Skærmen er blå og computeren kan ikke starte op

Det skal lige tilføjes at CPU forbruget er på 99% alene på winlogon.exe

(Hvad med 'fejlsikker tilstand' opstart ?)

http://www.eksperten.dk/list.phtml?sort=&order=DESC&status_1=on&status_2=on&spm_creator=laroub&spm_part=&spm_answer=&find=&engine=exp - du er søgt her ???

Jeg har forsøgt at starte den i "fejlsikret tilstand" men den skriver om jeg skal bruge en cd eller ....  og så giver den mig 5 sek til at svare.

Jeg er ik med mht den anden besked

"boot fra hardware eller cd rom" det er hvad der står når jeg trykker F8 nede for at komme ind i "Fejlsikret tilstand"

Ok det lykkedes at komme ind til valget mellem de forskellige fejlsikret tilstande etc. men mit keyboard virkede ikke, så jeg kunne ikke foretage noget valg. Den begyndte at tælle ned fra 30 sek....... øv øv øv

´Jeg har fået skiftet mit keyboard med det gamle med ledning. Nu virker tasterne.
Men problemet er nu at jeg ikke kan logge mig ind med det samme brugernavn og den samme adgangskode.

Det fatter jeg intet af.

Hej igen. Jeg har fået bruget en artikel fra websiden her. http://www.eksperten.dk/artikler/1232 .. Det lykkedes alngt om længe at komme noget af det til livs åbenbart. computeren kører mere normalt end den har gjort den sidste dag. Jeg har dog nogle logfiles, som jeg vil bede jer om at kigge på:
Jeg starter med loggen fra "Malwarebytes":

Malwarebytes' Anti-Malware 1.32
Database version: 1646
Windows 5.1.2600 Service Pack 3

12-01-2009 21:26:25
mbam-log-2009-01-12 (21-26-20).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 108679
Tid tilbagelagt: 1 hour(s), 28 minute(s), 35 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> No action taken.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

Den næste er fra "Combofix"



ComboFix 09-01-11.04 - ahla 2009-01-12 21:30:50.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.503.235 [GMT 1:00]
K°rer fra: c:\documents and settings\ahla\Skrivebord\Virus fjerner\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\ahla\Skrivebord\Virus fjerner\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Dannede nyt systemgendannelsespunkt

[COLOR=RED][B]advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmer\Blubster Toolbar\v3.3.0.1\Blubster_Toolbar.dll
c:\windows\system32\cfx32.ocx
c:\windows\system32\CMMGR32.EXE
c:\windows\system32\dumphive.exe
c:\windows\system32\ftpupd.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
(((((((((((((((((((((((((((((  Filer skabt fra 2008-12-12 til 2009-01-12  )))))))))))))))))))))))))))))))))))
.

2009-01-12 21:33 . 2009-01-12 21:33    53,248    --a------    c:\temp\catchme.dll
2009-01-12 21:31 . 2009-01-12 21:31    <DIR>    d--------    c:\temp\WPDNSE
2009-01-12 21:27 . 2009-01-12 21:28    <DIR>    d--------    C:\32788R22FWJFW
2009-01-12 18:10 . 2009-01-12 21:26    <DIR>    d--------    c:\programmer\Malwarebytes' Anti-Malware
2009-01-12 18:10 . 2009-01-12 18:10    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 18:10 . 2009-01-12 18:10    <DIR>    d--------    c:\documents and settings\ahla\Application Data\Malwarebytes
2009-01-12 18:10 . 2009-01-04 18:38    38,496    --a------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 18:10 . 2009-01-04 18:38    15,504    --a------    c:\windows\system32\drivers\mbam.sys
2009-01-12 18:06 . 2009-01-12 18:06    <DIR>    d--------    c:\programmer\CCleaner
2009-01-11 22:54 . 2009-01-12 21:33    <DIR>    d--------    c:\temp\WER0354.dir00
2009-01-10 20:49 . 2009-01-10 20:49    <DIR>    d--------    c:\programmer\Search Settings
2009-01-10 20:49 . 2009-01-10 20:49    <DIR>    d--------    c:\documents and settings\ahla\Application Data\Search Settings
2009-01-10 20:47 . 2009-01-10 20:47    <DIR>    d--------    c:\programmer\Dealio
2009-01-10 20:47 . 2009-01-10 20:48    <DIR>    d--------    c:\documents and settings\ahla\Application Data\Dealio
2009-01-10 20:47 . 2009-01-10 20:47    0    --ah-----    c:\windows\SwSys2.bmp
2009-01-10 20:47 . 2009-01-10 20:47    0    --ah-----    c:\windows\SwSys1.bmp
2009-01-10 20:46 . 2009-01-10 20:46    <DIR>    d--------    c:\programmer\Blubster Toolbar
2009-01-10 20:46 . 2009-01-11 13:45    <DIR>    d--------    c:\programmer\Blubster
2009-01-10 20:46 . 2009-01-10 20:46    231,258    --a------    c:\windows\Blubster_Toolbar_Uninstaller_4312.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 17:00    ---------    d-----w    c:\programmer\Norton Security Scan
2009-01-06 16:16    ---------    d-----w    c:\programmer\SummaSummarum
2009-01-05 22:22    ---------    d-----w    c:\programmer\SetWeb
2009-01-04 17:01    ---------    d-----w    c:\programmer\Fælles filer\Symantec Shared
2008-12-31 19:20    ---------    d-----w    c:\programmer\SUPERAntiSpyware
2008-12-11 19:58    ---------    d-----w    c:\programmer\PokerStars
2008-11-13 18:30    0    ----a-w    c:\documents and settings\ahla\temp.dat
2008-11-13 18:28    410,976    ----a-w    c:\windows\system32\deploytk.dll
2008-11-13 18:28    ---------    d-----w    c:\programmer\Java
2008-10-23 12:41    286,720    ----a-w    c:\windows\system32\gdi32.dll
2008-10-16 20:18    826,368    ----a-w    c:\windows\system32\wininet.dll
2008-10-16 13:13    202,776    ----a-w    c:\windows\system32\wuweb.dll
2008-10-16 13:13    1,809,944    ----a-w    c:\windows\system32\wuaueng.dll
2008-10-16 13:12    561,688    ----a-w    c:\windows\system32\wuapi.dll
2008-10-16 13:12    323,608    ----a-w    c:\windows\system32\wucltui.dll
2008-10-16 13:09    92,696    ----a-w    c:\windows\system32\cdm.dll
2008-10-16 13:09    51,224    ----a-w    c:\windows\system32\wuauclt.exe
2008-10-16 13:09    43,544    ----a-w    c:\windows\system32\wups2.dll
2008-10-16 13:08    34,328    ----a-w    c:\windows\system32\wups.dll
2008-08-13 17:50    4,259,932    ----a-w    c:\programmer\Belkin.zip
2007-10-30 08:40    301,211,726    ----a-w    c:\programmer\Microsoft Office.zip
2004-08-23 08:20    33,712    ----a-w    c:\documents and settings\Ahmed Laroub\Application Data\GDIPFONTCACHEV1.DAT
2004-08-23 08:20    33,712    ----a-w    c:\documents and settings\ahla\Application Data\GDIPFONTCACHEV1.DAT
2006-10-11 08:04    61,036    ----a-w    c:\programmer\mozilla firefox\components\jar50.dll
2006-10-11 08:04    48,742    ----a-w    c:\programmer\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05    29,313    ----a-w    c:\programmer\mozilla firefox\components\myspell.dll
2006-10-11 08:05    41,082    ----a-w    c:\programmer\mozilla firefox\components\spellchk.dll
2006-10-11 08:04    166,510    ----a-w    c:\programmer\mozilla firefox\components\xpinstal.dll
2008-09-24 12:43    32,768    --sha-w    c:\windows\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008092420080925\index.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemµrk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-31 1830128]
"Google Update"="c:\documents and settings\ahla\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-06-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-06-06 118784]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2005-11-09 155648]
"SetecCertUtil"="c:\programmer\SetWeb\SetWeb.exe" [2004-06-17 704512]
"WireLessMouse "="c:\programmer\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 503808]
"WireLessKeyboard "="c:\programmer\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 241664]
"hcenter"="c:\programmer\Support.com\bin\tgcmd.exe" [2005-04-08 1757184]
"avgnt"="c:\programmer\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-01 249896]
"Adobe Photo Downloader"="c:\programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\programmer\Fælles filer\Real\Update_OB\realsched.exe" [2008-03-26 185896]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2008-11-13 136600]
"au"="c:\programmer\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\programmer\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"SoundMan"="SOUNDMAN.EXE" [2004-04-28 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - c:\programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-05 113664]
Belkin Wireless Networking Utility.lnk - c:\programmer\Belkin\F5D8051v2\Belkinwcui.exe [2007-03-14 1581056]
Free WebSite Tools.lnk - c:\programmer\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2004-12-25 372224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-31 20:20 356352 c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Programmer\\Support.com\\bin\\tgcmd.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Microsoft ActiveSync\\WCESMGR.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [2007-01-09 55024]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [2004-08-18 52026]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b3ab590-428d-11dd-9905-003005665ef3}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b3ab593-428d-11dd-9905-003005665ef3}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7b4e3f0-5ded-11db-97d1-003005665ef3}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f019ce-4dd7-11dd-9919-003005665ef3}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
Indhold af mappen 'Planlagte Opgaver'

2009-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1580436667-839522115-1110.job
- c:\documents and settings\ahla\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2008-11-03 23:16]

2009-01-11 c:\windows\Tasks\Norton Security Scan for ahla.job
- c:\programmer\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Google Search - c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
IE: Backward Links - c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\programmer\google\GoogleToolbar2.dll/cmcache.html
IE: Compare Prices with &Dealio - c:\documents and settings\ahla\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\programmer\Advanced JPEG Compressor\ajcieex.htm
IE: Similar Pages - c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\programmer\google\GoogleToolbar2.dll/cmtrans.html

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\TE.exe - O16 -: {3a4f9191-65a8-11d5-85c1-0001023952c1}
hxxp://130.228.229.80/homeskyline/TEInstall/TE.cab
c:\windows\Downloaded Program Files\TE.osd

- c:\windows\Downloaded Program Files\TE.inf

c:\windows\Downloaded Program Files\menu.dll - O16 -: {3D2CB570-D425-11D5-ABD0-00008369C46F}
hxxp://netbank.bgbank.dk/html/activex/BG/Menu.cab
c:\windows\Downloaded Program Files\Menu.inf

c:\windows\system32\msvbvm60.dll - c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\comcat.dll
c:\windows\system32\objsafe.tlb
c:\windows\Downloaded Program Files\DocumentDataTransformation.dll
O16 -: {86294D95-BE2C-47C2-9ABD-F5DCEAB41C35}
hxxp://www.blankethotel.dk/ddt/DocumentDataTransformation.CAB
c:\windows\Downloaded Program Files\DocumentDataTransformation.INF

O16 -: {ABCCB0F0-514E-4BA6-989D-C67E5DBC2946} - hxxps://netbank.bgbank.dk/download/keydownload/BG/KeyDownloader.cab
c:\windows\Downloaded Program Files\KeyDownloader.inf

c:\windows\System32\Tabctl32.ocx - c:\windows\System32\Mscomctl.ocx
c:\windows\System32\Msmask32.ocx
c:\windows\System32\MSVBVM60.DLL
c:\windows\System32\Oleaut32.dll
c:\windows\System32\OLEPRO32.DLL
c:\windows\System32\ASYCFILT.DLL
c:\windows\System32\STDOLE2.TLB
c:\windows\System32\COMCAT.DLL
c:\windows\Downloaded Program Files\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.1\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.4\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.5\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.6\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.7\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.8\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.9\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.10\dataloen.ocx
O16 -: {C07E5288-22FB-11D7-962E-0004AC77C761}
hxxp://activex.dataloen.dk/controls/Dataloen3333.CAB
c:\windows\Downloaded Program Files\dataloen.INF

O16 -: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe

c:\windows\Downloaded Program Files\e-Safekey.dll - O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375}
hxxps://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
c:\windows\Downloaded Program Files\e-Safekey.inf
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 21:33:38
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemf°rt med succes
skjulte filer: 0

**************************************************************************
.
--------------------- L+STE REGISTRERINGS NÏGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{79DD782F-DD9B-90C8-01AB82140B2B65EB}\{DE7D83BF-EB3B-F5D9-D52C430ACBAFB5F9}\{D743F1FE-35C6-E579-63E67F5CCF1E1FA7}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
  fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs startet under k°rende Processer ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WlNotify.dll
c:\programmer\SetWeb\setcsp.dll
c:\programmer\SetWeb\csputil.dll
c:\programmer\SetWeb\ssiutil.dll
c:\programmer\SetWeb\ssides.dll
c:\programmer\SetWeb\ssider.dll
c:\programmer\SetWeb\ssihash.dll
c:\programmer\SetWeb\ssirsa.dll
c:\programmer\SetWeb\SC.dll
c:\programmer\SetWeb\ssirsakg.dll
c:\programmer\SetWeb\ssipk15.dll
.
Gennemf°rt tid: 2009-01-12 21:35:57
ComboFix-quarantined-files.txt  2009-01-12 20:35:38

Pre-K°rsel: 29.817.626.624 byte ledig
Post-K°rsel: 30,021,353,472 byte ledig

241    --- E O F ---    2008-12-18 20:37:18

Den sidste er fra "Hijackthis"


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38, on 2009-01-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\SetWeb\SetWeb.exe
C:\Programmer\Multimedia Combo Set\MouseDrv.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\ahla\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe
C:\Programmer\Belkin\F5D8051v2\Belkinwcui.exe
C:\Programmer\Belkin\F5D8051v2\chkdev.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ahla\Skrivebord\Virus fjerner\HJTInstall.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programmer\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SetecCertUtil] C:\Programmer\SetWeb\SetWeb.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Programmer\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Programmer\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Programmer\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Programmer\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ahla\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = C:\Programmer\Belkin\F5D8051v2\Belkinwcui.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\ahla\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Programmer\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programmer\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programmer\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - http://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {86294D95-BE2C-47C2-9ABD-F5DCEAB41C35} (DocTransform.Transformer) - http://www.blankethotel.dk/ddt/DocumentDataTransformation.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1226600909360&h=b415ccf369cf45f58bab1c9158db5507/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {ABCCB0F0-514E-4BA6-989D-C67E5DBC2946} - https://netbank.bgbank.dk/download/keydownload/BG/KeyDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen3333.CAB
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PROSKAK.SERVER.DK
O17 - HKLM\Software\..\Telephony: DomainName = PROSKAK.SERVER.DK
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PROSKAK.SERVER.DK
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe

--
End of file - 11061 bytes

Jeg håber, at I kan kigge på den. På forhånd tak.

Malwarebytes' Anti-Malware 1.32 ->
"..-> No action taken...."
Hvad tror du det betyder ?

"Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind..."

-----------

Jeg er ikke helt med Karise.

Kan du forklare det nærmere. Jeg er lidt grøn kan du se.rffqfeeeeeqf

Citat fra nævnte http://www.eksperten.dk/artikler/1232 ->

Malwarebytes
Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.

Altså den sidste sætning har du glemt at gennemføre!!!

Hej.. Det fik jeg faktisk gjort. Jeg fulgte nøje det, som stod i artiklen..