Avatar billede plhn Nybegynder
28. december 2008 - 16:16 Der er 28 kommentarer og
1 løsning

Belastende virus

Jeg har den sidste uges tid haft en ret belastende virus. Jeg prøvede at installere Spybot S&D, men kan ikke installere det da den ikke kan oprette forbindelse til serveren(hvilket aldrig har været et problem). Samme problem har jeg med eksempelvis Kaspersky, Malwarebytes Anti-Malware osv.. Derudover kan jeg ikke åbne hjemmesider der giver adgang til antivirus programmer; feks trendmicro housecall, hvilket heller ikke før har været et problem.

Det eneste jeg faktisk har er CCcleaner der ikke hjælper det store, og så denne hijack log. Kan i eksperter mon hjælpe en håbløs computerbruger? :o

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:58, on 28-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mikkel\Skrivebord\mbam-setup.exe
C:\Documents and Settings\Mikkel\Skrivebord\mbam-setup.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {4db915bc-f216-4d93-abbb-86169bc98dc3} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {d5bf49a2-94f1-42bd-f434-3604812c807d} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O4 - HKLM\..\Run: [64dca2cd] rundll32.exe "C:\WINDOWS\system32\tdwlybbh.dll",b
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\{7648E1A2-B41B-49DF-A94E-312C66A31CF0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0006"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\L2007tmp\"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{D1DA2~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D1DA2~1\reboot.ini  -l0x6
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmer\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\csrsrv32.dll wzvvrg.dll,C:\WINDOWS\System32\csrsrv32.dll shopzq.dll,C:\WINDOWS\System32\csrsrv32.dll,nzqqii.dll rpuxco.dll jujvxg.dll,C:\WINDOWS\system32\dibiyowa.dll gejqsj.dll
O20 - Winlogon Notify: 64dca262509 - C:\WINDOWS\System32\csrsrv32.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: fccddBsS - fccddBsS.dll (file missing)
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programmer\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller (panda software controller) - Panda Software International - C:\Programmer\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (pavsrv) - Panda Software International - C:\Programmer\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (psimsvc) - Panda Software International - C:\Programmer\Panda Security\Panda Antivirus 2008\psimsvc.exe

--
End of file - 9069 bytes
Avatar billede f-arn Guru
28. december 2008 - 16:33 #1
Avatar billede f-arn Guru
28. december 2008 - 16:37 #2
Hvis det lykkes så prøv at gi dem et andet navn inden du kører dem.
28. december 2008 - 16:43 #3
En virus - du har sku' _mange_ !!!
Der er >10 synlige 'snavs' elementer i ovenstående log!!!

---------------------------------------

*SUK*

Afinstaller
* BitTorrent
Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Som skrevet/sagt ->

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

---------------------------------------

Hvor er M$ ServicePack3 + efterfølgende WindowsUpdate elementer ?
Avatar billede plhn Nybegynder
28. december 2008 - 16:48 #4
jeg har prøvet den på download.com, der sker intet når jeg prøver at installere den.. Jeg kan fra min pc ikke få adgang til det andet link, hentede programmet på min mac og installerede det via min usb stick.. nu har jeg bare en tom mappe der hedder malwarebytes på mit c-drev.. det er sku lidt håbløst! :)
Avatar billede plhn Nybegynder
28. december 2008 - 16:54 #5
Bittorrent har jeg ikke haft installeret i et halvt år, det er fjernet via kontrolpanel..

Malwarebytes har jeg endnu ikke haft held med at installere, jeg kan ikke oprette forbindelse til dine to links..

Jeg ved ikke liiiige hvad der er blevet af windows update elementer, kan ikke connecte til deres update server :)
Avatar billede f-arn Guru
28. december 2008 - 17:03 #6
Genstart i fejlsikret tilstand, start hijackthis, klik på do asystem scan only og marker følgende:

O2 - BHO: (no name) - {4db915bc-f216-4d93-abbb-86169bc98dc3} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {d5bf49a2-94f1-42bd-f434-3604812c807d} - C:\WINDOWS\system32\tyshb36rfjdf.dll

O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O4 - HKLM\..\Run: [64dca2cd] rundll32.exe "C:\WINDOWS\system32\tdwlybbh.dll",b
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\{7648E1A2-B41B-49DF-A94E-312C66A31CF0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0006"
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\L2007tmp\"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{D1DA2~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D1DA2~1\reboot.ini  -l0x6
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe

O20 - Winlogon Notify: 64dca262509 - C:\WINDOWS\System32\csrsrv32.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: fccddBsS - fccddBsS.dll (file missing)
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat

O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll

Find  C:\WINDOWS\system32\tyshb36rfjdf.dll og slet den.

Genstart normalt og prøv igen
Avatar billede f-arn Guru
28. december 2008 - 17:08 #7
Når du har markeret disse

O2 - BHO: (no name) - {4db915bc-f216-4d93-abbb-86169bc98dc3} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {d5bf49a2-94f1-42bd-f434-3604812c807d} - C:\WINDOWS\system32\tyshb36rfjdf.dll

O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O4 - HKLM\..\Run: [64dca2cd] rundll32.exe "C:\WINDOWS\system32\tdwlybbh.dll",b
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\{7648E1A2-B41B-49DF-A94E-312C66A31CF0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0006"
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\Mikkel\LOKALE~1\Temp\L2007tmp\"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{D1DA2~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D1DA2~1\reboot.ini  -l0x6
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Mikkel\LOKALE~1\Temp\winloggn.exe

O20 - Winlogon Notify: 64dca262509 - C:\WINDOWS\System32\csrsrv32.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: fccddBsS - fccddBsS.dll (file missing)
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat

O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll

skal du lukke alle andre vinduer og klikke 'fix checked'

derefter sletter du filen

Somme tider bør man læse hvad man skriver INDEN man klikker på send:-(
Avatar billede plhn Nybegynder
28. december 2008 - 17:28 #8
Så har jeg en ny log. Fik slettet filen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:48, on 28-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {8a6b9cc7-70de-4a74-ad6a-0761d90fea78} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\csrsrv32.dll wzvvrg.dll,C:\WINDOWS\System32\csrsrv32.dll shopzq.dll,C:\WINDOWS\System32\csrsrv32.dll,nzqqii.dll rpuxco.dll jujvxg.dll,C:\WINDOWS\system32\dibiyowa.dll gejqsj.dll
O20 - Winlogon Notify: 64dca262509 - C:\WINDOWS\System32\csrsrv32.dll
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6616 bytes
28. december 2008 - 17:43 #9
Der er stadig en del 'snavs' tilbage - prøv så [Malwarebytes} proceduren - igen...
Avatar billede plhn Nybegynder
28. december 2008 - 17:47 #10
Det samme problem som før, jeg kan ikke åbne links til at downloade programmet. Jeg har hentet det på min mac og installeret det fra min usb stick, jeg får blot en tom malware mappe i c:\programmer :o
Avatar billede f-arn Guru
28. december 2008 - 19:24 #11
Prøv at omdøbe den, læg den på din usb stick, kopier den op på dit skrivebord og kør den derfra.

Hvis det ikke hjælper så klik på start - kør og skriv: devmgmt.msc
klik på vis - vis skjulte enheder og find 'ikke plug and play drivere'
Hvis du finder noget lignende TDSSserv.sys så deaktiver den og genstart comp.

Prøv så igen.
Avatar billede plhn Nybegynder
28. december 2008 - 19:58 #12
Jeg har prøvet at deaktivere filen og gøre som du beskrev.. det samme sker, jeg får blot en tom folder i c\programmer :(
Avatar billede Slettet bruger
28. december 2008 - 20:41 #13
Er det ikke muligt at komme videre med http://support.f-secure.com/ols/start.html
28. december 2008 - 22:04 #14
Vi prøver lige manuelt at ryde noget 'snavs' igen ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {8a6b9cc7-70de-4a74-ad6a-0761d90fea78} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll (file missing)
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\csrsrv32.dll wzvvrg.dll,C:\WINDOWS\System32\csrsrv32.dll shopzq.dll,C:\WINDOWS\System32\csrsrv32.dll,nzqqii.dll rpuxco.dll jujvxg.dll,C:\WINDOWS\system32\dibiyowa.dll gejqsj.dll
O20 - Winlogon Notify: 64dca262509 - C:\WINDOWS\System32\csrsrv32.dll
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat

Genstart normalt...

------------------------------------------------------------------------
Avatar billede plhn Nybegynder
29. december 2008 - 00:07 #15
Sådan ser min næste log ud:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:31, on 29-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {1a634bd8-3b3e-4407-9a55-36c4dcd8b984} - C:\WINDOWS\system32\cbXOigEX.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {b66f98a4-460c-4943-9a08-8aae232db550} - C:\WINDOWS\system32\sisameso.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [64dca2cd] rundll32.exe "C:\WINDOWS\system32\nogezote.dll",b
O4 - HKLM\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\dibiyowa.dll
O20 - Winlogon Notify: __c0027564 - C:\WINDOWS\system32\__c0027564.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6966 bytes
Avatar billede f-arn Guru
29. december 2008 - 12:04 #16
Prøv at gi setup filen et tilfældigt navn med en bat extension f.eks. test.bat og se hvad der sker. Hvis den installerer så gi selve programfilen det samme filnavn.
29. december 2008 - 13:49 #17
Hmmm... man ka' da ikke omdøbe en *.EXE til *.BAT og så tro det ka' la' sig gøre ?
Avatar billede f-arn Guru
29. december 2008 - 13:53 #18
Nej - det mente jeg egentlig heller ikke, men jeg har et andet sted set at nogen påstår at de har gjort det. Så hvorfor ikke?
Avatar billede f-arn Guru
29. december 2008 - 13:56 #19
Avatar billede plhn Nybegynder
29. december 2008 - 14:14 #20
Det samme som før, jeg får bare en tom mappe med malwarebytes :[
Avatar billede plhn Nybegynder
29. december 2008 - 14:16 #21
Jeg prøvede at downloade filen igen og installere malwareb, og det virker faktisk nu, smider en log asap:)
Avatar billede plhn Nybegynder
29. december 2008 - 15:16 #22
Nu har jeg følgende log fra hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:54, on 29-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\iTunes\iTunes.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\distnoted.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - AppInit_DLLs:  fdntks.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6935 bytes

Og jeg fik fra malwarebytes denne log:

Malwarebytes' Anti-Malware 1.31
Database version: 1567
Windows 5.1.2600 Service Pack 2

29-12-2008 15:11:17
mbam-log-2008-12-29 (15-11-17).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objekter skannet: 142854
Tid tilbagelagt: 52 minute(s), 56 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 8
Inficerede Registeringsdatabase Nøgler: 39
Inficerede Registeringsdatabase Værdier: 2
Inficerede Registeringsdatabase Filer: 5
Inficerede Mapper: 0
Inficerede Filer: 90

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\cbXOigEX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dvdnyddv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nogezote.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dibiyowa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mirajehi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\njtwmanh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fdntks.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c0027564.dat (Trojan.Agent) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82efeb08-06ea-464a-a002-f6a7d4bb4474} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82efeb08-06ea-464a-a002-f6a7d4bb4474} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{becd63f0-9b27-46fc-ab3e-cbd4cd37dc3a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{becd63f0-9b27-46fc-ab3e-cbd4cd37dc3a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b66f98a4-460c-4943-9a08-8aae232db550} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b66f98a4-460c-4943-9a08-8aae232db550} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{becd63f0-9b27-46fc-ab3e-cbd4cd37dc3a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82efeb08-06ea-464a-a002-f6a7d4bb4474} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2071e25c-54a2-4766-bb06-39682ca8c6c9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{345066cd-3788-4e72-88c5-08c3209dec6e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{352e20b9-5b55-4b26-8b10-7dc5940ffe7d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5099e311-e10a-4cdb-b54b-eb52cb18e732} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{64385737-8c2a-43a0-b58f-71efdec0150c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0027564 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64dca2cd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tekoyezami (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxoigex -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dibiyowa.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\dibiyowa.dll  -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dibiyowa.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxoigex  -> Delete on reboot.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\system32\fdntks.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbXOigEX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\XEgiOXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XEgiOXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdyarusx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsuraydb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvdnyddv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vddyndvd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gulotema.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ametolug.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jawotiwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iwitowaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nogezote.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\etozegon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdwlybbh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbbylwdt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tunayiri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iriyanut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udwvwqcw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcqwvwdu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdxwekbt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tbkewxdw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mirajehi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dibiyowa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\njtwmanh.dll (Trojan.Vundo) -> Delete on reboot.
C:\uqpox.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\winloggn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\6M14Y44S\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\6M14Y44S\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temporary Internet Files\Content.IE5\N0Y88Q8Q\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temporary Internet Files\Content.IE5\Q1H4QTYM\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Programmer\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-171511-818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-171511-954.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-172239-616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-172239-649.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-172645-377.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081229-000358-938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\Trend Micro\HijackThis\backups\backup-20081228-171511-548.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wzvvrg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gsbxfwyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrsrv32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpuxco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ultcwkvr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gejqsj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pagftjno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSirxy.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSktao.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSocun.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrojf.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgohsqar.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jujvxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nzqqii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pobojohe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yebalino.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yvudryhp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSxeuu.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\f40a673b.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\887b5ef5.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c0027564.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c001D17E.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0022400.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002464A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c005CEB3.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009DAE2.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D96E6.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvSllJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvWnLfG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebojele.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnNgdD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGabCRJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRheEW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0022494.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002332D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002C040.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002E62B.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0032BF3.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c003F6C.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00422D7.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006C011.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A16C4.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00AEBA4.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00BE238.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00E6E98.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\TDSSa14f.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\TDSSa16e.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSehys.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqqon.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSwrhd.log (Trojan.TDSS) -> Quarantined and deleted successfully.

.. Var det så bare det? :)
Avatar billede f-arn Guru
29. december 2008 - 15:35 #23
Nej, ikke helt. Genstart i fejlsikker tilstand og fix disse to:

O4 - HKUS\S-1-5-19\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s (User 'LOKAL TJENESTE')

O20 - AppInit_DLLs:  fdntks.dll

genstart normalt + ny hjt log
Avatar billede plhn Nybegynder
29. december 2008 - 16:54 #24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:31, on 29-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6741 bytes
Avatar billede f-arn Guru
29. december 2008 - 17:18 #25
Dukkede den her op igen eller glemte du den?
O4 - HKUS\S-1-5-19\..\Run: [tekoyezami] Rundll32.exe "C:\WINDOWS\system32\mirajehi.dll",s (User 'LOKAL TJENESTE')

Under alle omstændigheder, prøv at hente denne her og kør en tur med den:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Husk at opdatere den!

Hvordan kører comp. nu?
Avatar billede plhn Nybegynder
29. december 2008 - 18:01 #26
Den kom frem igen, har kørt det nye program, men den samme dukkede op i hijack this.. Så jeg prøvede bare endnu engang at sige fix, og det lykkedes!.. nu ser min log sådan ud:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:17, on 29-12-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\programmer\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hawking\Common\RaUI.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.danskebank.dk/danskenetbank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmer\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Programmer\Hawking\Common\RaUI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202747683859
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6809 bytes

Var det så alt? :).. mange tak for hjælpen, det er virkelig værdsat!
Avatar billede f-arn Guru
29. december 2008 - 18:23 #27
Husk xp sp3 + efterfølgende opdateringer:
http://www.microsoft.com/downloads/details.aspx?familyid=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=da

Jeg synes ikke at kunne få øje på nogen sikkerhedprogrammer.
se her:
http://www.spywarefri.dk/traditionel_sikkerhed.html
Avatar billede f-arn Guru
30. december 2008 - 12:53 #28
Hvordan kører computeren så nu?
Avatar billede plhn Nybegynder
31. december 2008 - 13:15 #29
perfekt :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB

Center Denmark Fonden

Cloud Engineer

Cognizant Technology Solutions Denmark ApS

Azure Architect

Dynamicweb Software A/S

Solution Tech Lead