Hent Malwarebytes Anti-Malware herfra:

http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Perform full scan” - klik på Scan - lad programmet arbejde. Når det er færdig (det tager naturligvis lidt tid), så åbnes en rapport i noteblok - kopier indholdet herind og fortæl os, hvordan computeren kører og hvilke problemer du har.

Hvis log’en ikke åbner automatisk, så gør følgende: Tryk på “Show Result” knappen efter scanningen - og herefter tryk på “Remove Selected” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.

Hej igen

Jeg kunne ikke hente programmet fra comp, så hentede det fra en anden. Programmet kunne heller ikke opdatere efter installation.
Så jeg lavede en hurtig scanning - hvilket dog gav resultat!

MVH Knud

Malwarebytes’ Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13-03-2010 21:13:02
mbam-log-2010-03-13 (21-13-02).txt

Scan type: Quick Scan
Objects scanned: 105233
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\captcha21 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Knud\Local Settings\Temporary Internet Files\Content.IE5\DJ1P9UFX\win_protection_update[2].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Program Files\captcha21.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Selvom du ikke fik opdateret Malwarebytes, så kan vi da se, at noget er galt…. Download venligst Kaspersky Virus Removal Tool herfra

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

* Luk alle programmer og dobbeltklik installer’en.
* Når AVPTool starter, bedes du markere alle de punkter, der kan scannes undtagen CD-ROM drev. Derefter bedes du vælge Scan knappen.
* Hvis der bliver fundet malware, bedes du markere Apply to all boks, og klikke Delete knappen (eller Disinfect hvis denne knap er aktiv).
* Når scanningen er afsluttet, hvis malwaren er tilbage i Scan vindue, klik Neutralize all knappen.
* I vinduet, der åbnes, sæt et flueben i Apply to all boks og klik Delete knappen (eller Disinfect hvis denne er aktiv).
* Hvis du bliver bedt om at genstarte: klik venligst Ok.
* Klik Reports og vælg Save to file.
* Gem filen som AVPT.txt.
* Luk AVPTool.
* Den vil nu bede dig om at afinstallere værktøjet og genstarte komputeren. Du bedes gøre dette.
* Kopiér venligst den første del af loggen (Detected) her i tråden. Du behøver ikke poste den lange liste, der hedder Events.

Hvis du fortsat ikke kan hente til den syge computer, så må du hente filen på en rask igen og overføre til den syge - og køre Kaspersky setup filen på den syge…

Hej igen igen

Så fik jeg kørt kaspersky virus full scan. Den fandt noget, men gik ligesom kold tilsidst. Den skrev der var under 1 min tilbage og så reagerede den ikke mere:-(
Derefter kørte jeg den en gang til, hvor den fandt noget igen - og blev færdig. Denne gang dummede jeg mig dog og fik ikke gemt loggen…. Ups..
Nu har jeg kørt den 3 gang, og kan ikke finde ud af at gemme loggen - men nu har den heller ikke fundet noget..
Der virker til at jeg igen kan komme ind på div. antivirus sider på nettet og computeren fryser heller ikke mere… men er min comp. nu fri for div. virus??

MVH
Knud

Tag en tur mere med Malwarebytes og lad programmet fjerne, hvis det finder noget skidt. Læg log’en herind efterfølgende.

1. Hent Combofix, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt. Indholdet af denne fil skal du kopiere herind.

Desværre ser det ud til at der stadig er prob…
En log fra Malware:

Malwarebytes’ Anti-Malware 1.44
Database version: 3866
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14-03-2010 17:08:15
mbam-log-2010-03-14 (17-08-15).txt

Scan type: Quick Scan
Objects scanned: 115274
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvoko6 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apto6ko (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc6 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\captcha (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\erokosvc.dll (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\Knud\Local Settings\Application Data\rdr_1268377815.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Knud\Local Settings\Application Data\rdr_1268412141.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Knud\Local Settings\Temporary Internet Files\Content.IE5\7AKMFV4F\p[2].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Knud\Local Settings\Temporary Internet Files\Content.IE5\XVMV2EN0\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\ligh (Koobface.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\lgo (Koobface.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Knud\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

Der kan være slået hul på Koobface nu, så vi fortsætter.

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Nu jeg kan ikke følge med jeres hurtige svar:-) Det er alletiders!

Men jeg har som i tidligere bedte mig om kørt kombofix her er loggen:

Så nu går jeg igang med at køre kombofix på den måde som du har beskrevet.
MVH Knud

ComboFix 10-03-13.03 - Knud 14-03-2010 18:15:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1003 [GMT 1:00]
Running from: c:\documents and settings\Knud\Desktop\ComboFix.exe
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\webserver

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_APTO6KO
———-\Legacy_CAPTCHA
———-\Legacy_CPQOKO6
———-\Legacy_SRVOKO6
———-\Legacy_WEBSERVER

(((((((((((((((((((((((((  Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 16:20 . 2010-03-09 11:14   102352   ——a-w-  c:\windows\system32\drivers\aswFW.sys
2010-03-13 21:05 . 2010-03-13 21:05   ————  d-sh—w-  c:\documents and settings\NetworkService\IETldCache
2010-03-13 21:05 . 2010-03-13 21:05   ————  d——-w-  c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-13 19:59 . 2010-01-07 15:07   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 19:59 . 2010-01-07 15:07   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2010-03-13 19:42 . 2010-03-13 19:42   ————  d——-w-  c:\documents and settings\Knud\Application Data\Malwarebytes
2010-03-13 19:41 . 2010-03-13 19:41   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 19:41 . 2010-03-13 19:59   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware
2010-03-12 07:17 . 2010-03-12 07:17   ————  d-sh—w-  c:\documents and settings\LocalService\IETldCache
2010-03-10 22:18 . 2007-03-27 09:57   88960   ——a-w-  c:\windows\system32\drivers\ewusbmdm.sys
2010-03-10 22:18 . 2007-03-27 09:57   24448   ——a-w-  c:\windows\system32\drivers\ewdcsc.sys
2010-03-10 17:32 . 2010-03-09 11:08   19024   ——a-w-  c:\windows\system32\drivers\aswFsBlk.sys
2010-03-10 17:32 . 2010-03-09 11:12   162640   ——a-w-  c:\windows\system32\drivers\aswSP.sys
2010-03-10 17:32 . 2010-03-09 11:14   294480   ——a-w-  c:\windows\system32\drivers\aswSnx.sys
2010-03-10 17:31 . 2010-03-09 11:14   194640   ——a-w-  c:\windows\system32\drivers\aswNdis2.sys
2010-03-10 17:31 . 2010-03-09 11:09   23376   ——a-w-  c:\windows\system32\drivers\aswRdr.sys
2010-03-10 17:31 . 2010-03-09 11:12   46672   ——a-w-  c:\windows\system32\drivers\aswTdi.sys
2010-03-10 17:31 . 2010-03-09 11:08   100432   ——a-w-  c:\windows\system32\drivers\aswmon2.sys
2010-03-10 17:31 . 2010-03-09 11:08   94800   ——a-w-  c:\windows\system32\drivers\aswmon.sys
2010-03-10 17:31 . 2010-03-09 11:08   28880   ——a-w-  c:\windows\system32\drivers\aavmker4.sys
2010-03-10 17:31 . 2010-01-09 21:22   12112   ——a-w-  c:\windows\system32\drivers\aswNdis.sys
2010-03-10 17:31 . 2010-03-09 11:24   153184   ——a-w-  c:\windows\system32\aswBoot.exe
2010-03-10 17:31 . 2010-02-11 18:53   38848   ——a-w-  c:\windows\system32\avastSS.scr
2010-03-10 17:31 . 2010-03-10 17:31   ————  d——-w-  c:\program files\Alwil Software
2010-03-10 17:31 . 2010-03-10 17:31   ————  d——-w-  c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-09 21:09 . 2010-03-09 21:09   ————  d——-w-  c:\program files\Huawei technologies
2010-03-09 21:00 . 2010-03-09 21:01   ————  d——-w-  c:\program files\Safari
2010-03-09 20:13 . 2009-10-23 15:28   3558912   -c——w-  c:\windows\system32\dllcache\moviemk.exe
2010-03-07 14:39 . 2010-02-12 10:03   293376   ———w-  c:\windows\system32\browserchoice.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 07:20 . 2009-11-08 20:52   0   ——a-w-  c:\documents and settings\Knud\temp.dat
2010-03-10 22:18 . 2009-07-26 15:43   ————  d—h—w-  c:\program files\InstallShield Installation Information
2010-03-09 21:01 . 2009-12-14 20:11   ————  d——-w-  c:\documents and settings\Knud\Application Data\Apple Computer
2010-03-09 20:02 . 2009-07-27 21:41   ————  d——-w-  c:\documents and settings\Knud\Application Data\vlc
2010-03-05 22:16 . 2009-08-18 16:41   ————  d——-w-  c:\documents and settings\Knud\Application Data\dvdcss
2010-02-21 11:08 . 2010-02-10 13:46   ————  d——-w-  c:\program files\InstallAffixationInfo
2010-02-14 08:08 . 2010-01-27 20:59   664   ——a-w-  c:\windows\system32\d3d9caps.dat
2010-02-02 19:21 . 2009-12-14 20:09   ————  d——-w-  c:\program files\iTunes
2010-02-02 19:19 . 2010-02-02 19:19   ————  d——-w-  c:\program files\iPod
2010-02-02 19:19 . 2009-12-14 20:05   ————  d——-w-  c:\program files\Common Files\Apple
2010-02-02 19:14 . 2010-02-02 19:14   72488   ——a-w-  c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-25 17:58 . 2010-01-25 17:58   20516   —-ha-w-  c:\windows\system32\mlfcache.dat
2009-12-31 16:50 . 2004-08-04 01:07   353792   ——a-w-  c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 01:07   916480   ——a-w-  c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2009-07-25 20:16   343040   ——a-w-  c:\windows\system32\mspaint.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58   333192   ——a-w-  c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@=”{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}”
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-03-09 11:11   136704   ——a-w-  c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“TrackPointSrv”=“c:\program files\Lenovo\TrackPoint\tp4serv.exe” [2009-01-26 92960]
“TVT Scheduler Proxy”=“c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe” [2008-03-04 487424]
“TpShocks”=“TpShocks.exe” [2009-02-02 181536]
“LPManager”=“c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe” [2009-01-29 185688]
“LPMailChecker”=“c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe” [2009-01-29 124248]
“TP4EX”=“tp4ex.exe” [2005-10-16 65536]
“AwaySch”=“c:\program files\Lenovo\AwayTask\AwaySch.EXE” [2006-11-07 91688]
“igfxtray”=“c:\windows\system32\igfxtray.exe” [2006-06-30 94208]
“igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2006-06-30 77824]
“igfxpers”=“c:\windows\system32\igfxpers.exe” [2006-06-30 118784]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2008-04-14 110592]
“SoundMAXPnP”=“c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe” [2004-10-14 1388544]
“TPHOTKEY”=“c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe” [2009-03-13 68976]
“LENOVO.TPFNF6R”=“c:\program files\Lenovo\HOTKEY\TPFNF6R.exe” [2009-04-14 15136]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“MSN Toolbar”=“c:\program files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe” [2009-10-31 240992]
“Microsoft Default Manager”=“c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” [2009-07-17 288080]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-10-11 149280]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-11-10 417792]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2010-01-22 141608]
“avast5”=“c:\progra~1\ALWILS~1\Avast5\avastUI.exe” [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-7-26 24576]
SetWeb.lnk - c:\program files\SetWeb\SetWeb.exe [2009-7-27 847872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 14:54   100104   ——a-w-  c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 14:37   34344   ——a-w-  c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\QuickTime\\QuickTimePlayer.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\Program Files\\Huawei technologies\\Mobile Connect\\Mobile Connect.exe”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8085:TCP”= 8085:TCP:OKOToGate
“53:TCP”= 53:TCP:webserver

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [10-03-2010 18:31 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [10-03-2010 18:31 194640]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28-01-2009 16:57 20520]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [26-07-2009 16:44 14848]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [14-03-2010 17:20 102352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10-03-2010 18:32 294480]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10-03-2010 18:32 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10-03-2010 18:32 19024]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [10-03-2010 18:31 119200]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [21-05-2009 19:48 62320]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [26-01-2009 13:02 23080]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [26-07-2009 16:44 6528]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [21-05-2009 19:48 45424]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [04-04-2008 08:02 87424]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys—> c:\windows\system32\drivers\massfilter.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [14-12-2009 21:06 40448]
.
Contents of the ‘Scheduled Tasks’ folder

2010-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
.
———- Supplementary Scan———-
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 18:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
——————————- DLLs Loaded Under Running Processes——————————-

- - - - - - - > ‘winlogon.exe’(1440)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

- - - - - - - > ‘explorer.exe’(992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
————————————Other Running Processes————————————
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-14 18:47:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-14 17:47

Pre-Run: 720.523.264 bytes free
Post-Run: 1.790.926.848 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect

- - End Of File - - A7C2EDDE6C9B7DEC031E746659853E79

Og her er så resultatet for combofix scanningen:

ComboFix 10-03-14.01 - Knud 14-03-2010 19:54:41.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1005 [GMT 1:00]
Running from: c:\documents and settings\Knud\Desktop\virus\ComboFix.exe
Command switches used :: c:\documents and settings\Knud\Desktop\virus\CFScript.txt
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((  Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 16:20 . 2010-03-09 11:14   102352   ——a-w-  c:\windows\system32\drivers\aswFW.sys
2010-03-13 21:05 . 2010-03-13 21:05   ————  d-sh—w-  c:\documents and settings\NetworkService\IETldCache
2010-03-13 21:05 . 2010-03-13 21:05   ————  d——-w-  c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-13 19:59 . 2010-01-07 15:07   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 19:59 . 2010-01-07 15:07   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2010-03-13 19:42 . 2010-03-13 19:42   ————  d——-w-  c:\documents and settings\Knud\Application Data\Malwarebytes
2010-03-13 19:41 . 2010-03-13 19:41   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 19:41 . 2010-03-13 19:59   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware
2010-03-12 07:17 . 2010-03-12 07:17   ————  d-sh—w-  c:\documents and settings\LocalService\IETldCache
2010-03-10 22:18 . 2007-03-27 09:57   88960   ——a-w-  c:\windows\system32\drivers\ewusbmdm.sys
2010-03-10 22:18 . 2007-03-27 09:57   24448   ——a-w-  c:\windows\system32\drivers\ewdcsc.sys
2010-03-10 17:32 . 2010-03-09 11:08   19024   ——a-w-  c:\windows\system32\drivers\aswFsBlk.sys
2010-03-10 17:32 . 2010-03-09 11:12   162640   ——a-w-  c:\windows\system32\drivers\aswSP.sys
2010-03-10 17:32 . 2010-03-09 11:14   294480   ——a-w-  c:\windows\system32\drivers\aswSnx.sys
2010-03-10 17:31 . 2010-03-09 11:14   194640   ——a-w-  c:\windows\system32\drivers\aswNdis2.sys
2010-03-10 17:31 . 2010-03-09 11:09   23376   ——a-w-  c:\windows\system32\drivers\aswRdr.sys
2010-03-10 17:31 . 2010-03-09 11:12   46672   ——a-w-  c:\windows\system32\drivers\aswTdi.sys
2010-03-10 17:31 . 2010-03-09 11:08   100432   ——a-w-  c:\windows\system32\drivers\aswmon2.sys
2010-03-10 17:31 . 2010-03-09 11:08   94800   ——a-w-  c:\windows\system32\drivers\aswmon.sys
2010-03-10 17:31 . 2010-03-09 11:08   28880   ——a-w-  c:\windows\system32\drivers\aavmker4.sys
2010-03-10 17:31 . 2010-01-09 21:22   12112   ——a-w-  c:\windows\system32\drivers\aswNdis.sys
2010-03-10 17:31 . 2010-03-09 11:24   153184   ——a-w-  c:\windows\system32\aswBoot.exe
2010-03-10 17:31 . 2010-02-11 18:53   38848   ——a-w-  c:\windows\system32\avastSS.scr
2010-03-10 17:31 . 2010-03-10 17:31   ————  d——-w-  c:\program files\Alwil Software
2010-03-10 17:31 . 2010-03-10 17:31   ————  d——-w-  c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-09 21:09 . 2010-03-09 21:09   ————  d——-w-  c:\program files\Huawei technologies
2010-03-09 21:00 . 2010-03-09 21:01   ————  d——-w-  c:\program files\Safari
2010-03-09 20:13 . 2009-10-23 15:28   3558912   -c——w-  c:\windows\system32\dllcache\moviemk.exe
2010-03-07 14:39 . 2010-02-12 10:03   293376   ———w-  c:\windows\system32\browserchoice.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 07:20 . 2009-11-08 20:52   0   ——a-w-  c:\documents and settings\Knud\temp.dat
2010-03-10 22:18 . 2009-07-26 15:43   ————  d—h—w-  c:\program files\InstallShield Installation Information
2010-03-09 21:01 . 2009-12-14 20:11   ————  d——-w-  c:\documents and settings\Knud\Application Data\Apple Computer
2010-03-09 20:02 . 2009-07-27 21:41   ————  d——-w-  c:\documents and settings\Knud\Application Data\vlc
2010-03-05 22:16 . 2009-08-18 16:41   ————  d——-w-  c:\documents and settings\Knud\Application Data\dvdcss
2010-02-21 11:08 . 2010-02-10 13:46   ————  d——-w-  c:\program files\InstallAffixationInfo
2010-02-14 08:08 . 2010-01-27 20:59   664   ——a-w-  c:\windows\system32\d3d9caps.dat
2010-02-02 19:21 . 2009-12-14 20:09   ————  d——-w-  c:\program files\iTunes
2010-02-02 19:19 . 2010-02-02 19:19   ————  d——-w-  c:\program files\iPod
2010-02-02 19:19 . 2009-12-14 20:05   ————  d——-w-  c:\program files\Common Files\Apple
2010-02-02 19:14 . 2010-02-02 19:14   72488   ——a-w-  c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-25 17:58 . 2010-01-25 17:58   20516   —-ha-w-  c:\windows\system32\mlfcache.dat
2009-12-31 16:50 . 2004-08-04 01:07   353792   ——a-w-  c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 01:07   916480   ———w-  c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2009-07-25 20:16   343040   ——a-w-  c:\windows\system32\mspaint.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58   333192   ——a-w-  c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{3041D03E-FD4B-44E0-B742-2D9B88305F98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@=”{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}”
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-03-09 11:11   136704   ——a-w-  c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“TrackPointSrv”=“c:\program files\Lenovo\TrackPoint\tp4serv.exe” [2009-01-26 92960]
“TVT Scheduler Proxy”=“c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe” [2008-03-04 487424]
“TpShocks”=“TpShocks.exe” [2009-02-02 181536]
“LPManager”=“c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe” [2009-01-29 185688]
“LPMailChecker”=“c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe” [2009-01-29 124248]
“TP4EX”=“tp4ex.exe” [2005-10-16 65536]
“AwaySch”=“c:\program files\Lenovo\AwayTask\AwaySch.EXE” [2006-11-07 91688]
“igfxtray”=“c:\windows\system32\igfxtray.exe” [2006-06-30 94208]
“igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2006-06-30 77824]
“igfxpers”=“c:\windows\system32\igfxpers.exe” [2006-06-30 118784]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2008-04-14 110592]
“SoundMAXPnP”=“c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe” [2004-10-14 1388544]
“TPHOTKEY”=“c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe” [2009-03-13 68976]
“LENOVO.TPFNF6R”=“c:\program files\Lenovo\HOTKEY\TPFNF6R.exe” [2009-04-14 15136]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“MSN Toolbar”=“c:\program files\MSN Toolbar\Platform\4.0.0346.1\mswinext.exe” [2009-10-31 240992]
“Microsoft Default Manager”=“c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” [2009-07-17 288080]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-10-11 149280]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-11-10 417792]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2010-01-22 141608]
“avast5”=“c:\progra~1\ALWILS~1\Avast5\avastUI.exe” [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-7-26 24576]
SetWeb.lnk - c:\program files\SetWeb\SetWeb.exe [2009-7-27 847872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 14:54   100104   ——a-w-  c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 14:37   34344   ——a-w-  c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\QuickTime\\QuickTimePlayer.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\Program Files\\Huawei technologies\\Mobile Connect\\Mobile Connect.exe”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8085:TCP”= 8085:TCP:OKOToGate
“53:TCP”= 53:TCP:webserver

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [10-03-2010 18:31 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [10-03-2010 18:31 194640]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28-01-2009 16:57 20520]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [26-07-2009 16:44 14848]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [14-03-2010 17:20 102352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10-03-2010 18:32 294480]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10-03-2010 18:32 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10-03-2010 18:32 19024]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [10-03-2010 18:31 119200]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13-03-2009 13:47 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [21-05-2009 19:48 62320]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [26-01-2009 13:02 23080]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [26-07-2009 16:44 6528]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [21-05-2009 19:48 45424]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [04-04-2008 08:02 87424]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys—> c:\windows\system32\drivers\massfilter.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [14-12-2009 21:06 40448]
.
Contents of the ‘Scheduled Tasks’ folder

2010-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
.
———- Supplementary Scan———-
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 20:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
——————————- DLLs Loaded Under Running Processes——————————-

- - - - - - - > ‘winlogon.exe’(1448)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

- - - - - - - > ‘explorer.exe’(576)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
————————————Other Running Processes————————————
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-14 20:19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-14 19:19
ComboFix2.txt 2010-03-14 17:47

Pre-Run: 1.797.840.896 bytes free
Post-Run: 1.787.928.576 bytes free

- - End Of File - - CD5F4AC8AEE0C849F8765DCC424A75E1

Det ser godt nok ud. Lad os lige høre hvordan tingene ser ud nu ?

Hej
Jeg har ikke haft problemer siden rensningen, og alt virker til at virke:-)

Det lyder godt.

Jeg lukker, du er velkommen en anden gang.