Virus-rester?

Yffer Pyffer!!!

... jeg opdaterer aldrig samt rydder aldrig op på min pc ... - vil du lige gentage det OG tænke over hvorfor du har fået alt det 'snavs' ???

---

Du bruger også en GAMMEL Avast4 (og den er heller ikke opdateret i længerer tid!!!)

---

Der er MINDST 20 meget 'snavs' elementer på dit system ifølge ovenstående; og der er ifølge HiJackThis kun de synligt !!!
Hvad har du dog haft gang i ???

Sååååå - det er pænt naturligt (!) det du beskriver...

---

Jeg vil gerne se omtalte MalwareBytes log (i programmet under fanen - tja - logs kan den findes...).

---

Ugh, når du formulerer det sådan kan jeg godt se, at jeg ikke har tænkt mig særlig grundigt om. Der er nok mest fordi virus aldrig har været et problem så jeg har ikke tænkt over at det kunne blive det, men nu skal jeg ikke komme med dårlige undskyldninger :)
Her er den første scanning jeg lavede hvor den fandt liiiidt for meget:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4692

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

25-09-2010 19:56:59
mbam-log-2010-09-25 (19-56-59).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|)
Objekter skannet: 307718
Tid gået: 1 time(e), 40 minut(ter), 36 sekund(er)

Hukommelses Processorer Inficeret: 14
Hukommelses Moduler Inficeret: 5
Registreringsdatabasenøgler Inficeret: 15
Registreringsdatabaseværdier Inficeret: 29
Registreringsdatabasedata Objekter Inficeret: 5
Inficerede Mapper: 2
Inficerede Filer: 102

Hukommelses Processorer Inficeret:
C:\Windows\userinit.exe (Worm.Autorun) -> Unloaded process successfully.
C:\Windows\Elytab.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\Bruger\AppData\Roaming\hotfix.exe (Rogue.MultipleAV) -> Unloaded process successfully.
C:\Users\Bruger\AppData\Local\Temp\ltl6fz.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\Bruger\AppData\Local\Temp\qxemzuib.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Windows\System32\szetyj67vx.exe (Trojan.LVBP) -> Unloaded process successfully.
C:\Windows\System32\system.exe (Worm.Autorun) -> Unloaded process successfully.
C:\Users\Bruger\AppData\Roaming\1724E49ADB4BEEB826BED100541C5D21\handlerfix70700en00.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\Bruger\AppData\Local\Temp\ltl6fz.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\Bruger\AppData\Local\Temp\qxemzuib.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\Bruger\AppData\Local\Temp\Esh.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Windows\System32\updata.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Users\Bruger\AppData\Local\Temp\win.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Windows\System32\szetyj67v.exe (Trojan.Dropper) -> Unloaded process successfully.

Hukommelses Moduler Inficeret:
C:\Users\Bruger\AppData\Local\Temp\msreaayl.dll (Trojan.Onlinegames) -> Delete on reboot.
C:\Windows\System32\ftgkyzjvjj.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\gkqmz0.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\System32\uejide.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Registreringsdatabasenøgler Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j1-4opm-00we-aax5-71ef1d187311} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b1ba40a1-75f2-51bd-f313-04b03a2c8953} (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1ba40a1-75f2-51bd-f313-04b03a2c8953} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1ba40a1-75f2-51bd-f313-04b03a2c8953} (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5k0-4opm-00we-aax5-77ef1d187463} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iwjpqr (Trojan.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b1ba40a1-75f2-51bd-f313-04b03a2c8953} (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nnraxms (Trojan.Downloader) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nnraxms (Trojan.Downloader) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0noyaxms (Trojan.Downloader) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0noyaxms (Trojan.Downloader) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhmzkfgpfh (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhmzkfgpfh (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhmzkfgqxb (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhmzkfgqxb (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szetyj67vx (Trojan.LVBP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\handlerfix70700en00.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3fwhzqa3lt (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhmzkfgsa (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvhmzkfgsa (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ocemaxnswr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\apps (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szetyj67v (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hattric (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\59t4 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Worm.Autorun) -> Data: c:\windows\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\PLAIN\G-2-3-45-111111BBBB-222222222222-6666666666-000 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\hattric (Backdoor.Agent) -> Quarantined and deleted successfully.

Inficerede Filer:
c:\KEY\F-2-3-13-23878789098-7675432123-0000900091-777\x0rr0x.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\msreaayl.dll (Trojan.Onlinegames) -> Delete on reboot.
C:\Windows\System32\ftgkyzjvjj.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\userinit.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Windows\Elytab.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Roaming\hotfix.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Windows\System32\gkqmz0.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\System32\uejide.dll (Trojan.Downloader) -> Delete on reboot.
C:\Users\Bruger\AppData\Local\Temp\ltl6fz.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\qxemzuib.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\szetyj67vx.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Windows\System32\system.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Users\Bruger\AppData\Roaming\1724E49ADB4BEEB826BED100541C5D21\handlerfix70700en00.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Esh.exe (Trojan.Downloader) -> Delete on reboot.
C:\Windows\System32\updata.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\win.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\Bruger\AppData\Local\Temp\ocemaxnswr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BCAZN5S8\mainfull70707[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BCAZN5S8\mainfull70707[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAMHNRFY\mainfull70707[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Installer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\stp25c47.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\stp44c2b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\stp4c372.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\stp6a751.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\9fwj3e05i.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\rnacmswxoe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\wS1eIQGM9 (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\zyldslfo.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\o4s0419l.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\o7p9vnxxabjxgu8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\jlfu1en.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\e21tj2hq0.exe (Trojan.Sisproc.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\ecsxanwrom.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\eg0t491i43prrjd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Esj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Esk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Eso.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Esp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Esq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Esr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Est.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Esu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\C7B3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\ppvijkl.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\97dbd836.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\i3kma.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\5555y (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Roaming\1724E49ADB4BEEB826BED100541C5D21\mainfull70707.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\Elytaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\d89hbno0.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\spool\prtprocs\w32x86\17c3sK.dll (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Windows\System32\spool\prtprocs\w32x86\1o931i.dll (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Windows\Temp\IQ7wS17s.sys (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRT226E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\M7g31a.sys (Trojan.Alureon) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP00000001A719E1E4A4BB4803 (Trojan.Agent) -> Quarantined and deleted successfully.
G:\forever.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\KEY\Music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\.fseventsd\fantasy.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\.fseventsd\Music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\DIT-DL7ZJQQCEX5\fantasy.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\DIT-DL7ZJQQCEX5\Music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\DIT-DL7ZJQQCEX5\DIT-DL7ZJQQCEX5\DIT-DL7ZJQQCEX5swo2.exe (Trojan.Ircbrute) -> Quarantined and deleted successfully.
G:\DIT-DL7ZJQQCEX5\DIT-DL7ZJQQCEX5\DIT-DL7ZJQQCEX5px3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\BRUGER-PC\Music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\xAVx\My music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\xAVx\fantasy.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\xAVx\Music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\xAVx\ReleAsE\xAVy.exe (Trojan.PWS) -> Quarantined and deleted successfully.
G:\Biceps tenodesis\My music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\Biceps tenodesis\fantasy.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\Biceps tenodesis\Music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\Hjorringgaard, Mogens; 070654-1659\My music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\Hjorringgaard, Mogens; 070654-1659\fantasy.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\Hjorringgaard, Mogens; 070654-1659\Music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\Gads Bogskab\My music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\Gads Bogskab\fantasy.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\Gads Bogskab\Music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\PLAIN\fantasy.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\PLAIN\Music.exe (Worm.Autorun) -> Quarantined and deleted successfully.
G:\PLAIN\G-2-3-45-111111BBBB-222222222222-6666666666-000\Mix.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\PLAIN\G-2-3-45-111111BBBB-222222222222-6666666666-000\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Windows\System32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\szetyj67v.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\H8SRT4604.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\H8SRT4643.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\awmnxecros.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\1biq.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\Bruger\AppData\Local\Temp\hgksfg.bat (Malware.Trace) -> Quarantined and deleted successfully.

Der er jo en grund til der er opdateringer, og det har du så fundet ud af nu.

Jeg lytter med her, og lover ikke at komme med flere belærende ord :)

Du har ikke opdateret malwarebytes før scanning.

Jeg var ellers sikker på at jeg opdaterede det efter jeg havde installeret det - men det kan godt være at den ikke har hentet den nyeste opdatering med det sammme?

Din Database version: 4692
Nuværende Database version: 4717

Men allerede på nuværende tidspunkt har Mawarebytes kommet godt på arbejde...

Så en omgang mere - gerne med
"HøjreMusseTast - Kør Som Administrator..."

---

Jeg vil også anbefale at slette alt det - sansynligvis - mere eller mindre ulovligt DOWNLOAD du har på G:\...
Det 'skriger' jo til himmels!!!

---

Og en frisk log fra HiJackThis derefter...

Men vi er sandelig ikke færdige endnu!!!

---

Malwarebytes 1.46 uden opdatering har database version 4052. Så det skal nok passe, at database version 25-09-2010 var  4692.

Du kan også varme op til

M$ ServicePack1 til Vista -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=f559842a-9c9b-4579-b64a-09146a0ba746
M$ ServicePack2 til Vista -> (32bit) -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d

+ efterfølgende MANGE opdateringer (alle) fra WindowsUpdate!!!

NB: Proceduren her i denne box vil nok ta' >4 timer PC tid når det går bedst!!!

---

Med en log fra HiJackThis først !!!

Jeg har kørt programmet 3 gange i dag med omkring 2-10 filer inficerede (dog ikke som administratior). Skal jeg stadig give den en gang til? Det skal lige siges at jeg kun har et C:\ samt E:\ drev, de andre var virtuelle dreve samt et usb-stik. HiJackThis-loggen er fra i dag (altså efter ca 4 grundige scans siden i søndags)

Som led i oprydning generelt ->

http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/ (Specielt punktet [Register]...)
http://www.ccleaner.com/download/builds/downloading-slim
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.

http://www.alt-til-windows.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

Forresten kan jeg ikke opdatere servicepakkerne da min browser ikke kan få forbindelse til microsoft.com >(

Allerede nu vil jeg gerne sige tak fordi I gider hjælpe, og at jeg på trods af at vi snakker over et forum nærmest føler mig pinlig berørt over den sørgelige tilstand min maskine er i. :)

Her er den seneste virus-scan efter jeg har ryttet 3.5 gb ud med Ccleaner:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4717

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

29-09-2010 23:46:18
mbam-log-2010-09-29 (23-46-18).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 282613
Tid gået: 1 time(e), 24 minut(ter), 8 sekund(er)

Hukommelses Processorer Inficeret: 1
Hukommelses Moduler Inficeret: 1
Registreringsdatabasenøgler Inficeret: 5
Registreringsdatabaseværdier Inficeret: 4
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 1
Inficerede Filer: 8

Hukommelses Processorer Inficeret:
C:\Users\Bruger\AppData\Local\Temp\avstc.exe (Trojan.Downloader) -> Unloaded process successfully.

Hukommelses Moduler Inficeret:
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Registreringsdatabasenøgler Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j1-4opm-00we-aax5-71ef1d187311} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\20W6RLKX65 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft iexplorer11 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft iexplorer11 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3fwhzqa3lt (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
C:\KEY\F-2-3-13-23878789098-7675432123-0000900091-777 (Trojan.Agent) -> Delete on reboot.

Inficerede Filer:
c:\KEY\F-2-3-13-23878789098-7675432123-0000900091-777\x0rr0x.exe (Generic.Bot.H) -> Delete on reboot.
C:\Users\Bruger\AppData\Local\Temp\avstc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Users\Bruger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAMHNRFY\av2exe1[1].jpg (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\KEY\F-2-3-13-23878789098-7675432123-0000900091-777\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Bruger\AppData\Local\Temp\Esk.exe (Trojan.FakeAlert) -> Delete on reboot.


Og her er den seneste HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:51:21, on 29-09-2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O1 - Hosts: 89.149.249.196 www.google.com
O1 - Hosts: 89.149.249.196 www.google.de
O1 - Hosts: 89.149.249.196 www.google.fr
O1 - Hosts: 89.149.249.196 www.google.co.uk
O1 - Hosts: 89.149.249.196 www.google.com.br
O1 - Hosts: 89.149.249.196 www.google.it
O1 - Hosts: 89.149.249.196 www.google.es
O1 - Hosts: 89.149.249.196 www.google.co.jp
O1 - Hosts: 89.149.249.196 www.google.com.mx
O1 - Hosts: 89.149.249.196 www.google.ca
O1 - Hosts: 89.149.249.196 www.google.com.au
O1 - Hosts: 89.149.249.196 www.google.nl
O1 - Hosts: 89.149.249.196 www.google.co.za
O1 - Hosts: 89.149.249.196 www.google.be
O1 - Hosts: 89.149.249.196 www.google.gr
O1 - Hosts: 89.149.249.196 www.google.at
O1 - Hosts: 89.149.249.196 www.google.se
O1 - Hosts: 89.149.249.196 www.google.ch
O1 - Hosts: 89.149.249.196 www.google.pt
O1 - Hosts: 89.149.249.196 www.google.dk
O1 - Hosts: 89.149.249.196 www.google.fi
O1 - Hosts: 89.149.249.196 www.google.ie
O1 - Hosts: 89.149.249.196 www.google.no
O1 - Hosts: 89.149.249.196 search.yahoo.com
O1 - Hosts: 89.149.249.196 us.search.yahoo.com
O1 - Hosts: 89.149.249.196 uk.search.yahoo.com
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldda-dk.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.127,93.188.161.217
O17 - HKLM\System\CS2\Services\Tcpip\..\{016FEA1D-1759-41D0-BD9B-ABF4B4FD9C53}: NameServer = 93.188.162.127,93.188.161.217
O18 - Protocol: bw+0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {D9002EBC-51C7-4E3D-BA6F-5365E8815E96} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 22572 bytes

Og MalwareBytes var på banen igen *S* ...

1) Reset HOST fil -> http://support.microsoft.com/kb/972034 (Muligvis hentes via en anden PC?)
Genstart normalt.
Check at du nu kan 'se' www.microsoft.dk

2) Afinstall
* Avast4
(Brug evt. http://www.avast.com/uninstall-utility) samt oprydning med CCleaner...

3) Install
* Avast5 (Avast antivirus/antispyware: http://www.avast.com/free-antivirus-download)
ELLER
* M$ MSE ( http://www.microsoft.com/security_essentials/default.aspx?mkt=da-dk )
* Lad programmet blive opdateret - evt. scanne din PC... *

4) -- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

NB: Du må ikke døbe den Combofix.exe, men eksempelvis BANAN.exe

-- Kør så combofix.exe (BANAN.exe), som du hentede tidligere, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Okay nu er følgende status: Mit internet virker fint igen, jeg har fået afinstalleret og installeret Det nyeste avast igen samt scannet hvor den fandt omkring 2000 filer :S Men da jeg så fik den til at flytte dem til virus-boksen så crashede programmet og da jeg så genstartede får jeg fejlen:
initialiseringen af interaktiv logonprocess mislykkedes

Som jeg måske har fundet en løsning på (noget med Vista's CD hvor jeg skal kopiere den ødelagte fil fra kommandoprompt eller sådan noget i den stil..)

Hvis du nogen sinde har oplevet noget lignende så må du meget gerne hjælpe, ellers så skal jeg nok skrive tilbage når jeg engang ved noget mere

- Jonas

Lige en hurtig:
Kan du opstarte i "Fejlsikker tilstand" ?

Nej det kan jeg ikke engang. Jeg har læst mig til at det er en .manifest fil inde i windows-mapperne der ikke virker ordentligt. Nu har jeg prøvet at kopiere denne fil fra min installations-CD eller hvad den nu hedder (fra Vista) uden noget resutat. Jeg prøver lige et par ting inde i reperationssiden men hvis der ikke er noget af det, der virker ved jeg ikke hvad jeg skal gøre - ihvertfald ikke noget jeg selv kan finde ud af :/

På trods af, at jeg læste mig til, at en systemdgenoprettelse ikke ville virke så prøvede jeg det og nu er problemet tilsyneladende løst - nu tør jeg bare næste ikke genstarte min pc :) Jeg tror jeg scanner min PC engang i morgen når jeg får tid til det og så gennemfører jeg de sidste punkter du skriver, så kommer jeg tilbage så hurtigt som muligt - endnu engang tak :)

Dette kunne nok også være sundt:

Gå i Start - Skriv i søgefeltet > cmd > vælg det program som hedder > cmd.exe > og højreklik på den og sig "Kør som administrator"
2. Skriv: SFC.exe /Scannow > Enter
3. Indsæt din Windows CD/DVD, hvis du bliver bedt om det
4. Genstart computeren

---

Status:
Min pc virker fortsat ikke, kun når jeg laver en systemgenoprettelse. Det vil altså sige, at når jeg slukker min pc efter SGO så kan den ikke logge ind, og på den måde kan jeg ikke fixe det medmindre jeg kan erstatte den ødelagte fil(?) - og hvilken er det så? Kender du noget program der kan scanne windows for at se ødelagte filer og evt. reparere dem?

Men hvad fik du ud af #18 i praksis ?

(Andre i dene tråd ?)

Nu har jeg lavet systemscanningen og den skrev:
"Ressourcebeskyttelse fandt beskadigede filer, men det var ikke alle filer, der kunne repareres"
Og at der er oprettet en log - Hvis jeg genstarter min pc er jeg bange for jeg ikke kan logge ind og skal lave systemgenoprettelse igen hvilket annulerer reperationen af de filer, der blev fixet? Hvad ville det bedste pt. være at gøre?

(Andre i denne tråd ?)

Måske ->

Gå i Start - Skriv i søgefeltet > cmd > vælg det program som hedder > cmd.exe > og højreklik på den og sig "Kør som administrator"
2. Skriv: CHKDSK  C:  /F  /R  /X > Enter

Hmm, den siger, at diskenheden er i brug af en anden process?

Jeg prøver lige at genstarte sytemet - hvis det ikke virker skriver jeg nok først i morgen da der er gæster på trappen.

Ref #24: Det havde jeg også ventet; derfor starter processen først ved næste genstart... Lad den køre!!! Der kommer ikke yderligere besked ...

Der er lige den lille finte at ind i mellem, skal man lige huske at læse det der står ;)



Altså er det rigtigt at du skal genstarte pc, for at starte chkdsk.

Hej igen. Min pc gav op efter jeg lavede den scanning der, og det er endt med at jeg har taget backup på de vigtigste filer samt installeret windows 7.

Jeg vil gerne sige tak til jer (karise_larry mest) og så vil jeg forfærdeligt gerne af med nogle point nu ;)

Ping...

Du vil nok blive glad for WIN7 - husk nu WindowsUpdate + Sikkerhedsprogram mm. ...

Yes, jeg har allerede hentet virusprogram og jeg skal snart i gang med at opdatere windows :) I det mindste har jeg lært noget af denne episode :) Tak

virusprogram ?
Du mener vel Antivirusprogram ? *S*