering for Windows XP (KB978037)
Sikkerhetsoppdatering for Windows XP (KB978338)
Sikkerhetsoppdatering for Windows XP (KB978601)
Sikkerhetsoppdatering for Windows XP (KB978706)
Sikkerhetsoppdatering for Windows XP (KB979309)
Sikkerhetsoppdatering for Windows XP (KB979482)
Sikkerhetsoppdatering for Windows XP (KB979559)
Sikkerhetsoppdatering for Windows XP (KB979683)
Sikkerhetsoppdatering for Windows XP (KB980195)
Sikkerhetsoppdatering for Windows XP (KB980218)
Sikkerhetsoppdatering for Windows XP (KB980232)
Skype Click to Call
Skype™ 5.5
SopCast 3.2.9
Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR
StreamTorrent 1.0
System Requirements Lab CYRI
Tilmeldingsassistent til Windows Live
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
TournamentParser
TVUPlayer 2.5.3.1
Universal Replayer
USB2.0 350K WebCam
Veetle TV
VLC media player 1.1.4
WebFldrs XP
Windows Driver Package - AnalogDevices (ADIHdAudAddService) MEDIA  (11/10/2006 6.10.01.6030)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
WinZip 15.5
XML Paper Specification Shared Components Language Pack 1.0
.
==== End Of File ===========================
Avatar billede f-arn Guru
29. oktober 2011 - 12:19 #14
Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Kør TDSSKiller.exe -> Klik på "Start Scan"

Hvis en inficeret fil bliver fundet, vil "Default action" være Cure, klik på Continue
Hvis en mistænkelig fil opdages, vil "Default action" være Skip, klik på Continue
Hvis den ikke spørger om "Reboot" (genstart) så klik på "Report", kopier den tekst herind i tråden.

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.
Avatar billede moffa Nybegynder
29. oktober 2011 - 12:46 #15
Hvis det har nogen betydning, så skulle jeg genstarte...

12:38:26.0500 3112    TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
12:38:27.0375 3112    ============================================================
12:38:27.0375 3112    Current date / time: 2011/10/29 12:38:27.0375
12:38:27.0375 3112    SystemInfo:
12:38:27.0375 3112   
12:38:27.0375 3112    OS Version: 5.1.2600 ServicePack: 3.0
12:38:27.0375 3112    Product type: Workstation
12:38:27.0375 3112    ComputerName: MARLENE-4F7D3B9
12:38:27.0375 3112    UserName: Marlene
12:38:27.0375 3112    Windows directory: C:\WINDOWS
12:38:27.0375 3112    System windows directory: C:\WINDOWS
12:38:27.0375 3112    Processor architecture: Intel x86
12:38:27.0375 3112    Number of processors: 2
12:38:27.0375 3112    Page size: 0x1000
12:38:27.0375 3112    Boot type: Normal boot
12:38:27.0375 3112    ============================================================
12:38:29.0437 3112    Initialize success
12:38:37.0812 0300    ============================================================
12:38:37.0812 0300    Scan started
12:38:37.0812 0300    Mode: Manual;
12:38:37.0812 0300    ============================================================
12:38:41.0671 0300    Abiosdsk - ok
12:38:41.0671 0300    abp480n5 - ok
12:38:41.0734 0300    ACPI            (7e3b0f07b0dcb6155fd4eaf4047f0c72) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:38:41.0750 0300    ACPI - ok
12:38:41.0781 0300    ACPIEC          (eab54ea21ab7ea92fb9975c02779080b) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:38:41.0781 0300    ACPIEC - ok
12:38:41.0859 0300    ADIHdAudAddService (8c5bc02856dcae3b46388e007f33bfba) C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:38:41.0875 0300    ADIHdAudAddService - ok
12:38:41.0890 0300    adpu160m - ok
12:38:41.0937 0300    aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:38:41.0953 0300    aec - ok
12:38:42.0000 0300    AFD            (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
12:38:42.0015 0300    AFD - ok
12:38:42.0203 0300    Aha154x - ok
12:38:42.0218 0300    aic78u2 - ok
12:38:42.0234 0300    aic78xx - ok
12:38:42.0265 0300    AliIde - ok
12:38:42.0281 0300    amsint - ok
12:38:42.0328 0300    Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:38:42.0359 0300    Arp1394 - ok
12:38:42.0359 0300    asc - ok
12:38:42.0390 0300    asc3350p - ok
12:38:42.0390 0300    asc3550 - ok
12:38:42.0515 0300    AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:38:42.0531 0300    AsyncMac - ok
12:38:42.0562 0300    atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:38:42.0562 0300    atapi - ok
12:38:42.0578 0300    Atdisk - ok
12:38:42.0609 0300    Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:38:42.0625 0300    Atmarpc - ok
12:38:42.0703 0300    audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:38:42.0703 0300    audstub - ok
12:38:42.0781 0300    AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:38:42.0812 0300    AVGIDSDriver - ok
12:38:43.0062 0300    AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:38:43.0062 0300    AVGIDSEH - ok
12:38:43.0437 0300    AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:38:43.0453 0300    AVGIDSFilter - ok
12:38:43.0515 0300    AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:38:43.0781 0300    AVGIDSShim - ok
12:38:43.0812 0300    Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:38:43.0843 0300    Avgldx86 - ok
12:38:43.0859 0300    Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:38:43.0875 0300    Avgmfx86 - ok
12:38:43.0890 0300    Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:38:43.0890 0300    Avgrkx86 - ok
12:38:43.0937 0300    Avgtdix        (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:38:44.0125 0300    Avgtdix - ok
12:38:44.0171 0300    Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:38:44.0187 0300    Beep - ok
12:38:44.0281 0300    Cam5603D        (7621340d31fb049a1257a9840c537c47) C:\WINDOWS\system32\Drivers\BisonCam.sys
12:38:44.0312 0300    Cam5603D - ok
12:38:44.0359 0300    cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:38:44.0375 0300    cbidf2k - ok
12:38:44.0390 0300    CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:38:44.0406 0300    CCDECODE - ok
12:38:44.0406 0300    cd20xrnt - ok
12:38:44.0437 0300    Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:38:44.0453 0300    Cdaudio - ok
12:38:44.0468 0300    Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:38:44.0468 0300    Cdfs - ok
12:38:44.0531 0300    Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:38:44.0546 0300    Cdrom - ok
12:38:44.0546 0300    Changer - ok
12:38:44.0609 0300    CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:38:44.0625 0300    CmBatt - ok
12:38:44.0640 0300    CmdIde - ok
12:38:44.0640 0300    Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:38:44.0640 0300    Compbatt - ok
12:38:44.0671 0300    Cpqarray - ok
12:38:44.0687 0300    dac2w2k - ok
12:38:44.0687 0300    dac960nt - ok
12:38:44.0734 0300    Disk            (a416f2922cb9fe44b65037a8971b4cf6) C:\WINDOWS\system32\DRIVERS\disk.sys
12:38:44.0734 0300    Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: a416f2922cb9fe44b65037a8971b4cf6, Fake md5: 044452051f3e02e7963599fc8f4f3e25
12:38:44.0734 0300    Disk ( Rootkit.Win32.TDSS.tdl3 ) - infected
12:38:44.0734 0300    Disk - detected Rootkit.Win32.TDSS.tdl3 (0)
12:38:44.0875 0300    dmboot          (f1f9e49b764c96902eccabef144e7cc7) C:\WINDOWS\system32\drivers\dmboot.sys
12:38:44.0968 0300    dmboot - ok
12:38:45.0015 0300    dmio            (12ca201c2b40d8a8b1687164e2dd1d9a) C:\WINDOWS\system32\drivers\dmio.sys
12:38:45.0015 0300    dmio - ok
12:38:45.0796 0300    dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:38:45.0796 0300    dmload - ok
12:38:46.0375 0300    DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:38:46.0390 0300    DMusic - ok
12:38:46.0437 0300    dpti2o - ok
12:38:46.0453 0300    drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:38:46.0453 0300    drmkaud - ok
12:38:46.0546 0300    Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:38:46.0546 0300    Fastfat - ok
12:38:46.0625 0300    Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:38:46.0640 0300    Fdc - ok
12:38:47.0000 0300    Fips            (a3d6ef42350586396d613081e20d750c) C:\WINDOWS\system32\drivers\Fips.sys
12:38:47.0015 0300    Fips - ok
12:38:47.0046 0300    Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:38:47.0062 0300    Flpydisk - ok
12:38:47.0125 0300    FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:38:47.0125 0300    FltMgr - ok
12:38:47.0140 0300    Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:38:47.0171 0300    Fs_Rec - ok
12:38:47.0187 0300    Ftdisk          (f49589d9b1b3229eb3e761e569b20aca) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:38:47.0203 0300    Ftdisk - ok
12:38:47.0265 0300    GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:38:47.0281 0300    GEARAspiWDM - ok
12:38:47.0281 0300    Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:38:47.0296 0300    Gpc - ok
12:38:47.0625 0300    HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:38:47.0640 0300    HDAudBus - ok
12:38:47.0734 0300    HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:38:47.0750 0300    HidUsb - ok
12:38:47.0796 0300    hpn - ok
12:38:48.0296 0300    HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
12:38:48.0468 0300    HTTP - ok
12:38:49.0687 0300    i2omgmt - ok
12:38:49.0718 0300    i2omp - ok
12:38:50.0531 0300    i8042prt        (07d2c69bf1230998553ea5fc62e4da9d) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:38:50.0562 0300    i8042prt - ok
12:38:50.0625 0300    Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:38:50.0640 0300    Imapi - ok
12:38:50.0671 0300    ini910u - ok
12:38:50.0750 0300    IntelIde - ok
12:38:51.0359 0300    intelppm        (694e25efdc04bfc2803b718cd01b71ad) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:38:51.0390 0300    intelppm - ok
12:38:52.0375 0300    Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:38:52.0375 0300    Ip6Fw - ok
12:38:52.0468 0300    IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:38:52.0468 0300    IpFilterDriver - ok
12:38:52.0484 0300    IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:38:52.0500 0300    IpInIp - ok
12:38:52.0531 0300    IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:38:52.0562 0300    IpNat - ok
12:38:52.0625 0300    IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:38:52.0640 0300    IPSec - ok
12:38:52.0718 0300    IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:38:52.0734 0300    IRENUM - ok
12:38:53.0125 0300    isapnp          (165255b09753cd0900287c6722b53e8a) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:38:53.0125 0300    isapnp - ok
12:38:53.0515 0300    Kbdclass        (403a9d3c56617c49efcb5f2897f500d7) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:38:53.0546 0300    Kbdclass - ok
12:38:53.0640 0300    kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:38:53.0671 0300    kmixer - ok
12:38:54.0312 0300    KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:38:54.0328 0300    KSecDD - ok
12:38:54.0656 0300    lbrtfdc - ok
12:38:54.0781 0300    mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:38:54.0796 0300    mnmdd - ok
12:38:55.0140 0300    Modem          (efc09980c68be2dd0bc3076aaa567d67) C:\WINDOWS\system32\drivers\Modem.sys
12:38:55.0187 0300    Modem - ok
12:38:55.0718 0300    Mouclass        (f54de35966bd4f6d7d751642ded032db) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:38:55.0812 0300    Mouclass - ok
12:38:55.0890 0300    mouhid          (2c8ace099162a015d464c9a427148651) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:38:55.0906 0300    mouhid - ok
12:38:56.0031 0300    MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:38:56.0031 0300    MountMgr - ok
12:38:56.0046 0300    mraid35x - ok
12:38:56.0078 0300    MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:38:56.0078 0300    MRxDAV - ok
12:38:56.0171 0300    MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:38:56.0203 0300    MRxSmb - ok
12:38:56.0328 0300    Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:38:56.0328 0300    Msfs - ok
12:38:56.0625 0300    MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:38:56.0640 0300    MSKSSRV - ok
12:38:56.0718 0300    MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:38:56.0765 0300    MSPCLOCK - ok
12:38:57.0203 0300    MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:38:57.0234 0300    MSPQM - ok
12:38:57.0625 0300    mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:38:57.0796 0300    mssmbios - ok
12:38:57.0859 0300    MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:38:57.0875 0300    MSTEE - ok
12:38:58.0265 0300    MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
12:38:58.0562 0300    MTsensor - ok
12:38:58.0953 0300    Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
12:38:59.0015 0300    Mup - ok
12:38:59.0250 0300    NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:38:59.0562 0300    NABTSFEC - ok
12:38:59.0687 0300    NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:38:59.0703 0300    NDIS - ok
12:38:59.0796 0300    NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:38:59.0828 0300    NdisIP - ok
12:38:59.0875 0300    NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:38:59.0906 0300    NdisTapi - ok
12:38:59.0968 0300    Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:38:59.0968 0300    Ndisuio - ok
12:39:00.0000 0300    NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:39:00.0031 0300    NdisWan - ok
12:39:00.0125 0300    NDProxy        (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
12:39:00.0140 0300    NDProxy - ok
12:39:00.0203 0300    NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:39:00.0203 0300    NetBIOS - ok
12:39:00.0296 0300    NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:39:00.0328 0300    NetBT - ok
12:39:00.0671 0300    NETw5x32        (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
12:39:00.0937 0300    NETw5x32 - ok
12:39:01.0281 0300    NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:39:01.0328 0300    NIC1394 - ok
12:39:01.0421 0300    Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:39:01.0421 0300    Npfs - ok
12:39:01.0812 0300    Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:39:01.0828 0300    Ntfs - ok
12:39:02.0000 0300    Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:39:02.0015 0300    Null - ok
12:39:02.0312 0300    nv              (d42fb8615e810901779294f5627364fe) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:39:02.0781 0300    nv - ok
12:39:02.0859 0300    NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:39:02.0875 0300    NwlnkFlt - ok
12:39:02.0921 0300    NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:39:02.0937 0300    NwlnkFwd - ok
12:39:03.0031 0300    ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:39:03.0046 0300    ohci1394 - ok
12:39:03.0156 0300    Parport        (1aa2e7c0f517b16c6d53093f6ef4d707) C:\WINDOWS\system32\drivers\Parport.sys
12:39:03.0218 0300    Parport - ok
12:39:03.0234 0300    PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:39:03.0234 0300    PartMgr - ok
12:39:03.0312 0300    ParVdm          (12297b25ccc4d89d9d2e794a8fd6ee3d) C:\WINDOWS\system32\drivers\ParVdm.sys
12:39:03.0328 0300    ParVdm - ok
12:39:03.0375 0300    PCI            (5af0a66bbbbb8d44a308141f529ea5e0) C:\WINDOWS\system32\DRIVERS\pci.sys
12:39:03.0375 0300    PCI - ok
12:39:03.0390 0300    PCIDump - ok
12:39:03.0406 0300    PCIIde          (c9ef84891a111f6f5ebb758a29252e54) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:39:03.0406 0300    PCIIde - ok
12:39:03.0453 0300    Pcmcia          (339b6da5d9e01e04f39a5e93612d5c5a) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:39:03.0468 0300    Pcmcia - ok
12:39:03.0500 0300    pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
12:39:03.0531 0300    pcouffin - ok
12:39:03.0562 0300    PDCOMP - ok
12:39:03.0578 0300    PDFRAME - ok
12:39:03.0593 0300    PDRELI - ok
12:39:03.0593 0300    PDRFRAME - ok
12:39:03.0640 0300    perc2 - ok
12:39:03.0656 0300    perc2hib - ok
12:39:03.0718 0300    PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:39:03.0765 0300    PptpMiniport - ok
12:39:03.0812 0300    PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:39:03.0843 0300    PSched - ok
12:39:03.0937 0300    Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:39:03.0953 0300    Ptilink - ok
12:39:03.0968 0300    ql1080 - ok
12:39:03.0984 0300    Ql10wnt - ok
12:39:04.0015 0300    ql12160 - ok
12:39:04.0031 0300    ql1240 - ok
12:39:04.0031 0300    ql1280 - ok
12:39:04.0062 0300    RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:39:04.0078 0300    RasAcd - ok
12:39:04.0156 0300    Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:39:04.0187 0300    Rasl2tp - ok
12:39:04.0250 0300    RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:39:04.0281 0300    RasPppoe - ok
12:39:04.0296 0300    Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:39:04.0312 0300    Raspti - ok
12:39:04.0359 0300    Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:39:04.0359 0300    Rdbss - ok
12:39:04.0375 0300    RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:39:04.0390 0300    RDPCDD - ok
12:39:04.0484 0300    rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:39:04.0515 0300    rdpdr - ok
12:39:04.0562 0300    RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
12:39:04.0609 0300    RDPWD - ok
12:39:04.0687 0300    redbook        (99c7d4742be0415d084126ec3462b454) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:39:04.0703 0300    redbook - ok
12:39:04.0812 0300    rimmptsk        (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:39:04.0843 0300    rimmptsk - ok
12:39:04.0859 0300    rimsptsk        (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:39:04.0890 0300    rimsptsk - ok
12:39:04.0921 0300    rismxdp        (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:39:04.0953 0300    rismxdp - ok
12:39:04.0984 0300    RTL8023xp      (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:39:05.0031 0300    RTL8023xp - ok
12:39:05.0250 0300    rtl8139        (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:39:05.0250 0300    rtl8139 - ok
12:39:05.0312 0300    sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:39:05.0312 0300    sdbus - ok
12:39:05.0406 0300    Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:39:05.0406 0300    Secdrv - ok
12:39:05.0421 0300    Serial          (d579fab95d55a3459547d3ef116821d7) C:\WINDOWS\system32\drivers\Serial.sys
12:39:05.0437 0300    Serial - ok
12:39:05.0484 0300    Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:39:05.0500 0300    Sfloppy - ok
12:39:05.0562 0300    Simbad - ok
12:39:05.0593 0300    SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:39:05.0609 0300    SLIP - ok
12:39:05.0671 0300    smserial        (491017919ccb78509e227899d89fe0bc) C:\WINDOWS\system32\DRIVERS\smserial.sys
12:39:05.0765 0300    smserial - ok
12:39:05.0781 0300    Sparrow - ok
12:39:05.0843 0300    splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:39:05.0843 0300    splitter - ok
12:39:05.0906 0300    sr              (a10a8fffbc556480027fb5aadae4fe1a) C:\WINDOWS\system32\DRIVERS\sr.sys
12:39:05.0906 0300    sr - ok
12:39:05.0953 0300    Srv            (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
12:39:05.0968 0300    Srv - ok
12:39:05.0984 0300    streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:39:06.0000 0300    streamip - ok
12:39:06.0046 0300    swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:39:06.0062 0300    swenum - ok
12:39:06.0093 0300    swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:39:06.0109 0300    swmidi - ok
12:39:06.0125 0300    symc810 - ok
12:39:06.0140 0300    symc8xx - ok
12:39:06.0156 0300    sym_hi - ok
12:39:06.0187 0300    sym_u3 - ok
12:39:06.0203 0300    sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:39:06.0218 0300    sysaudio - ok
12:39:06.0437 0300    Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:39:06.0484 0300    Tcpip - ok
12:39:06.0609 0300    TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:39:06.0781 0300    TDPIPE - ok
12:39:06.0968 0300    TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:39:07.0093 0300    TDTCP - ok
12:39:07.0187 0300    TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:39:07.0203 0300    TermDD - ok
12:39:07.0250 0300    TosIde - ok
12:39:07.0296 0300    Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:39:07.0328 0300    Udfs - ok
12:39:07.0343 0300    ultra - ok
12:39:07.0390 0300    Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:39:07.0531 0300    Update - ok
12:39:07.0640 0300    USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:39:07.0656 0300    USBAAPL - ok
12:39:07.0718 0300    usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:39:07.0718 0300    usbehci - ok
12:39:07.0796 0300    usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:39:07.0812 0300    usbhub - ok
12:39:07.0843 0300    usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:39:07.0843 0300    usbstor - ok
12:39:07.0890 0300    usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:39:07.0906 0300    usbuhci - ok
12:39:07.0921 0300    VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:39:07.0953 0300    VgaSave - ok
12:39:07.0984 0300    ViaIde - ok
12:39:08.0031 0300    VolSnap        (9d61102f5bacd5a26fcaa0de95e5909e) C:\WINDOWS\system32\drivers\VolSnap.sys
12:39:08.0031 0300    VolSnap - ok
12:39:08.0109 0300    Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:39:08.0125 0300    Wanarp - ok
12:39:08.0156 0300    WDICA - ok
12:39:08.0203 0300    wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:39:08.0218 0300    wdmaud - ok
12:39:08.0359 0300    WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:39:08.0390 0300    WSTCODEC - ok
12:39:08.0500 0300    MBR (0x1B8)    (ad99111085a864d39cdff4d3a646e97b) \Device\Harddisk0\DR0
12:39:09.0109 0300    \Device\Harddisk0\DR0 - ok
12:39:09.0125 0300    MBR (0x1B8)    (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR6
12:39:19.0000 0300    \Device\Harddisk1\DR6 - ok
12:39:19.0000 0300    Boot (0x1200)  (acf7db289c4e958e6f800d918bbeb08e) \Device\Harddisk0\DR0\Partition0
12:39:19.0000 0300    \Device\Harddisk0\DR0\Partition0 - ok
12:39:19.0000 0300    Boot (0x1200)  (b49f4fbd9b6f0814aff76014345045c0) \Device\Harddisk1\DR6\Partition0
12:39:19.0015 0300    \Device\Harddisk1\DR6\Partition0 - ok
12:39:19.0015 0300    ============================================================
12:39:19.0015 0300    Scan finished
12:39:19.0015 0300    ============================================================
12:39:19.0046 2268    Detected object count: 1
12:39:19.0046 2268    Actual detected object count: 1
12:39:40.0421 2268    Backup copy found, using it..
12:39:40.0437 2268    C:\WINDOWS\system32\DRIVERS\disk.sys - will be cured on reboot
12:39:40.0437 2268    Disk ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
12:41:10.0000 3476    Deinitialize success
Avatar billede f-arn Guru
29. oktober 2011 - 12:56 #16
Hvis det har nogen betydning, så skulle jeg genstarte...

Det regnede jeg også med *S'

------

Hent og gem ComboFix på dit skrivebord.

Kør så ComboFix.exe og følg anvisningerne.

Vigtigt--> Da ComboFix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her:  C:\ComboFix.txt
Avatar billede moffa Nybegynder
29. oktober 2011 - 13:10 #17
Undskyld mit noob spm, hvordan deaktiverer jeg AVG? Synes ikke jeg kan finde featuren... :(
Avatar billede moffa Nybegynder
29. oktober 2011 - 13:11 #18
Nvm, jeg fandt det....
Avatar billede moffa Nybegynder
29. oktober 2011 - 13:24 #19
Selvom jeg har Disable mit AVG, kommer den alligevel frem og siger den har fundet noget snavs, jeg har valgt at ignorere disse, var det korrekt?
Avatar billede moffa Nybegynder
29. oktober 2011 - 13:36 #20
Med #19 i mente, er her resultatet af sidste test

ComboFix 11-10-29.03 - Marlene 29.10.2011  13:15:53.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.47.1044.18.2047.1433 [GMT 2:00]
Kjører fra: c:\documents and settings\Marlene\Skrivebord\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((  Andre slettinger  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marlene\Programdata\inst.exe
c:\windows\system32\d3d9caps.dat
.
.
(((((((((((((((((((((((((((  Filer Opprettet Fra 2011-09-28 til 2011-10-29  )))))))))))))))))))))))))))))))))
.
.
2011-10-29 10:38 . 2011-10-29 10:38    --------    d-----w-    c:\documents and settings\Marlene\Programdata\AVG2012
2011-10-29 10:37 . 2011-10-29 10:48    --------    d-----w-    c:\documents and settings\All Users\Programdata\AVG2012
2011-10-28 16:08 . 2011-10-29 10:45    --------    d--h--r-    c:\documents and settings\Marlene\Siste
2011-10-21 18:00 . 2011-10-21 18:00    --------    d-----w-    c:\programfiler\Fellesfiler\Java
2011-10-10 09:09 . 2011-10-10 09:09    4550304    ----a-w-    c:\programfiler\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-29 10:42 . 2008-04-15 12:00    36352    ----a-w-    c:\windows\system32\drivers\disk.sys
2011-10-03 03:06 . 2010-08-29 07:36    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2010-08-29 07:36    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2011-09-13 04:30 . 2010-09-07 02:48    32592    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2011-08-31 15:00 . 2010-08-03 17:03    22216    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-08-08 04:08 . 2010-09-07 02:48    40016    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2011-09-29 07:07 . 2011-05-05 20:37    134104    ----a-w-    c:\programfiler\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((  Oppstartspunkter I Registeret  )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 573440]
"AVG_TRAY"="c:\programfiler\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMwA5ADAANAA2ADAANwAwADIALQBGAFAAOQArADIALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Programfiler\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programfiler\\AIM\\aim.exe"=
"c:\\Programfiler\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programfiler\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programfiler\\SopCast\\SopCast.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"c:\\Programfiler\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Programfiler\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Programfiler\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Programfiler\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 04:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08.12.2010 05:12 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 14:19 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\programfiler\AVG\AVG2012\AVGIDSAgent.exe [12.09.2011 06:23 5265248]
R2 avgwd;AVG WatchDog;c:\programfiler\AVG\AVG2012\avgwdsvc.exe [02.08.2011 06:09 192776]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programfiler/PostgreSQL/8.4/data" -w --> C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\programfiler\TomTom HOME 2\TomTomHOMEService.exe [09.03.2011 14:30 92592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03.08.2010 16:23 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03.08.2010 16:23 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03.08.2010 16:23 16720]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [26.09.2010 11:37 47360]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [16.07.2010 19:45 136176]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\programfiler\Google\Update\GoogleUpdate.exe [16.07.2010 19:45 136176]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18.04.2011 20:57 41984]
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - 07864267
*Deregistered* - 07864267
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-07-16 17:45]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-07-16 17:45]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\programfiler\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Marlene\Programdata\Mozilla\Firefox\Profiles\zih1z43a.default\
.
- - - - TOMME PEKERE FJERNET - - - -
.
SafeBoot-07864267.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-29 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skanner skjulte prosesser ... 
.
skanner skjulte autostart-oppføringer ...
.
skanner skjulte filer ... 
.
skanning vellykket
skjulte filer: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programfiler/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programfiler/PostgreSQL/8.4/data\" -w"
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
Tidspunkt ferdig: 2011-10-29  13:23:58
ComboFix-quarantined-files.txt  2011-10-29 11:23
.
Pre-Run: 225 808 388 096 byte ledig
Post-Run: 229 365 506 048 byte ledig
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9E57EEC6FD5781A1E4AEC41C63B834D8
Avatar billede f-arn Guru
30. oktober 2011 - 06:57 #21
Prøv at køre GMER efter denne vejledning.
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=208&title=gmer-vejledning

Husk at kære DeFogger først!

Læg mærke til:

Hvis du bliver advaret om rootkit aktivitet og GMER spørger om du vil køre en fuld scanning, så svar "NO"

PS Da dine sikkerhedsprogammer kan konflikte med GMER er det vigtigt at du deaktiverer dem.
Avatar billede moffa Nybegynder
30. oktober 2011 - 09:12 #22
Hentet GMER, og klar.. Men hvad er DeFogger?
Avatar billede moffa Nybegynder
30. oktober 2011 - 09:22 #23
Ahh det ville være rart hvis man kunne slette indlæd, så man kunne slette sin uduelighed. Fandt nemlig vejledning i anden tråd. - Fulgte den, dog genstartede PC ikke, er det et problem?
Avatar billede moffa Nybegynder
30. oktober 2011 - 12:12 #24
ok, jeg prøver at genstarte manuelt. Og så kører jeg programmet her efter
Avatar billede f-arn Guru
30. oktober 2011 - 12:15 #25
Hvis du har kørt DeFogger, så bare kør GMER

Læg mærke til:

Hvis du bliver advaret om rootkit aktivitet og GMER spørger om du vil køre en fuld scanning, så svar "NO"

PS Da dine sikkerhedsprogammer kan konflikte med GMER er det vigtigt at du deaktiverer dem.
Avatar billede moffa Nybegynder
30. oktober 2011 - 12:20 #26
Tak for svar. Jeg er i gang med GMER nu
Avatar billede moffa Nybegynder
30. oktober 2011 - 13:46 #27
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-30 13:44:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BEKT-00A25T0 rev.01.01A01
Running: 460ty5pp.exe; Driver: C:\DOCUME~1\Marlene\LOKALE~1\Temp\fwndqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xB3482F3C]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xB3482FE4]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xB3483080]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xB348311C]

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                    section is writeable [0xB6FF9360, 0x33AACD, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                    fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                    AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----
Avatar billede f-arn Guru
30. oktober 2011 - 16:41 #28
Hent http://download.sysinternals.com/Files/Junction.zip
Pak den ud, og flyt Junction.exe til C:\Windows.

Klik Start -> Kør og kopier dette ind.
cmd /c junction -s c:\ >log.txt&log.txt

Klik OK.

Efter lidt tid vil der åbnes en log.
Kopier den herind.
Avatar billede moffa Nybegynder
30. oktober 2011 - 16:54 #29
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: Prosessen får ikke tilgang til filen fordi den brukes av en annen prosess.


...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   

Failed to open \\?\c:\\Qoobox\BackEnv: Ingen tilgang.


...
   
...
   
...
   
...
   
...
   
...
   
...
   
\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
  Print Name    : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
  Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
  Print Name    : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
  Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
Avatar billede f-arn Guru
31. oktober 2011 - 10:30 #30
Kør defogger først.

Hent Rootkit Unhooker og gem den på skrivebordet.

http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE

Start den. Klik på report, klik så på scan.
Lad fluebenet stå i Drivers og Stealth. Fjern de andre.
Klik OK
( Hvis den kommer med denne advarsel "Rootkit Unhooker has detected a parasite inside itself!" ignorer den)
Når den er færdig, klik File -> Save Report
Gem den på Skrivebordet og kopier den herind.

Husk at deaktivere dine sikkerheds programmer.
Avatar billede moffa Nybegynder
01. november 2011 - 16:42 #31
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB7062000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6254592 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 179.48 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6070272 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 179.48 )
0xB6C1F000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 4222976 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT kjerne og system)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Win32-driver for flere brukere)
0xB48F6000 C:\WINDOWS\system32\DRIVERS\smserial.sys 897024 bytes (Motorola Inc., Motorola SM56 Modem WDM Driver)
0xB4707000 C:\WINDOWS\System32\Drivers\BisonCam.sys 843776 bytes (Bison Electronics. Inc. , Universal Serial Bus Camera Driver)
0xB7E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB45FA000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6AA2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB4842000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2A00000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB49F5000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 327680 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xB6B9B000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 311296 bytes (REDC, RICOH XD SM Driver)
0xBD5DC000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB47FB000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB2517000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB45C3000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 225280 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB6B00000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-driver for NT)
0xB2C10000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB23A9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB4692000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB7026000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB46DF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corporation, VERITAS Software, NT Disk Manager I/U-driver)
0xB47D5000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB2385000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB49D1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6BFB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6B58000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB46BD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB2940000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB7EEB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB6B7B000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation                          , Realtek 10/100/1000 NDIS 5.1 Driver                        )
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-diskdriver)
0xB7DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB4443000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6B41000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB38BD000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6BE7000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB704E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB489B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7ED9000 sr.sys 73728 bytes (Microsoft Corporation, Filsystemfilterdriver for Systemgjenoppretting)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-enumerator)
0xB6B30000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB76C9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8168000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB7659000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB8268000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB81F8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8178000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio filterdriver)
0xB3A3A000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8208000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB8218000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 53248 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8148000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Driver for i8042-port)
0xB8188000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB8138000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 53248 bytes (REDC, RICOH MS Driver)
0xB8228000 C:\WINDOWS\System32\Drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volumdriver for skyggekopi)
0xB81C8000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xB81A8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB8248000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-kryptografidriver)
0xB8158000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8198000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB7669000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Prosessorenhetsdriver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA-bussdriver)
0xB81E8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB81D8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB27F8000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB81B8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8238000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB8258000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8418000 C:\WINDOWS\system32\DRIVERS\ATKACPI.sys 32768 bytes (ATK0100, ATK0100 ACPI Utility)
0xB8478000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB84B0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8438000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8440000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 28672 bytes (REDC, RICOH MMC Driver)
0xB83D8000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB8458000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8448000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Driver for tastaturklasse)
0xB8450000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver for musklasse)
0xB8430000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB84A0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8390000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xB84A8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8468000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8470000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB8460000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB83B8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB84C8000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xB84C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB7A0F000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB8564000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB4483000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB84C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xB39E6000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB84BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB44E3000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB7A0B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7DCA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB85F2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB864C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB85F0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB85F4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB85F6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85E6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85EC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB86BF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB87DB000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB8784000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generisk PCI IDE-bussdriver)
==============================================
>Stealth
==============================================
Avatar billede f-arn Guru
02. november 2011 - 12:34 #32
Jeg vil gerne kontrollere noget, så vil du godt slette den ComboFix du har.

Hent og gem ComboFix på dit skrivebord.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede moffa Nybegynder
02. november 2011 - 13:30 #33
ComboFix 11-11-02.01 - Marlene 02.11.2011  13:14:22.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.47.1044.18.2047.1244 [GMT 1:00]
Kjører fra: c:\documents and settings\Marlene\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\Marlene\Skrivebord\CFscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((  Filer Opprettet Fra 2011-10-02 til 2011-11-02  )))))))))))))))))))))))))))))))))
.
.
2011-10-30 15:49 . 2010-09-07 14:39    150392    ----a-w-    c:\windows\junction.exe
2011-10-30 08:01 . 2011-10-30 08:01    --------    d-sh--w-    c:\documents and settings\postgres\IETldCache
2011-10-29 23:47 . 2011-10-29 23:47    --------    d-----w-    c:\windows\system32\KB905474
2011-10-29 23:16 . 2011-10-29 23:17    --------    d-----w-    c:\windows\ie8updates
2011-10-29 15:14 . 2011-08-22 23:41    602112    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2011-10-29 15:14 . 2011-08-22 23:41    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-29 15:14 . 2011-08-22 23:41    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2011-10-29 15:14 . 2011-08-22 23:41    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2011-10-29 15:14 . 2011-08-22 23:41    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2011-10-29 15:14 . 2011-08-22 23:41    2000384    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2011-10-29 14:24 . 2009-08-06 17:23    274288    ----a-w-    c:\windows\system32\mucltui.dll
2011-10-29 10:38 . 2011-10-29 10:38    --------    d-----w-    c:\documents and settings\Marlene\Programdata\AVG2012
2011-10-29 10:37 . 2011-10-29 10:48    --------    d-----w-    c:\documents and settings\All Users\Programdata\AVG2012
2011-10-28 16:08 . 2011-11-02 12:12    --------    d--h--r-    c:\documents and settings\Marlene\Siste
2011-10-21 18:00 . 2011-10-21 18:00    --------    d-----w-    c:\programfiler\Fellesfiler\Java
2011-10-10 09:09 . 2011-10-10 09:09    4550304    ----a-w-    c:\programfiler\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-29 10:42 . 2008-04-15 12:00    36352    ----a-w-    c:\windows\system32\drivers\disk.sys
2011-10-03 03:06 . 2010-08-29 07:36    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2010-08-29 07:36    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2008-07-29 17:59    612352    ----a-w-    c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-15 12:00    20992    ----a-w-    c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-04-15 12:00    220160    ----a-w-    c:\windows\system32\oleacc.dll
2011-09-13 04:30 . 2010-09-07 02:48    32592    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2008-04-15 12:00    600064    ----a-w-    c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2008-04-15 12:00    1858944    ----a-w-    c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2010-08-03 17:03    22216    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-08-22 23:41 . 2008-04-15 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-04-15 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2008-04-15 12:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2011-08-22 11:58 . 2008-04-15 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-15 12:00    138496    ----a-w-    c:\windows\system32\drivers\afd.sys
2011-08-08 04:08 . 2010-09-07 02:48    40016    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2011-09-29 07:07 . 2011-05-05 20:37    134104    ----a-w-    c:\programfiler\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((  Oppstartspunkter I Registeret  )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 573440]
"AVG_TRAY"="c:\programfiler\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMwA5ADAANAA2ADAANwAwADIALQBGAFAAOQArADIALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Programfiler\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programfiler\\AIM\\aim.exe"=
"c:\\Programfiler\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programfiler\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programfiler\\SopCast\\SopCast.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"c:\\Programfiler\\iTunes\\iTunes.exe"=
"c:\\Programfiler\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"c:\\Programfiler\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Programfiler\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Programfiler\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Programfiler\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 15:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 03:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08.12.2010 04:12 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 13:19 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\programfiler\AVG\AVG2012\AVGIDSAgent.exe [12.09.2011 05:23 5265248]
R2 avgwd;AVG WatchDog;c:\programfiler\AVG\AVG2012\avgwdsvc.exe [02.08.2011 05:09 192776]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programfiler/PostgreSQL/8.4/data" -w --> C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\programfiler\TomTom HOME 2\TomTomHOMEService.exe [09.03.2011 13:30 92592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03.08.2010 15:23 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03.08.2010 15:23 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03.08.2010 15:23 16720]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [26.09.2010 10:37 47360]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [16.07.2010 18:45 136176]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\programfiler\Google\Update\GoogleUpdate.exe [16.07.2010 18:45 136176]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [18.04.2011 19:57 41984]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-07-16 17:45]
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-07-16 17:45]
.
2011-11-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-10-29 20:18]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\programfiler\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Marlene\Programdata\Mozilla\Firefox\Profiles\zih1z43a.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-02 13:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skanner skjulte prosesser ... 
.
skanner skjulte autostart-oppføringer ...
.
skanner skjulte filer ... 
.
skanning vellykket
skjulte filer: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programfiler/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programfiler/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programfiler/PostgreSQL/8.4/data\" -w"
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
.
- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\webcheck.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\programfiler\AVG\AVG2012\avgcsrvx.exe
c:\programfiler\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programfiler\Bonjour\mDNSResponder.exe
c:\programfiler\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programfiler\PostgreSQL\8.4\bin\pg_ctl.exe
c:\programfiler\AVG\AVG2012\avgnsx.exe
c:\programfiler\PostgreSQL\8.4\bin\postgres.exe
c:\programfiler\PostgreSQL\8.4\bin\postgres.exe
c:\programfiler\PostgreSQL\8.4\bin\postgres.exe
c:\programfiler\PostgreSQL\8.4\bin\postgres.exe
c:\programfiler\PostgreSQL\8.4\bin\postgres.exe
c:\programfiler\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2011-11-02  13:25:21 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt  2011-11-02 12:25
ComboFix2.txt  2011-10-29 11:23
.
Pre-Run: 226 031 251 456 byte ledig
Post-Run: 226 115 059 712 byte ledig
.
- - End Of File - - CF7D6B6FA9BF05513025D279CF19A7C5
Avatar billede f-arn Guru
02. november 2011 - 14:27 #34
Det ser faktisk fint ud, men hvordan kærer PCen?
Avatar billede moffa Nybegynder
02. november 2011 - 14:38 #35
Prøver at sidde ved den lidt. Giver en melding senere. Vi slog noget fra tidligere, skal det på igen?
Avatar billede f-arn Guru
02. november 2011 - 14:47 #36
Hvis du mener Defogger, kan du godt køre den igen.
Avatar billede moffa Nybegynder
02. november 2011 - 20:29 #37
Det virker som om det virker nu. Modzilla har i hvert fald ikke carshet hele dagen.

Når jeg kører Defogger, skal jeg så sige re-enable, eller hvad hedder det?
Avatar billede f-arn Guru
02. november 2011 - 20:57 #38
Når jeg kører Defogger, skal jeg så sige re-enable

Ja.

------

Klik start, kør og kopier dette ind: combofix /uninstall
Tryk enter
Det vil fjerne ComboFix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

---

Hent og kør OTC af OldTimer.
Klik "CleanUp" og lad den genstarte. Den fjerner andre værktøjer vi har brugt til at rense maskinen.
Avatar billede moffa Nybegynder
03. november 2011 - 13:11 #39
Så er det gjort.

Mange tak for hjælpen.
Som gratis program, er AVG så godt nok?
Avatar billede f-arn Guru
03. november 2011 - 13:57 #40
Som gratis program, er AVG så godt nok?

AVG Free 2012 er væsentligt forbedret i forhold til tidligere, så behold den bare.

Du kan forbedre din sikkerhed ved at bruge DNS filtrering.
Den bedste er nok Norton DNS.
Du kan også læse dette.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester