Endnu et problem med Antivirius 2009 - i Windows XP/multibruger

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------

... og dette for alle brugerer på PC'en ...

Velkommen til Eksperten.dk
http://expfaq.dk/

Men jeg skal ikke køre programmerne 'per bruger'?

... og dette for alle brugerer på PC'en ...

Nej - det er nok at du logger på med een bruger

(Jeg har dog oplevet at enkelte 'snavs' elementer blev efterfølgende fundet hos en anden bruger/login... men for >95% af 'snavset' bliver fundet/fjernet med een bruger/login...)

Ok, det prøver vi så. Nu har CClener scannet i 2½ time snart... Håber det snart er overstået.

Er der nogen der ved, hvad Antivirus 2009's formål er? Hvorfor og hvad er det...?
Mindes med gru en virus vi fik for 6 måneder siden, hvor biller pludselig tonede frem på skærmen, og 'åd' alle vores dokumenter, billedfiler og programmer :(
Heldigvis var det reservecomputeren, men denne gang er det hovedcomputeren, med flere hundrede originale ukopirede billeder og mit arbejde, der er ramt. Der MÅ bare ikke ske noget med den!!

Fra CCleaner:

cccccdeleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP969\A0280880.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP970\A0280946.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP970\A0280947.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP970\A0280948.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP971\A0281018.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP971\A0281019.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP971\A0281020.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP971\A0281021.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP972\A0281029.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP972\A0281030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP972\A0281032.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP972\A0281033.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP973\A0281053.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dihataga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\japamogi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kerobuvi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lunuhofu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rovopere.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tofetepu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\velajoya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gawajaso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\morupeke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pufuniso.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hatotufo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sinebewa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.0xe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vunewite.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wagegeda.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Fra Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:18, on 09-01-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AGI\common\win32\PythonService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programmer\Dell\OpenManage\Client\Iap.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmer\F-Secure Internet Security\FSPC\fspc.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Logitech\QuickCam\Quickcam.exe
C:\Programmer\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Programmer\Dell Photo AIO Printer 964\memcard.exe
C:\Programmer\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Programmer\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Programmer\F-Secure Internet Security\FSGUI\scanwizard.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Programmer\AGI\common\agcutils.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Programmer\AGI\common\agcutils.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Programmer\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Programmer\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programmer\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Programmer\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Programmer\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Programmer\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KiweeHook] "C:\Programmer\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [nagekamevo] Rundll32.exe "C:\WINDOWS\system32\fevuruni.dll",s (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Metacafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Børnesikring... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Børnesikring... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40/freecell/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155532737171
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: GoToAssist - C:\Programmer\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Programmer\AGI\common\win32\PythonService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Programmer\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Iap - Dell Inc - C:\Programmer\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe

--
End of file - 15380 bytes

Og den sidste, som er den vigtigste?

Antivirus 2009 er spyware af værste skuffe, men heldigvis nem at komme af med.

Hej John. Hvilken sidste? Jeg troede kun det var de 2 log, jeg skulle citere...

John Stingers 

09/01-2009 21:56:34  Det er da en log fra Malwarebytes Anti Malware

samsonjens - nej, det er ccleaner.

Det er blevet bedt rens med Ccleaner + logs fra Hijackthis og Malwarebytes AntiMalware, men der er renst med Ccleaner og log fra denne og Hijackthis, men Malwarebytes AntiMalware har ikke været igang...

Kommentar: karise_larry
09/01-2009 19:06:02
**SNIP**
Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind
**SNIP**

Rettelse:
"Det er blevet bedt rens med Ccleaner + logs fra Hijackthis og Malwarebytes AntiMalware" skal rettes til:

"Der er blevet renset med Ccleaner + logs fra Hijackthis og Ccleaner"

Så er der fra Anti-Malware:

Malwarebytes' Anti-Malware 1.32
Database version: 1635
Windows 5.1.2600 Service Pack 3

09-01-2009 21:46:35
mbam-log-2009-01-09 (21-46-35).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 187081
Tid tilbagelagt: 2 hour(s), 20 minute(s), 4 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 4
Inficerede Registeringsdatabase Nøgler: 18
Inficerede Registeringsdatabase Værdier: 4
Inficerede Registeringsdatabase Filer: 5
Inficerede Mapper: 5
Inficerede Filer: 37

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\gurekiwo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\palodide.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fevuruni.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gofisadi.dll (Trojan.Vundo.H) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8a20549-188a-4403-9772-39139e926ef8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f8a20549-188a-4403-9772-39139e926ef8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f8a20549-188a-4403-9772-39139e926ef8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nagekamevo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm83c42dbe (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\gurekiwo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gurekiwo.dll  -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\gurekiwo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\palodide.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\palodide.dll -> Delete on reboot.

Inficerede Mapper:
C:\Programmer\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\461942 (Trojan.BHO) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\WINDOWS\system32\sosikupi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipukisos.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fevuruni.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\palodide.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gofisadi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gurekiwo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP969\A0280878.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP969\A0280879.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP969\A0280880.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP970\A0280946.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP970\A0280947.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP970\A0280948.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP971\A0281018.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP971\A0281019.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP971\A0281020.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP971\A0281021.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP972\A0281029.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP972\A0281030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP972\A0281032.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP972\A0281033.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP973\A0281053.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dihataga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\japamogi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kerobuvi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lunuhofu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rovopere.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tofetepu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\velajoya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gawajaso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\morupeke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pufuniso.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hatotufo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sinebewa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.0xe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vunewite.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wagegeda.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Prøv lige dette også - for en sikkerheds skyld.