Mangler runddll.32

tag lige en tur med Spybot:
http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html

... ka' vi lige få det lidt mere præcise filnavn ? Husk at få endelsen rigtig med ?

I hvilken forbindelse 'brokker' den sig ?

(Det _kan_ jo også være et Uønsket element = Virus ell. lign.)

Nu har jeg scannet den med spybot og det har ikke hjulpet!

Er der andre muligheder!

tror du skal få karise_larry til at hjælpe dig med en HiJackThis-log :o)    (tror det er spyware/adware e.lign. som spøger)

Hej karise larry!
Vil du tjekke min log?
Logfile of HijackThis v1.99.1
Scan saved at 21:55:19, on 27-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\QuickTime\qttask  .exe
C:\Programmer\QuickTime\qttask    .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask    .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nozylotg] rundll32.exe "C:\Programmer\ijmpmhsn\qjklavcv.dll",Init
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [nozylotg] rundll32.exe "C:\Programmer\ijmpmhsn\qjklavcv.dll",Init

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask    .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

Genstart normalt.

Manuelt slet
C:\Programmer\ijmpmhsn\ <- Hele mappen

Kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!

------------------------------------------------------------------------

Det er bare i orden!

Logfile of HijackThis v1.99.1
Scan saved at 12:03:59, on 28-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\ALTERNATIV.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {163DA25E-14A2-4CF7-BD10-B32577E2DEEC} - C:\WINDOWS\system32\yayvu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\mljifee.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: mljifee - C:\WINDOWS\SYSTEM32\mljifee.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhjd32 - C:\WINDOWS\SYSTEM32\winhjd32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

Så dukkede der nemlig mere op !!!

Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4

Dobbeltklik på VundoFix.exe for at køre det. Klik på "Scan for Vundo"-knappen. Når programmet er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen

Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at genstarte computeren. Det skal du acceptere.

Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt

Bemærk: Det er muligt at Vundofix ved første scanning finder en fil, som den ikke kan fjerne i første omgang. Så vil Vundofixet genstarte, og fortsætte efter genstarten. HVis dette sker, skal du bare følge instruktionerne ovenfor efter genstarten (startende med "Klik på Scan for Vundo-knappen")

Det er bare i orden!

C:\vundofix.txt ???

Logfile of HijackThis v1.99.1
Scan saved at 23:21:22, on 29-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\QuickTime\qttask  .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\ALTERNATIV.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4AE6ED70-483E-411B-826D-32548F2C0528} - C:\WINDOWS\system32\yayvu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\mljifee.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask  .exe" -atboottime
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: mljifee - C:\WINDOWS\SYSTEM32\mljifee.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe


VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 22:31:18 29-12-2007

Listing files found while scanning....

C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\uvyay.ini
C:\WINDOWS\system32\uvyay.ini2
C:\WINDOWS\system32\winhjd32.dll
C:\WINDOWS\system32\yayvu.dll
C:\WINDOWS\system32\yayvu.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvyay.ini
C:\WINDOWS\system32\uvyay.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvyay.ini2
C:\WINDOWS\system32\uvyay.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\winhjd32.dll
C:\WINDOWS\system32\winhjd32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayvu.dll
C:\WINDOWS\system32\yayvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayvu.exe
C:\WINDOWS\system32\yayvu.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix burde da egentlig have nappet [mljifee.dll] - Hmmm...

Så gør vi det 'manuelt' ->

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\yayvu.dll
C:\WINDOWS\system32\mljifee.dll
~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {4AE6ED70-483E-411B-826D-32548F2C0528} - C:\WINDOWS\system32\yayvu.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\mljifee.dll
O20 - Winlogon Notify: mljifee - C:\WINDOWS\SYSTEM32\mljifee.dll

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

Gide du at tjekke min log?

[30/12-2007 14:50:31] ...

Jeg gør lige præcis hvad du skriver men , denskriver error code 0

Det er når jeg kopier de to filer ind i avenger og trykker på trafiklyset at den skriver "Error code 0 "

.... hvilken 'den' ?

Der skal KUN stå disse linier:

Files to delete:
C:\WINDOWS\system32\yayvu.dll
C:\WINDOWS\system32\mljifee.dll

Det er denne her fejl som kommer:
//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Fatal error:  could not create new script file.
Error code: 0
Error logged to errorlog.txt.  Aborting now!

Ubdskyld det er min fejl på grund at der hvor der står "files to delete" fik jeg ikke med!

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xnkmkqoo

*******************

Script file located at: dbkyffxk

Could not open script file!  Error

Could not open script file!  Status: 0xc000003b  Abort!


Logfile of HijackThis v1.99.1
Scan saved at 16:11:36, on 30-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\henrik lai jensen\Skrivebord\ALTERNATIV.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O2 - BHO: (no name) - {E88C3B4A-FE44-474E-B320-F1B5CCF17E02} - C:\WINDOWS\system32\yayvu.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

Du har ikke gennemført Avenger procedure korrekt - endnu...
Der mangler stadig at bliver 'fixet' yayvu.dll ...

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\yayvu.dll
~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

Hvis Avenger siger at den har slettet
C:\WINDOWS\system32\yayvu.dll
SÅ må du gerne 'fixe' linien
O2 - BHO: (no name) - {E88C3B4A-FE44-474E-B320-F1B5CCF17E02} - C:\WINDOWS\system32\yayvu.dll
i HiJackThis ...

Logfile of HijackThis v1.99.1
Scan saved at 17:11:38, on 30-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\ALTERNATIV.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {8F9BCFBC-82E3-41FD-BEC3-04B559C5F0B9} - C:\WINDOWS\system32\yayvu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\difvwrpe

*******************

Script file located at: \??\C:\WINDOWS\fpoxaoeo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\yayvu.dll deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Så blev den tilsyneladende slettet...
(Eftercheck venligst
C:\WINDOWS\system32\yayvu.dll
- muligvis aktivér skjulte/systemfiler først...)

Så skal den lige 'fixes' i HiJackThis som tidl. beskrevet...

Logfile of HijackThis v1.99.1
Scan saved at 18:31:41, on 30-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\ALTERNATIV.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O2 - BHO: (no name) - {F0F99627-E106-4A55-93E1-B1C76BE2F2BD} - C:\WINDOWS\system32\yayvu.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

Jeg kan se der noget endnu men , skal jeg prøve avenger igen?

Hmmm...
Den ser stadig 'aktiv' ud i HiJackThis ->
O2 - BHO: (no name) - {F0F99627-E106-4A55-93E1-B1C76BE2F2BD} - C:\WINDOWS\system32\yayvu.dll

Jeg prøver med avenger , bagefter får du en hijackthis log!

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bxbarfct

*******************

Script file located at: \??\C:\WINDOWS\vnifcapj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\yayvu.dll deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 19:20:20, on 30-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\ALTERNATIV.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O2 - BHO: (no name) - {EAFCEBBF-ABC1-432E-8C43-DC473F68606B} - C:\WINDOWS\system32\yayvu.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

Hvad sir du så!

Check lige manuelt om
C:\WINDOWS\system32\yayvu.dll
filen findes alligevel ???
NB: Aktiver at se alle filer -> http://www.spywareinfo.dk/index.htm#/tip-og-tricks/mappeindstillinger.htm

Det gør den!

Kan jeg fjerne den i fejlsikret tilstand?

... nu bliver jeg snart SUR - Altså på den fil ...
Ja - prøv bare...

Lige en hurtig ->
Der er nok 'noget' som opretter den igen med det samme ?

Ved næste opstart - EFTER DU HAR SLETTET DEN (IGEN) I FEJLSIKKER TILSTAND - så gør det UDEN INTERNET FORBINDELSE - Altså stikket UD.

Så efter X tid check om filen så 'bare' er kommet tilbage ???

(Har evt. andre trix i ærmet...)

Jeg prøver!

Den blev ikke fjernet men , spørgmålet er om der ikke skal noget stærkere værktøj til!

Jeg prøver med vundofix en gang til og ser hvad der sker.

Er det kun en vej vist eller hvad?

Jeg smider lige en hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21:45:35, on 30-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\ALTERNATIV.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

Du får lige hele 'pakken' ->

---------------------------------------------------------------------

Hent denne engangsscanner:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (Gem programmet på skrivebordet, så du let kan finde det til senere brug)

Hvis din firewall blokerer for ftp adresser, kan du hente programmet her:
http://spywareinfo.dk/download/drweb-cureit.exe
(Du skal ikke aktivere den endnu)
---------------------------------------------------------------------

Hent AVG Antispyware:
http://www.spywarefri.dk/downloads1/avgas-setup-7.5.0.47.exe
Manual til Ewido: http://www.spywarefri.dk/manualer/ewido-manual.htm (AVG Antispyware hed tidligere Ewido. Du kan stadig bruge denne manual, men vi får snart tilpasset en ny manual til programmet).

Opdater straks efter installationen programmet. Lad være med at slette noget med AVG Antispyware fra normal tilstand. Vent til du kommer i fejlsikret tilstand. Du kan evt. højreklikke på ikonet E nede ved uret, og klikke på shutdown guard, så er du sikker på, at programmet venter med at fjerne snavs, til du er i fejlsikret tilstand.

---------------------------------------------------------------------

Download free Trial af SuperAntiSpyware Proff til Skrivebordet, http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe
Installer den, og lad den opdatere med nyeste opdateringer.
Så vil den spørge om din mail adresse, det er op til dig selv om du vil udfylde det. Tryk så på Næste og Næste igen - Udfør.
Dansk vejledning http://www.spywarefri.dk/manualer/superantispyware-manual.htm
(Du skal ikke aktivere den endnu)
---------------------------------------------------------------------

Tøm dine TEMP mapper:
Hent den lille batfil, dobbeltklik på filen, og der går et split sek. Så er temp renset.
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------------------------------------------------

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm
---------------------------------------------------------------------

Kør en fuld scanning med AVG Antispyware, og tillad programmet at fixe/fjerne de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.
Programmet opretter en lille log, som du skal kopiere herind i dit næste svar.
Du kan se hvordan du skal oprette og gemme rapporten her: http://www.spywarefri.dk/manualer/ewido-manual.htm Hvis du er i tvivl. Se punkt: 19 og 20.
---------------------------------------------------------------------

DrWeb - Dobbeltklik på cureit.exe filen laver den en kort startup/express scan.
Lad den fixe hvad den finder (Say Yes to all)
Derefter skal du klikke på Options -> Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Move.
Fjern flueben ved - Prompt on action.
Ved Move Path sletter du hvad der står, og skriver: c:\infected
Tryk på Anvend og derefter på OK.

Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.
Tryk så på den grønne pil nederst  til højre, så scanner den, og fixer problemerne.

Når scanningen er færdig, gå op i file - Tryk på - Save Report list.
Så ligger der en en fil der her hedder drweb.csv (åbnes med Notebook/Notepad) - på skrivebordet.
Luk Programmet.
---------------------------------------------------------------------

Start superantispyware ved at højreklikke på den gule og sorte bille ved uret.

Tryk på - Scan for, Adware,Malware - linjen
Tryk på - Preference - Knappen.
Fjern flueben ved - Start SuperAntiSpyware when Windows starts.

Tryk på Fanebladet - Scanning control.
Ved scanning options, skal der kun være flueben i de to nederste
Fanebladet - Real Time Protections. Fjerner du fluben ved - Enable Real Time Protection
Tryk så på Close

Tryk på - Scan Your computer - Knappen. Sæt flueben ved de drev der skal scannes. Det er vigtigt at drev hvor Windows (systemdrevet) ligger, har et flueben.
Flyt så prikken ved - Perform quick Scan, ned til - Perform complete Scan.
Tryk på Næste, så går den i gang med at scanne.

Det kan godt tage lang tid hvis du har meget på computeren

Når scanninngen er færdig popper der en boks op, tryk OK.
Sæt flueben ved alt den har fundet - næste. Så vil den fixe/slette infektionerne.

Lad den genstarte.
---------------------------------------------------------------------

Efter genstart -

Åben SuperAntiSpyware igen
Tryk på Preferences, vælg Statistics/Logs
Marker loggen i det lille vindue og tryk på View Log.
Kopier teksten herind sammen med loggen fra Ewido og loggen fra DrWeb (drweb.csv)

Sammen med en frisk Log fra HiJackThis...

karise_larry >>  lige en indskudt bemærkning: vil det være en ide at deaktivere systemgendannelse ?

... ikke endnu ... Jeg har aldrig oplevet at den skulle gemme sig der OG komme 'automatisk' frem derfra igen...

Hej folkens!
Jeg kommer først tilbage i det nye år!
I må have en rigtig godt Nytår!

Så er jeg kommet tilbge!
Mine logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/22/2007 at 04:59 PM

Application Version : 3.9.1008

Core Rules Database Version : 3366
Trace Rules Database Version: 1365

Scan type      : Complete Scan
Total Scan Time : 01:51:48

Memory items scanned      : 356
Memory threats detected  : 0
Registry items scanned    : 4678
Registry threats detected : 0
File items scanned        : 22536
File threats detected    : 60

Adware.Tracking Cookie
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@www.serial-free[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@toplist[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@ncom.banneradministration[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@specificclick[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@atwola[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@crackserialkeygen[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@ehg-oreilly.hitbox[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@serialdevil[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@clickbank[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@mediakey[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@ads2.jubii[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@spylog[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@dollarwarez[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@revenue[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@tacoda[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@fastclick[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@dealtime[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@burstnet[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@stat.onestat[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@casalemedia[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@www.burstnet[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@www.upspiral[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@tradedoubler[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@goclick[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@stat.dealtime[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@www.burstbeacon[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@doubleclick[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@statcounter[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@serving-sys[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@bs.serving-sys[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@apmebf[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@ad.zanox[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@adtech[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@partygaming.122.2o7[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@int.sitestat[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@atdmt[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@mediaplex[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@www.cracks-serials-rox[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@enhance[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@click.cashengines[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@adopt.specificclick[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@hitbox[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@clicksor[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@ad1.emediate[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@tribalfusion[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@statse.webtrendslive[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@warezreleases[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@advertising[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@ad.yieldmanager[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@partypoker[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@www.googleadservices[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@int.sitestat[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@eas.apm.emediate[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@yadro[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@track.adform[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@imrworldwide[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@hotbar[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@softonic.112.2o7[1].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@upspiral[2].txt
    C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@www.3dstats[2].txt


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    18:31:46 03-01-2008

+ Scan result:   



C:\avenger\backup-30-12-2007-15.48.59,25.zip/avenger/msmdev.dll -> Downloader.Agent.dag : Cleaned with backup (quarantined).
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Programmer\Alwil Software\Avast4\ashDisp.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Programmer\QuickTime\qttask    .exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Programmer\QuickTime\qttask  .exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Programmer\QuickTime\qttask  .exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Programmer\QuickTime\qttask .exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Programmer\QuickTime\qttask.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12\A0000958.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12\A0000961.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12\A0000983.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12\A0000985.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12\A0000996.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12\A0000998.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12\A0001012.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12\A0001013.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000048.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000103.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000109.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000131.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000134.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000135.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000136.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000138.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000144.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000188.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000190.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000192.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000193.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4\A0000195.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000273.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000276.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000277.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000278.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000280.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000306.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000308.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000310.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000311.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP7\A0000315.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000348.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000351.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000352.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000354.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000356.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000376.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000378.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000401.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000402.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000418.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000419.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000431.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000440.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000442.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000444.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000459.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000462.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000464.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000469.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000479.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000498.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000499.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000502.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000503.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000516.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000519.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8\A0000521.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000537.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000540.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000545.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000557.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000559.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000581.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000586.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000600.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000609.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000628.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000629.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000648.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000649.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000669.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000670.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000681.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000683.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000692.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000693.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000709.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000711.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000737.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000738.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000761.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000762.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000773.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000775.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000787.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000788.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000803.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000804.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000813.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000816.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000820.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000836.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000852.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000871.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000873.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000883.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000891.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000903.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000906.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000919.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000921.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\VundoFix Backups\NeroCheck.exe.bad -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\VundoFix Backups\yayvu.exe.bad -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yayvu.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\bbjrkcyu.bat -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\avenger\backup-30-12-2007-15.48.59,25.zip/avenger/msmhost.dll -> Not-A-Virus.Adware.Vapsup : Ignored.
C:\avenger\backup-30-12-2007-15.48.59,25.zip/avenger/nsduo.dll -> Not-A-Virus.Adware.Vapsup : Ignored.
C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9\A0000577.dll -> Not-A-Virus.Adware.Virtumonde : Ignored.
C:\avenger\backup-30-12-2007-15.56.19,41.zip/avenger/mljifee.dll -> Not-A-Virus.Adware.Virtumonde : Ignored.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@stepstone.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\henrik lai jensen\Cookies\henrik_lai_jensen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


Process.exe    C:\Documents and Settings\henrik lai jensen\Dokumenter\scannere\SmitfraudFix    Tool.Prockill    Moved.
restart.exe    C:\Documents and Settings\henrik lai jensen\Dokumenter\scannere\SmitfraudFix    Tool.ShutDown.11    Moved.
installer[1].exe    C:\Documents and Settings\henrik lai jensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\2Y11Z1HL    Trojan.DownLoader.37340    Deleted.
setup[1].htm    C:\Documents and Settings\henrik lai jensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\B3WVHND3    Exploit.MS06-014    Deleted.
setup[2].htm\javascript.0    C:\Documents and Settings\henrik lai jensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\B3WVHND3\setup[2].htm    Trojan.DownLoader.38412   
setup[2].htm    C:\Documents and Settings\henrik lai jensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\B3WVHND3    Archive contains infected objects    Moved.
Process.exe    C:\Documents and Settings\SmitfraudFix    Tool.Prockill    Moved.
restart.exe    C:\Documents and Settings\SmitfraudFix    Tool.ShutDown.11    Moved.
A0001014.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Trojan.MulDrop.10006    Deleted.
A0001015.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Trojan.MulDrop.10006    Deleted.
A0001016.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Trojan.MulDrop.10006    Deleted.
A0001017.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Trojan.MulDrop.10006    Deleted.
A0001018.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Trojan.MulDrop.10006    Deleted.
A0001019.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Trojan.MulDrop.10006    Deleted.
A0001020.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Trojan.MulDrop.10006    Deleted.
A0001021.bat    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Trojan.MulDrop.10006    Deleted.
A0001040.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Trojan.MulDrop.10006    Deleted.
A0001045.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Tool.Prockill    Moved.
A0001046.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP12    Tool.ShutDown.11    Moved.
A0000061.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4    Win32.Virut.30    Cured.
A0000078.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4    Win32.Virut.30    Cured.
A0000079.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4    Win32.Virut.30    Cured.
A0000080.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4    Win32.Virut.30    Cured.
A0000083.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4    Win32.Virut.30    Cured.
A0000118.exe    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP4    Win32.Virut.30    Cured.
A0000470.dll    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP8    Trojan.Mezzia.77    Deleted.
A0000577.dll    C:\System Volume Information\_restore{613E4343-C399-4ED8-84A3-17BB750BAFD4}\RP9    Trojan.Virtumod.240    Deleted.
Process.exe    C:\WINDOWS\system32    Tool.Prockill    Moved.
yayvu.exe    C:\WINDOWS\system32    Trojan.MulDrop.10006    Deleted.

Logfile of HijackThis v1.99.1
Scan saved at 18:46:20, on 04-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\ALTERNATIV.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {85EE387C-EFBE-4A8E-B54F-ED414727390D} - C:\WINDOWS\system32\yayvu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

Er der nogle som har tid til at se på min log?

BINGO !!!

"yayvu.exe    C:\WINDOWS\system32    Trojan.MulDrop.10006    Deleted."

Hvordan kører puteren så nu ???

Den kører ganske udemærket men , når jeg højreklikker på denne computer og vælger egenskaber kan den ikke finde rundll32.exe

Er der nogle som kan hjælpe mig med mit problem?

Burde ellers ligge ved C:\WINDOWS\system32\rundll32.exe ...


Prøv denne kommando for at rette fejlen:

Indsæt din WindowsXP Cd i drevet
Luk det vindue som popper op.

Gå i start - kør - skriv: sfc /scannow
Tast enter
Windows Cd skal ligge i drevet under denne kommando.
Du vil ikke få en tilbagemelding om noget er rettet.
Det mellemrum mellem sfc / skal være der.

Nu har jeg fået rettet fejlen!
Jeg brugte dit foreslag  med sfc / scannow!

Tusind tak for hjælpen.
Smid et svar?

Ping...
(Det var et [svar]...)

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt prik i "Vis ikke skjulte filer og mapper".

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...