Belastende virus

Prøv her: http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
Du kan hente en forholdsvis ny databaseversion her: http://www.gt500.org/malwarebytes/database.jsp

Hvis det lykkes så prøv at gi dem et andet navn inden du kører dem.

En virus - du har sku' _mange_ !!!
Der er >10 synlige 'snavs' elementer i ovenstående log!!!

---------------------------------------

*SUK*

Afinstaller
* BitTorrent
Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Som skrevet/sagt ->

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

---------------------------------------

Hvor er M$ ServicePack3 + efterfølgende WindowsUpdate elementer ?

jeg har prøvet den på download.com, der sker intet når jeg prøver at installere den.. Jeg kan fra min pc ikke få adgang til det andet link, hentede programmet på min mac og installerede det via min usb stick.. nu har jeg bare en tom mappe der hedder malwarebytes på mit c-drev.. det er sku lidt håbløst! :)

Bittorrent har jeg ikke haft installeret i et halvt år, det er fjernet via kontrolpanel..

Malwarebytes har jeg endnu ikke haft held med at installere, jeg kan ikke oprette forbindelse til dine to links..

Jeg ved ikke liiiige hvad der er blevet af windows update elementer, kan ikke connecte til deres update server :)

Genstart i fejlsikret tilstand, start hijackthis, klik på do asystem scan only og marker følgende:

O2 - BHO: (no name) - {4db915bc-f216-4d93-abbb-86169bc98dc3} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {d5bf49a2-94f1-42bd-f434-3604812c807d} - C:\WINDOWS\system32\tyshb36rfjdf.dll

O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O4 - HKLM\..\Run: [64dca2cd] rundll32.exe "C:\WINDOWS\system32\tdwlybbh.dll",b
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\{7648E1A2-B41B-49DF-A94E-312C66A31CF0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0006"
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\L2007tmp\"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{D1DA2~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D1DA2~1\reboot.ini  -l0x6
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe

O20 - Winlogon Notify: 64dca262509 - C:\WINDOWS\System32\csrsrv32.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: fccddBsS - fccddBsS.dll (file missing)
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat

O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll

Find  C:\WINDOWS\system32\tyshb36rfjdf.dll og slet den.

Genstart normalt og prøv igen

Når du har markeret disse

O2 - BHO: (no name) - {4db915bc-f216-4d93-abbb-86169bc98dc3} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {d5bf49a2-94f1-42bd-f434-3604812c807d} - C:\WINDOWS\system32\tyshb36rfjdf.dll

O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O4 - HKLM\..\Run: [64dca2cd] rundll32.exe "C:\WINDOWS\system32\tdwlybbh.dll",b
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\{7648E1A2-B41B-49DF-A94E-312C66A31CF0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0006"
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\L2007tmp\"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{D1DA2~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D1DA2~1\reboot.ini  -l0x6
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe

O20 - Winlogon Notify: 64dca262509 - C:\WINDOWS\System32\csrsrv32.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: fccddBsS - fccddBsS.dll (file missing)
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat

O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll

skal du lukke alle andre vinduer og klikke 'fix checked'

derefter sletter du filen

Somme tider bør man læse hvad man skriver INDEN man klikker på send:-(

Så har jeg en ny log. Fik slettet filen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:48, on 28-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {8a6b9cc7-70de-4a74-ad6a-0761d90fea78} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\csrsrv32.dll wzvvrg.dll,C:\WINDOWS\System32\csrsrv32.dll shopzq.dll,C:\WINDOWS\System32\csrsrv32.dll,nzqqii.dll rpuxco.dll jujvxg.dll,C:\WINDOWS\system32\dibiyowa.dll gejqsj.dll
O20 - Winlogon Notify: 64dca262509 - C:\WINDOWS\System32\csrsrv32.dll
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6616 bytes

Der er stadig en del 'snavs' tilbage - prøv så [Malwarebytes} proceduren - igen...

Det samme problem som før, jeg kan ikke åbne links til at downloade programmet. Jeg har hentet det på min mac og installeret det fra min usb stick, jeg får blot en tom malware mappe i c:\programmer :o

Prøv at omdøbe den, læg den på din usb stick, kopier den op på dit skrivebord og kør den derfra.

Hvis det ikke hjælper så klik på start - kør og skriv: devmgmt.msc
klik på vis - vis skjulte enheder og find 'ikke plug and play drivere'
Hvis du finder noget lignende TDSSserv.sys så deaktiver den og genstart comp.

Prøv så igen.

Jeg har prøvet at deaktivere filen og gøre som du beskrev.. det samme sker, jeg får blot en tom folder i c\programmer :(

Er det ikke muligt at komme videre med http://support.f-secure.com/ols/start.html

Vi prøver lige manuelt at ryde noget 'snavs' igen ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {8a6b9cc7-70de-4a74-ad6a-0761d90fea78} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll (file missing)
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\csrsrv32.dll wzvvrg.dll,C:\WINDOWS\System32\csrsrv32.dll shopzq.dll,C:\WINDOWS\System32\csrsrv32.dll,nzqqii.dll rpuxco.dll jujvxg.dll,C:\WINDOWS\system32\dibiyowa.dll gejqsj.dll
O20 - Winlogon Notify: 64dca262509 - C:\WINDOWS\System32\csrsrv32.dll
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat

Genstart normalt...

------------------------------------------------------------------------

Sådan ser min næste log ud:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:31, on 29-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {1a634bd8-3b3e-4407-9a55-36c4dcd8b984} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [64dca2cd] rundll32.exe "C:\WINDOWS\system32\nogezote.dll",b
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\dibiyowa.dll
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6966 bytes

Prøv at gi setup filen et tilfældigt navn med en bat extension f.eks. test.bat og se hvad der sker. Hvis den installerer så gi selve programfilen det samme filnavn.

Hmmm... man ka' da ikke omdøbe en *.EXE til *.BAT og så tro det ka' la' sig gøre ?

Nej - det mente jeg egentlig heller ikke, men jeg har et andet sted set at nogen påstår at de har gjort det. Så hvorfor ikke?

http://www.bleepingcomputer.com/forums/topic189751.html

Det samme som før, jeg får bare en tom mappe med malwarebytes :[

Jeg prøvede at downloade filen igen og installere malwareb, og det virker faktisk nu, smider en log asap:)

Nu har jeg følgende log fra hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:54, on 29-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\iTunes\iTunes.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\distnoted.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - AppInit_DLLs:  fdntks.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6935 bytes

Og jeg fik fra malwarebytes denne log:

Malwarebytes' Anti-Malware 1.31
Database version: 1567
Windows 5.1.2600 Service Pack 2

29-12-2008 15:11:17
mbam-log-2008-12-29 (15-11-17).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objekter skannet: 142854
Tid tilbagelagt: 52 minute(s), 56 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 8
Inficerede Registeringsdatabase Nøgler: 39
Inficerede Registeringsdatabase Værdier: 2
Inficerede Registeringsdatabase Filer: 5
Inficerede Mapper: 0
Inficerede Filer: 90

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\cbXOigEX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dvdnyddv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nogezote.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dibiyowa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mirajehi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\njtwmanh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fdntks.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c0027564.dat (Trojan.Agent) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82efeb08-06ea-464a-a002-f6a7d4bb4474} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82efeb08-06ea-464a-a002-f6a7d4bb4474} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{becd63f0-9b27-46fc-ab3e-cbd4cd37dc3a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{becd63f0-9b27-46fc-ab3e-cbd4cd37dc3a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b66f98a4-460c-4943-9a08-8aae232db550} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b66f98a4-460c-4943-9a08-8aae232db550} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{becd63f0-9b27-46fc-ab3e-cbd4cd37dc3a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82efeb08-06ea-464a-a002-f6a7d4bb4474} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2071e25c-54a2-4766-bb06-39682ca8c6c9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{345066cd-3788-4e72-88c5-08c3209dec6e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{352e20b9-5b55-4b26-8b10-7dc5940ffe7d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5099e311-e10a-4cdb-b54b-eb52cb18e732} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{64385737-8c2a-43a0-b58f-71efdec0150c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0027564 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64dca2cd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tekoyezami (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxoigex -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dibiyowa.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\dibiyowa.dll  -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dibiyowa.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxoigex  -> Delete on reboot.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\system32\fdntks.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbXOigEX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\XEgiOXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XEgiOXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdyarusx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsuraydb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvdnyddv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vddyndvd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gulotema.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ametolug.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jawotiwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iwitowaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nogezote.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\etozegon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdwlybbh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbbylwdt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tunayiri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iriyanut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udwvwqcw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcqwvwdu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdxwekbt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tbkewxdw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mirajehi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dibiyowa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\njtwmanh.dll (Trojan.Vundo) -> Delete on reboot.
C:\uqpox.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\winloggn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\6M14Y44S\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\6M14Y44S\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temporary Internet Files\Content.IE5\N0Y88Q8Q\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temporary Internet Files\Content.IE5\Q1H4QTYM\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Programmer\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-171511-818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-171511-954.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-172239-616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-172239-649.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-172645-377.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081229-000358-938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-171511-548.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wzvvrg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gsbxfwyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrsrv32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpuxco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ultcwkvr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gejqsj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pagftjno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSirxy.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSktao.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSocun.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrojf.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgohsqar.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jujvxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nzqqii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pobojohe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yebalino.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yvudryhp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSxeuu.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\f40a673b.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\887b5ef5.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c0027564.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c001D17E.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0022400.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002464A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c005CEB3.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009DAE2.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D96E6.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvSllJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvWnLfG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebojele.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnNgdD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGabCRJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRheEW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0022494.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002332D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002C040.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002E62B.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0032BF3.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c003F6C.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00422D7.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006C011.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A16C4.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00AEBA4.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00BE238.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00E6E98.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\TDSSa14f.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\TDSSa16e.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSehys.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqqon.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSwrhd.log (Trojan.TDSS) -> Quarantined and deleted successfully.

.. Var det så bare det? :)

Nej, ikke helt. Genstart i fejlsikker tilstand og fix disse to:

O4 - HKUS\S-1-5-19\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s (User 'LOKAL TJENESTE')

O20 - AppInit_DLLs:  fdntks.dll

genstart normalt + ny hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:31, on 29-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6741 bytes

Dukkede den her op igen eller glemte du den?
O4 - HKUS\S-1-5-19\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s (User 'LOKAL TJENESTE')

Under alle omstændigheder, prøv at hente denne her og kør en tur med den:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Husk at opdatere den!

Hvordan kører comp. nu?

Den kom frem igen, har kørt det nye program, men den samme dukkede op i hijack this.. Så jeg prøvede bare endnu engang at sige fix, og det lykkedes!.. nu ser min log sådan ud:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:17, on 29-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6809 bytes

Var det så alt? :).. mange tak for hjælpen, det er virkelig værdsat!

Husk xp sp3 + efterfølgende opdateringer:
http://www.microsoft.com/downloads/details.aspx?familyid=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=da

Jeg synes ikke at kunne få øje på nogen sikkerhedprogrammer.
se her:
http://www.spywarefri.dk/traditionel_sikkerhed.html

Hvordan kører computeren så nu?

perfekt :)