WORMS ATTACK!!

Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe
Installer og start programmet, opdater, lav "fuld systemskanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://www.techsupportforum.com/sectools/sUBs/dds

eller her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds


Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på på computeren og ikke køres fra nettet

Jeps okay... hmm jeg blev nød til at slå mit Avast fra ellers gik Virus alerten fuldstændig amok hvert sekund...

Forresten skal jeg FØRST kører den der DDS log EFTER skanningen?

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

03-06-2009 00:51:53
mbam-log-2009-06-03 (00-51-53).txt

Skan type: Fuldstændig skanning (C:\|H:\|)
Objekter skannet: 316802
Tid tilbagelagt: 1 hour(s), 9 minute(s), 4 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 47
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 12
Inficerede Filer: 19

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\browsingtool.browserwatcher (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.browserwatcher.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.pornpro_bho (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.pornpro_bho.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.precachebrowserhost (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingtool.precachebrowserhost.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50a1aa3b-80e3-15cf-0f1a-83a98ad98fe9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7f68785e-4894-7bb2-5fde-cc3eee2ebc82} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e698e657-649e-5d40-752d-9a3b78ea832a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0daee015-a728-c212-9b8f-298391b8328e} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aaf21892-e4d8-e8ed-e36a-3a91e3b2db29} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fe3af205-54df-b146-1f0e-c9262829ed18} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84d39d08-a551-a4e5-c8d1-3327573d4640} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingtool (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BrowsingTool.DLL (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Inficerede Mapper:
h:\documents and settings\Administrator\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
H:\Programmer\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\programmer\shoppingreport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\programmer\shoppingreport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
H:\Programmer\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
H:\Programmer\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
H:\Programmer\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.

Inficerede Filer:
h:\programmer\fbrowseradvisor\inno.exe (Rogue.Installer) -> Quarantined and deleted successfully.
h:\programmer\fbrowsingadvisor\XPCOMEvents.dll (Adware.PlayMp3z) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\documents and settings\administrator\application data\shoppingreport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\programmer\shoppingreport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
h:\programmer\fbrowsingadvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
h:\programmer\fbrowsingadvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
h:\programmer\fbrowsingadvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
h:\programmer\fbrowsingadvisor\Thumbs.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
h:\programmer\fbrowsingadvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
h:\programmer\fbrowsingadvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
h:\programmer\browsingtool\BrowsingTool.dat (Adware.Agent) -> Quarantined and deleted successfully.
h:\programmer\browsingtool\pcre3.dll (Adware.Agent) -> Quarantined and deleted successfully.
h:\programmer\browsingtool\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.

Når jeg så prøver at starte den der DDS ting, så siger den Windows kunne ikke finde Cmd kontroller at du skrev navnet korrekt?

Virker regedit?
Hent http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Kør HijackThis, klik på "Do a systemscan scan and save a logfile"  kopier loggens tekst og send den herind.

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:30, on 03-06-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\SYSTEM32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
H:\Programmer\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Programmer\Java\jre6\bin\jqs.exe
H:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Programmer\Java\jre6\bin\jusched.exe
H:\Programmer\Logitech\Gaming Software\LWEMon.exe
H:\WINDOWS\system32\devldr32.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Programmer\iTunes\iTunesHelper.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmer\Logitech\QuickCam\Quickcam.exe
H:\Programmer\Winamp\winampa.exe
H:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
H:\Programmer\iPod\bin\iPodService.exe
H:\Programmer\Messenger\msmsgs.exe
H:\WINDOWS\system32\wscntfy.exe
h:\Programmer\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Administrator\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bruce_lee194073@hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] H:\Programmer\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "H:\Programmer\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] H:\Programmer\Winamp\winampa.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "h:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "H:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ArtoNotifier] H:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - HKCU\..\Run: [Bitssize] H:\DOCUME~1\ADMINI~1\APPLIC~1\012MES~1\FiveTwo.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "H:\Programmer\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [VOIPlay] "H:\Programmer\VOIPlay\voiplay.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [shv] c:\program Files\MicPhone\antit.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [shv] c:\program Files\MicPhone\antit.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = H:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - H:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\progra~1\MicPhone\antit.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - H:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - H:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7620 bytes

Vil du godt opdater og køre Malwarebytes igen. Din database version er ret gammel!

Virker regedit?

intet virker på den her spand mere efter det der worm attack... mit wondows vil ikk starte normalt op eller noget ikke engang CMD kan den jo kører... det hele fucker virkelig... men jo... sender en til logfil så.

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

04-06-2009 07:30:55
mbam-log-2009-06-04 (07-30-55).txt

Skan type: Fuldstændig skanning (C:\|H:\|)
Objekter skannet: 317327
Tid tilbagelagt: 1 hour(s), 5 minute(s), 24 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
h:\system volume information\_restore{24ecffd4-a4a9-497f-9876-5cad6b1ff7f9}\RP469\A0248043.exe (Rogue.Installer) -> Quarantined and deleted successfully.
h:\system volume information\_restore{24ecffd4-a4a9-497f-9876-5cad6b1ff7f9}\RP469\A0248044.dll (Adware.PlayMp3z) -> Quarantined and deleted successfully.

Du har jo netop ikke opdateret.

Din:
Malwarebytes' Anti-Malware 1.37
Database version: 2182

Nuværende:
Malwarebytes' Anti-Malware 1.37
Database version: 2227

Kan du ikke opdatere???

Så vil du godt opdatere og køre igen.
Når du har opdateret og kørt vil jeg gerne se en log fra Malwarebytes og Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:50, on 04-06-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\SYSTEM32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
H:\Programmer\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Programmer\Java\jre6\bin\jqs.exe
H:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Programmer\Java\jre6\bin\jusched.exe
H:\Programmer\Logitech\Gaming Software\LWEMon.exe
H:\WINDOWS\system32\devldr32.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Programmer\iTunes\iTunesHelper.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmer\Logitech\QuickCam\Quickcam.exe
H:\Programmer\Winamp\winampa.exe
H:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
H:\Programmer\iPod\bin\iPodService.exe
H:\Programmer\Messenger\msmsgs.exe
H:\WINDOWS\system32\wscntfy.exe
h:\Programmer\Mozilla Firefox\firefox.exe
H:\Programmer\Adobe\Reader 9.0\Reader\AcroRd32.exe
H:\Programmer\Fælles filer\Adobe\Updater6\Adobe_Updater.exe
H:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
H:\Documents and Settings\Administrator\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bruce_lee194073@hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] H:\Programmer\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "H:\Programmer\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] H:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "H:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "h:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "H:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ArtoNotifier] H:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - HKCU\..\Run: [Bitssize] H:\DOCUME~1\ADMINI~1\APPLIC~1\012MES~1\FiveTwo.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "H:\Programmer\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [VOIPlay] "H:\Programmer\VOIPlay\voiplay.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [shv] c:\program Files\MicPhone\antit.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [shv] c:\program Files\MicPhone\antit.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = H:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - H:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\progra~1\MicPhone\antit.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - H:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - H:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7914 bytes

Din maskine er så kraftigt inficeret at det er vigtigt du læser og gør det jeg skriver her:

http://www.eksperten.dk/spm/876989#reply_7397250

Du må også godt fortælle noget mere om hvordan maskinen kører, dvs. symtoner og lignende.

Hvis jeg slukker den gider den overhovedet ikke viser ikoner frem når jeg tænder igen, så skal jeg logge af og på af og på 7-8 gange før den tager sig sammen, den siger noget med CMD ikke kører, og userinit ikke kører eller såen noget kan ikke huske hvad det hed, den kører meget normalt nu hvor jeg har slået virus programmet fra, men når jeg slår det til alarmere den konstant men en stor del af mine tidligere programmer kan ikke kører mere og genvejene er væk osv.
Men ja det havde jeg os på fornemmelsen...
Men kan det reddes?

Jo har opateret malware nu og den skanner nu.

Malwarebytes' Anti-Malware 1.37
Database version: 2227
Windows 5.1.2600 Service Pack 3

04-06-2009 12:43:32
mbam-log-2009-06-04 (12-43-32).txt

Skan type: Fuldstændig skanning (C:\|H:\|)
Objekter skannet: 319888
Tid tilbagelagt: 1 hour(s), 8 minute(s), 43 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

Prøv om du kan dette:

Hent og gem combofix på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Kør så combofix.exe og følg anvisningerne.
Vigtigt--> Deaktiver dit antivirusprogram da det kan forstyrrer combofix
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her:  C:\Combofix.txt

Yes der var intet Combofix.txt
Og nu kan jeg kun kører i fejlsikret tilstand, ingen ikoner eller noget, den siger prøver at køre DLL fil eller såen noget, også efter det undlad at sende beskeden...

Prøv at se her: C:\Combofix.txt
Jeg vil også gerne se en ny Hijackthis log.