CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede crox Nybegynder
30. oktober 2006 - 22:34 Der er 4 kommentarer og
1 løsning

Har jeg stadig msn-virus? (HJT-log)

Hej alle!
Jeg har fulgt fromsej's artikel for at få fjernet en msnvirus. Jeg ville høre om der var nogle der har tid til at se på log-filere fra de programmer jeg har kørt.

Dr.Web Logfil
-----------------------------------------
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-10-30, 17:34:19 [FRANS1][Administrator]
Command-line: "C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - skipped
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43353.cdb - 797 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 236 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 257 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 141318
Key file: C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\explorer.exe
[Scan path] C:\drweb-cureit.exe
[Scan path] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
[Scan path] C:\Programmer\CA\CA Internet Security Suite\cctray\cctray.exe
[Scan path] C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
[Scan path] C:\Programmer\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe
[Scan path] C:\WINDOWS\System32\CTFMON.EXE
[Scan path] C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Skyr@cer PC Card 3044 & Skyr@cer PCI 144\WLANMON.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\System32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\System32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\System32\remotepg.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\WINDOWS\System32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\System32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\System32\shmedia.dll
[Scan path] C:\WINDOWS\System32\browseui.dll
[Scan path] C:\WINDOWS\System32\sendmail.dll
[Scan path] C:\WINDOWS\System32\occache.dll
[Scan path] C:\WINDOWS\System32\webcheck.dll
[Scan path] C:\WINDOWS\System32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\System32\netplwiz.dll
[Scan path] C:\WINDOWS\System32\zipfldr.dll
[Scan path] C:\WINDOWS\System32\cdfview.dll
[Scan path] C:\WINDOWS\System32\msieftp.dll
[Scan path] C:\WINDOWS\System32\docprop2.dll
[Scan path] C:\WINDOWS\System32\dsquery.dll
[Scan path] C:\WINDOWS\System32\dsuiext.dll
[Scan path] C:\WINDOWS\System32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\System32\dfsshlex.dll
[Scan path] C:\WINDOWS\System32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\PROGRA~1\FLLESF~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\Programmer\Microsoft Office\Office10\msohev.dll
[Scan path] C:\WINDOWS\System32\twext.dll
[Scan path] C:\WINDOWS\System32\extmgr.dll
[Scan path] C:\WINDOWS\system32\Audiodev.dll
[Scan path] C:\Programmer\WinRAR\rarext.dll
[Scan path] C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\System32\stobject.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\WgaLogon.dll
[Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ACPIEC.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\agp440.sys
[Scan path] c:\windows\system32\svchost.exe
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\System32\Atievxx.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\atimtai.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys
[Scan path] C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\cben5.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\System32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\CmBatt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\compbatt.sys
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\system32\drivers\fltmgr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\i8042prt.sys
[Scan path] C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\System32\imapi.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\intelide.sys
[Scan path] C:\WINDOWS\system32\drivers\ip6fw.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
[Scan path] C:\WINDOWS\system32\drivers\essm2e.sys
[Scan path] C:\WINDOWS\System32\mnmsrvc.exe
[Scan path] C:\WINDOWS\system32\drivers\MODEMCSA.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\System32\msdtc.exe
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\p3.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pcmcia.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\System32\locator.exe
[Scan path] C:\WINDOWS\System32\rsvp.exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\drivers\scsiport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\tiacxln.sys
[Scan path] C:\WINDOWS\System32\tlntsvr.exe
[Scan path] C:\WINDOWS\system32\wdfmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbprint.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\System32\DRIVERS\usbuhci.sys
[Scan path] C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 213
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1179 Kb/s
Scan time: 00:00:38
-----------------------------------------------------------------------------

[Scan path] C:\BC31
[Scan path] C:\Casino
[Scan path] C:\Documents and Settings
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error

Invalid path to file C:\Documents and Settings\Frans Østergård\Dokumenter\Skole\Bachelor HA\3 år\International marketing og eksportmarkedsføring\Bachelorprojekt\Materiale om Holland\Retailsektoren\Årsrappoter banker i Holland\ABN Amro Bank\ABN Amro Bank Sustainability report 2005.pdf
Invalid path to file C:\Documents and Settings\Frans Østergård\Dokumenter\Skole\Bachelor HA\3 år (Göteborg)\Konsumentbeteende\Individuel hjemmeeksamen\Artikler\DEL A\Satisfaction\The Moderating Role of Confidence in Expectations and the Asymmetric Influence of Disconfirmation on Customer Sat.txt
Invalid path to file C:\Documents and Settings\Frans Østergård\Dokumenter\Tabs\Blandet\New York New York Chords-filer\Network=ugo&size=728x90&adtype=over&affiliate=ultimate-guitar&suba=ultimate-guitar&channel=music&subchannel=tic&category=tic&PT=hp&CR=ei&pez=-filer\728x90_casale.js
C:\Documents and Settings\Frans Østergård\Lokale indstillinger\Temporary Internet Files\Content.IE5\4XE3GXIF\drsmartload[11.#xe is adware program Adware.DollarRevenue - renamed
C:\Documents and Settings\Frans Østergård\Lokale indstillinger\Temporary Internet Files\Content.IE5\KHIB8XUF\ucmoreiex[11.#xe is adware program Adware.Ucmore - renamed
C:\Documents and Settings\Frans Østergård\Lokale indstillinger\Temporary Internet Files\Content.IE5\KR5VQQVD\loader[11.#xe is adware program Adware.DollarRevenue - renamed
C:\Documents and Settings\Frans Østergård\Lokale indstillinger\Temporary Internet Files\Content.IE5\KR5VQQVD\speedtest2[11.#ll is adware program Adware.Matcash - renamed
C:\Documents and Settings\Jannie Øberg\Lokale indstillinger\Temporary Internet Files\Content.IE5\45UV8LMB\Installer[11.#xe is adware program Adware.Look2me - renamed
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error

[Scan path] C:\Drweb
[Scan path] C:\Program Files
[Scan path] C:\Programmer
C:\Programmer\Deskbar\deskbar1.#ll is adware program Adware.Softomate - renamed

[Scan path] C:\RECYCLER
[Scan path] C:\System Volume Information
C:\System Volume Information\_restore{F0B1BE6F-84B0-4787-8297-4A93C599931A}\RP267\A0054401.#ll is adware program Adware.Softomate - renamed
C:\System Volume Information\_restore{F0B1BE6F-84B0-4787-8297-4A93C599931A}\RP268\A0054571.#xe is adware program Adware.DollarRevenue - renamed
C:\System Volume Information\_restore{F0B1BE6F-84B0-4787-8297-4A93C599931A}\RP269\A0054651.#ll is adware program Adware.Softomate - renamed
>C:\System Volume Information\_restore{F0B1BE6F-84B0-4787-8297-4A93C599931A}\RP269\A0054651.#xe is adware program Adware.Casino - renamed
C:\System Volume Information\_restore{F0B1BE6F-84B0-4787-8297-4A93C599931A}\RP269\A0054660.#xe is adware program Adware.DollarRevenue - renamed

[Scan path] C:\WINDOWS
>C:\WINDOWS\Club Dice Poker setu0.#xe is adware program Adware.Casino - renamed
C:\WINDOWS\Downloaded Program Files\speedtest1.#ll is adware program Adware.Matcash - renamed
C:\WINDOWS\system32\drsmartload11351.#xe is adware program Adware.DollarRevenue - renamed
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 108797
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 14
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 14
Objects moved: 0
Objects ignored: 0
Scan speed: 272 Kb/s
Scan time: 01:53:57
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 109010
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 14
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 14
Objects moved: 0
Objects ignored: 0
Scan speed: 277 Kb/s
Scan time: 01:54:35
=============================================================================

Ewido Log Fil
---------------------------
--------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            21:57:27, 30-10-2006
+ Rapport-Checksum:        26643573

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E} -> Adware.Softomate : Renset med backup
    HKLM\SOFTWARE\Classes\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38} -> Adware.Softomate : Renset med backup
    HKLM\SOFTWARE\Classes\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F} -> Adware.Softomate : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Renset med backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar -> Adware.Softomate : Renset med backup
    C:\deskbar.exe -> Adware.Softomate : Renset med backup
    C:\deskbar_e13.exe/deskbar.exe -> Adware.Softomate : Renset med backup
    C:\deskbar_e15.exe/deskbar.exe -> Adware.Softomate : Renset med backup
    C:\deskbar_e18.exe/deskbar.exe -> Adware.Softomate : Renset med backup
    C:\deskbar_e21.exe/deskbar.exe -> Adware.Softomate : Renset med backup
    C:\Documents and Settings\Frans Østergård\drsmartload11351.#xe -> Downloader.Adload.fu : Renset med backup
    C:\Documents and Settings\Jannie Øberg\Cookies\jannie øberg@com[2].txt -> TrackingCookie.Com : Renset med backup
    C:\drsmartload.exe -> Downloader.Adload.de : Renset med backup
    C:\Installer4.exe -> Adware.Look2Me : Renset med backup
    C:\kybrdff_e18.exe -> Downloader.Adload.fy : Renset med backup
    C:\Programmer\Deskbar -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\about.html -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\basis.xml -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\Cache -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\deskbar.crc -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\deskbar.inf -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\deskbar0.#ll -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\icons.bmp -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\inst.bat -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\mbback.bmp -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\mbbigopen.bmp -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\mbclose.bmp -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\mbfwd.bmp -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\mblogo.bmp -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\mbsep.bmp -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\options.html -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\softomate.gif -> Adware.Softomate : Renset med backup
    C:\Programmer\Deskbar\version.txt -> Adware.Softomate : Renset med backup
    C:\WINDOWS\Club Dice Poker setu1.#xe -> Adware.Casino : Renset med backup
    C:\WINDOWS\Downloaded Program Files\speedtest0.#ll -> Not-A-Virus.Downloader.Win32.InsTool.a : Renset med backup
    C:\WINDOWS\system32\drsmartload11350.#xe -> Downloader.Adload.fu : Renset med backup


::Rapport slut
-----------------------------------------------------

SuperAntiSpy Log
SUPERAntiSpyware Scan Log
Generated 10/30/2006 at 08:24 PM

Core Rules Database Version : 0
Trace Rules Database Version: 0

Memory threats detected  : 0
Registry threats detected : 11
File threats detected    : 19

Adware.UCMore/The Search Accelerator
    C:\Programmer\TheSearchAccelerator
    C:\ucmoreiex.exe

Trojan.Unknown Origin
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion#LastModified
    C:\WINDOWS\teller2.chk

Trojan.SmartLoad
    HKLM\Software\Microsoft\drsmartload2
    HKLM\Software\Microsoft\drsmartload2#Installed
    C:\drsmartload1.exe
    C:\WINDOWS\drsmartload2.dat
    C:\WINDOWS\Prefetch\DRSMARTLOAD1.EXE-04DD9FC7.pf

Browser Hijacker.Internet Explorer Settings Hijack
    HKLM\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ]

Trojan.DollarRevenue
    C:\WINDOWS\newname.dat
    C:\WINDOWS\keyboard1.dat

Adware.Casino Games (Golden Palace Casino)
    C:\Programmer\CDPoker\casino.exe
    C:\Documents and Settings\All Users\Menuen Start\CDPoker.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\CDPoker\CDPoker.lnk

Adware.Tracking Cookie
    C:\Documents and Settings\Jannie Øberg\Cookies\jannie øberg@ad.ofir[2].txt
    C:\Documents and Settings\Jannie Øberg\Cookies\jannie øberg@bluestreak[2].txt
    C:\Documents and Settings\Jannie Øberg\Cookies\jannie øberg@m1.webstats4u[1].txt
    C:\Documents and Settings\Jannie Øberg\Cookies\jannie øberg@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Jannie Øberg\Cookies\jannie øberg@partypoker[2].txt
    C:\Documents and Settings\Jannie Øberg\Cookies\jannie øberg@track.adform[1].txt
    C:\Documents and Settings\Jannie Øberg\Cookies\jannie øberg@www.globaladvertisingservices[2].txt

Bogus MS Agent Server
    C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
-----------------------------------------------------------------
HJT - Log
Logfile of HijackThis v1.99.1
Scan saved at 22:08:58, on 30-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Programmer\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skyr@cer PC Card 3044 & Skyr@cer PCI 144\WLANMON.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Frans Østergård\Lokale indstillinger\Temporary Internet Files\Content.IE5\FUW7FDKH\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://student.cbs.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmer\Fælles filer\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e23.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e23.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e23.exe
O4 - HKLM\..\Run: [cctray] "C:\Programmer\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Programmer\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\FRANSS~1\LOKALE~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Skyr@cer PC Card 3044 & Skyr@cer PCI 144.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Dream Poker - {2841F778-7EAA-4e5a-BE73-E93F9420390E} - C:\Programmer\dreampokerMPP\MPPoker.exe
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Programmer\gamingclubMPP\MPPoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Programmer\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Programmer\CDPoker\casino.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Programmer\bet365MPP\MPPoker.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmer\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmer\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096926914336
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file://C:\Programmer\The Tournament Director\comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7E9E76-BA1C-4250-8102-7B579206CB4B}: NameServer = 193.11.224.20,193.11.224.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F7E9E76-BA1C-4250-8102-7B579206CB4B}: NameServer = 193.11.224.20,193.11.224.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F7E9E76-BA1C-4250-8102-7B579206CB4B}: NameServer = 193.11.224.20,193.11.224.21
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

---------------------------------
Det var alt hvad der var...

Håber at der er nogen der kan hjælpe...

Mvh Christian
Avatar billede Computer Hjælp (Gratis) Mester
30. oktober 2006 - 23:54 #1
Jooo - det er 'rester' fra MSN-virusen

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.politiken.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://student.cbs.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmer\Fælles filer\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e23.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e23.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e23.exe

For at kunne se alle filer og mapper, så følg denne vejledning:
Se alle filer og mapper http://www.spywareinfo.dk/tip-og-tricks/mappeindstillinger.htm

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

C:\\nwnmff_e23.exe
C:\\dfndrff_e23.exe
C:\\kybrdff_e23.exe
(Hvis der er andre lignende filer samme sted så slet dem også...)

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!

PS: Bruger du alle disse Poker programmer ?

------------------------------------------------------------------------
Avatar billede crox Nybegynder
31. oktober 2006 - 12:13 #2
Hej igen!
Nu har jeg fulgt din vejledning, og her er den nye logfil fra HJT:
-------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:29:17, on 31-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Skrivebord\ALTERNATV.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [cctray] "C:\Programmer\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Programmer\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Skyr@cer PC Card 3044 & Skyr@cer PCI 144.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Dream Poker - {2841F778-7EAA-4e5a-BE73-E93F9420390E} - C:\Programmer\dreampokerMPP\MPPoker.exe
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Programmer\gamingclubMPP\MPPoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Programmer\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Programmer\CDPoker\casino.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Programmer\bet365MPP\MPPoker.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmer\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmer\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Menuen Start\Programmer\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096926914336
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file://C:\Programmer\The Tournament Director\comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7E9E76-BA1C-4250-8102-7B579206CB4B}: NameServer = 193.11.224.20,193.11.224.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F7E9E76-BA1C-4250-8102-7B579206CB4B}: NameServer = 193.11.224.20,193.11.224.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F7E9E76-BA1C-4250-8102-7B579206CB4B}: NameServer = 193.11.224.20,193.11.224.21
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programmer\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

-----------------------------------------------------------------------------------
Det er en af mine venners computer, han spiller vidst en del poker, men ville du da opfordre til at slette de pokerprogrammer man ikke bruger?

Mvh. Chrstian
Avatar billede Computer Hjælp (Gratis) Mester
03. november 2006 - 09:58 #3
Det ser bedre ud ...

Hører denne adresse til din ISP -> 193.11.224.20 ???
Avatar billede Computer Hjælp (Gratis) Mester
30. november 2006 - 16:35 #4
???
Avatar billede crox Nybegynder
28. november 2007 - 11:33 #5
--
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 23:37 Hvilket styresystem anvendes i DVD/HDD optager- Af ErikHg i Musik & videoafspillere
I går 15:23 Hvis formular Af Malou i Excel
I går 13:18 genvejstast Af birdbrain i Excel
I går 08:21 Fjernadgang til Access app Af per2edb i Access
I går 08:03 Min pc fryser Af Lucas Jensen i PC
White papers
Flere white papers »


Premium
Teaser billede
Fra 'juniorministerium' til magtfaktor: Digitalisering får udvidet mandat efter Marie Bjerres afgang
Læs mere »
Nyt ministerium overtager del af Center for Cybersikkerhed fra Forsvaret samt håndteringen af NIS2
Norlys ramt af to nedbrud på et døgn: "Vi løber så stærkt, vi kan"
Kom tæt på Danmarks nye digitaliserings-minister: 33-årige Caroline Stage Olsen er tidligere tobaks-lobbyist - har været aktiv i politik siden hun var helt ung
Se alle »
Computerworld
Teaser billede
Verdens største bilproducent ramt af hackerangreb: Sender skylden videre til tredjepart
Læs mere »
Næste måned skifter din iPhones Apple-id til et nyt navn
Nærmest selvkørende: Jeg kørte fra Roskilde til København uden at røre rattet
Test: Denne laptop rammer plet - er utrolig slank men alligevel utrolig stærk
Se alle »
CIO
Teaser billede
Detailkæde har mistet over 65 millioner kroner efter cyberangreb – kræver erstatning fra it-leverandør
Læs mere »
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
DSB køber cloud-løsning til 420 millioner kroner af hollandsk it-selskab: Skal afløse 30 år gammelt system
Der er under halvt så mange it-specialister i Danmark som regeringen påstår - tæller elektrikere og automekanikere med
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Til åbningsfest i det nye NNIT-hovedkontor: ”Som at flytte til New York sammenlignet med der hvor vi kommer fra” - se billederne
Se alle »
White paper
Teaser billede
Sikkerhed uden grænser: Cisco Hypershield
Læs mere »
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
Sådan høster du forretningsfordelene ved Internet of Things
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »