Hjælp til at fjerne virus

Udfør: http://www.eksperten.dk/guide/1232

Har du kigget disse sider igennem:
http://www.google.dk/#q=remove+TR/sirefef.bp.1&hl=da&prmd=imvns&ei=mUVNT53YBMbLtAaI_5GGDw&start=10&sa=N&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=60bb70710f0292d9&biw=1920&bih=1082

Tak for svar. Jeg går igang med processen og vender tilbage.

Jeg har set de anbefalede sider, men de ender alle op med at anbefale/sælge spyhunter eller spydoctor, der ligesom Avira ikke har kunnet få bugt med virussen.

det du har fået lyder MEGET som en RAT fil, jeg bruger malwarebytes til rat filer, det kan absolut anbefales :)

Velkommen til E. ...

Win98, ME, W2000, XP, Vista, Win7 ?

.... eller SYSTEMGENDANNELSE til FØR dette ### program ?

Geninstallere styresystemet.

#6 Det var dog et dramatisk forslag!!!

Tak igen for svar. Jeg kører Vista og vil naturligvis helst undgå at slette styresystemet.

Jeg har kørt Malwarebytes to gange siden jeg fik problemet så hvis det er en RAT fil kan den ihvertfald ikke fjernes på den måde.

Her er de logs der bedes om i manualen:

Malwarebytes (1.kørsel):
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.27.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jonas :: JONAS-PC [administrator]

27-02-2012 21:58:00
mbam-log-2012-02-27 (21-58-00).txt

Skanningstype: Fuldstændig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 398326
Tid gået: 2 time(e), 23 minut(ter), 18 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 1
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Sat i karantæne og slettet succesfuldt.

Inficerede Filer: 9
C:\Users\Jonas\AppData\Local\dee03e92\X (Rootkit.0Access) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Jonas\AppData\Local\Temp\jag193307.exe (Trojan.Downloader.bh) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Jonas\AppData\Local\Temp\fsa615320.exe (Trojan.Downloader.bh) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Jonas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\3d93e15c-19f05170 (Trojan.Downloader.bh) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Bliver slettet ved genstart.
C:\Users\Jonas\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Sat i karantæne og slettet succesfuldt.

(færdig)


Malwarebytes (2. kørsel):

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.28.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jonas :: JONAS-PC [administrator]

28-02-2012 22:58:14
mbam-log-2012-02-28 (22-58-14).txt

Skanningstype: Fuldstændig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 398180
Tid gået: 3 time(e), 10 minut(ter), 39 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)

(færdig)



Combofix log:
ComboFix 12-02-27.02 - Jonas 01-03-2012  18:21:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3582.2448 [GMT 1:00]
Kører fra: c:\users\Jonas\Desktop\Vir\ComboFix.exe
Kommandoer benyttet :: c:\users\Jonas\Desktop\Vir\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0406.exe
.
c:\windows\system32\drivers\netbt.sys was missing
Genskabt kopi fra - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-02-01 til 2012-03-01  )))))))))))))))))))))))))))))))))))
.
.
2012-03-01 17:29 . 2012-03-01 17:31    --------    d-----w-    c:\users\Jonas\AppData\Local\temp
2012-02-28 14:56 . 2010-02-02 09:13    59664    --s-a-w-    c:\windows\system32\drivers\TfSysMon.sys
2012-02-28 14:56 . 2010-02-02 09:13    51984    --s-a-w-    c:\windows\system32\drivers\TfFsMon.sys
2012-02-28 14:56 . 2010-02-02 09:13    33552    --s---w-    c:\windows\system32\drivers\TfNetMon.sys
2012-02-28 14:53 . 2012-02-29 07:34    --------    d-----w-    c:\program files\Spyware Doctor
2012-02-28 14:53 . 2012-02-29 07:31    --------    d-----w-    c:\programdata\PC Tools
2012-02-28 14:51 . 2012-02-28 14:53    --------    d-----w-    c:\users\Jonas\AppData\Roaming\GetRightToGo
2012-02-27 20:56 . 2012-02-27 20:56    --------    d-----w-    c:\users\Jonas\AppData\Roaming\Malwarebytes
2012-02-27 20:56 . 2012-02-27 20:56    --------    d-----w-    c:\programdata\Malwarebytes
2012-02-27 20:56 . 2012-02-28 21:55    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2012-02-27 20:56 . 2011-12-10 14:24    20464    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-02-27 20:09 . 2012-02-27 20:09    --------    d-sh--w-    c:\windows\system32\%APPDATA%
2012-02-27 20:03 . 2012-02-29 07:49    --------    d-----w-    C:\sh4ldr
2012-02-27 20:03 . 2012-02-27 20:03    --------    d-----w-    c:\program files\Enigma Software Group
2012-02-27 20:02 . 2012-02-29 07:49    --------    d-----w-    c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-27 20:02 . 2012-02-27 20:02    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2012-02-27 19:38 . 2012-02-27 20:40    0    --sha-w-    c:\windows\system32\dds_log_trash.cmd
2012-02-27 19:14 . 2012-02-28 07:04    --------    d-sh--w-    c:\users\Jonas\AppData\Local\dee03e92
2012-02-24 08:28 . 2012-02-08 06:03    6552120    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{2684FDA3-D14E-4687-94A7-8CD5A3CB35A5}\mpengine.dll
2012-02-14 22:38 . 2012-01-12 19:52    2044416    ----a-w-    c:\windows\system32\win32k.sys
2012-02-14 22:38 . 2011-12-14 16:17    680448    ----a-w-    c:\windows\system32\msvcrt.dll
2012-02-14 22:37 . 2011-12-20 10:56    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
2012-02-06 22:59 . 2012-02-28 07:18    --------    d-----r-    c:\users\Jonas\Dropbox
2012-02-06 22:55 . 2012-02-29 08:06    --------    d-----w-    c:\users\Jonas\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2009-10-03 07:15    237072    ------w-    c:\windows\system32\MpSigStub.exe
2012-02-28 21:08 . 2011-05-01 11:15    134104    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6295552]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper    REG_MULTI_SZ      getPlusHelper
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
nosGetPlusHelper    REG_MULTI_SZ      nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
backupexecdevicemediaservice
sscdserd
mxssvr
autocomplete
F700iat
utilman
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 09:22]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 09:22]
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{67036A47-4B91-427A-A068-351E5874E035}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\p6ba2vd4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ruc.dk/ruc/
.
- - - - TOMME GENVEJE FJERNET - - - -
.
AddRemove-Arcade Pool II - c:\team17\Arcade Pool II\Uninst.isu
AddRemove-Championship Manager 01-02 - c:\windows\IsUn0406.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-01 18:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'Explorer.exe'(2980)
c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Gennemført tid: 2012-03-01  18:38:10 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2012-03-01 17:38
.
Pre-Kørsel: 69.251.710.976 byte ledig
Post-Kørsel: 69.176.692.736 byte ledig
.
- - End Of File - - 459DF7FFD8BCB9FB6174F37C5B4B0044



Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:51:59, on 01-03-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jonas\Desktop\Vir\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: Dropbox.lnk = C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{67036A47-4B91-427A-A068-351E5874E035}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BFE - Unknown owner - C:\Windows\.
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MpsSvc - Unknown owner - C:\Windows\.
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (file missing)

--
End of file - 7466 bytes

Hov. En pudsig udvikling er at både google og mit sikkerhedscenter nu fungerer efter proceduren er færdiggjort.

Windows firewall vil dog ikke aktiveres eller opdateres.

Jeg vil derfor stadig sætte stor pris på en analyse af ovenstående med svar på følgende.

Er min PC ren?

Kan det tænkes at ovenstående scanninger har fjernet virussen? I så fald: Hvorfor dur firewall ikke mere?

Hmmm... Synes ikke at kunne finde [Avira] i loggen ? (Eller er mine øjne søvnige?)

---

Under alle omstændigheder - afinstall
* Google bla bla bla
* Bonjour tjeneste (Bonjour Service)

---

Opdatér din AcrobatReader ->
http://get.adobe.com/dk/reader/  (FRAKlik det der Google halløj!!!!)

--

Kør en scanning med Hijackthis, Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)

O23 - Service: BFE - Unknown owner - C:\Windows\.
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (file missing)

Genstart normalt...

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

karise_larry. Kanon side du har der www.ballade.dk
Tommelfinger op!

Pssst: Nu er det ikke 'min' side... men synes nu den er pænt sød *S* ...

Jeg har nu gjort som anbefalet.

Computeren kører fint (som den plejede før virus) men der er stadig et problem med windows firewall der hverken vil opdateres eller slås til (har også prøvet manuelt).

Er det noget jeg bør være bekymret over?
og har du/I nogen tips til at få den slået til igen?

Det er iøvrigt korrekt at jeg har fjernet avira. Det skyldes at combofix blev ved med at kollidere med Avira.

PS: Der kommer en forklaring om at windows ikke kan starte tjenesten MpsSvc når jeg forsøger at starte firewall manuelt.

http://support.microsoft.com/fixit/

Tryk "Populære løsninger", Find side 2, og tryk Kør Nu ved "Diagnosticer og løs problemer med tjenesten Windows Firewall automatisk"

Det virker desværre ikke. Firewall vil stadig ikke starte.

Gad vide om det reparerer BFE ?

Fik ikke opdateret, men det gør det så nok ikke *S*

Jeg er ikke sikker på om ZeroAccess er væk, så hent og kør DDS

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af begge  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet.

Mht.: Vista og Windows 7 - højreklik på filen - Kør som Administrator.

OK så har jeg kørt dds. Resultat:

DDS-Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_24
Run by Jonas at 14:34:06 on 2012-03-03
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3582.2331 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conime.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [toolbar_eula_launcher] c:\program files\packard bell\google_eula\EULALauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NotebookHardwareControl] "c:\program files\notebook hardware control\nhc.exe" -quiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jonas\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jonas\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\jonas\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Google Sidewiki ... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{67036A47-4B91-427A-A068-351E5874E035} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{67036A47-4B91-427A-A068-351E5874E035} : DhcpNameServer = 87.72.130.2 87.72.22.66
TCP: Interfaces\{6BEF0136-57C2-403A-9D99-C292C7A409BB} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jonas\appdata\roaming\mozilla\firefox\profiles\p6ba2vd4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ruc.dk/ruc/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-2-28 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-2-28 59664]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2010-11-18 3033712]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-8-6 85136]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-8-6 489984]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-2-25 22072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-8-6 337920]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-2-28 33552]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2011-8-2 42496]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;Support til WSD-udskrivning via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S4 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2012-03-03 13:12:24    --------    d-----w-    c:\users\jonas\appdata\local\ElevatedDiagnostics
2012-03-03 00:55:01    56200    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{c48d6ca8-8dac-4cab-acff-8354ea675853}\offreg.dll
2012-03-02 16:52:53    6552120    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{c48d6ca8-8dac-4cab-acff-8354ea675853}\mpengine.dll
2012-03-02 16:51:56    --------    d-----w-    c:\programdata\McAfee Security Scan
2012-03-02 16:51:54    --------    d-----w-    c:\program files\McAfee Security Scan
2012-03-01 17:47:09    388096    ----a-r-    c:\users\jonas\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-01 17:38:13    --------    d-----w-    c:\users\jonas\appdata\local\temp
2012-03-01 17:37:25    --------    d-sh--w-    C:\$RECYCLE.BIN
2012-03-01 17:28:56    184320    ----a-w-    c:\windows\system32\drivers\netbt.sys
2012-03-01 17:18:21    --------    d-----w-    C:\ComboFix
2012-02-29 07:50:10    98816    ----a-w-    c:\windows\sed.exe
2012-02-29 07:50:10    518144    ----a-w-    c:\windows\SWREG.exe
2012-02-29 07:50:10    256000    ----a-w-    c:\windows\PEV.exe
2012-02-29 07:50:10    208896    ----a-w-    c:\windows\MBR.exe
2012-02-28 14:56:05    59664    --s-a-w-    c:\windows\system32\drivers\TfSysMon.sys
2012-02-28 14:56:05    51984    --s-a-w-    c:\windows\system32\drivers\TfFsMon.sys
2012-02-28 14:56:05    33552    --s---w-    c:\windows\system32\drivers\TfNetMon.sys
2012-02-28 14:53:38    --------    d-----w-    c:\programdata\PC Tools
2012-02-28 14:53:38    --------    d-----w-    c:\program files\Spyware Doctor
2012-02-28 14:51:47    --------    d-----w-    c:\users\jonas\appdata\roaming\GetRightToGo
2012-02-27 20:56:21    --------    d-----w-    c:\users\jonas\appdata\roaming\Malwarebytes
2012-02-27 20:56:11    --------    d-----w-    c:\programdata\Malwarebytes
2012-02-27 20:56:09    20464    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-02-27 20:56:09    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2012-02-27 20:09:27    --------    d-sh--w-    c:\windows\system32\%APPDATA%
2012-02-27 20:03:29    --------    d-----w-    C:\sh4ldr
2012-02-27 20:03:29    --------    d-----w-    c:\program files\Enigma Software Group
2012-02-27 20:02:46    --------    d-----w-    c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-27 20:02:44    --------    d-----w-    c:\program files\common files\Wise Installation Wizard
2012-02-27 19:38:02    0    --sha-w-    c:\windows\system32\dds_log_trash.cmd
2012-02-27 19:14:44    --------    d-sh--w-    c:\users\jonas\appdata\local\dee03e92
2012-02-14 22:38:24    2044416    ----a-w-    c:\windows\system32\win32k.sys
2012-02-14 22:38:21    680448    ----a-w-    c:\windows\system32\msvcrt.dll
2012-02-14 22:37:43    2409784    ----a-w-    c:\program files\windows mail\OESpamFilter.dat
2012-02-06 22:59:54    --------    d-----r-    c:\users\jonas\Dropbox
2012-02-06 22:55:38    --------    d-----w-    c:\users\jonas\appdata\roaming\Dropbox
.
==================== Find3M  ====================
.
2012-01-29 04:10:42    237072    ------w-    c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54    1798656    ----a-w-    c:\windows\system32\jscript9.dll
2011-12-14 02:57:18    1127424    ----a-w-    c:\windows\system32\wininet.dll
2011-12-14 02:56:58    1427456    ----a-w-    c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
.
============= FINISH: 14:34:34,66 ===============


Attach-log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07-12-2008 11:46:26
System Uptime: 03-03-2012 12:15:38 (2 hours ago)
.
Motherboard: Packard Bell BV        |  | PF1M
Processor: AMD Athlon(tm) X2 Dual-Core QL-60 | Socket S1G2 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 61,165 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 132,105 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4-netværkskort
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4-netværkskort #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4-netværkskort
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: Microsoft 6to4-netværkskort #4
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport-netværkskort
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
AC3Filter 1.61b
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6
Adobe Photoshop Elements 6.0
Adobe Reader 8
Adobe Reader X (10.1.0) - Dansk
Adobe Shockwave Player 11.5
AirPort
AMD USB Audio Driver Filter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audacity 1.2.6
AUDIO DRIVER V6.0.1.5653
cardreader Driver V1.0.10.4
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Click to Call with Skype
ComicRack v0.9.130
Compatibility Pack for the 2007 Office system
CoreAAC Audio Decoder (remove only)
Cycling Manager 4
D-i-v-X AVI Codec Pack Pro 2.4.0
DivX Setup
DivX Version Checker
Drive 3 professional KatBS
Dropbox
Empty Temp Folders 2.8.3
Express Scribe
ffdshow v1.1.3886 [2011-06-19]
FIFA 06
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.9
GameCenter
getPlus(R) for Adobe
Google Earth
Google Update Helper
GrooveWalrus
GTA San Andreas
GUN (TM)
HDRegDK
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HPSSupply
iSkysoft DVD Ripper(Build 2.4.0.0)
ITECIR Driver
ITECIR Infrared Receiver V5.0.4.5
iTunes
Java Auto Updater
Java(TM) 6 Update 24
JMicron JMB38X Flash Media Controller
K-Lite Codec Pack 7.1.0 (Basic)
LADSPA_plugins-win-0.4.15
Last.fm 1.5.4.27091
LastFM Motorokr Screensaver
Let's Mix Editor
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DAN Language Pack
Microsoft .NET Framework 4 Client Profile DAN sprogpakke
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DAN Language Pack
Microsoft .NET Framework 4 Extended DAN sprogpakke
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
Microsoft XML Parser
MKV Player 2.0
Mozilla Firefox 10.0.2 (x86 da)
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Nokia Connectivity Cable Driver
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
OGA Notifier 2.0.0048.0
Opdatering til Microsoft Office Excel 2007 Help (KB963678)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669)
Opdatering til Microsoft Office Word 2007 Help (KB963665)
Pacemaker Editor
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
PC Connectivity Solution
PDFCreator
pdfsam
Pro Cycling Manager - Season 2009 1.0.3.3
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek RTL8102 Driver V6.203.214.2008
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
SetUp My PC
Shop for HP Supplies
Skins
Skype 3.6.2.248
Skype™ 5.5
Spelling Dictionaries Support For Adobe Reader 9
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
Startprogram til Microsoft Works 2003 Installation
Switch Sound File Converter
Synaptics Pointing Device Driver
Tilmeldingsassistent til Windows Live ID
TOUCHPAD DRIVER V10.0.1.0
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Veetle TV 0.9.18
VGA DRIVERS V8.479
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows-driverpakke - ITE Tech.Inc. (itecir) HIDClass  (10/03/2007 5.0.0004.5)
Windows-driverpakke - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Media Player Firefox Plugin
WinRAR arkivering
.
==== End Of File ===========================

Afinstaller McAfee Security Scan Plus.

------

Hent og gem aswMBR på dit Skrivebord.

Start aswMBR og klik på "Scan"

Når den er færdig med at scanne, klikker du på "SAVE LOG" og sender loggen herind.

------

Hent og kør Farbar Service Scanner på den "syge" PC.

Sæt flueben ved:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Klik på Scan.

Den laver en log (FSS.txt). Kopier den herind i dit næste indlæg.

f-arn man kan ikke sende interne beskeder til dig så fanger dig lige her. Har du set denne: http://www.eksperten.dk/spm/958181#reply_7912857 ?

Du får bare points i en ny tråd ;-)

OK her er så de næste logs:

Asw:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-03 16:54:26
-----------------------------
16:54:26.578    OS Version: Windows 6.0.6002 Service Pack 2
16:54:26.578    Number of processors: 2 586 0x301
16:54:26.579    ComputerName: JONAS-PC  UserName: Jonas
16:54:45.995    Initialize success
16:55:11.993    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:55:11.998    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
16:55:12.004    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
16:55:12.010    Disk 1 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
16:55:12.083    Disk 0 MBR read successfully
16:55:12.090    Disk 0 MBR scan
16:55:12.097    Disk 0 Windows VISTA default MBR code
16:55:12.144    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        12291 MB offset 63
16:55:12.175    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      292953 MB offset 25174016
16:55:12.223    Disk 0 scanning sectors +625141760
16:55:12.453    Disk 0 scanning C:\Windows\system32\drivers
16:55:36.149    Service scanning
16:55:55.989    Modules scanning
16:56:08.506    Disk 0 trace - called modules:
16:56:08.913    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll prosync1.sys ataport.SYS pciide.sys
16:56:08.925    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864b97d0]
16:56:08.937    3 CLASSPNP.SYS[8c1e08b3] -> nt!IofCallDriver -> [0x863884c0]
16:56:08.948    5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863705e0]
16:56:08.957    \Driver\atapi[0x862a82d0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0x8c15a661]
16:56:08.964    Scan finished successfully
16:58:28.621    Disk 0 MBR has been saved successfully to "C:\Users\Jonas\Desktop\Vir\MBR.dat"
16:58:28.633    The log file has been saved successfully to "C:\Users\Jonas\Desktop\Vir\aswMBR.txt"

--------------------------------------------------------

FSS:

Farbar Service Scanner Version: 01-03-2012
Ran by Jonas (administrator) on 03-03-2012 at 16:59:26
Running from "C:\Users\Jonas\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc: ".".
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: ".".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Hent og installer ERUNT: http://www.derfisch.de/lars/erunt-setup.exe

Start den og lad den lave en Backup af Registreringsdatabasen.

Du skal ikke la' den starte Automatisk !

------

Hent, gem og kør denne:
http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe

-----

Hent denne:
http://download.bleepingcomputer.com/win-services/vista/MpsSvc.reg

Start den, og klik ja til at flette.

Genstart.

-----

Kør Farbar Service Scanner igen, kopier loggen herind - og fortæl hvilke problemer du oplever.

Situationen er næsten uforandret. Windows vil stadig ikke starte firewall. Eneste forskel er at den ikke længere "snakker" om MpsSvc.

I tillæg fandt jeg ud af at windows heller ikke vil starte defender med besked om fejlmelding 0x800106ba. Dette behøver dog ikke at være nyt. Jeg er bare først blevet opmærksom på det nu.

Her er loggen fra FSS:

Farbar Service Scanner Version: 01-03-2012
Ran by Jonas (administrator) on 04-03-2012 at 13:49:35
Running from "C:\Users\Jonas\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MpsSvc /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_bfe /s

3. Luk så alle andre vinduer og klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste indlæg. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Hej igen. Her er SystemLook's log:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:49 on 05/03/2012 by Jonas
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MpsSvc]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_bfe]
(Unable to open key - key not found)

-= EOF =-

Huskede du at højreklikke - kør som administrator ?

------

Find C:\Program Files\ERUNT\ERUNT.EXE
Højreklik på den, og lav en Backup af Registreringsdatabasen.

------

Tast  <Windows> + <R> samtidig og kopier dette ind: regedit

Tast Ctrl+Shift+Enter.

Find

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Højreklik på den og vælg "Tilladelser"

Vælg Avanceret.

Under Ejerskab skal dit brugernavn ha' fuld kontrol.

Hvis det ikke har, skal du ændre det.

Forstår du hvad jeg mener

Ja jeg kørte systemlook som administrator.

Jeg tror også jeg har forstået den næste del af proceduren. Jeg har ihvertfald ændret ejerskabet af den valgte sti fra administratorer til jonas.

Jeg har endvidere givet mit brugernavn fuld kontrol under tilladelser.

Den eneste anden med fuld kontrol er SYSTEM. Skal dette ændres?

Skal det forstås som, at dit brugernavn (Jonas) ikke stod der i forvejen?

System skal stå der!

Vil du godt køre http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe igen.

Kør Farbar Service Scanner igen, og kopier loggen herind.

I går da jeg ændrede ejerskab i root stod der følgende under

tilladelser: System (Fuld kontrol), Ejerrettigheder (læsekontrol), Alle (læsning).  Jeg tilføjede mit brugernavn og gav det fuld kontrol. Derefter forsvandt "Alle" automatisk.

Under ejer / nuværende ejer stod der "Administratorer (Jonas-PC\Administratorer)". Det ejerskab overførte jeg til "Jonas (Jonas-PC\Administratorer)", der var den eneste anden mulige ejer.

Idag var "Alle" tilbage på tilladelser (og Jonas væk)  og Administratorer er igen ejer(e). Det sidste har jeg ændret, så det igen er Jonas der er den nuværende ejer.

Her er loggen fra FSS:

Farbar Service Scanner Version: 01-03-2012
Ran by Jonas (administrator) on 06-03-2012 at 17:51:24
Running from "C:\Users\Jonas\Desktop\Vir"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-14 15:19] - [2011-09-20 22:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Hvordan kører PCen, for Farbar Service Scanner viser ingen problemer.

Du må gerne ændre ejerskabet tilbage som du fandt det.
Det var kun pga LEGACY keys det skulle ændres.

Siger FSS noget om at min computer er ren?

Computeren kører sådan set OK. Der er kun tre tegn på at der er sket noget: Firewall dur ikke, windows defender dur ikke og Avira (som jeg har geninstalleret) har fundet 1 hidden file som den siger kan være farlig.

Avira anbefaler iøvrigt at jeg laver en rescue disc med et program jeg kan downloade fra deres support side. Det prøver jeg nu. Og så vil jeg iøvrigt downloade en anden basic firewall (nogle anbefalinger?).

Hvis du ikke har yderligere ideer til at få restaureret min PC må du have mange tak for hjælpen. Smid et svar så får du nogle point.

Nej, den fortæller kun om visse tjenester, og om hvorvidt de virker.

------

Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Kør TDSSKiller.exe -> Klik på "Start Scan"

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

Hvis en inficeret fil bliver fundet, vil "Default action" være Cure, klik på Continue
Hvis en mistænkelig fil opdages, vil "Default action" være Skip, klik på Continue
Hvis den ikke spørger om "Reboot" (genstart) så klik på "Report", kopier den tekst herind i tråden.

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.

------

Slet den ComboFix du har, og hent en ny.

Hent og gem ComboFix på dit skrivebord.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Her er de to logfiler (i hver sin kommentar da de fylder en del.

Først TDS killer:

18:35:44.0113 6040    TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
18:35:44.0254 6040    ============================================================
18:35:44.0255 6040    Current date / time: 2012/03/07 18:35:44.0254
18:35:44.0255 6040    SystemInfo:
18:35:44.0255 6040   
18:35:44.0255 6040    OS Version: 6.0.6002 ServicePack: 2.0
18:35:44.0255 6040    Product type: Workstation
18:35:44.0255 6040    ComputerName: JONAS-PC
18:35:44.0255 6040    UserName: Jonas
18:35:44.0255 6040    Windows directory: C:\Windows
18:35:44.0255 6040    System windows directory: C:\Windows
18:35:44.0255 6040    Processor architecture: Intel x86
18:35:44.0255 6040    Number of processors: 2
18:35:44.0256 6040    Page size: 0x1000
18:35:44.0256 6040    Boot type: Normal boot
18:35:44.0256 6040    ============================================================
18:35:45.0435 6040    Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:35:45.0828 6040    Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:35:45.0834 6040    \Device\Harddisk0\DR0:
18:35:45.0836 6040    MBR used
18:35:45.0836 6040    \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1802000, BlocksNum 0x23C2C800
18:35:45.0836 6040    \Device\Harddisk1\DR1:
18:35:45.0836 6040    MBR used
18:35:45.0836 6040    \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
18:35:45.0929 6040    Initialize success
18:35:45.0929 6040    ============================================================
18:35:49.0951 3152    ============================================================
18:35:49.0951 3152    Scan started
18:35:49.0951 3152    Mode: Manual;
18:35:49.0951 3152    ============================================================
18:35:51.0265 3152    ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:35:51.0267 3152    ACPI - ok
18:35:51.0374 3152    adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:35:51.0386 3152    adp94xx - ok
18:35:51.0448 3152    adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:35:51.0457 3152    adpahci - ok
18:35:51.0496 3152    adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:35:51.0500 3152    adpu160m - ok
18:35:51.0530 3152    adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:35:51.0535 3152    adpu320 - ok
18:35:51.0619 3152    AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:35:51.0624 3152    AFD - ok
18:35:51.0669 3152    agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:35:51.0672 3152    agp440 - ok
18:35:51.0744 3152    ahcix86s        (844a6734e8bb3530fb1444ed698087bd) C:\Windows\system32\drivers\ahcix86s.sys
18:35:51.0751 3152    ahcix86s - ok
18:35:51.0791 3152    aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:35:51.0795 3152    aic78xx - ok
18:35:51.0834 3152    aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:35:51.0835 3152    aliide - ok
18:35:51.0866 3152    amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:35:51.0868 3152    amdagp - ok
18:35:51.0902 3152    amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:35:51.0903 3152    amdide - ok
18:35:51.0934 3152    AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:35:51.0935 3152    AmdK7 - ok
18:35:51.0969 3152    AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:35:51.0971 3152    AmdK8 - ok
18:35:52.0182 3152    appdrv01        (9b42f11d2c7df60ea07726c5bedd66d9) C:\Windows\system32\Drivers\appdrv01.sys
18:35:52.0207 3152    appdrv01 - ok
18:35:52.0281 3152    arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:35:52.0284 3152    arc - ok
18:35:52.0338 3152    arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:35:52.0342 3152    arcsas - ok
18:35:52.0417 3152    AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:35:52.0419 3152    AsyncMac - ok
18:35:52.0475 3152    atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:35:52.0476 3152    atapi - ok
18:35:52.0611 3152    atikmdag        (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
18:35:52.0699 3152    atikmdag - ok
18:35:52.0740 3152    AtiPcie        (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:35:52.0742 3152    AtiPcie - ok
18:35:52.0811 3152    avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:35:52.0812 3152    avgntflt - ok
18:35:52.0838 3152    avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:35:52.0841 3152    avipbb - ok
18:35:52.0881 3152    avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:35:52.0883 3152    avkmgr - ok
18:35:52.0921 3152    Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:35:52.0922 3152    Beep - ok
18:35:52.0978 3152    blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:35:52.0982 3152    blbdrive - ok
18:35:53.0027 3152    bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:35:53.0029 3152    bowser - ok
18:35:53.0063 3152    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:35:53.0065 3152    BrFiltLo - ok
18:35:53.0087 3152    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:35:53.0089 3152    BrFiltUp - ok
18:35:53.0143 3152    Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:35:53.0147 3152    Brserid - ok
18:35:53.0172 3152    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:35:53.0175 3152    BrSerWdm - ok
18:35:53.0209 3152    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:35:53.0211 3152    BrUsbMdm - ok
18:35:53.0231 3152    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:35:53.0234 3152    BrUsbSer - ok
18:35:53.0265 3152    BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:35:53.0267 3152    BTHMODEM - ok
18:35:53.0416 3152    catchme - ok
18:35:53.0651 3152    cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:35:53.0653 3152    cdfs - ok
18:35:53.0714 3152    cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:35:53.0716 3152    cdrom - ok
18:35:53.0756 3152    circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:35:53.0758 3152    circlass - ok
18:35:53.0820 3152    CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:35:53.0828 3152    CLFS - ok
18:35:53.0880 3152    CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:35:53.0881 3152    CmBatt - ok
18:35:53.0922 3152    cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:35:53.0924 3152    cmdide - ok
18:35:53.0938 3152    Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:35:53.0940 3152    Compbatt - ok
18:35:53.0963 3152    crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:35:53.0966 3152    crcdisk - ok
18:35:54.0010 3152    Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:35:54.0012 3152    Crusoe - ok
18:35:54.0099 3152    DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:35:54.0101 3152    DfsC - ok
18:35:54.0204 3152    disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:35:54.0207 3152    disk - ok
18:35:54.0298 3152    Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:35:54.0303 3152    Dot4 - ok
18:35:54.0347 3152    Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:35:54.0349 3152    Dot4Print - ok
18:35:54.0407 3152    dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:35:54.0409 3152    dot4usb - ok
18:35:54.0474 3152    drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:35:54.0476 3152    drmkaud - ok
18:35:54.0558 3152    DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:35:54.0580 3152    DXGKrnl - ok
18:35:54.0620 3152    E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:35:54.0625 3152    E1G60 - ok
18:35:54.0699 3152    Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:35:54.0705 3152    Ecache - ok
18:35:54.0783 3152    elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:35:54.0793 3152    elxstor - ok
18:35:54.0844 3152    ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:35:54.0847 3152    ErrDev - ok
18:35:54.0937 3152    exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:35:54.0942 3152    exfat - ok
18:35:54.0999 3152    fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:35:55.0004 3152    fastfat - ok
18:35:55.0025 3152    fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:35:55.0028 3152    fdc - ok
18:35:55.0089 3152    FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:35:55.0093 3152    FileInfo - ok
18:35:55.0120 3152    Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:35:55.0122 3152    Filetrace - ok
18:35:55.0195 3152    flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:35:55.0198 3152    flpydisk - ok
18:35:55.0257 3152    FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:35:55.0262 3152    FltMgr - ok
18:35:55.0295 3152    Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:35:55.0297 3152    Fs_Rec - ok
18:35:55.0338 3152    gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:35:55.0341 3152    gagp30kx - ok
18:35:55.0398 3152    GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:35:55.0400 3152    GEARAspiWDM - ok
18:35:55.0479 3152    HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:35:55.0486 3152    HdAudAddService - ok
18:35:55.0545 3152    HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:35:55.0566 3152    HDAudBus - ok
18:35:55.0589 3152    HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:35:55.0591 3152    HidBth - ok
18:35:55.0623 3152    HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:35:55.0625 3152    HidIr - ok
18:35:55.0669 3152    HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:35:55.0671 3152    HidUsb - ok
18:35:55.0713 3152    HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:35:55.0715 3152    HpCISSs - ok
18:35:55.0779 3152    HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:35:55.0790 3152    HTTP - ok
18:35:55.0813 3152    i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:35:55.0815 3152    i2omp - ok
18:35:55.0866 3152    i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:35:55.0867 3152    i8042prt - ok
18:35:55.0920 3152    iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:35:55.0926 3152    iaStorV - ok
18:35:55.0954 3152    iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:35:55.0956 3152    iirsp - ok
18:35:56.0091 3152    IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
18:35:56.0110 3152    IntcAzAudAddService - ok
18:35:56.0198 3152    intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:35:56.0199 3152    intelide - ok
18:35:56.0239 3152    intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:35:56.0242 3152    intelppm - ok
18:35:56.0297 3152    IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:35:56.0300 3152    IpFilterDriver - ok
18:35:56.0315 3152    IpInIp - ok
18:35:56.0347 3152    IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:35:56.0350 3152    IPMIDRV - ok
18:35:56.0380 3152    IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:35:56.0382 3152    IPNAT - ok
18:35:56.0419 3152    IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:35:56.0421 3152    IRENUM - ok
18:35:56.0450 3152    isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:35:56.0452 3152    isapnp - ok
18:35:56.0513 3152    iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:35:56.0515 3152    iScsiPrt - ok
18:35:56.0538 3152    iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:35:56.0540 3152    iteatapi - ok
18:35:56.0584 3152    iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:35:56.0587 3152    iteraid - ok
18:35:56.0634 3152    JMCR            (7e6a3e1cd74e8c97eed06670d2a691da) C:\Windows\system32\DRIVERS\jmcr.sys
18:35:56.0636 3152    JMCR - ok
18:35:56.0659 3152    kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:35:56.0661 3152    kbdclass - ok
18:35:56.0685 3152    kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:35:56.0688 3152    kbdhid - ok
18:35:56.0742 3152    KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:35:56.0764 3152    KSecDD - ok
18:35:56.0875 3152    Lavasoft Kernexplorer - ok
18:35:56.0966 3152    Lbd - ok
18:35:57.0047 3152    lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:35:57.0049 3152    lltdio - ok
18:35:57.0098 3152    LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:35:57.0102 3152    LSI_FC - ok
18:35:57.0140 3152    LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:35:57.0144 3152    LSI_SAS - ok
18:35:57.0179 3152    LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:35:57.0183 3152    LSI_SCSI - ok
18:35:57.0222 3152    luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:35:57.0224 3152    luafv - ok
18:35:57.0295 3152    megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:35:57.0297 3152    megasas - ok
18:35:57.0356 3152    MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:35:57.0367 3152    MegaSR - ok
18:35:57.0405 3152    Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:35:57.0408 3152    Modem - ok
18:35:57.0439 3152    monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:35:57.0441 3152    monitor - ok
18:35:57.0457 3152    mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:35:57.0459 3152    mouclass - ok
18:35:57.0534 3152    mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:35:57.0537 3152    mouhid - ok
18:35:57.0564 3152    MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:35:57.0567 3152    MountMgr - ok
18:35:57.0604 3152    mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:35:57.0606 3152    mpio - ok
18:35:57.0649 3152    mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:35:57.0652 3152    mpsdrv - ok
18:35:57.0695 3152    Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:35:57.0698 3152    Mraid35x - ok
18:35:57.0757 3152    MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:35:57.0760 3152    MRxDAV - ok
18:35:57.0816 3152    mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:35:57.0819 3152    mrxsmb - ok
18:35:57.0866 3152    mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:35:57.0870 3152    mrxsmb10 - ok
18:35:57.0911 3152    mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:35:57.0914 3152    mrxsmb20 - ok
18:35:57.0949 3152    msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:35:57.0951 3152    msahci - ok
18:35:57.0983 3152    msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:35:57.0985 3152    msdsm - ok
18:35:58.0042 3152    Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:35:58.0044 3152    Msfs - ok
18:35:58.0082 3152    msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:35:58.0084 3152    msisadrv - ok
18:35:58.0141 3152    MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:35:58.0143 3152    MSKSSRV - ok
18:35:58.0180 3152    MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:35:58.0182 3152    MSPCLOCK - ok
18:35:58.0222 3152    MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:35:58.0225 3152    MSPQM - ok
18:35:58.0276 3152    MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:35:58.0282 3152    MsRPC - ok
18:35:58.0308 3152    mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:35:58.0310 3152    mssmbios - ok
18:35:58.0340 3152    MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:35:58.0342 3152    MSTEE - ok
18:35:58.0386 3152    Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:35:58.0389 3152    Mup - ok
18:35:58.0462 3152    NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:35:58.0465 3152    NativeWifiP - ok
18:35:58.0545 3152    NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:35:58.0564 3152    NDIS - ok
18:35:58.0600 3152    NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:35:58.0602 3152    NdisTapi - ok
18:35:58.0747 3152    Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:35:58.0749 3152    Ndisuio - ok
18:35:58.0825 3152    NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:35:58.0828 3152    NdisWan - ok
18:35:58.0861 3152    NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:35:58.0863 3152    NDProxy - ok
18:35:58.0902 3152    NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:35:58.0904 3152    NetBIOS - ok
18:35:58.0959 3152    NetBT          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\drivers\netbt.sys
18:35:58.0962 3152    NetBT - ok
18:35:59.0073 3152    netr73          (0ab8d9d7c5ac81fc736d7c208f737570) C:\Windows\system32\DRIVERS\netr73.sys
18:35:59.0095 3152    netr73 - ok
18:35:59.0145 3152    nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:35:59.0148 3152    nfrd960 - ok
18:35:59.0207 3152    nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\Windows\system32\drivers\nhcDriver.sys
18:35:59.0210 3152    nhcDriverDevice - ok
18:35:59.0297 3152    nmwcd          (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
18:35:59.0299 3152    nmwcd - ok
18:35:59.0354 3152    nmwcdc          (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
18:35:59.0357 3152    nmwcdc - ok
18:35:59.0437 3152    Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:35:59.0439 3152    Npfs - ok
18:35:59.0481 3152    nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:35:59.0483 3152    nsiproxy - ok
18:35:59.0584 3152    Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:35:59.0629 3152    Ntfs - ok
18:35:59.0664 3152    ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:35:59.0666 3152    ntrigdigi - ok
18:35:59.0682 3152    Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:35:59.0684 3152    Null - ok
18:35:59.0729 3152    nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:35:59.0734 3152    nvraid - ok
18:35:59.0770 3152    nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:35:59.0773 3152    nvstor - ok
18:35:59.0800 3152    nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:35:59.0804 3152    nv_agp - ok
18:35:59.0817 3152    NwlnkFlt - ok
18:35:59.0835 3152    NwlnkFwd - ok
18:35:59.0939 3152    ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:35:59.0942 3152    ohci1394 - ok
18:35:59.0998 3152    Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:36:00.0000 3152    Parport - ok
18:36:00.0073 3152    partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:36:00.0076 3152    partmgr - ok
18:36:00.0112 3152    Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:36:00.0115 3152    Parvdm - ok
18:36:00.0205 3152    pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:36:00.0207 3152    pccsmcfd - ok
18:36:00.0253 3152    pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:36:00.0255 3152    pci - ok
18:36:00.0295 3152    pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:36:00.0297 3152    pciide - ok
18:36:00.0352 3152    pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:36:00.0358 3152    pcmcia - ok
18:36:00.0424 3152    PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:36:00.0457 3152    PEAUTH - ok
18:36:00.0580 3152    PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:36:00.0583 3152    PptpMiniport - ok
18:36:00.0604 3152    Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
18:36:00.0606 3152    Processor - ok
18:36:00.0644 3152    prodrv06        (c051deb1ad5fdaae04114a30998ff869) C:\Windows\System32\drivers\prodrv06.sys
18:36:00.0646 3152    prodrv06 - ok
18:36:00.0692 3152    prohlp02        (d9d5cc53e73d7796ffc6266d52de80da) C:\Windows\system32\drivers\prohlp02.sys
18:36:00.0694 3152    prohlp02 - ok
18:36:00.0734 3152    prosync1        (f3471e7971ee62420451d958da635064) C:\Windows\system32\drivers\prosync1.sys
18:36:00.0736 3152    prosync1 - ok
18:36:00.0793 3152    PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:36:00.0796 3152    PSched - ok
18:36:00.0832 3152    PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
18:36:00.0835 3152    PxHelp20 - ok
18:36:00.0933 3152    ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:36:00.0979 3152    ql2300 - ok
18:36:01.0057 3152    ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:36:01.0062 3152    ql40xx - ok
18:36:01.0100 3152    QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:36:01.0102 3152    QWAVEdrv - ok
18:36:01.0121 3152    RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:36:01.0123 3152    RasAcd - ok
18:36:01.0161 3152    Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:36:01.0163 3152    Rasl2tp - ok
18:36:01.0231 3152    RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:36:01.0233 3152    RasPppoe - ok
18:36:01.0295 3152    RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:36:01.0297 3152    RasSstp - ok
18:36:01.0340 3152    rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:36:01.0345 3152    rdbss - ok
18:36:01.0383 3152    RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:36:01.0385 3152    RDPCDD - ok
18:36:01.0427 3152    rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:36:01.0433 3152    rdpdr - ok
18:36:01.0445 3152    RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:36:01.0446 3152    RDPENCDD - ok
18:36:01.0510 3152    RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:36:01.0514 3152    RDPWD - ok
18:36:01.0577 3152    rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:36:01.0578 3152    rspndr - ok
18:36:01.0621 3152    RTHDMIAzAudService (39c5c2fbf652c9f8c194873d5c8a1f58) C:\Windows\system32\drivers\RtHDMIV.sys
18:36:01.0623 3152    RTHDMIAzAudService - ok
18:36:01.0683 3152    RTL8169        (13e97cf38286b8a1d7605d3175db28ee) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:36:01.0686 3152    RTL8169 - ok
18:36:01.0742 3152    RTL8187B        (c279a9a9f946359548e5665c0e8bab15) C:\Windows\system32\DRIVERS\RTL8187B.sys
18:36:01.0753 3152    RTL8187B - ok
18:36:01.0837 3152    SASKUTIL - ok
18:36:01.0896 3152    sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:36:01.0900 3152    sbp2port - ok
18:36:01.0956 3152    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:36:01.0957 3152    secdrv - ok
18:36:01.0987 3152    Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:36:01.0989 3152    Serenum - ok
18:36:02.0029 3152    Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:36:02.0033 3152    Serial - ok
18:36:02.0064 3152    sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:36:02.0066 3152    sermouse - ok
18:36:02.0133 3152    sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:36:02.0135 3152    sffdisk - ok
18:36:02.0161 3152    sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:36:02.0162 3152    sffp_mmc - ok
18:36:02.0179 3152    sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:36:02.0181 3152    sffp_sd - ok
18:36:02.0228 3152    sfhlp01        (462aee0ea0481ea8bd45cac876a4ccc4) C:\Windows\system32\drivers\sfhlp01.sys
18:36:02.0229 3152    sfhlp01 - ok
18:36:02.0254 3152    sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:36:02.0255 3152    sfloppy - ok
18:36:02.0304 3152    sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:36:02.0306 3152    sisagp - ok
18:36:02.0334 3152    SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:36:02.0337 3152    SiSRaid2 - ok
18:36:02.0364 3152    SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:36:02.0367 3152    SiSRaid4 - ok
18:36:02.0434 3152    Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:36:02.0436 3152    Smb - ok
18:36:02.0472 3152    spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:36:02.0473 3152    spldr - ok
18:36:02.0513 3152    srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:36:02.0517 3152    srv - ok
18:36:02.0566 3152    srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:36:02.0569 3152    srv2 - ok
18:36:02.0610 3152    srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:36:02.0612 3152    srvnet - ok
18:36:02.0665 3152    ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:36:02.0667 3152    ssmdrv - ok
18:36:02.0720 3152    swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:36:02.0721 3152    swenum - ok
18:36:02.0762 3152    Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:36:02.0764 3152    Symc8xx - ok
18:36:02.0787 3152    Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:36:02.0790 3152    Sym_hi - ok
18:36:02.0817 3152    Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:36:02.0820 3152    Sym_u3 - ok
18:36:02.0898 3152    SynTP          (d2aa5d5fdb821eb5f9366c5e3bc2d9ea) C:\Windows\system32\DRIVERS\SynTP.sys
18:36:02.0902 3152    SynTP - ok
18:36:03.0019 3152    Tcpip          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
18:36:03.0034 3152    Tcpip - ok
18:36:03.0130 3152    Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
18:36:03.0145 3152    Tcpip6 - ok
18:36:03.0185 3152    tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
18:36:03.0187 3152    tcpipreg - ok
18:36:03.0241 3152    TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:36:03.0244 3152    TDPIPE - ok
18:36:03.0277 3152    TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:36:03.0280 3152    TDTCP - ok
18:36:03.0339 3152    tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:36:03.0341 3152    tdx - ok
18:36:03.0392 3152    TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:36:03.0394 3152    TermDD - ok
18:36:03.0432 3152    TfFsMon        (d2a1cd31200a6c9d3dfad022503e4836) C:\Windows\system32\drivers\TfFsMon.sys
18:36:03.0434 3152    TfFsMon - ok
18:36:03.0469 3152    TfNetMon        (3e3a544d10b0ac1c4c133048f84390ac) C:\Windows\system32\drivers\TfNetMon.sys
18:36:03.0472 3152    TfNetMon - ok
18:36:03.0507 3152    TfSysMon        (706be7328a35c39dbe449e10c1ac6a38) C:\Windows\system32\drivers\TfSysMon.sys
18:36:03.0509 3152    TfSysMon - ok
18:36:03.0604 3152    tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:36:03.0606 3152    tssecsrv - ok
18:36:03.0649 3152    tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:36:03.0651 3152    tunmp - ok
18:36:03.0725 3152    tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:36:03.0727 3152    tunnel - ok
18:36:03.0765 3152    uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:36:03.0768 3152    uagp35 - ok
18:36:03.0854 3152    udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:36:03.0860 3152    udfs - ok
18:36:03.0904 3152    uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:36:03.0907 3152    uliagpkx - ok
18:36:03.0937 3152    uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:36:03.0945 3152    uliahci - ok
18:36:03.0976 3152    UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:36:03.0980 3152    UlSata - ok
18:36:04.0022 3152    ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:36:04.0026 3152    ulsata2 - ok
18:36:04.0078 3152    umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:36:04.0080 3152    umbus - ok
18:36:04.0148 3152    upperdev        (587e643a4e2ffd9a00f114b057ceb773) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
18:36:04.0151 3152    upperdev - ok
18:36:04.0233 3152    USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:36:04.0236 3152    USBAAPL - ok
18:36:04.0277 3152    usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:36:04.0280 3152    usbccgp - ok
18:36:04.0319 3152    usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:36:04.0323 3152    usbcir - ok
18:36:04.0404 3152    usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:36:04.0406 3152    usbehci - ok
18:36:04.0454 3152    usbfilter      (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys
18:36:04.0456 3152    usbfilter - ok
18:36:04.0486 3152    usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:36:04.0490 3152    usbhub - ok
18:36:04.0517 3152    usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:36:04.0519 3152    usbohci - ok
18:36:04.0559 3152    usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:36:04.0561 3152    usbprint - ok
18:36:04.0610 3152    usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
18:36:04.0612 3152    usbser - ok
18:36:04.0639 3152    UsbserFilt      (fca6a196d47cb972a0e4adc0db9cd17c) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
18:36:04.0641 3152    UsbserFilt - ok
18:36:04.0659 3152    USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:36:04.0662 3152    USBSTOR - ok
18:36:04.0684 3152    usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:36:04.0686 3152    usbuhci - ok
18:36:04.0712 3152    usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:36:04.0714 3152    usbvideo - ok
18:36:04.0770 3152    vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:36:04.0772 3152    vga - ok
18:36:04.0805 3152    VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:36:04.0806 3152    VgaSave - ok
18:36:04.0843 3152    viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:36:04.0845 3152    viaagp - ok
18:36:04.0872 3152    ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:36:04.0874 3152    ViaC7 - ok
18:36:04.0904 3152    viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:36:04.0906 3152    viaide - ok
18:36:04.0928 3152    volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:36:04.0931 3152    volmgr - ok
18:36:04.0998 3152    volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:36:05.0005 3152    volmgrx - ok
18:36:05.0071 3152    volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:36:05.0074 3152    volsnap - ok
18:36:05.0105 3152    vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:36:05.0109 3152    vsmraid - ok
18:36:05.0161 3152    WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:36:05.0164 3152    WacomPen - ok
18:36:05.0200 3152    Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:36:05.0203 3152    Wanarp - ok
18:36:05.0212 3152    Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:36:05.0214 3152    Wanarpv6 - ok
18:36:05.0261 3152    Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:36:05.0263 3152    Wd - ok
18:36:05.0291 3152    Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:36:05.0306 3152    Wdf01000 - ok
18:36:05.0491 3152    WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:36:05.0492 3152    WmiAcpi - ok
18:36:05.0554 3152    WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:36:05.0556 3152    WpdUsb - ok
18:36:05.0585 3152    ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:36:05.0586 3152    ws2ifsl - ok
18:36:05.0652 3152    WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:36:05.0655 3152    WSDPrintDevice - ok
18:36:05.0703 3152    WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:36:05.0707 3152    WUDFRd - ok
18:36:05.0759 3152    MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:36:05.0825 3152    \Device\Harddisk0\DR0 - ok
18:36:05.0919 3152    MBR (0x1B8)    (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
18:36:05.0924 3152    \Device\Harddisk1\DR1 - ok
18:36:05.0932 3152    Boot (0x1200)  (5606e0ad526e11105cb302e672e8a770) \Device\Harddisk0\DR0\Partition0
18:36:05.0934 3152    \Device\Harddisk0\DR0\Partition0 - ok
18:36:05.0945 3152    Boot (0x1200)  (cf4ec93de30e385eadda71b658f9b4ae) \Device\Harddisk1\DR1\Partition0
18:36:05.0947 3152    \Device\Harddisk1\DR1\Partition0 - ok
18:36:05.0951 3152    ============================================================
18:36:05.0951 3152    Scan finished
18:36:05.0951 3152    ============================================================
18:36:05.0981 4928    Detected object count: 0
18:36:05.0982 4928    Actual detected object count: 0

Ny combofix log:

ComboFix 12-03-07.05 - Jonas 07-03-2012  18:43:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3582.2526 [GMT 1:00]
Kører fra: c:\users\Jonas\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Jonas\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-02-07 til 2012-03-07  )))))))))))))))))))))))))))))))))))
.
.
2012-03-07 17:52 . 2012-03-07 17:54    --------    d-----w-    c:\users\Jonas\AppData\Local\temp
2012-03-07 17:52 . 2012-03-07 17:52    --------    d-----w-    c:\users\Gry\AppData\Local\temp
2012-03-07 17:52 . 2012-03-07 17:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-03-06 16:47 . 2012-02-08 06:03    6552120    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{701EBB9B-851F-413C-BF92-604940533974}\mpengine.dll
2012-03-04 19:53 . 2012-03-04 19:53    --------    d-----w-    c:\users\Jonas\AppData\Roaming\CheckPoint
2012-03-04 19:52 . 2012-03-04 19:52    --------    d-----w-    c:\programdata\CheckPoint
2012-03-04 19:51 . 2010-04-05 20:00    221568    ----a-w-    c:\windows\system32\drivers\netio.sys
2012-03-04 19:49 . 2012-03-04 20:34    --------    d-----w-    c:\program files\CheckPoint
2012-03-04 18:13 . 2012-03-04 18:13    --------    d-----w-    c:\users\Jonas\AppData\Roaming\Avira
2012-03-04 18:07 . 2012-01-31 07:57    74640    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2012-03-04 18:07 . 2012-01-31 07:57    137416    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2012-03-04 18:07 . 2011-09-16 15:09    36000    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2012-03-04 18:07 . 2012-03-04 18:07    --------    d-----w-    c:\programdata\Avira
2012-03-04 18:07 . 2012-03-04 18:07    --------    d-----w-    c:\program files\Avira
2012-03-04 12:44 . 2012-03-04 12:44    --------    d-----w-    c:\program files\ERUNT
2012-03-03 13:12 . 2012-03-03 13:14    --------    d-----w-    c:\users\Jonas\AppData\Local\ElevatedDiagnostics
2012-03-01 17:47 . 2012-03-01 17:47    388096    ----a-r-    c:\users\Jonas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-01 17:28 . 2008-01-21 02:24    184320    ----a-w-    c:\windows\system32\drivers\netbt.sys
2012-02-28 14:56 . 2010-02-02 09:13    59664    --s-a-w-    c:\windows\system32\drivers\TfSysMon.sys
2012-02-28 14:56 . 2010-02-02 09:13    51984    --s-a-w-    c:\windows\system32\drivers\TfFsMon.sys
2012-02-28 14:56 . 2010-02-02 09:13    33552    --s---w-    c:\windows\system32\drivers\TfNetMon.sys
2012-02-28 14:53 . 2012-02-29 07:34    --------    d-----w-    c:\program files\Spyware Doctor
2012-02-28 14:53 . 2012-02-29 07:31    --------    d-----w-    c:\programdata\PC Tools
2012-02-28 14:51 . 2012-02-28 14:53    --------    d-----w-    c:\users\Jonas\AppData\Roaming\GetRightToGo
2012-02-27 20:56 . 2012-02-27 20:56    --------    d-----w-    c:\users\Jonas\AppData\Roaming\Malwarebytes
2012-02-27 20:56 . 2012-02-27 20:56    --------    d-----w-    c:\programdata\Malwarebytes
2012-02-27 20:56 . 2012-02-28 21:55    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2012-02-27 20:56 . 2011-12-10 14:24    20464    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-02-27 20:09 . 2012-02-27 20:09    --------    d-sh--w-    c:\windows\system32\%APPDATA%
2012-02-27 20:03 . 2012-02-29 07:49    --------    d-----w-    C:\sh4ldr
2012-02-27 20:03 . 2012-02-27 20:03    --------    d-----w-    c:\program files\Enigma Software Group
2012-02-27 20:02 . 2012-02-29 07:49    --------    d-----w-    c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-27 20:02 . 2012-02-27 20:02    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2012-02-27 19:38 . 2012-02-27 20:40    0    --sha-w-    c:\windows\system32\dds_log_trash.cmd
2012-02-27 19:14 . 2012-02-28 07:04    --------    d-sh--w-    c:\users\Jonas\AppData\Local\dee03e92
2012-02-14 22:38 . 2012-01-12 19:52    2044416    ----a-w-    c:\windows\system32\win32k.sys
2012-02-14 22:38 . 2011-12-14 16:17    680448    ----a-w-    c:\windows\system32\msvcrt.dll
2012-02-14 22:37 . 2011-12-20 10:56    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
2012-02-06 22:59 . 2012-03-06 16:39    --------    d-----r-    c:\users\Jonas\Dropbox
2012-02-06 22:55 . 2012-03-06 16:39    --------    d-----w-    c:\users\Jonas\AppData\Roaming\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-03 07:15    237072    ------w-    c:\windows\system32\MpSigStub.exe
2012-02-28 21:08 . 2011-05-01 11:15    134104    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6295552]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper    REG_MULTI_SZ      getPlusHelper
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
nosGetPlusHelper    REG_MULTI_SZ      nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
backupexecdevicemediaservice
sscdserd
mxssvr
autocomplete
F700iat
utilman
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 09:22]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 09:22]
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{67036A47-4B91-427A-A068-351E5874E035}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\p6ba2vd4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ruc.dk/ruc/
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-07 18:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'Explorer.exe'(1336)
c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2012-03-07  19:01:55 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2012-03-07 18:01
ComboFix2.txt  2012-03-01 17:38
.
Pre-Kørsel: 88.853.942.272 byte ledig
Post-Kørsel: 88.634.028.032 byte ledig
.
- - End Of File - - 5A904CB8EAEAC4C4012C0620FA6A449F

Jeg mener ikke ZeroAccess er aktiv, men den er berygtet for at resulterer i sletteede tjenester og ændrede tilladelser  :-(

Klik start -> alle programmer -> tilbehør og find kommadopromten.

Højreklik på den, og vælg kør som Administrator.

Kopier nedenstående linie ind.

sc query bfe

Gør det samme med:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Kopier resultaterne herind.

Microsoft Windows [version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. Alle rettigheder forbeholdes.

C:\Users\Jonas>sc query bfe

SERVICE_NAME: bfe
        TYPE              : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT        : 0x0
        WAIT_HINT          : 0x0

C:\Users\Jonas>reg query HKEY_lOCAL_MACHINE\SYSTEMC\CurrentControlSet\services\B
FE
FEJL: Systemet kunne ikke finde den angivne registreringsdatabasenøgle eller vær
di.

C:\Users\Jonas>

C:\Users\Jonas>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BF
E

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName    REG_SZ    @%SystemRoot%\system32\bfe.dll,-1001
    Group    REG_SZ    NetworkProvider
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServ
iceNoNetwork
    Description    REG_SZ    @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    RpcSs
    ServiceSidType    REG_DWORD    0x3
    RequiredPrivileges    REG_MULTI_SZ    SeAuditPrivilege
    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100
0000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters

C:\Users\Jonas>

Det ser rigtigt ud.

Hvad skriver den (helt præcist) når du prøver at starte Windows Firewall og Windows Defender.

Det kan være fordi Tjenesterne ikke længere kan "snakke" sammen.

Hej igen. Efter en weekend væk fra min computer er jeg nu tilbage og kan melde om en overraskende udvikling. Da jeg startede min computer op igen virkede både defender og firewall som de skulle.

Jeg gætter på at de sidste procedurer du bad mig gennemgå er lykkedes, men blot har krævet (endnu) en reboot.

Eneste tilbageværende bekymring er dermed den Hidden file som avira bliver ved med at finde (og ikke kan cleare). Jeg prøvede med som sagt med en rescue disc men den frøs i processen. Avira er imidlertid holdt op med at advare imod den gemte fil, så jeg antager at min computer nu er virus fri?

Mange tak for hjælpen til alle der har bidraget.

Hov jeg kom til at give pointene til mig selv i stedet for f-arn (som jeg sigtede efter). Er der nogen måde jeg kan rette op på det?

Du har ikke givet nogen point endnu.
Vent på f-arn svarer.

Tast  <Windows> + <R> samtidig og kopier dette ind: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille Systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

Det vil jeg gøre.

Endnu engang tak for hjælpen...