hjælp til at fjerne trojan horse-trojan horse downloader zlob.arh

Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "fuld systemskanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra Hijackthis som du finder her:

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Kør HijackThis, klik på "Do a systemscan scan and save a logfile"  kopier loggens tekst og send den herind.

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista - Højreklik på *.exe filen - Kør som Administrator.

Hent Malwarebytes Antimalware:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet, opdatér og kør en fuld scanning.
Fjern det snavs den finder. Genstart derefter og kør en fuld scanning igen.
Dit system skulle nu gerne være "clean" :)

Hent Avast virus cleaner og lad det køre en tur på komputeren.

http://programmer.downloadcentral.dk/?Antivirus/kategori/2/0

Hej her er jeg så igen.
Det ser ikke ud til at have virket det med malware.
Jeg opdaterede og kørte den på hele computeren, men til sidst sagde den at der var en fejl (fejlkode 731 (0 , 9))

Her kommer logfilen for HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:03, on 15-12-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael Borkhardt\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [youtubeconverter] C:\Program Files\Naevius YouTube Converter\ytconv.exe mon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9965 bytes




Desværre ikke nogen logfil for malware anti-malware da der var en fejl da jeg ville se logfilen :S

jeg fik endelig malware til at virke og her er dens logfil:

Malwarebytes' Anti-Malware 1.31
Database version: 1501
Windows 6.0.6001 Service Pack 1

15-12-2008 19:00:24
logfil for malware

Skan type: Fuldstændig skanning (C:\|D:\|F:\|G:\|)
Objekter skannet: 174570
Tid tilbagelagt: 2 hour(s), 4 minute(s), 11 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> No action taken.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\resycled (Trojan.DNSChanger) -> No action taken.

Inficerede Filer:
C:\Windows\System32\drivers\msqpdxmbcbcrrx.sys (Trojan.Agent) -> No action taken.

Du glemte 'fjern det valgte'. Når det er gjort vil jeg gerne se både malwarebytes og hjt log. Husk at køre som administrator.

borkhardt du skal ikke lægge et svar, det er beregnet på at spørgeren acceptere et svar og giver point, medmindre at du ikke har fået et brugbart svar, så kan du selv lægge et svar som du så makere dit navn og klikker accepter så er der lukket.

Kør også en tur med denne.
http://programmer.downloadcentral.dk/?Antivirus/kategori/2/0

tak silbidor, men den tilføjede ikke noget da jeg lagde en kommentar.

her kommer logfilen efter jeg har fjernet det valgte.


Malwarebytes' Anti-Malware 1.31
Database version: 1501
Windows 6.0.6001 Service Pack 1

15-12-2008 21:54:04
mbam-log-2008-12-15 (21-54-04).txt

Skan type: Fuldstændig skanning (C:\|D:\|F:\|G:\|)
Objekter skannet: 174570
Tid tilbagelagt: 2 hour(s), 4 minute(s), 11 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Windows\System32\drivers\msqpdxmbcbcrrx.sys (Trojan.Agent) -> Quarantined and deleted successfully.

og en hijackthis logfil efter det valgte er fjernet:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:19, on 16-12-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael Borkhardt\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [youtubeconverter] C:\Program Files\Naevius YouTube Converter\ytconv.exe mon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9725 bytes

silbidor.
hvilket af de programmer der ligger på siden vil du have jeg skal køre? der ligger 8 programmer bare på side 1.

som jeg skriver 15/12-2008 12:48:32 Hent Avast virus cleaner, og lad den køre en skanning, samt lad den fjerne det den finder.

Den står som nr.2 på side 1.

yes, den siger at der ikke er nogle infectede filer, men det sagde den også igår før jeg kørte malware. :S

Brug resten fra denne--> http://www.eksperten.dk/artikler/1232

tak. hvis i vil se logfilerne til de forskellige programmer kommer de her:
malware og hjt har i set, combofix kommer her:

ComboFix 08-12-15.05 - Michael Borkhardt 2008-12-16 15:24:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1030.18.3070.1539 [GMT 1:00]
Kører fra: c:\users\Michael Borkhardt\Downloads\ComboFix.exe
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\resycled

.
(((((((((((((((((((((((((((((  Filer skabt fra 2008-11-16 til 2008-12-16  )))))))))))))))))))))))))))))))))))
.

2008-12-15 12:56 . 2008-12-15 12:56    <DIR>    d--------    c:\users\Michael Borkhardt\AppData\Roaming\Malwarebytes
2008-12-15 12:56 . 2008-12-15 12:56    <DIR>    d--------    c:\users\All Users\Malwarebytes
2008-12-15 12:56 . 2008-12-15 12:56    <DIR>    d--------    c:\programdata\Malwarebytes
2008-12-15 12:56 . 2008-12-15 12:56    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2008-12-15 12:56 . 2008-12-03 19:52    38,496    --a------    c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-15 12:56 . 2008-12-03 19:52    15,504    --a------    c:\windows\System32\drivers\mbam.sys
2008-12-13 21:34 . 2008-12-13 21:34    <DIR>    d--------    c:\program files\Common Files\Adobe Systems Shared
2008-12-13 20:04 . 2008-12-13 20:04    <DIR>    d--------    c:\windows\System32\Adobe
2008-12-13 20:04 . 2004-08-17 02:40    16,384    --a------    c:\windows\System32\FileOps.exe
2008-12-12 21:42 . 2008-12-12 21:42    <DIR>    d--h-----    c:\users\All Users\CanonBJ
2008-12-12 21:42 . 2008-12-12 21:42    <DIR>    d--h-----    c:\programdata\CanonBJ
2008-12-12 21:41 . 2006-11-05 20:00    198,656    --a------    c:\windows\System32\CNMLM8N.DLL
2008-12-12 16:18 . 2008-12-12 16:24    <DIR>    d--------    C:\BlueByte
2008-12-12 16:16 . 1998-01-23 12:19    304,128    --a------    c:\windows\IsUn0406.exe
2008-12-11 13:57 . 2008-12-13 13:22    <DIR>    d--------    c:\program files\Blue Byte
2008-12-11 13:46 . 2008-10-22 02:22    2,048    --a------    c:\windows\System32\tzres.dll
2008-12-11 13:24 . 1998-10-29 16:45    306,688    --a------    c:\windows\IsUninst.exe
2008-12-11 13:20 . 2008-12-14 01:03    <DIR>    d--------    c:\program files\MagicISO
2008-12-11 11:46 . 2008-11-01 02:21    4,240,384    --a------    c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 11:46 . 2008-10-16 03:23    1,383,424    --a------    c:\windows\System32\mshtml.tlb
2008-12-11 11:46 . 2008-10-16 05:47    827,392    --a------    c:\windows\System32\wininet.dll
2008-12-11 11:46 . 2008-11-01 04:44    28,672    --a------    c:\windows\System32\Apphlpdm.dll
2008-12-11 11:39 . 2008-12-11 11:39    <DIR>    d--------    c:\users\All Users\DAEMON Tools Lite
2008-12-11 11:39 . 2008-12-11 11:39    <DIR>    d--------    c:\programdata\DAEMON Tools Lite
2008-12-11 11:35 . 2008-12-11 11:35    717,296    --a------    c:\windows\System32\drivers\sptd.sys
2008-12-11 10:37 . 2008-06-23 02:59    2,868,736    --a------    c:\windows\System32\mf.dll
2008-12-11 10:37 . 2008-06-23 02:59    996,352    --a------    c:\windows\System32\WMNetMgr.dll
2008-12-11 10:37 . 2008-06-23 02:58    94,720    --a------    c:\windows\System32\logagent.exe
2008-12-11 10:30 . 2008-10-21 06:25    296,960    --a------    c:\windows\System32\gdi32.dll
2008-12-11 09:15 . 2008-10-29 07:29    2,927,104    --a------    c:\windows\explorer.exe
2008-12-10 13:59 . 2008-12-10 13:59    21,840    --a------    c:\windows\System32\SIntfNT.dll
2008-12-10 13:59 . 2008-12-10 13:59    17,212    --a------    c:\windows\System32\SIntf32.dll
2008-12-10 13:59 . 2008-12-10 13:59    12,067    --a------    c:\windows\System32\SIntf16.dll
2008-12-09 21:22 . 2005-05-26 15:34    2,297,552    --a------    c:\windows\System32\d3dx9_26.dll
2008-12-03 11:36 . 2008-12-03 11:36    <DIR>    d--------    c:\users\All Users\Big Fish Games
2008-12-03 11:36 . 2008-12-03 11:36    <DIR>    d--------    c:\programdata\Big Fish Games
2008-12-03 11:29 . 2008-12-03 11:29    <DIR>    d--------    c:\users\All Users\Trymedia
2008-12-03 11:29 . 2008-12-03 11:29    <DIR>    d--------    c:\programdata\Trymedia
2008-12-03 11:25 . 2008-12-03 11:25    <DIR>    d--------    c:\program files\BFG
2008-12-02 11:29 . 2008-12-02 11:29    <DIR>    d--------    c:\users\All Users\Reflexive
2008-12-02 11:29 . 2008-12-02 11:29    <DIR>    d--------    c:\programdata\Reflexive
2008-12-02 10:29 . 2008-12-02 10:29    <DIR>    d--------    c:\users\All Users\PopCap Games
2008-12-02 10:29 . 2008-12-02 10:29    <DIR>    d--------    c:\programdata\PopCap Games
2008-12-02 10:28 . 2008-12-02 10:28    <DIR>    d--------    c:\program files\ReflexiveArcade
2008-11-29 20:45 . 2008-11-29 20:45    <DIR>    d--------    c:\users\Michael Borkhardt\Bluetooth Software
2008-11-29 14:20 . 2008-11-29 14:20    0    --ah-----    c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-28 13:21 . 2008-04-26 09:26    891,448    --a------    c:\windows\System32\drivers\tcpip.sys
2008-11-26 15:03 . 2008-10-21 06:25    1,645,568    --a------    c:\windows\System32\connect.dll
2008-11-26 15:03 . 2008-08-28 04:40    712,704    --a------    c:\windows\System32\WindowsCodecs.dll
2008-11-26 15:03 . 2008-08-28 04:40    425,472    --a------    c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 15:03 . 2008-08-28 04:40    347,136    --a------    c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 15:03 . 2008-10-22 04:57    241,152    --a------    c:\windows\System32\PortableDeviceApi.dll
2008-11-26 15:03 . 2008-01-19 08:36    160,768    --a------    c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 15:03 . 2008-01-19 08:36    94,720    --a------    c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-25 12:54 . 2008-10-16 22:13    1,809,944    --a------    c:\windows\System32\wuaueng.dll
2008-11-25 12:54 . 2008-10-16 21:56    1,524,736    --a------    c:\windows\System32\wucltux.dll
2008-11-25 12:54 . 2008-10-16 22:12    561,688    --a------    c:\windows\System32\wuapi.dll
2008-11-25 12:54 . 2008-10-16 14:08    162,064    --a------    c:\windows\System32\wuwebv.dll
2008-11-25 12:54 . 2008-10-16 21:55    83,456    --a------    c:\windows\System32\wudriver.dll
2008-11-25 12:54 . 2008-10-16 22:09    51,224    --a------    c:\windows\System32\wuauclt.exe
2008-11-25 12:54 . 2008-10-16 22:09    43,544    --a------    c:\windows\System32\wups2.dll
2008-11-25 12:54 . 2008-10-16 22:08    34,328    --a------    c:\windows\System32\wups.dll
2008-11-25 12:54 . 2008-10-16 13:56    31,232    --a------    c:\windows\System32\wuapp.exe
2008-11-22 09:24 . 2008-01-19 08:33    8,139,264    --a------    c:\windows\System32\ssBranded.scr
2008-11-22 09:23 . 2008-01-19 08:32    5,714,432    --a------    c:\windows\System32\logon.scr
2008-11-22 09:22 . 2008-01-19 07:06    8,147,456    --a------    c:\windows\System32\wmploc.DLL
2008-11-22 09:21 . 2008-01-19 08:36    704,512    --a------    c:\windows\System32\SmiEngine.dll
2008-11-22 09:21 . 2008-01-19 08:36    357,888    --a------    c:\windows\System32\wbemcomn.dll
2008-11-22 09:21 . 2008-01-19 08:36    139,264    --a------    c:\windows\System32\SmiInstaller.dll
2008-11-22 09:21 . 2008-01-19 08:36    129,536    --a------    c:\windows\System32\sqmapi.dll
2008-11-22 09:20 . 2008-01-19 08:36    218,624    --a------    c:\windows\System32\wdscore.dll
2008-11-22 09:20 . 2008-01-19 08:33    130,560    --a------    c:\windows\System32\PkgMgr.exe
2008-11-22 09:19 . 2008-01-19 08:34    305,152    --a------    c:\windows\System32\msdelta.dll
2008-11-22 09:19 . 2008-01-19 08:34    258,560    --a------    c:\windows\System32\dpx.dll
2008-11-22 09:19 . 2008-01-19 08:34    246,784    --a------    c:\windows\System32\drvstore.dll
2008-11-22 09:19 . 2008-01-19 08:35    35,328    --a------    c:\windows\System32\mspatcha.dll
2008-11-21 13:03 . 2008-12-16 13:07    <DIR>    d--------    c:\windows\System32\drivers\Avg
2008-11-21 13:03 . 2008-11-21 14:51    97,928    --a------    c:\windows\System32\drivers\avgldx86.sys
2008-11-21 13:03 . 2008-11-21 14:51    69,128    --a------    c:\windows\System32\drivers\avgwfpx.sys
2008-11-21 13:03 . 2008-11-21 14:51    10,520    --a------    c:\windows\System32\avgrsstx.dll
2008-11-21 13:02 . 2008-11-21 13:02    69    --a------    c:\windows\NeroDigital.ini

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 10:54    ---------    d-----w    c:\users\Michael Borkhardt\AppData\Roaming\uTorrent
2008-12-15 17:14    58,643    ----a-w    c:\users\Michael Borkhardt\AppData\Roaming\nvModes.dat
2008-12-14 02:00    ---------    d-----w    c:\programdata\avg8
2008-12-13 23:05    ---------    d--h--w    c:\program files\InstallShield Installation Information
2008-12-13 21:35    ---------    d-----w    c:\program files\Warcraft III
2008-12-13 20:34    ---------    d-----w    c:\program files\Common Files\Adobe
2008-12-11 13:27    ---------    d-----w    c:\program files\Windows Mail
2008-12-11 12:54    ---------    d-----w    c:\programdata\Microsoft Help
2008-12-04 09:23    ---------    d-----w    c:\program files\Google
2008-12-03 21:54    ---------    d-----w    c:\users\Michael Borkhardt\AppData\Roaming\dvdcss
2008-11-27 13:20    174    --sha-w    c:\program files\desktop.ini
2008-11-27 13:14    ---------    d-----w    c:\program files\Windows Sidebar
2008-11-27 13:14    ---------    d-----w    c:\program files\Windows Calendar
2008-11-27 13:13    ---------    d-----w    c:\program files\Windows Photo Gallery
2008-11-27 13:13    ---------    d-----w    c:\program files\Windows Journal
2008-11-27 13:13    ---------    d-----w    c:\program files\Windows Defender
2008-11-27 13:13    ---------    d-----w    c:\program files\Windows Collaboration
2008-11-27 12:26    82,432    ----a-w    c:\windows\System32\axaltocm.dll
2008-11-27 12:26    101,888    ----a-w    c:\windows\System32\ifxcardm.dll
2008-11-01 03:44    541,696    ----a-w    c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44    52,736    ----a-w    c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44    460,288    ----a-w    c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44    2,154,496    ----a-w    c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44    173,056    ----a-w    c:\windows\AppPatch\AcXtrnal.dll
2008-10-24 15:10    ---------    d-----w    c:\program files\DVDVideoSoft
2008-10-24 15:10    ---------    d-----w    c:\program files\Common Files\DVDVideoSoft
2008-10-22 07:43    ---------    d-----w    c:\program files\AVG
2008-10-06 10:59    2,829    ----a-w    c:\windows\War3Unin.pif
2008-10-06 10:59    139,264    ----a-w    c:\windows\War3Unin.exe
2008-09-30 15:43    1,286,152    ----a-w    c:\windows\System32\msxml4.dll
2008-09-18 05:09    3,601,464    ----a-w    c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09    3,549,240    ----a-w    c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56    147,456    ----a-w    c:\windows\System32\Faultrep.dll
2008-09-18 04:56    125,952    ----a-w    c:\windows\System32\wersvc.dll
2008-09-18 02:16    2,032,640    ----a-w    c:\windows\System32\win32k.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-20 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-20 81920]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-12-13 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-09 15:54 16896 c:\program files\GoogleEULA\EULALauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C7A6984F-04EA-4A7B-A14D-93C21AA488DB}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9C9143C3-0584-4672-9A3C-B15EE1D520BA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C33639F9-EAD0-4AED-9568-94715BA25915}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{02950116-6A6B-4890-AED2-21230167883D}"= c:\program files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{74CAC30C-6B15-4238-9CEA-A0C4027E22FA}"= c:\program files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A0566E11-753E-4069-A510-7CFB1548C40B}"= c:\program files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{896C00C0-FAFF-4CED-8D7C-544357C9206D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E2CB6944-C5D3-48E1-BE14-D5ACA31DA43E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{66BC1431-D34B-45C9-86D9-C37C4B544C10}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{7A5D5693-F3EA-4E95-A8D6-DF44FF35C3DC}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{4F0B29D7-F230-486E-8773-5FF34E5FA066}c:\\program files\\counterstrike 1.6\\hl.exe"= UDP:c:\program files\counterstrike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{AA2440BA-1D0C-4141-A613-BFAFA9A5BE68}c:\\program files\\counterstrike 1.6\\hl.exe"= TCP:c:\program files\counterstrike 1.6\hl.exe:Half-Life Launcher
"{8E24A81A-D03E-4E43-816B-61CF8EE11B0E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3344E860-150D-43A9-A02B-B3F92E5D1E31}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{D62F0445-D235-482F-9E93-BCCEE34EC96D}"= UDP:c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{FD6E3497-322D-427E-9FD7-F94140F13589}"= TCP:c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2008-07-25 212008]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-21 97928]
R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2008-02-29 9867]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-21 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-21 231704]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-02-29 358936]
R3 AvgWfpX;AVG8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-21 69128]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-02-29 327168]
R3 WisLMSvc;WisLMSvc;"c:\program files\Launch Manager\WisLMSvc.exe" [2008-02-29 118784]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2008-02-29 13976]
S3 PhilCap;NXP service;c:\windows\system32\DRIVERS\PhilCap.sys [2008-02-26 908896]
S3 WSDPrintDevice;Support til WSD-udskrivning via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-11-22 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b93d95-c969-11dd-9051-000ae4cabd08}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL e:\resycled\boot.com e:
\shell\Open\command - e:\resycled\boot.com e:

*Newly Created Service* - PROCEXP90
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-youtubeconverter - c:\program files\Naevius YouTube Converter\ytconv.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 15:26:10
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

ÐÊ(êÐÊ0êÐÊ0êÐÊ [65536] 0xCAD0E8DE
ÐÊ(êÐÊ0êÐÊ0êÐÊ [65536] 0x53D86902
scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'Explorer.exe'(5284)
c:\program files\Softex\OmniPass\SCUREDLL.dll
.
Gennemført tid: 2008-12-16 15:31:11
ComboFix-quarantined-files.txt  2008-12-16 14:31:08

Pre-Kørsel: 56.749.899.776 byte ledig
Post-Kørsel: 61,570,727,936 byte ledig

230    --- E O F ---    2008-12-15 13:28:40

*SUK* Sådan går det let når man 'leger' med P2P [uTorrent] !!!

karise vil du have en udfordring?
Kan give dig en log fra en maskine der har kørt med P2P i over 1 år - se om du kan finde noget der - sig til ;)

... det er _ikke_ kørsel af P2P programmer der er problemet, men brug af reslutater derfra jeg hentyder til...

Er der nogen der kan hjælpe med den her. Er meget i tvivl

Prøv Superantispyware: http://www.pcworld.dk/download/12/1642/hent
Manual: www.spywarefri.dk/manualer/superantispyware-manual.htm

har du prøvet det?

Sker der noget her?  Kan der afsluttes?
Du kan læse her hvordan man giver point / lukker sine spørgsmål.

http://expfaq.dk/behandling_af_svar#behandling_af_svar

borkhardt har du opgivet?

Er du her endnu?

jeg har også lige opdaget at der er trojan horse på min pc.
jeg har prøvet at bruge det der "avast" men det kan ikke scanne alle filerne.
jeg har også prøvet at downloade spybot og sådan noget men det kan jeg ikke gå ind under.

det der avast kunne ikke finde noget fordi at den som sagt ikke kunne finde alle filerne.
men mit anvi virus AVG kan godt finde det men ikke fjerne det hele

<kjeldsen2>: Du bør (=skal) oprette din egen 'tråd' med dit spørgsmål/problem...

kjeldsen2 - velkommen til eksperten :)
Som sagt skal du oprette dit eget spørgsmål, så hjælper vi gerne :)