Kontrol af Hijackthis log

1. Windows er ikke opdateret. En speciel grund til dette?
2. AVG er en gammel version. Bør opgraderes til Ver. 9
3. Men først!!!:

Hent Ccleaner her > Klik ude til højre på "Download Latest Version".
http://www.filehippo.com/download_ccleaner/
Der er en manual her > http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Der er en lille forskel "Problemer" er udskiftet med "Register".
Sæt de flueben som vist i manualen punkt 11 inden du kører "Renser".
PS.: Dette program vil  jeg anbefale dig at beholde, det er fremragende til at rydde op med.

Under installationen får du tilbudt [Yahoo Toolbar]. Sig "Nej"  til den.
Lad programmer foretage en oprydning i Renser og Register, og lad den slette det den finder.
Jeg skal ikke se log fra Ccleaner.



Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Manual for HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

Hent Hijackthis her: http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

PS: Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)

Tak skal du have John - jeg har kørt Ccleaner

Ovenstående er fra HJT og nedenstående er fra Malwarebytes - er der andet du skal bruge?

Malwarebytes' Anti-Malware 1.42
Database version: 3449
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

29-12-2009 13:09:02
mbam-log-2009-12-29 (13-09-02).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 208952
Tid tilbagelagt: 1 hour(s), 12 minute(s), 14 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 20
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 3
Inficerede Filer: 11

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Typelib\{56acb669-4139-5611-cbba-f5acb0f4db09} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Documents and Settings\Peter\Application Data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peter\Application Data\DriveCleaner 2006 Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Programmer\AntiVirus 2009 (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Documents and Settings\Peter\Lokale indstillinger\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peter\Application Data\DriveCleaner 2006 Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\BMfb521207.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMfb521207.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Ja en ny log fra Hijackthis tak :)

Den var her ;)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:36, on 29-12-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Dell Network Assistant\hnm_svc.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Programmer\MarkAny\ContentSafer\MAAgent.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\NCH Swift Sound\VRS\vrs.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Peter\Dokumenter\Hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=1070113
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C894522F-CB1C-4A3F-8D2B-A61CAA99031F} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e15cafe7-05b4-4f2f-89c3-1e788a945b2a} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EB338DB6-EC2C-456B-B5AD-ED97FB489684} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmer\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [wogomayoba] Rundll32.exe "C:\WINDOWS\system32\nehafote.dll",s (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://psoendergaard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://psoendergaard.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://blanketlageret.aarhuskommune.dk/digsig/capicom/capicom.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://danid.dk/csp/authenticode/digitalsignatur-csp.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\system32\zefugabe.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: awtsQICR - awtsQICR.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop-administrator 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programmer\Dell Network Assistant\hnm_svc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Programmer\NCH Swift Sound\VRS\vrs.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13657 bytes

Fix:
O2 - BHO: (no name) - {C894522F-CB1C-4A3F-8D2B-A61CAA99031F} - (no file)
O2 - BHO: (no name) - {e15cafe7-05b4-4f2f-89c3-1e788a945b2a} - (no file)

Genstart pc og ny log.

Ny Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:03, on 29-12-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Dell Network Assistant\hnm_svc.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\NCH Swift Sound\VRS\vrs.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\MarkAny\ContentSafer\MAAgent.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Dell Network Assistant\ezi_hnm2.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Peter\Dokumenter\Hijackthis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=1070113
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EB338DB6-EC2C-456B-B5AD-ED97FB489684} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmer\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Programmer\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmer\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [wogomayoba] Rundll32.exe "C:\WINDOWS\system32\nehafote.dll",s (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://psoendergaard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://psoendergaard.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://blanketlageret.aarhuskommune.dk/digsig/capicom/capicom.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://danid.dk/csp/authenticode/digitalsignatur-csp.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\system32\zefugabe.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: awtsQICR - awtsQICR.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmer\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop-administrator 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programmer\Dell Network Assistant\hnm_svc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Programmer\NCH Swift Sound\VRS\vrs.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13446 bytes

Jeg kan lige så godt være ærlig og sige at jeg tror du har noget snavs der er en smule svært at komme af med, så jeg har bedt en ekspert om bistand.

Det er disse 2 jeg ikke kan lide:
O2 - BHO: (no name) - {EB338DB6-EC2C-456B-B5AD-ED97FB489684} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

Som du nok kan se, fixede du 2 stk af disse O2 - BHO elementer, men nu er der bare 2 nye ...

Han plejer at svare hurtigt, så vi venter lige på han skriver.

Hent disse to værktøjer:

http://www.ctrlaltdel.dk/programmer/tklog.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

...og pak begge ud til dit Skrivebord. Dobbeltklik herefter på TKLog.bat. TDSSKiller vil køre og forsøge at rense din computer. Efter dette vil en log åbne sig - kopier venligst indholdet herind.

Derefter, genstart.

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Her er resultatet af TDSKiller - jeg genstarter

20:47:15:296 3224    TDSSKiller 2.1.1 Dec 20 2009 02:40:02
20:47:15:296 3224    ================================================================================
20:47:15:296 3224    SystemInfo:

20:47:15:296 3224    OS Version: 5.1.2600 ServicePack: 2.0
20:47:15:296 3224    Product type: Workstation
20:47:15:296 3224    ComputerName: THORKILD
20:47:15:296 3224    UserName: Peter
20:47:15:296 3224    Windows directory: C:\WINDOWS
20:47:15:296 3224    Processor architecture: Intel x86
20:47:15:296 3224    Number of processors: 2
20:47:15:296 3224    Page size: 0x1000
20:47:15:296 3224    Boot type: Normal boot
20:47:15:296 3224    ================================================================================
20:47:15:296 3224    ForceUnloadDriver: NtUnloadDriver error 2
20:47:15:296 3224    ForceUnloadDriver: NtUnloadDriver error 2
20:47:15:296 3224    ForceUnloadDriver: NtUnloadDriver error 2
20:47:15:312 3224    MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
20:47:15:312 3224    main: Driver KLMD successfully dropped
20:47:15:343 3224    main: Driver KLMD successfully loaded
20:47:15:343 3224   
Scanning    Registry ...
20:47:15:343 3224    ScanServices: Searching service UACd.sys
20:47:15:343 3224    ScanServices: Open/Create key error 2
20:47:15:343 3224    ScanServices: Searching service TDSSserv.sys
20:47:15:343 3224    ScanServices: Open/Create key error 2
20:47:15:343 3224    ScanServices: Searching service gaopdxserv.sys
20:47:15:343 3224    ScanServices: Open/Create key error 2
20:47:15:343 3224    ScanServices: Searching service gxvxcserv.sys
20:47:15:343 3224    ScanServices: Open/Create key error 2
20:47:15:343 3224    ScanServices: Searching service MSIVXserv.sys
20:47:15:343 3224    ScanServices: Open/Create key error 2
20:47:15:343 3224    UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
20:47:15:343 3224    UnhookRegistry: Kernel local addr: A90000
20:47:15:343 3224    UnhookRegistry: KeServiceDescriptorTable addr: B146E0
20:47:15:343 3224    UnhookRegistry: KiServiceTable addr: ABCA70
20:47:15:343 3224    UnhookRegistry: NtEnumerateKey service number (local): 47
20:47:15:343 3224    UnhookRegistry: NtEnumerateKey local addr: BDBB12
20:47:15:343 3224    KLMD_OpenDevice: Trying to open KLMD device
20:47:15:343 3224    KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
20:47:15:343 3224    KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
20:47:15:343 3224    KLMD_ReadMem: Trying to ReadMemory 0x804FF909[0x4]
20:47:15:343 3224    UnhookRegistry: NtEnumerateKey service number (kernel): 47
20:47:15:343 3224    KLMD_ReadMem: Trying to ReadMemory 0x80503B8C[0x4]
20:47:15:343 3224    UnhookRegistry: NtEnumerateKey real addr: 80622B12
20:47:15:343 3224    UnhookRegistry: NtEnumerateKey calc addr: 80622B12
20:47:15:343 3224    UnhookRegistry: No SDT hooks found on NtEnumerateKey
20:47:15:343 3224    KLMD_ReadMem: Trying to ReadMemory 0x80622B12[0xA]
20:47:15:343 3224    UnhookRegistry: No splicing found on NtEnumerateKey
20:47:15:343 3224   
Scanning    Kernel memory ...
20:47:15:343 3224    KLMD_OpenDevice: Trying to open KLMD device
20:47:15:343 3224    KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
20:47:15:343 3224    KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
20:47:15:343 3224    DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86B19A08
20:47:15:343 3224    DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects
20:47:15:343 3224    DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86B14C68
20:47:15:343 3224    KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B14C68
20:47:15:343 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B14C68[0x38]
20:47:15:343 3224    DetectCureTDL3: DRIVER_OBJECT addr: 86B19A08
20:47:15:343 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B19A08[0xA8]
20:47:15:343 3224    KLMD_ReadMem: Trying to ReadMemory 0xE15F8430[0x208]
20:47:15:343 3224    DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:47:15:343 3224    DetectCureTDL3: IrpHandler (0) addr: F7643C30
20:47:15:343 3224    DetectCureTDL3: IrpHandler (1) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (2) addr: F7643C30
20:47:15:343 3224    DetectCureTDL3: IrpHandler (3) addr: F763DD9B
20:47:15:343 3224    DetectCureTDL3: IrpHandler (4) addr: F763DD9B
20:47:15:343 3224    DetectCureTDL3: IrpHandler (5) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (6) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (7) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (8) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (9) addr: F763E366
20:47:15:343 3224    DetectCureTDL3: IrpHandler (10) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (11) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (12) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (13) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (14) addr: F763E44D
20:47:15:343 3224    DetectCureTDL3: IrpHandler (15) addr: F7641FC3
20:47:15:343 3224    DetectCureTDL3: IrpHandler (16) addr: F763E366
20:47:15:343 3224    DetectCureTDL3: IrpHandler (17) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (18) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (19) addr: 804F4536
20:47:15:343 3224    DetectCureTDL3: IrpHandler (20) addr: 804F4536
20:47:15:359 3224    DetectCureTDL3: IrpHandler (21) addr: 804F4536
20:47:15:359 3224    DetectCureTDL3: IrpHandler (22) addr: F763FEF3
20:47:15:359 3224    DetectCureTDL3: IrpHandler (23) addr: F7644A24
20:47:15:359 3224    DetectCureTDL3: IrpHandler (24) addr: 804F4536
20:47:15:359 3224    DetectCureTDL3: IrpHandler (25) addr: 804F4536
20:47:15:359 3224    DetectCureTDL3: IrpHandler (26) addr: 804F4536
20:47:15:359 3224    KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:47:15:359 3224    KLMD_ReadMem: DeviceIoControl error 1
20:47:15:359 3224    TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:47:15:359 3224    TDL3_FileDetect: Processing driver: Disk
20:47:15:359 3224    TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
20:47:15:359 3224    TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:47:15:359 3224    KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:47:15:375 3224    DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 86B7CC68
20:47:15:375 3224    KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B7CC68
20:47:15:375 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B7CC68[0x38]
20:47:15:375 3224    DetectCureTDL3: DRIVER_OBJECT addr: 86B19A08
20:47:15:375 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B19A08[0xA8]
20:47:15:375 3224    KLMD_ReadMem: Trying to ReadMemory 0xE15F8430[0x208]
20:47:15:375 3224    DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:47:15:375 3224    DetectCureTDL3: IrpHandler (0) addr: F7643C30
20:47:15:375 3224    DetectCureTDL3: IrpHandler (1) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (2) addr: F7643C30
20:47:15:375 3224    DetectCureTDL3: IrpHandler (3) addr: F763DD9B
20:47:15:375 3224    DetectCureTDL3: IrpHandler (4) addr: F763DD9B
20:47:15:375 3224    DetectCureTDL3: IrpHandler (5) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (6) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (7) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (8) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (9) addr: F763E366
20:47:15:375 3224    DetectCureTDL3: IrpHandler (10) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (11) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (12) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (13) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (14) addr: F763E44D
20:47:15:375 3224    DetectCureTDL3: IrpHandler (15) addr: F7641FC3
20:47:15:375 3224    DetectCureTDL3: IrpHandler (16) addr: F763E366
20:47:15:375 3224    DetectCureTDL3: IrpHandler (17) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (18) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (19) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (20) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (21) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (22) addr: F763FEF3
20:47:15:375 3224    DetectCureTDL3: IrpHandler (23) addr: F7644A24
20:47:15:375 3224    DetectCureTDL3: IrpHandler (24) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (25) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (26) addr: 804F4536
20:47:15:375 3224    KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:47:15:375 3224    KLMD_ReadMem: DeviceIoControl error 1
20:47:15:375 3224    TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:47:15:375 3224    TDL3_FileDetect: Processing driver: Disk
20:47:15:375 3224    TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
20:47:15:375 3224    TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:47:15:375 3224    KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:47:15:375 3224    DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 86B67C68
20:47:15:375 3224    KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B67C68
20:47:15:375 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B67C68[0x38]
20:47:15:375 3224    DetectCureTDL3: DRIVER_OBJECT addr: 86B19A08
20:47:15:375 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B19A08[0xA8]
20:47:15:375 3224    KLMD_ReadMem: Trying to ReadMemory 0xE15F8430[0x208]
20:47:15:375 3224    DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:47:15:375 3224    DetectCureTDL3: IrpHandler (0) addr: F7643C30
20:47:15:375 3224    DetectCureTDL3: IrpHandler (1) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (2) addr: F7643C30
20:47:15:375 3224    DetectCureTDL3: IrpHandler (3) addr: F763DD9B
20:47:15:375 3224    DetectCureTDL3: IrpHandler (4) addr: F763DD9B
20:47:15:375 3224    DetectCureTDL3: IrpHandler (5) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (6) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (7) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (8) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (9) addr: F763E366
20:47:15:375 3224    DetectCureTDL3: IrpHandler (10) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (11) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (12) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (13) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (14) addr: F763E44D
20:47:15:375 3224    DetectCureTDL3: IrpHandler (15) addr: F7641FC3
20:47:15:375 3224    DetectCureTDL3: IrpHandler (16) addr: F763E366
20:47:15:375 3224    DetectCureTDL3: IrpHandler (17) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (18) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (19) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (20) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (21) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (22) addr: F763FEF3
20:47:15:375 3224    DetectCureTDL3: IrpHandler (23) addr: F7644A24
20:47:15:375 3224    DetectCureTDL3: IrpHandler (24) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (25) addr: 804F4536
20:47:15:375 3224    DetectCureTDL3: IrpHandler (26) addr: 804F4536
20:47:15:375 3224    KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:47:15:375 3224    KLMD_ReadMem: DeviceIoControl error 1
20:47:15:375 3224    TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:47:15:375 3224    TDL3_FileDetect: Processing driver: Disk
20:47:15:375 3224    TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
20:47:15:375 3224    TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:47:15:375 3224    KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:47:15:375 3224    DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 86B15C68
20:47:15:375 3224    KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B15C68
20:47:15:375 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B15C68[0x38]
20:47:15:375 3224    DetectCureTDL3: DRIVER_OBJECT addr: 86B19A08
20:47:15:390 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B19A08[0xA8]
20:47:15:390 3224    KLMD_ReadMem: Trying to ReadMemory 0xE15F8430[0x208]
20:47:15:390 3224    DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:47:15:390 3224    DetectCureTDL3: IrpHandler (0) addr: F7643C30
20:47:15:390 3224    DetectCureTDL3: IrpHandler (1) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (2) addr: F7643C30
20:47:15:390 3224    DetectCureTDL3: IrpHandler (3) addr: F763DD9B
20:47:15:390 3224    DetectCureTDL3: IrpHandler (4) addr: F763DD9B
20:47:15:390 3224    DetectCureTDL3: IrpHandler (5) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (6) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (7) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (8) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (9) addr: F763E366
20:47:15:390 3224    DetectCureTDL3: IrpHandler (10) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (11) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (12) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (13) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (14) addr: F763E44D
20:47:15:390 3224    DetectCureTDL3: IrpHandler (15) addr: F7641FC3
20:47:15:390 3224    DetectCureTDL3: IrpHandler (16) addr: F763E366
20:47:15:390 3224    DetectCureTDL3: IrpHandler (17) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (18) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (19) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (20) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (21) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (22) addr: F763FEF3
20:47:15:390 3224    DetectCureTDL3: IrpHandler (23) addr: F7644A24
20:47:15:390 3224    DetectCureTDL3: IrpHandler (24) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (25) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (26) addr: 804F4536
20:47:15:390 3224    KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:47:15:390 3224    KLMD_ReadMem: DeviceIoControl error 1
20:47:15:390 3224    TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:47:15:390 3224    TDL3_FileDetect: Processing driver: Disk
20:47:15:390 3224    TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
20:47:15:390 3224    TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:47:15:390 3224    KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:47:15:390 3224    DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86B7EAB8
20:47:15:390 3224    KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B7EAB8
20:47:15:390 3224    DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86BE1590
20:47:15:390 3224    KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BE1590
20:47:15:390 3224    DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86B1AD98
20:47:15:390 3224    KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B1AD98
20:47:15:390 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B1AD98[0x38]
20:47:15:390 3224    DetectCureTDL3: DRIVER_OBJECT addr: 86B83548
20:47:15:390 3224    KLMD_ReadMem: Trying to ReadMemory 0x86B83548[0xA8]
20:47:15:390 3224    KLMD_ReadMem: Trying to ReadMemory 0xE15F2290[0x208]
20:47:15:390 3224    DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
20:47:15:390 3224    DetectCureTDL3: IrpHandler (0) addr: F746A572
20:47:15:390 3224    DetectCureTDL3: IrpHandler (1) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (2) addr: F746A572
20:47:15:390 3224    DetectCureTDL3: IrpHandler (3) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (4) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (5) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (6) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (7) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (8) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (9) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (10) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (11) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (12) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (13) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (14) addr: F746A592
20:47:15:390 3224    DetectCureTDL3: IrpHandler (15) addr: F74667B4
20:47:15:390 3224    DetectCureTDL3: IrpHandler (16) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (17) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (18) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (19) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (20) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (21) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (22) addr: F746A5BC
20:47:15:390 3224    DetectCureTDL3: IrpHandler (23) addr: F7471164
20:47:15:390 3224    DetectCureTDL3: IrpHandler (24) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (25) addr: 804F4536
20:47:15:390 3224    DetectCureTDL3: IrpHandler (26) addr: 804F4536
20:47:15:390 3224    KLMD_ReadMem: Trying to ReadMemory 0xF74677C6[0x400]
20:47:15:390 3224    TDL3_StartIoHookDetect: CheckParameters: 0, 0, 229, 0
20:47:15:390 3224    TDL3_FileDetect: Processing driver: atapi
20:47:15:390 3224    TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
20:47:15:390 3224    TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
20:47:15:390 3224    KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
20:47:15:421 3224   
Completed

Results:
20:47:15:421 3224    Infected objects in memory:            0
20:47:15:421 3224    Cured objects in memory:            0
20:47:15:421 3224    Infected objects on disk:            0
20:47:15:421 3224    Objects on disk cured on reboot:        0
20:47:15:421 3224    Objects on disk deleted on reboot:        0
20:47:15:421 3224    Registry nodes deleted on reboot:        0
20:47:15:421 3224

Jeg har prøvet at køre ComboFix, men den er ikke helt tilfreds med AVG 8.5, som jeg så prøvede at Uninstall, men AVG'en ville ikke tillade det og skrev følgende:

Local machine: installation failed
    Installation:
        Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
            Error 0x80070005


Kan jeg deaktivere AVG'en på anden vis eller skal jeg bare fortsætte ComboFix?

Bare fortsæt med Combofix.

her er loggen:

ComboFix 09-12-29.03 - Peter 29-12-2009  21:28:37.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.45.1030.18.1014.524 [GMT 1:00]
Kører fra: c:\documents and settings\Peter\Dokumenter\ComboFix\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Peter\Dokumenter\ComboFix\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Peter\Dokumenter\ZbThumbnail.info
c:\documents and settings\Peter\err.log
c:\recycler\S-1-5-21-3700140029-1607107440-2838627548-1006
c:\windows\system32\muzapp.exe
c:\windows\system32\pqsdwckj.ini
c:\windows\system32\pVCbLRqr.ini
c:\windows\system32\pVCbLRqr.ini2
c:\windows\system32\wwltojsa.ini
c:\windows\Tasks\gfqyxakk.job

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-11-28 til 2009-12-29  )))))))))))))))))))))))))))))))))))
.

2009-12-29 08:14 . 2009-12-29 08:14    --------    d-----w-    c:\documents and settings\Peter\Application Data\Malwarebytes
2009-12-29 08:14 . 2009-12-03 15:14    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 08:14 . 2009-12-29 08:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 08:14 . 2009-12-29 08:14    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-12-29 08:14 . 2009-12-03 15:13    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-28 18:24 . 2009-12-28 18:24    --------    d-----w-    c:\programmer\CCleaner
2009-12-28 17:11 . 2009-12-28 17:11    --------    d-----w-    c:\documents and settings\Peter\Lokale indstillinger\Application Data\Threat Expert
2009-12-07 18:27 . 2009-12-07 18:27    --------    d-----w-    c:\windows\system32\outlook contact
2009-12-07 18:27 . 2009-12-07 18:27    --------    d-----w-    c:\windows\system32\outlook calendar

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 20:36 . 2007-01-13 15:31    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2009-12-29 20:10 . 2008-05-14 08:28    --------    d-----w-    c:\documents and settings\All Users\Application Data\avg8
2009-12-29 19:55 . 2004-09-16 16:38    75230    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-29 19:55 . 2004-09-16 16:38    420176    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-28 12:07 . 2008-09-25 07:52    --------    d-----w-    c:\programmer\Windows Live Safety Center
2009-12-19 16:01 . 2009-11-24 20:19    79488    ----a-w-    c:\documents and settings\Peter\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-19 16:00 . 2009-11-20 14:45    --------    d-----w-    c:\documents and settings\Peter\Application Data\HpUpdate
2009-12-12 15:45 . 2007-01-13 15:31    85576    ----a-w-    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-12-11 16:03 . 2007-07-30 02:02    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-08 20:36 . 2009-02-15 09:13    0    ----a-w-    c:\documents and settings\Peter\temp.dat
2009-12-07 17:46 . 2007-07-20 06:36    --------    d-----w-    c:\documents and settings\Peter\Application Data\ZoomBrowser EX
2009-12-07 17:45 . 2007-02-24 11:20    --------    d-----w-    c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-12-01 18:14 . 2009-12-01 18:14    --------    d-----w-    c:\windows\Fonts\Signa
2009-11-20 14:45 . 2008-12-02 16:55    --------    d-----w-    c:\programmer\HP
2009-11-06 17:06 . 2009-06-09 18:19    --------    d-----w-    c:\documents and settings\Peter\Application Data\ICAClient
2009-11-06 17:04 . 2009-06-09 18:18    --------    d-----w-    c:\programmer\Citrix
2009-10-22 16:49 . 2009-10-22 16:48    5519752    ----a-w-    c:\documents and settings\Peter\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
2007-04-14 00:44 . 2007-02-06 17:28    88    --sh--r-    c:\windows\system32\C17E5A90FA.sys
2007-11-01 13:36 . 2007-02-06 17:04    3610    --sha-w-    c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-27 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"HP Software Update"="c:\programmer\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SMSTray"="c:\programmer\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\programmer\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-27 15360]
"msnmsgr"="c:\programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\Peter\Menuen Start\Programmer\Start\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-1-13 7168]
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\programmer\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-25 21:42    11952    ----a-w-    c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BTTray.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wogomayoba

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 09:09    63712    ----a-w-    c:\programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16    39792    ----a-w-    c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-14 05:14    2043160    ----a-w-    c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00    299008    ------w-    c:\programmer\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-03 18:51    1032192    ----a-w-    c:\programmer\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 05:20    122940    ----a-w-    c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-22 08:30    29744    ----a-w-    c:\programmer\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00    33648    ----a-w-    c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-13 09:41    77824    ----a-w-    c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-13 09:45    118784    ----a-w-    c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-13 09:44    98304    ----a-w-    c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50    221184    ----a-w-    c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 16:50    81920    ----a-w-    c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 08:36    267048    ----a-w-    c:\programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 02:24    20480    ------w-    c:\programmer\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2006-08-22 15:32    184320    ------w-    c:\programmer\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37    413696    ----a-w-    c:\programmer\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 23:30    282624    ----a-w-    c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-28 02:09    68856    ----a-w-    c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 18:48    761947    ----a-w-    c:\programmer\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
2008-04-07 17:39    610308    ----a-w-    c:\programmer\NCH Swift Sound\VRS\vrs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\LimeWire\\LimeWire.exe"=
"c:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmer\\MSN Messenger\\livecall.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\SopCast\\SopCast.exe"=
"c:\\Programmer\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmer\\TVAnts\\Tvants.exe"=
"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05-07-2008 21:52 335240]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31-01-2009 20:33 297752]
R2 VRSService;VRS Recording System;c:\programmer\NCH Swift Sound\VRS\vrs.exe [07-04-2008 18:39 610308]
S3 GoogleDesktopManager-061008-081103;Google Desktop-administrator 5.7.806.10245;c:\programmer\Google\Google Desktop Search\GoogleDesktop.exe [13-01-2007 16:28 29744]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [29-12-2009 09:14 38224]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [06-02-2007 22:02 178913]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [06-02-2007 11:41 15576]
.
Indhold af mappen 'Planlagte Opgaver'

2009-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-12-29 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-12-29 c:\windows\Tasks\User_Feed_Synchronization-{621F615D-5C17-4766-8E9B-796E2CB9636C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://danid.dk/csp/authenticode/digitalsignatur-csp.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{EB338DB6-EC2C-456B-B5AD-ED97FB489684} - (no file)
ShellExecuteHooks-{EB338DB6-EC2C-456B-B5AD-ED97FB489684} - (no file)
Notify-awtsQICR - awtsQICR.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 21:35
Windows 5.1.2600 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(2740)
c:\programmer\MarkAny\ContentSafer\MaCSProHook.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Intel\Wireless\Bin\EvtEng.exe
c:\programmer\Intel\Wireless\Bin\S24EvMon.exe
c:\programmer\Intel\Wireless\Bin\WLKeeper.exe
c:\programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmer\Dell Network Assistant\hnm_svc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\programmer\Canon\CAL\CALMAIN.exe
c:\programmer\Dell Network Assistant\ezi_hnm2.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\programmer\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Gennemført tid: 2009-12-29  21:41:44 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-12-29 20:41

Pre-Kørsel: 48.054.988.800 byte ledig
Post-Kørsel: 49.413.840.896 byte ledig

- - End Of File - - 2C5C625BF0CA91DB2A52A07E304663F2

Det ser godt ud.

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
c:\Programmer\LimeWire

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Jeg vil anbefale at droppe AVG, den er ikke et skud hagl værd mere, desværre.
Hent installationsfilen til Avast:
http://files.avast.com/iavs4pro/setupdan.exe
Hent dette værktøj:
http://www.avg.com/download-tools
Hent Ccleaner her:(Hvis du har den, behøver du ikke hente en ny)
http://www.ccleaner.com/download/builds/downloading-slim
Installer Ccleaner, det skal ikke køres endnu.

Afbryd netforbindelsen, kør værktøjet fra AVG, genstart.
Start Ccleaner, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.

Installer Avast, tilslut nettet, så programmet kan opdatere.

Download og installer Servicepack 3:
http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4

Så er jeg igennem den omgang. Dog skete der ikke så meget da jeg kørte ComboFix i starten ifm Limewire - den skrev noget i retning af Nægtet adgang og der kom aldrig nogen log. Men ellers er det kørt glat igennem.

Er der andet jeg skal foretage mig?

Klik på Start->Kør og kopier dette ind:
combofix /uninstall
Klik på OK.
De andre værktøjer, kan du afinstallere i Tilføj/Fjern programmer.

Jeg siger mange tak for hjælpen

Velbekomme, tak for point.