Ekstern Harddisk

Her er den log fil som det der MAlwarebytes program fandt:

Malwarebytes' Anti-Malware 1.33
Database version: 1668
Windows 5.1.2600 Service Pack 3

19-01-2009 18:46:20
mbam-log-2009-01-19 (18-46-20).txt

Skan type: Hurtig skanning
Objekter skannet: 53073
Tid tilbagelagt: 11 minute(s), 1 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 4
Inficerede Registeringsdatabase Værdier: 2
Inficerede Registeringsdatabase Filer: 13
Inficerede Mapper: 8
Inficerede Filer: 45

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms antispyware 2009 (Rogue.ProAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*svchostboot (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{198a9a79-12be-4ce2-bc9f-906b702c5263}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd702d5e-d569-4e78-aa85-1ef6c18c498c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd702d5e-d569-4e78-aa85-1ef6c18c498c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{198a9a79-12be-4ce2-bc9f-906b702c5263}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bd702d5e-d569-4e78-aa85-1ef6c18c498c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bd702d5e-d569-4e78-aa85-1ef6c18c498c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{198a9a79-12be-4ce2-bc9f-906b702c5263}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bd702d5e-d569-4e78-aa85-1ef6c18c498c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bd702d5e-d569-4e78-aa85-1ef6c18c498c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.139,85.255.112.186 -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.ProAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxutepktkb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090115171725156.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090116140556750.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090116141003578.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090116143439359.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090116144122312.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090116145449687.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090116150647968.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090116221247781.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090117065310234.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090117081453359.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090117141126203.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090118161639390.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090119174643515.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090119174946796.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programmer\videoplay\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheCarFaceKiller\Application Data\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxbltgonvh.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxltqsnkwp.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxupsaekyj.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxyqjnkllr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Temp\_ad51.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Temp\TDSS8c17.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Temp\TDSSd008.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Temp\TDSSd5b5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Temp\TDSSf3dc.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-025.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-07B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-199.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-1A3.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-219.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-271.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-27B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-77D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-879.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-A0D.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-ACB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-EB1.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-F43.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-F51.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmhxt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

... den lyder bekendt ->

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)
Ikke nødvendigvis pga virus ell. lign. men så ka' jeg se hvad der er i din opstart mm.

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------

Mht [Malwarebytes' Anti-Malware 1.33] ->  "Skan type: Hurtig skanning"

Ta' en FULD scanning på samme måde - incl den Externe HD's drev navn...

Jamen det der "Malwarebytes" er det ikke bare et Antivirus program, den gendanner vel ikke de gamle filer?

Vil lige prøve med det der HJT.

Du er lige nød til at hjælpe mig.. SKimtede den bare hurtigt igennem, syntes ikke lige jeg kunne finde noget med "F:"
Men her kommer loggen fra HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:43, on 19-01-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Xfire\xfire.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\Winamp\winamp.exe
C:\Documents and Settings\TheCarFaceKiller\Skrivebord\reD.exe
C:\Programmer\Java\jre6\bin\java.exe
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\TheCarFaceKiller\Skrivebord\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Programmer\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ArtoNotifier] C:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TheCarFaceKiller\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Programmer\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Programmer\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\xfire.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223662127812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227124777484
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe

--
End of file - 8716 bytes

[Malwarebytes' Anti-Malware 1.33] ->  "Skan type: Hurtig skanning" - vælg alle frev i listen der fremkommer...

Prøver.

Hmm. Kiggede lige i "Karantene" kan godt nok ikke finde en "F:resycled/boot.com" men finder en "C:resycled/boot.com" ?

omfg? Fandt lige ude af at det rent faktisk var C drevet og ikke F drevet -.-
Og der siges at der er en "Virus indentified Win32/Cryptor Detected on open"
Process Name: "C:\WINDOWS\system32\rundll32.exe"

... fordi den har kun scannet C: 'hurtigt' ...

Hvor der jo iøvrigt blev fundet rigtig meget 'snavs' !!!

Gentager -> [19/01-2009 22:15:59] ...

Ja scanner det lige. Men hvad skal jeg gøre? Den sætter den vel bare i karantæne eller sletter den..? Det hjælper jo ikke på at jeg ikke kan åbne mappen ordenligt?

DU skal ikke SELV manuelt slette evt. elementer den finder -

Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.

Hmm... Har du så også en løsning på hvordan jeg så kan åbne min HDD igen?
Hvis jeg sletter den er den jo totalt fuckt?

... ikke forstået ?

Ja hele tråden her handler jo faktisk om at jeg ikke kan åbne min Eksterne HDD ;D
Og hvis jeg sletter den der resycled/boot.com så kan jeg nok aldrig mere åbne den?

... ka' den ses/åbnes på en anden putter ?

Kan din externe disk ses i Diskhåndtering, hvis ja, hvilket drevbogstav er den blevet tildelt

Den kan godt ses, den kan også ses i Denne computer, og hvis jeg går op i den der URL bar i denne computer og skriver "F:" kan jeg da også sagtens komme ind på den, men det er altså ret irreterende at man ikke bare kan klikke på den. Der kommer en msg box op med navn "C:/resycled/boot.com" som jeg så har slettet med det Malwarebytes.
Hmm. Men spørgsmålet er om jeg ikke bare skal formatere min pc?

Har ikke lige nogen anden "putter" :D
Men vil jeg da gå ud fra at den kan da det er mit C: drev der er galdt med her.

Der ligger sikkert en autorun.inf fil i roden af den disk. Slet den. Du skal sikkert slå vis system filer til.

Ajj nu formatere jeg sku.. Der var alligevel heller ikke særlig meget plads tilbage.

Er væk en time eller noget..

/out

mmh?
Har fundet ud af at det er min Eksterne der er galt med?
Hvordan får jeg nu de filer tilbage, har jo lige formateret.

"...Har fundet ud af at det er min Eksterne der er galt med?..."
Kan du da 'se' den ordentligt nu ?

(Det var jo 'lidt' dumt! Du har lige slettet ~100.000 filer; du kunne have nøjes med at slette ÉN fil \autorun.inf på disken...)

Der ligger ikke nogen autorun på den.

Øhhh - er det ikke lige den du har slettet ? Eller misforstod jeg/vi ?

Hmm. Jeg har formateret. OG har også fundet ud af at der ligger en autorun på den, men den kan ikke ses. Heller ikke hvis man sætter hak i "Vis skjulte mapper" eller noget. Og den mit antivirus havde slettet var "resycled/boot.com"

... øøøøhhh - ikke forstået (eller er jeg bare lidt søvnig idag? *S*)
Du har total formateret den externe harddisk hvor der tilsyneladende lå "resycled/boot.com" ?
Og nu siger du et der ligge en sådan en derpå nu ? Men ka' ikke ses ?

Undskyld jeg kommer med denne så sent.
Men den virker fint igen (Lige pludselig o_O)
Er trodalt ny her, så hvordan gir man pointene?