Trojansk hest TR/Zlob.Gen.5 what to do

Ja - det ka' jeg godt se -> Hvad med disse gamle spm.:
http://www.eksperten.dk/list.phtml?spm_creator=kafka23&status_1=on&status_2=on&status_3=on&status_4=on
http://expfaq.dk/?id=3#behandling_af_svar

Deaktivér Systemgendanelse - Genstart - Aktiver Systemgendannelse.
http://www.fbeej.dk/Systemgendannelse.htm

Check så med dit Antivirus prg. igen ...

... men der _kan_ jo godt være andre uønskede elementer på din putter - derfor rul i først omgang proceduren herfra ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Mere kan/vil følge - men gi' feedbak først...
(Også i dine tidl. spm. )

Ok, jeg har kørt hijackthis, der kommer denne logfil frem
Men hvordan ved Jeg nu, hvad der er skadeligt, og hvad der ikke er skadeligt?




Logfile of HijackThis v1.99.1
Scan saved at 16:32:16, on 09-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Søren Laursen\Skrivebord\Ny mappe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [HD] C:\Programmer\Jvw History Eraser 1.0\Hd.cmd
O4 - HKCU\..\Run: [SpySpotter System Defender] C:\Programmer\SpySpotter3\Defender.exe -startup
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programmer\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Carnival Casino - {776883A9-1EA8-4d8f-88B7-AA652FEF01A7} - C:\Casino\Carnival Casino\casino.exe
O9 - Extra 'Tools' menuitem: Carnival Casino - {776883A9-1EA8-4d8f-88B7-AA652FEF01A7} - C:\Casino\Carnival Casino\casino.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://secure.bellerockgaming.com
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.bifrost.aakb.dk/support/plugins/ebraryRdr.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {27F3FC88-5316-497E-BAA9-A6FC8C9730A2} (WDXMAPProject.WDXMAP) - http://www2.web-direct.dk/neozone/WDXMAP.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.luckynugget.com/download_helper/Nyoko.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107619504346
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://light.gabs.dk/imageuploader/ImageUploader3.cab
O16 - DPF: {A43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C} (IMMail Class) - http://www.passalong.com/Music/activex/TPIMActiveX.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} (WDX.WDX_Main) - https://www2.web-direct.dk/wdx.cab
O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://foto.vg.no/activex/ImageUploader3.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/4066/defaults/activex/ImageUploader3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

... du er 'angrebet' af NewDotNet og den famillie ... ikke sundt...
StandBy ...

hej.... ang. svarene, skulle jeg gerne ha lukket de fleste nu...

ok...av

Der skal nok komme en HiJackThis 'freak' til dig...

hehehe, det er da fantastisk, dette sted.... Tænk sig, at der er sådanne flinke folk i denne verden

yeb fandt det i går.. Håber der er en der kan hjælpe mig med min HijackThis

Kør scannerne fra denne artikel:
http://www.eksperten.dk/artikler/954

Hvis du ikke kan komme på nettet bagefter, skal du starte SuperAntiSpyware igen, klikke på Preferences, fanebladet Repairs, finde og markere Repair broken network connection og så klikke på Perform Repair.
Bagefter skal vi se de to logs fra scannerne og en frisk Hijackthislog.

mens jeg venter:
JEg skal lige høre, om dr1's første råd:

"Deaktivér Systemgendanelse - Genstart - Aktiver Systemgendannelse.
http://www.fbeej.dk/Systemgendannelse.htm

Check så med dit Antivirus prg. igen ..."

Om det jeg stadig skal gøre det? Vil det hjælpe noget?
Mvh
kafka23

ok, jeg gør det...

Jeg får et problem, når jeg starter drweb-cureit.exe i fejlsikret tilstand. Programmet lukkes ned, når den starter scannen, og det er jo noget l...rt
Hvad så nu? Jeg har prøvet to gange...

Skal jeg prøve at køre Superantisoftware først? Eller har i nogle råd? drweb-cureit.exe går simpelthen ned med beskeden om, at der er sket en fejl i programmet, som vi kender det fra mange andre steder...

... kør dem du ka' - så vi har noget at gå ud fra ... mht Log's ...

ok her kommer først en frisk hijack-logfil

Logfile of HijackThis v1.99.1
Scan saved at 23:22:34, on 09-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Søren Laursen\Skrivebord\Ny mappe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [HD] C:\Programmer\Jvw History Eraser 1.0\Hd.cmd
O4 - HKCU\..\Run: [SpySpotter System Defender] C:\Programmer\SpySpotter3\Defender.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programmer\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.bifrost.aakb.dk/support/plugins/ebraryRdr.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {27F3FC88-5316-497E-BAA9-A6FC8C9730A2} (WDXMAPProject.WDXMAP) - http://www2.web-direct.dk/neozone/WDXMAP.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.luckynugget.com/download_helper/Nyoko.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107619504346
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://light.gabs.dk/imageuploader/ImageUploader3.cab
O16 - DPF: {A43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C} (IMMail Class) - http://www.passalong.com/Music/activex/TPIMActiveX.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} (WDX.WDX_Main) - https://www2.web-direct.dk/wdx.cab
O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://foto.vg.no/activex/ImageUploader3.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/4066/defaults/activex/ImageUploader3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)





Og så kommer superantispywares logfil



SUPERAntiSpyware Scan Log
Generated 08/09/2006 at 11:15 PM

Core Rules Database Version : 3047
Trace Rules Database Version: 1097

Memory threats detected  : 2
Registry threats detected : 31
File threats detected    : 135

Trojan.NewDotNet
    C:\PROGRAMMER\NEWDOTNET\NEWDOTNET7_22.DLL
    C:\PROGRAMMER\NEWDOTNET\NEWDOTNET7_22.DLL
    C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
    C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
    [New.net Startup] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
    SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
    SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
    SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
    SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net
    HKU\.DEFAULT\Software\New.net
    HKU\S-1-5-21-1614895754-507921405-1060284298-1003\Software\New.net
    HKU\S-1-5-18\Software\New.net
    HKLM\Software\New.net
    HKLM\Software\New.net#Activity
    HKLM\Software\New.net#InstalledVersion
    HKLM\Software\New.net#InstalledPath
    HKLM\Software\New.net#Tag
    HKLM\Software\New.net#DiscardTag
    HKLM\Software\New.net#FirstTime
    HKLM\Software\New.net#Source
    HKLM\Software\New.net#Prt
    HKLM\Software\New.net#LSPStatus
    HKLM\Software\New.net#NextUpgradeHi
    HKLM\Software\New.net#NextUpgradeLo
    HKLM\Software\New.net#UpgradeCounter
    HKLM\Software\New.net#Search
    HKLM\Software\New.net#XpiDone
    C:\Programmer\NewDotNet
    C:\WINDOWS\NDNuninstall6_98.exe
    C:\WINDOWS\NDNuninstall7_14.exe
    C:\WINDOWS\NDNuninstall7_22.exe

Adware.MyWay
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{014DA6C9-189F-421a-88CD-07CFE51CFF10}
    HKU\S-1-5-21-1614895754-507921405-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}

Adware.Tracking Cookie
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ebookers[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@mb[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ehg-ads.hitbox[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@cgi-bin[3].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@advertising[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@cgi-bin[4].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@bs.serving-sys[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@18766632[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@kanoodle[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@www.freeserials[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@as-eu.falkag[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@track.adform[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@stats24[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ad1.emediate[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@revenue[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@dcs31n2r211e5hireccdojmr6_3c8t[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@den[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@realmedia[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@qksrv[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@m1.webstats4u[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@cgi-bin[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@statcounter[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@2o7[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@banner.monacogoldcasino[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@partypoker[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@zedo[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@yadro[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@bannere.fyens[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@globalstat[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@www.infomedia.dk.ez-always.statsbiblioteket[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ads.planetactive[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@fastclick[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@14382979[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@stat.postdanmark[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@hetnet[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@adtech[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ads.addynamix[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@adserver.banneradministration[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@e2.emediate[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@indexstats[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@revsci[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@xiti[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@atdmt[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ads.realtechnetwork[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@partners.webmasterplan[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@14320[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@webstat[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@adserver.o2[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@microsoftwlmessengermkt.112.2o7[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@hitbox[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@trafficmp[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@please[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@mediaplex[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ratebeer.freestats[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@1069602872[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@tradedoubler[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@targetnet[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@adfair[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@doubleclick[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@7372395[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ad.yieldmanager[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@stat.inleadmedia[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@adserver.priority-media.co[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@tracking.inventarland[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ehg-warnerbrothers.hitbox[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ads01.revenue[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ads0.revenue[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@yieldmanager[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@www.webstat[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@clicktorrent[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@spylog[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@stats1.reliablestats[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@media.fastclick[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ad.ent.tbn[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ad.adocean[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@as1.falkag[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@tribalfusion[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@clicksor[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@1068050097[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@c5.zedo[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ad.text.tbn[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@apmebf[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@7895639[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@click.cashengines[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@indextools[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@1072526338[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@a[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@nextstat[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@1071332546[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@toplist[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@www.etracker[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@optimost[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ads.foxkidseurope[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@adopt.euroclick[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@tracker.wholinked[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ilead.itrack[2].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@danmark.hatstats[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@adv.chol[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@data4.perf.overture[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@serving-sys[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@adrenaline[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ads.tripod.lycos[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ehg-nokiafin.hitbox[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@microsoftwga.112.2o7[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@hotlog[1].txt
    C:\Documents and Settings\Søren Laursen\Cookies\søren laursen@ads.pointroll[2].txt

Malware.SpywareQuake
    HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}
    HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid
    HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid32
    HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib
    HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib#Version
    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP404\A0057416.exe

Adware.Casino Games (Golden Palace Casino)
    C:\Casino\Casino.Net\casino.exe
    C:\Casino\Fast Win Casino\casino.exe
    C:\Casino\Metro Casino\casino.exe
    C:\Casino\Player's Club Casino\casino.exe
    C:\Casino\Prestige Casino\casino.exe
    C:\Casino\SuperVegasCasino\casino.exe
    C:\Documents and Settings\All Users\Menuen Start\Programmer\cas\Fast Win Casino\Fast Win Casino.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\cas\Prestige Casino\Prestige Casino.lnk
    C:\Programmer\CasinoOnNet\Casino.exe
    C:\Documents and Settings\Søren Laursen\Menuen Start\Programmer\cas\Casino-on-Net\Casino-on-Net.lnk
    C:\Documents and Settings\Søren Laursen\Menuen Start\Programmer\cas\Casino.Net\Casino.Net.lnk
    C:\Programmer\InterCasino $$$\Casino.exe
    C:\Documents and Settings\Søren Laursen\Menuen Start\Programmer\cas\InterCasino $$$\InterCasino $$$.lnk
    C:\Documents and Settings\Søren Laursen\Menuen Start\Programmer\cas\Metro Casino\Metro Casino.lnk
    C:\Documents and Settings\Søren Laursen\Menuen Start\Programmer\cas\Player's Club Casino\Player's Club Casino.lnk
    C:\Documents and Settings\Søren Laursen\Menuen Start\Programmer\cas\SuperVegasCasino\SuperVegasCasino.lnk
    C:\WINDOWS\Prefetch\CASINO.EXE-1D69724E.pf
    C:\WINDOWS\Prefetch\CASINO.EXE-335CF3A7.pf

Trojan.SpyFalcon
    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP404\A0057413.dll

Det startede nok med [Carnival Casino] programmet - er det noget kender til ? For "Superantispyware" har heldigvis smidt den ud ...
... sammen med "NewDotNet" famillien...

<fromsej> ska' nok komme med de afsluttende bemærkninger...

hej.. jeg har selv afinstalleret carnivalcasino... i går efter jeg kiggede lidt på maskinen sammen med jer...
det er bare et almindeligt casino-program, fra www.carnivalcasino.com....

En del af disse 'smarte' / gratis programmer har lidt extra uønsket med i posen - pas på...

Hej allesammen.
Jeg har dårlige og gode nyheder, og jeg giver de dårlige først. Da jeg her til morgen for sjov skyld kørte en "express scan" på Superantispyware, fandt den stadig NewDotNet... Og efterfølgende fandt mit antivirusprogram også den dejlige trojanske hest...
Det skal siges (det glemte jeg igår at sige), at, da jeg kørte custom scan i går, og da den nåede til C:\System Volume Information\_restore, gik antivirus-programmet amok og fandt en fem-seks heste... Jeg trykkede deny access, som mit antivirusprogram foreslog, og så fandt programmet så Trojaneren kaldet spyfalcon...et nyt og spændende navn...
Nå men den gode nyhed er, at jeg er i stand til at køre drweb-cureit.exe i fejlsikret tilstand, så det er jeg i gang med nu.
Der følger snart tre nye logfiler, så teksten her nærmer sig en kilometer..

kafka23

ps... jeg er på med min blærbare

... en del af disse 'programmer' invitere hinanden - så nu har du også fået [spyfalcon] famillien indenbords ...

Mht: -> C:\System Volume Information\_restore
Gennemfør dette -> http://www.fbeej.dk/Systemgendannelse.htm

... samt http://www.spywareinfo.dk/download/cleantempxp2k.bat

... og en 'frisk' HiJackThis Log...

jeg skal lige være sikker på, at jeg forstår dig helt rigtigt...
Skal jeg køre cleantempxp2k.bat EFTER jeg har fjernet fluebenet i "deaktiver Systemgendannelse" ?

... gør ingen forskel...

ok, så har jeg gjort, som I har sagt... Her følger HI-jack-his loggen


Logfile of HijackThis v1.99.1
Scan saved at 16:18:28, on 10-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Søren Laursen\Skrivebord\Ny mappe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [HD] C:\Programmer\Jvw History Eraser 1.0\Hd.cmd
O4 - HKCU\..\Run: [SpySpotter System Defender] C:\Programmer\SpySpotter3\Defender.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programmer\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.bifrost.aakb.dk/support/plugins/ebraryRdr.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {27F3FC88-5316-497E-BAA9-A6FC8C9730A2} (WDXMAPProject.WDXMAP) - http://www2.web-direct.dk/neozone/WDXMAP.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.luckynugget.com/download_helper/Nyoko.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107619504346
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://light.gabs.dk/imageuploader/ImageUploader3.cab
O16 - DPF: {A43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C} (IMMail Class) - http://www.passalong.com/Music/activex/TPIMActiveX.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} (WDX.WDX_Main) - https://www2.web-direct.dk/wdx.cab
O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://foto.vg.no/activex/ImageUploader3.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/4066/defaults/activex/ImageUploader3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Jeg kørte forresten også en drweb-cureit.exe i fejlsikret tilstand...


loggen følger her..


TrickshotSetup-dm[1].exe    C:\Downloads    Adware.TryMedia    Renamed.
mirc.exe    C:\mIRC    Program.mIRC.616    Renamed.
AM_PTValues_Mask.dat    C:\Programmer\32red\32red\Spectacular3    Modification of Win95.Murkry.983    Moved.
AM_PTValues_Mask.dat    C:\Programmer\arthurian\arthurian\Spectacular3    Modification of Win95.Murkry.983    Moved.
A0051288.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP378    BackDoor.Pigeon.312    Deleted.
A0057385.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP404    Trojan.Fakealert    Deleted.
A0057386.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP404    Trojan.Fakealert    Deleted.
A0057392.dll    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP404    Trojan.Popuper    Deleted.
A0057418.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP404    Tool.Prockill    Renamed.
A0057453.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP404    Tool.Prockill    Renamed.
A0057455.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP404    Trojan.Shutdown    Deleted.
A0057816.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP409    Adware.Casino    Renamed.
A0057925.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP409    Adware.Casino    Renamed.
A0058690.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP410    Adware.Casino    Renamed.
A0059301.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP411    Adware.Casino    Renamed.
A0059303.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP411    Adware.NewDotNet    Renamed.
A0059305.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP411    Adware.NewDotNet    Renamed.
A0059307.dll    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP411    Adware.NewDotNet    Renamed.
A0060307.dll    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP411    Adware.NewDotNet    Renamed.
A0060354.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP411    Adware.TryMedia    Renamed.
A0060355.exe    C:\System Volume Information\_restore{C91ECDD7-3687-4DBD-97C7-8AF575BA5AD0}\RP411    Program.mIRC.616    Renamed.
Fast Win Casino setup.exe    C:\WINDOWS    Adware.Casino    Renamed.

Det skal siges, at jeg først kørte drweb-cureit.exe og først bagefter cleantempxp2k.bat

<fromsej>: Ka' du lure af hvad der sker her ?
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
eller nogle af "O16"

???

Afinstaller Spyspotter i Tilføj/fjern programmer.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKCU\..\Run: [SpySpotter System Defender] C:\Programmer\SpySpotter3\Defender.exe -startup
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog.

Hej allesammen... Jeg ku ikke finde Spyspotter i Tilføj/fjern programmer...
Måske har jeg afinstalleret det...
Og jeg fik ikke lige fat i, hvad det var for nogle mapper og filer, jeg skulle slette... Hvis det er dem her: c:\Programmer\SpySpotter3\Defender.exe -startup
så er de der ikke mere...
Og her følger den friske Hijackthislog...
kafka23



Logfile of HijackThis v1.99.1
Scan saved at 19:07:01, on 13-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Søren Laursen\Skrivebord\Ny mappe\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmer\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmer\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [HD] C:\Programmer\Jvw History Eraser 1.0\Hd.cmd
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programmer\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.bifrost.aakb.dk/support/plugins/ebraryRdr.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {27F3FC88-5316-497E-BAA9-A6FC8C9730A2} (WDXMAPProject.WDXMAP) - http://www2.web-direct.dk/neozone/WDXMAP.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.luckynugget.com/download_helper/Nyoko.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107619504346
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://light.gabs.dk/imageuploader/ImageUploader3.cab
O16 - DPF: {A43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C} (IMMail Class) - http://www.passalong.com/Music/activex/TPIMActiveX.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} (WDX.WDX_Main) - https://www2.web-direct.dk/wdx.cab
O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://foto.vg.no/activex/ImageUploader3.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp03.photoprintit.de/microsite/4066/defaults/activex/ImageUploader3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

så.. nu har jeg kørt antivirusprgoram og SUPERantispyware... og der er ingenting!
HURRA for folk herindefra....
fromsej, du skal have point....

Det lyder godt.*S*

Så er din log ren, vi behøver ikke se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere den.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

tak for det,
det er fedt, I kunne hjælpe

Velbekomme og tak for point. :-)