System Security virus

Hent http://live.sysinternals.com/procexp.exe

Gem den som winlogon.exe

Start den og højreklik på det underlige "tal".exe filnavn. Vælg "kill process"

Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en ny hijackthis log

Hvordan kan det være det kommer ind jeg har avast kørende og noget der hedder Trend micro Rubotted og AD-Ware?
Jeg har gjort som skrevet stå og her er sidste log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:12, on 07-08-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\V0230Mon.exe
C:\Programmer\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmer\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Programmer\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\DAEMON Tools Lite\daemon.exe
C:\Programmer\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\Trend Micro\RUBotted\TMRUBotted.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Poul Jørgensen\Dokumenter\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmer\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: IESessions.Manager - {6ECF15F0-468D-4E25-8997-1C710E80F5CD} - C:\Program Files\IESessions\IESessions.dll
O2 - BHO: Fravalg af annonceringscookie - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programmer\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmer\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Programmer\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PhilipsDM\SA1916] C:\Programmer\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmer\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor for SD.lnk = C:\Programmer\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programmer\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programmer\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IEPro\iepro.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: IESessions - {32FF09D3-2F66-4814-AA2C-835D5D2BF0FD} - C:\Program Files\IESessions\IESessions.dll
O9 - Extra 'Tools' menuitem: IESessions - {32FF09D3-2F66-4814-AA2C-835D5D2BF0FD} - C:\Program Files\IESessions\IESessions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229794593531
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://danid.dk/csp/authenticode/digitalsignatur-csp.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{692EE1FB-3655-4BF5-BA54-C164096A6EDA}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986c75aa1554a) (gupdate1c986c75aa1554a) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Programmer\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe

--
End of file - 12649 bytes

Jeg bad om to logs!

nok en log
Malwarebytes' Anti-Malware 1.40
Database version: 2559
Windows 5.1.2600 Service Pack 3

07-08-2009 15:23:44
mbam-log-2009-08-07 (15-23-44).txt

Skan type: Hurtig skanning
Objekter skannet: 96158
Tid tilbagelagt: 4 minute(s), 34 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 3
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\MyID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Vil du godt opdatere og køre Malwarebytes igen. Din database version er temmelig gammel. Jeg vil gerne se en log fra den.

-------------

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Højreklik på skrivebordet og vælg ny->tekstdokument og kopier  indholdet mellem  linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::

-------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

hej jeg har downloaded Combofix til skrivebord. Skal jeg kører den eller hvad ? Når jeg højre klikker på skrivebord kommer der ikke noget der hedder tekskdokument men word dokument og det er tomt. jeg forstår det nok ikke helt. du må forklarer der bedre jeg er ingen "pchaj"

hej er malwarebytes loggen.
Malwarebytes' Anti-Malware 1.40
Database version: 2578
Windows 5.1.2600 Service Pack 3

08-08-2009 11:11:17
mbam-log-2009-08-08 (11-11-17).txt

Skan type: Hurtig skanning
Objekter skannet: 95012
Tid tilbagelagt: 4 minute(s), 24 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

Klik start->kør og skriv notepad.exe. Sørg for at CFScript.txt bliver gemt på dit skrivebord.

hvad er det præsist der jeg skal kopier ?
note pad er tom

Killall::
Snapshot::

så er der en stor log.
Under processen kom der en boks med meddelsen, der er ingen genoprettelseskonsol, skal den hentes. Jeg sagde ja, så skrev den kan ikke finde downloadstien. Hvad så ?

ComboFix 09-08-07.09 - Poul Jørgensen 08-08-2009 13:31.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1535.948 [GMT 2:00]
Kører fra: c:\documents and settings\Poul Jørgensen\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Poul Jørgensen\Skrivebord\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090807-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\aaec6.msp
c:\windows\system32\drivers\vsfocenbmqxogu.sys
c:\windows\system32\vsfoceaqlnoebl.dat
c:\windows\system32\vsfocejnswuigi.dat
c:\windows\system32\vsfocepfvkltlw.dll
c:\windows\system32\vsfoceuhrldksd.dll
c:\windows\system32\WgaLogon.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-07-08 til 2009-08-08  )))))))))))))))))))))))))))))))))))
.

2009-08-07 12:40 . 2009-08-07 13:06    --------    d-----w-    c:\docume~1\ALLUSE~1\APPLIC~1\SITEguard
2009-08-07 12:39 . 2009-08-07 13:10    --------    d-----w-    c:\docume~1\ALLUSE~1\APPLIC~1\STOPzilla!
2009-08-07 12:39 . 2009-08-07 12:39    --------    d-----w-    c:\programmer\Fælles filer\iS3
2009-08-07 12:01 . 2009-08-07 12:01    --------    d-sh--w-    c:\windows\system32\config\systemprofile\PrivacIE
2009-08-07 12:01 . 2009-08-07 12:01    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\IEPro
2009-08-07 11:12 . 2009-08-07 12:42    --------    d-----w-    c:\docume~1\ALLUSE~1\APPLIC~1\19532504
2009-08-04 15:23 . 2009-08-03 11:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 15:23 . 2009-08-04 15:23    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-08-04 15:23 . 2009-08-04 15:23    --------    d-----w-    c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-04 15:23 . 2009-08-03 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-08-04 15:11 . 2009-08-04 15:11    --------    d-----w-    c:\programmer\Uniblue
2009-08-04 15:11 . 2009-08-04 15:11    --------    dc-h--w-    c:\docume~1\ALLUSE~1\APPLIC~1\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-08-04 14:50 . 2009-01-29 11:31    102664    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2009-07-31 08:25 . 2009-07-31 08:25    --------    d-----w-    c:\programmer\Fælles filer\DirectX
2009-07-25 22:35 . 2009-07-25 22:35    --------    d-----w-    c:\docume~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2009-07-25 18:18 . 2008-12-11 06:38    159600    ----a-w-    c:\windows\system32\drivers\pctgntdi.sys
2009-07-25 18:18 . 2009-04-03 09:18    130936    ----a-w-    c:\windows\system32\drivers\PCTCore.sys
2009-07-25 18:18 . 2008-12-18 10:16    73840    ----a-w-    c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-25 18:18 . 2009-08-07 13:34    --------    d---a-w-    c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-25 18:17 . 2009-07-25 18:19    --------    d-----w-    c:\programmer\Fælles filer\PC Tools
2009-07-25 18:17 . 2008-12-10 09:36    64392    ----a-w-    c:\windows\system32\drivers\pctplsg.sys
2009-07-25 18:17 . 2009-07-25 19:32    --------    d-----w-    c:\programmer\Spyware Doctor
2009-07-25 18:17 . 2009-07-25 18:17    --------    d-----w-    c:\docume~1\ALLUSE~1\APPLIC~1\PC Tools
2009-07-25 09:45 . 2009-07-25 09:45    0    ----a-w-    c:\windows\nsreg.dat
2009-07-24 16:10 . 2009-07-24 16:10    --------    d-----w-    c:\docume~1\ALLUSE~1\APPLIC~1\F-Secure
2009-07-24 13:18 . 2009-07-24 13:21    --------    d-----w-    c:\windows\BDOSCAN8
2009-07-24 13:10 . 2008-06-19 15:24    28544    ----a-w-    c:\windows\system32\drivers\pavboot.sys
2009-07-24 13:10 . 2009-07-24 13:10    --------    d-----w-    c:\programmer\Panda Security
2009-07-24 12:43 . 2009-07-24 12:43    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2009-07-12 21:34 . 2009-07-12 21:34    613    ----a-w-    c:\windows\eReg.dat
2009-07-12 12:11 . 2009-07-12 12:11    --------    d-----w-    c:\programmer\Microsoft WSE
2009-07-12 12:07 . 2009-07-12 12:07    --------    d-----w-    c:\programmer\Electronic Arts

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 19:59 . 2008-12-29 14:01    138184    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2009-08-07 19:59 . 2008-12-29 14:01    183112    ----a-w-    c:\windows\system32\PnkBstrB.exe
2009-08-07 12:51 . 2009-08-07 12:50    2240    ----a-w-    c:\windows\system32\drivers\kgpcpy.cfg
2009-08-07 12:50 . 2009-08-07 12:50    376    ----a-w-    c:\windows\system32\drivers\kgpfr2.cfg
2009-08-06 08:22 . 2009-02-04 12:50    --------    d-----w-    c:\programmer\Google
2009-08-05 18:40 . 2009-01-09 14:01    --------    d-----w-    c:\programmer\Java
2009-08-05 18:32 . 2009-03-27 18:11    --------    d-----w-    c:\programmer\Steam
2009-08-01 10:12 . 2009-01-05 15:38    --------    d-----w-    c:\programmer\Microsoft Silverlight
2009-07-25 22:38 . 2008-12-23 09:45    --------    d-----w-    c:\programmer\World of Warcraft Trial
2009-07-25 03:23 . 2009-01-22 14:40    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-07-24 14:16 . 2009-04-17 10:09    --------    d-----w-    c:\programmer\Stardock
2009-07-23 22:27 . 2008-12-21 01:44    --------    d-----w-    c:\programmer\EA GAMES
2009-07-23 10:56 . 2009-02-04 18:43    --------    d-----w-    c:\docume~1\ALLUSE~1\APPLIC~1\TrackMania
2009-07-12 12:07 . 2008-12-20 16:46    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2009-07-03 16:59 . 2004-08-26 15:53    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-07-02 14:52 . 2009-07-02 14:52    --------    d-----w-    c:\programmer\GrabIt
2009-07-02 13:34 . 2009-07-02 13:34    --------    d-----w-    c:\programmer\CDisplay
2009-06-28 18:45 . 2009-06-28 18:30    --------    d-----w-    c:\programmer\Movienizer
2009-06-16 14:39 . 2004-08-26 15:53    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2001-10-09 12:00    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-10 12:34 . 2009-06-10 12:32    --------    d-----w-    c:\programmer\CamStudio
2009-06-08 15:08 . 2009-06-08 15:08    27136    ----a-w-    c:\windows\system32\drivers\nchssvad.sys
2009-06-03 19:11 . 2004-08-26 15:53    1295360    ----a-w-    c:\windows\system32\quartz.dll
2009-06-03 17:14 . 2008-12-20 23:55    721904    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-05-28 12:43 . 2009-03-06 05:25    15688    ----a-w-    c:\windows\system32\lsdelete.exe
2009-05-25 12:01 . 2009-05-25 12:01    89256    ----a-w-    c:\windows\system32\ElbyCDIO.dll
2004-08-09 22:30 . 2008-12-20 21:58    40960    ----a-w-    c:\programmer\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmer\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SSBkgdUpdate"="c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Easy-PrintToolBox"="c:\programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-06 32768]
"RemoteControl"="c:\programmer\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 32768]
"TMRUBottedTray"="c:\programmer\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-18 288088]
"CTSysVol"="c:\programmer\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PhilipsDM\SA1916"="c:\programmer\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe" [2008-05-30 1512960]
"Ad-Watch"="c:\programmer\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-05-26 413696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-02-26 65024]
"Ptipbmf"="ptipbmf.dll" - c:\windows\system32\ptipbmf.dll [2003-06-20 118784]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-06-18 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\docume~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
ImageMixer 3 SE Camera Monitor for SD.lnk - c:\programmer\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe [2009-2-18 253952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\IEPro\\MiniDM.exe"=
"d:\\Spil\\Halo\\halo.exe"=
"g:\\Spil\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"g:\\Spil\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Programmer\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Spil\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"c:\\Documents and Settings\\Poul Jørgensen\\Lokale indstillinger\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Poul Jørgensen\\Lokale indstillinger\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Programmer\\TmNationsForever\\TmForever.exe"=
"c:\\Programmer\\Steam\\steamapps\\peterpopgarn\\condition zero\\hl.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\eMule\\emule.exe"=
"d:\\Spil\\Insane\\Game.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05-03-2009 15:43 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24-07-2009 15:10 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25-07-2009 20:18 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20-01-2009 15:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20-01-2009 15:50 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14-04-2009 13:00 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmer\Lavasoft\Ad-Aware\AAWService.exe [18-01-2009 23:34 1029456]
R2 RUBotted;Trend Micro RUBotted Service;c:\programmer\Trend Micro\RUBotted\TMRUBotted.exe [21-12-2008 01:52 517456]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [08-02-2009 23:49 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [08-02-2009 23:49 3768]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [21-12-2008 01:52 35216]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [20-12-2008 23:44 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [20-12-2008 23:44 500480]
S2 gupdate1c986c75aa1554a;Google Update Service (gupdate1c986c75aa1554a);c:\programmer\Google\Update\GoogleUpdate.exe [04-02-2009 14:51 133104]
S3 fsssvc;Windows Live Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [06-02-2009 18:08 533360]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [18-11-2008 15:36 7808]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmer\Spyware Doctor\pctsAuxs.exe [25-07-2009 20:17 348752]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [08-02-2009 23:49 200704]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [21-12-2008 01:52 35216]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - TOMME GENVEJE FJERNET - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-AdobeBridge - (no file)


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {692EE1FB-3655-4BF5-BA54-C164096A6EDA} = 208.67.222.222,208.67.220.220
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://danid.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\docume~1\POULJR~1\APPLIC~1\Mozilla\Firefox\Profiles\aculdumo.default\
FF - prefs.js: browser.startup.homepage - www.google.dk
FF - plugin: c:\programmer\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",    true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",  false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",  true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",    true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",      true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",              false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",              true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                  true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",            false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 13:41
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,2b,e3,2c,83,ab,11,4f,97,bf,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,2b,e3,2c,83,ab,11,4f,97,bf,e1,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG04.00.00.01SERVER"="1E472AD656F0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452B72CC868C00B00FB50B7DC80A0103FB13E01044260A8B6B183EDD03B1DAF40B4A275E8C3643E48CD5F52868E04C18E219EF4FD07645F7D6943DADC8B7BA98558ABA50FE049A39636B5879E8A66961D63D280F9EB2134199735EBCFB13110BD027EDBFB1E6E5E232C8B45FE0BA68C8C36C77E09D7F623365E1707948FBDFA3C59C92C93F017C40B7921ECA43AE9D7DF28ECBB624B0CDA61312A88BA966AB838D7BE9EDC604A60CD3C3CD2AF52995F831E387A5ED649428CDA353DF44E3FC9CEC915AF840BD3F0D06921C065275FBFC3CE2171FC23DA70907581E999D08AE47C53874F5A9EC1E85B459EF1AF1E2DC85146A44ADF68B233A5F15BC523D05F73A6E8D461D1E1686E1AED8119992E367B4263C423CA75068AEA9715FA320E939194D33F3E83AADEDB9ECEA0DBD566F3128F5C048EA92DCDA9E27C86A80861C09270330E31ABE57FBFDB2C5151B7E7A17617B66B110985467AF31085610DB6467BCB788AF92815E85C2B1C6F873968BEC999CE88A51C087299681173ADC90C448498E7844E7E4B0129C80B5B8076308F5D3D556C3BB8D416D66E152E06EFF4231D2D1E4FD457326BD0D336F8AEB19C1D3A0B4DAAB1571CBAB799831F5D50990BE64706BFA97C841630D2B0AEFC4E20349CF08D5CE018A5AEF25E9BAD9263346BB405E231DD5F13AEDB2D616948553EE2F13F449E133AC901F618EBC77F4394F613E94A837413C12898AE8397E1F491FE602CEE1104A579886406DA5FEDAE1E223DDD251765D08ABA6209A42E0EFC469F3CD1E258E7E335DC8DC8206A1E09C62827AB32D49DF277E1E64FA9A485E21F22132CC69DE4A194DCFCE84962C1D89C07738284267C79A9DA887A47F5F53FEF26249C968E92B240286FCFB6C400C83C807E767F79D58956A9DD67092180CE238FE3E923D9810C7725534A9C927328D91BD37EDD42716A451732564E2B3AF33586F7BC0FB532478BFCCE8D84D22DE93D213677AC778C0851AB83EAC79BAC3138F63DA152D91C23E49B3A2E4B8E2EA541201A1ECF12D6F1ECB804AD7F7D52305112420B398327807B33A2A721536F9454EA29977A91745C1B501B0DCDE01FBF384ACBCE63733465DE3847570CB1D896FA18426B387A7C1FF3C862D5E15977CD3CD9D025C36D927D31E41D00E2424C2FCB80F504E5CF7BB6253FA8BF3F7EB3F0BDBAFBACA23A0A94A8B44C48531B9C04F24309323620F0C16C1271E0BB6C206232AEAD659D27D39C8EE9333ADE5D0FE02FC1F628AD775205A1E3F1B7034200FE233AF9B6A0059D2D438960C45928DFB454A26BFCA66886E8A91C152393A306"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1316)
c:\programmer\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\ati2evxx.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmer\Canon\CAL\CALMAIN.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Gennemført tid: 2009-08-08 13:46 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-08-08 11:46

Pre-Kørsel: 20.874.838.016 byte ledig
Post-Kørsel: 31.024.349.184 byte ledig

285    --- E O F ---    2009-07-31 22:05

Det ser da meget fornuftigt ud. Hvordan kører computeren nu?

Den virker til at kører så den skal.
Tak for hjælpen

Du spurgte om flg:
Hvordan kan det være det kommer ind jeg har avast kørende og noget der hedder Trend micro Rubotted og AD-Ware?
Svaret er her:
c:\Programmer\Vuze\Azureus.exe

du skal da have point

Kære f-arn
Du skal da have point
jeg har fundet udaf du ikke har fået point for din hjælp skriv et svar og du vil få de point der tilkommer dig
sorry

:)