/ Forside/ Teknologi / Hardware / Pc'er / Spørgsmål
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Pc'er
#NavnPoint
Klaudi 48441
o.v.n. 40523
refi 29114
Fijala 19253
molokyle 16243
webnoob 14995
Brassovit.. 12863
peet49 11383
EXTERMINA.. 10755
10  severino 10622
Spyware
Fra : huskat
Vist : 841 gange
20 point
Dato : 06-09-06 21:03

Jeg har været så dum at begynde at installere Winrar antivirus 2006, hvilket jeg dog snart fandt ud af var en spyware. Jeg har efterfølgende slettet filerne på computeren (som jeg kunne finde). Jeg har også hentet et program - VirtumundoBeGone - som skulle kunne fjerne programmet, og den siger, at den ikke kan finde noget.

Men: nu er mit spørgsmål, om det kan passe? Og er der nu nogle, som kan overvåge alt, hvad jeg foretager mig på nettet, således at mine konti / kontonummre bliver kendte?

Og hvad skal jeg gøre ved problemet?

 
 
Kommentar
Fra : miritdk


Dato : 06-09-06 21:12

hent hijackthis her:
http://spywarefri.dk/vaerktoj.htm
scan og save logfile og send loggen ind enten hos www.spywarefri.dk eller her - det sker der kommer en forbi der kan hjælpe dig

Kommentar
Fra : miritdk


Dato : 06-09-06 21:15

HOV velkommen til kandu

Kommentar
Fra : Fijala


Dato : 06-09-06 21:40

som miritdk skriver så er det hijackthis der er løsningen

Hvis du ellers kender lidt til registreringsdatabasen (regedit) kan du manuels gå ind og fjerne rester men det kan være farligt hvis ikke du er inde i det. Der kan ske uoprettelig skade

Kommentar
Fra : stl_s


Dato : 06-09-06 22:00

Hvis du vælger at lægge HijackThis loggen her ind, så kan jeg godt hjælpe dig af med spywaren.

Kommentar
Fra : stl_s


Dato : 06-09-06 22:09

Hent HijackThis her http://www.spywarefri.dk/downloads1/hijackthis.exe Opret en selvstændig mappe til HijackThis, kald den f,eks HJT. Kør Hijackthis, klik "Do a systemscan and save a logfile". Kopier loggen og sæt den her ind i tråden, så kigger jeg på den. Du må ikke slette noget selv med HijackThis. Jeg skal nok give dig en vejledning til hvad du skal gøre.




Kommentar
Fra : stl_s


Dato : 06-09-06 22:11

Hent HijackThis her http://www.spywarefri.dk/downloads1/hijackthis.exe Opret en selvstændig mappe til HijackThis, kald den f,eks HJT. Kør Hijackthis, klik "Do a systemscan and save a logfile". Kopier loggen og sæt den her ind i tråden, så kigger jeg på den. Du må ikke slette noget selv med HijackThis. Jeg skal nok give dig en vejledning til hvad du skal gøre.




Kommentar
Fra : huskat


Dato : 06-09-06 22:21

Logfile of HijackThis v1.99.1
Scan saved at 22:11:15, on 06-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\ClamWin\bin\ClamTray.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\slrundll.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Download\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\IDM\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Programmer\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NI.UWA6PK_0001_N91M2107] "c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe" -nag
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9120D33B-BFA2-401C-907B-0A8A5645A73B}: NameServer = 193.162.153.164 194.239.134.83
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe



Kommentar
Fra : stl_s


Dato : 06-09-06 23:04

1. Hent og pak SmitfraudFix.zip ud til dit Skrivebord.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.


2. Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1


3. Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Fixet genstarter muligvis computeren.


SmitfraudFix laver også en lille tekstfil (log). Kopier den her ind, sammen med en frisk HijackThis log.

Kommentar
Fra : huskat


Dato : 07-09-06 08:27

SmitFraudFix v2.83

Scan done at 8:07:27,48, 07-09-2006
Run from C:\Download\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Kommentar
Fra : huskat


Dato : 07-09-06 08:28

Logfile of HijackThis v1.99.1
Scan saved at 08:10:01, on 07-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.ex
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Download\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\IDM\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Programmer\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NI.UWA6PK_0001_N91M2107] "c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe" -nag
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe



Kommentar
Fra : stl_s


Dato : 07-09-06 17:41

Jeg kan ikke se spor af Vundo i loggen. Får du meldinger om den ?


For at kunne se alle filer og mapper, gør du dette http://www.spywareinfo.dk/#/tip-og-tricks/mappeindstillinger.htm

Så gør du dette:

Klik på "Start" - Vælg "Søg".
Klik på linket "Skift indstillinger".
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.


Start op i fejlsikret.

Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved disse linier, og klik fix checked.

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UWA6PK_0001_N91M2107] "c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe" -nag
O4 - Startup: PowerReg SchedulerV2.exe


Slet disse filer, markeret med fed skrift:

C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe

Genstart til normal tilstand, og kom med en frisk HijackThis kørt derfra. Inden du kører scanningen, så højreklik på HijackThis, og omdøb den til HJT.exe

På den måde vil vi kunne se om Vundo evt skjuler sig for Hijackthis.



Opdater dit java. Det vil mindske risikoen for mere Vundo og andre grimme ting http://www.java.com/en/download/index.jsp

VIGTIGT: Du skal afinstallere dit gamle java, ellers er du stadigvæk sårbar overfor de infektioner.



Kommentar
Fra : Fijala


Dato : 07-09-06 18:24

huskat

er det ikke dejligt at være i "kløerne" på en expert

Kommentar
Fra : miritdk


Dato : 07-09-06 19:37

det er da dejligt der er nogen der gider sætte sig så godt i de ting

Kommentar
Fra : stl_s


Dato : 16-09-06 02:21

Tilbagemelding og ny log ?

Kommentar
Fra : huskat


Dato : 22-09-06 07:27

Ja, undskyld at jeg er "faldet lidt ud" af debatten igen, men jeg vil gøre det en af de næste dage.... Men foreløbig mange tak for hjælpen

Kommentar
Fra : miritdk


Dato : 22-09-06 08:55

tag det ikke ilde op huskat - men indtil din log er dømt helt ren fra stl_s er du ikke sikker og noget kan evt ligge tilbage og gøre skade

Kommentar
Fra : huskat


Dato : 24-09-06 20:15

her er en ny log:




Logfile of HijackThis v1.99.1
Scan saved at 20:01:50, on 24-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\ClamWin\bin\ClamTray.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Download\hjt\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\IDM\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Programmer\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NI.UWA6PK_0001_N91M2107] "c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe" -nag
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://tsweb.eucnord.net/msrdp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe



Kommentar
Fra : huskat


Dato : 24-09-06 20:17

NB.
Den første fil, jeg skulle slette, gik jeg ind i mapperne for at finde, så jeg kunne slette den, men den anden fil (den der winantiviruspro....) kunne jeg ikke finde, men betyder det, at den allerede er slettet?

Kommentar
Fra : huskat


Dato : 01-10-06 08:27

Eller kan jeg regne med, at spywaren er slettet nu, selv om den fil bliver ved med at være i hjt'en (også hvis jeg laver en ny)?

Kommentar
Fra : stl_s


Dato : 01-10-06 14:09

Prøv lige at køre denne scanner. Hjælper det ikke, så snupper vi den manuelt.

Hent denne scanner http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Installer, og opdater scanneren manuelt. OBS, ved installationen bliver det foreslået at du registrerer med din email. Det behøver du ikke at gøre.


Start op i fejlsikret tilstand (tast f8 flere gange under opstart). Hvis du ikke kan det, så se her
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1


Start SuperAntiSpyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

Genstart til normal tilstand (scanneren tilbyder måske at gøre det).

Åbn scanneren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med en frisk HijackThis log.

Kommentar
Fra : huskat


Dato : 02-10-06 14:30

SUPERAntiSpyware Scan Log
Generated 10/02/2006 at 02:03 PM

Core Rules Database Version : 2847
Trace Rules Database Version: 1028

Memory threats detected : 0
Registry threats detected : 0
File threats detected : 25

Adware.Tracking Cookie
   C:\Documents and Settings\Anna\Cookies\anna@questionmarket[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@2o7[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@ad1.emediate[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@hitbox[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@msnportal.112.2o7[1].txt
   C:\Documents and Settings\Anna\Cookies\anna@as1.falkag[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@ehg-sonyesolutions.hitbox[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@tradedoubler[1].txt
   C:\Documents and Settings\Anna\Cookies\anna@ilead.itrack[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@cgi-bin[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@ehg-newscientist.hitbox[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@1071747760[1].txt
   C:\Documents and Settings\Anna\Cookies\anna@mediaplex[1].txt
   C:\Documents and Settings\Anna\Cookies\anna@bannere.fyens[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@track.adform[1].txt
   C:\Documents and Settings\Anna\Cookies\anna@atdmt[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@doubleclick[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@cbs.112.2o7[1].txt
   C:\Documents and Settings\Anna\Cookies\anna@a[1].txt
   C:\Documents and Settings\Anna\Cookies\anna@advertising[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@serving-sys[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@indextools[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@adtech[2].txt
   C:\Documents and Settings\Anna\Cookies\anna@statcounter[1].txt

Unclassified.Unknown Origin
   C:\Programmer\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\Restart.exe














Logfile of HijackThis v1.99.1
Scan saved at 14:10:46, on 02-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Download\hjt\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\IDM\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Programmer\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NI.UWA6PK_0001_N91M2107] "c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://tsweb.eucnord.net/msrdp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe




Kommentar
Fra : huskat


Dato : 05-10-06 21:19

....skulle det så være slettet nu?

Kommentar
Fra : stl_s


Dato : 05-10-06 23:35

UPS, sorry jeg ikke svarer før nu .

Start op i fejlsikret tilstand, kør hijackThis, og fix denne linie:

O4 - HKLM\..\Run: [NI.UWA6PK_0001_N91M2107] "c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe" -nag

Slet derefter den markerede fil:

c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe

Genstart til normal tilstand, og kom med en frisk log der fra.

Kommentar
Fra : huskat


Dato : 06-10-06 14:42

ja, men hvordan sletter jeg den fil, når jeg ikke kan finde den i mapperne?

Kommentar
Fra : stl_s


Dato : 06-10-06 21:47

Du burde kunne finde filen, hvis du har gjort dette:

For at kunne se alle filer og mapper, gør du dette http://www.spywareinfo.dk/#/tip-og-tricks/mappeindstillinger.htm

Så gør du dette:

Klik på "Start" - Vælg "Søg".
Klik på linket "Skift indstillinger".
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.

Ellers gør dette:

Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

1. Pak Avenger-programmet ud og dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------

Files to delete:
c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe

-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.


Kommentar
Fra : huskat


Dato : 07-10-06 20:43

den kan ikke slette filen, og kommer med følgende fejllog:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: selected file does not appear to be a valid script.
Error code: 0



Kommentar
Fra : stl_s


Dato : 07-10-06 21:47

Okay, så prøv at hente dette script http://www.greyknight17.com/spy/RegSrch.vbs Hvis dit antivirus brokker sig, så ignorer det bare. Kør scriptet, og i søgeboksen der åbner skriver du winantivirus og klikker ok. Når det har søgt færdigt åbner der et stykke notesblok. Kopier det her ind i tråden.

Kommentar
Fra : huskat


Dato : 08-10-06 21:17

REGEDIT4
; RegSrch[1].vbs © Bill James

; Registry search results for string "winantivirus" 08-10-2006 21:05:29

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


"NI.UWA6PK_0001_N91M2107"="\"c:\\documents and settings\\anna\\application data\\winantiviruspro2006freeinstall_dk[1].exe\" -nag "


Kommentar
Fra : stl_s


Dato : 09-10-06 00:03

Hent denne scanner ned til skrivebordet ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Vent med at køre den.


Start op i fejlsikret tilstand (tast f8 flere gange under opstart). Hvis du ikke kan det, så se her
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1


Dobbeltklik på drweb-cureit.exe. Den vil køre en express scan, og det siger du ja til.

Når den skriver "Select object for scanning" nederst til venstre, skal du klikke på Options->Change settings.

Skift til fanebladet SCAN, og fjern fluebenet ved "Heuristic analysis".

Skift til fanebladet Actions. Under ADWARE indstiller du til DELETE. Alle andre punkter under MALWARE sættes til MOVE. Fjern fluebenet ved PROMPT ON ACTION. Klik ANVEND og OK.

Klik på de drev du vil have scannet. Der kommer en rød prik, som viser at de er valgt.

Klik på den grønne pil ovre til højre på siden, for at starte scanningen.


Når scanningen er færdig, så find mappen Dr Web som ligger på dit hoveddrev, typisk C drevet, og find CUREIT.LOG. Scroll helt ned i bunden af loggen, hvor der står SCAN PATH og SCAN STATISTICS (KUN de nederste) og kopier det her ind.


Kommentar
Fra : huskat


Dato : 09-10-06 22:01

[Scan path] C:\
C:\Documents and Settings\Anna\NTUSER.DAT - read error
C:\Documents and Settings\Anna\NTUSER~1.LOG - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\nsz111.tmp is hacktool program Tool.Prockill - moved
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\~DF7A58.tmp - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\~DF9074.tmp - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\~DF9E4C.tmp - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\NI.UWA6PK_0001_N91M2107\setup.exe infected with Trojan.Fakealert - deleted
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\DRIVERS\POSTOOBE.NEC infected with VBS.Generic.278 - deleted
C:\RECYCLER\S-1-5-21-4273960717-4126513820-563005197-1006\Dc177\SmitfraudFix\Process.exe is hacktool program Tool.Prockill - moved
C:\RECYCLER\S-1-5-21-4273960717-4126513820-563005197-1006\Dc177\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11 - moved
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP129\A0080589.exe is hacktool program Tool.Prockill - moved
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP129\A0080590.exe is hacktool program Tool.ShutDown.11 - moved
C:\WINDOWS\system32\Process.exe is hacktool program Tool.Prockill - moved
C:\WINDOWS\system32\config\DEFAULT - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\SOFTWARE - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\SYSTEM - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 175048
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 6
Objects cured: 0
Objects deleted: 2
Objects renamed: 0
Objects moved: 6
Objects ignored: 0
Scan speed: 66 Kb/s
Scan time: 01:11:05
-----------------------------------------------------------------------------

Scanning interrupted by user! - viruses found
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 175379
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 6
Objects cured: 0
Objects deleted: 2
Objects renamed: 0
Objects moved: 6
Objects ignored: 0
Scan speed: 80 Kb/s
Scan time: 01:11:31

Kommentar
Fra : stl_s


Dato : 09-10-06 22:08

Jeg kan se du afbrød scanningen før tid. Prøv lige at køre den færdig.

Fix lige denne linie i hijackThis igen. Nu skulle den gerne blive væk:

O4 - HKLM\..\Run: [NI.UWA6PK_0001_N91M2107] "c:\documents and settings\anna\application data\winantiviruspro2006freeinstall_dk[1].exe" -nag


Kommentar
Fra : huskat


Dato : 10-10-06 22:15

jeg forstår ikke rigtigt, at jeg skulle have afbrudt, men jeg prøver lige igen i morgen (det tager rimelig lang tid), for jeg kan i hvert fald ikke fixe filen i hjt

Kommentar
Fra : stl_s


Dato : 11-10-06 01:04

Der står dette i Dr.Web loggen: Scanning interrupted by user! så du må have stoppet scanningen før den var færdig. Anyway, så prøv at fixe den linie i fejlsikret, efter du har kørt Dr.Web igen.

Kommentar
Fra : huskat


Dato : 11-10-06 20:18

Nu har jeg prøvet igen. Jeg lukkede ikke programmet ned før der stod done nede i hjørnet, men jeg synes alligevel, at det ser ud til, at den er blevet afbrudt. Jeg kan heller ikke fixe filen i hjt. men her er det nye i logggen fra Dr. web:
(Jeg kørte altså scanningen 2 gange, eftersom jeg første gang ikke havde fået lavet om på de indstillinger i actions, malware igen!! - håber ikke, at det gør noget)


=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-10-09, 21:39:56 [SNNECCI][Anna]
Command-line: "C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 160 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 284 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 690 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 147028
Key file: C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
=============================================================================

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-10-10, 21:21:11 [SNNECCI][Anna]
Command-line: "C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 160 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 284 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 690 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 147028
Key file: C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\system32\ZCfgSvc.exe
[Scan path] C:\WINDOWS\Explorer.EXE
[Scan path] C:\WINDOWS\system32\NOTEPAD.EXE
[Scan path] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
[Scan path] c:\windows\system32\ime\tintlgnt\tintsetp.exe
[Scan path] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
[Scan path] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
[Scan path] C:\WINDOWS\system32\igfxtray.exe
[Scan path] c:\Apps\Powercinema\PCMService.exe
[Scan path] C:\WINDOWS\System32\hkcmd.exe
[Scan path] C:\Programmer\QuickTime\qttask.exe
[Scan path] C:\Programmer\ClamWin\bin\ClamTray.exe
[Scan path] C:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[Scan path] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
[Scan path] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[Scan path] C:\WINDOWS\KHALMNPR.EXE
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
[Scan path] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[Scan path] C:\WINDOWS\system32\ctfmon.exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
[Scan path] C:\Documents and Settings\Anna\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
[Scan path] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[Scan path] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[Scan path] C:\Programmer\Logitech\SetPoint\KEM.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\system32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\system32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\system32\remotepg.dll
[Scan path] C:\WINDOWS\system32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\system32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\WINDOWS\system32\twext.dll
[Scan path] C:\WINDOWS\system32\shmedia.dll
[Scan path] C:\WINDOWS\system32\browseui.dll
[Scan path] C:\WINDOWS\system32\sendmail.dll
[Scan path] C:\WINDOWS\system32\occache.dll
[Scan path] C:\WINDOWS\system32\webcheck.dll
[Scan path] C:\WINDOWS\system32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\system32\netplwiz.dll
[Scan path] C:\WINDOWS\system32\zipfldr.dll
[Scan path] C:\WINDOWS\system32\cdfview.dll
[Scan path] C:\WINDOWS\system32\extmgr.dll
[Scan path] C:\WINDOWS\system32\msieftp.dll
[Scan path] C:\WINDOWS\system32\docprop2.dll
[Scan path] C:\WINDOWS\system32\dsquery.dll
[Scan path] C:\WINDOWS\system32\dsuiext.dll
[Scan path] C:\WINDOWS\system32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\system32\dfsshlex.dll
[Scan path] C:\WINDOWS\system32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\Programmer\Synaptics\SynTP\SynTPCpl.dll
[Scan path] C:\WINDOWS\system32\mscoree.dll
[Scan path] C:\Programmer\Real\RealPlayer\rpshell.dll
[Scan path] C:\Apps\RecordNow\shlext.dll
[Scan path] C:\PROGRA~1\FÆLLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
[Scan path] C:\Programmer\Microsoft Office\OFFICE11\msohev.dll
[Scan path] C:\Programmer\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
[Scan path] C:\PROGRAMMER\FÆLLES FILER\INTERGRAPH\RAD\symbext.dll
[Scan path] C:\WINDOWS\system32\Audiodev.dll
[Scan path] C:\Programmer\MSN Messenger\fsshext.8.0.0812.00.dll
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
[Scan path] C:\Programmer\IDM\QUICKfind\PlugIns\IEHelp.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\system32\stobject.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\WINDOWS\system32\igfxsrvc.dll
[Scan path] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\LgNotify.dll
[Scan path] C:\WINDOWS\system32\WgaLogon.dll
[Scan path] C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\adpu160m.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\AegisP.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agp440.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aha154x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78u2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78xx.sys
[Scan path] c:\windows\system32\svchost.exe
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\aliide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\alim1541.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amdagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amsint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\arp1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3350p.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3550.sys
[Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\audstub.sys
[Scan path] C:\WINDOWS\system32\drivers\CDAC11BA.EXE
[Scan path] C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
[Scan path] C:\WINDOWS\system32\drivers\CdaC15BA.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\CmBatt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cmdide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\compbatt.sys
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] C:\WINDOWS\system32\drivers\o2mmb.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cpqarray.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dac960nt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\disk.sys
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dpti2o.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\fltMgr.sys
[Scan path] C:\WINDOWS\system32\drivers\ftdibus.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\system32\drivers\ftser2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hidusb.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hpn.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HPZid412.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HPZius12.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i2omp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\system32\imapi.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ini910u.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\intelide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\intelppm.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipnat.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\kbdhid.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
[Scan path] C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
[Scan path] C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
[Scan path] C:\WINDOWS\System32\Drivers\LUsbKbd.Sys
[Scan path] C:\WINDOWS\system32\drivers\MbxStby.sys
[Scan path] C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
[Scan path] C:\WINDOWS\system32\mnmsrvc.exe
[Scan path] C:\WINDOWS\system32\drivers\MODEMCSA.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mouhid.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mraid35x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\system32\msdtc.exe
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
[Scan path] C:\PROGRA~1\FÆLLES~1\SYMANT~1\VIRUSD~1\20030814.007\NAVENG.SYS
[Scan path] C:\PROGRA~1\FÆLLES~1\SYMANT~1\VIRUSD~1\20030814.007\NAVEX15.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\system32\drivers\ksecdd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\nic1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ohci1394.sys
[Scan path] C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
[Scan path] C:\WINDOWS\system32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pcmcia.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2hib.sys
[Scan path] C:\WINDOWS\system32\HPZipm12.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\processr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1080.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql12160.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1240.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1280.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\RecAgent.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\system32\RegSrvc.exe
[Scan path] C:\WINDOWS\system32\locator.exe
[Scan path] C:\WINDOWS\system32\rsvp.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
[Scan path] C:\WINDOWS\system32\S24EvMon.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\s24trans.sys
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
[Scan path] C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sisagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\slntamr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Slnthal.sys
[Scan path] C:\WINDOWS\system32\slserv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sparrow.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc810.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc8xx.sys
[Scan path] C:\Programmer\Symantec\SYMEVENT.SYS
[Scan path] C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
[Scan path] C:\WINDOWS\System32\Drivers\SYMTDI.SYS
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_hi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_u3.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\SynTP.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\toside.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ultra.sys
[Scan path] C:\WINDOWS\system32\wdfmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\usbccgp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbohci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbprint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbscan.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[Scan path] C:\WINDOWS\system32\UAService.exe
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaide.sys
[Scan path] C:\WINDOWS\system32\drivers\vinyl97.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\w22n51.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 332
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 2386 Kb/s
Scan time: 00:00:26
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\Anna\NTUSER.DAT - read error
C:\Documents and Settings\Anna\NTUSER~1.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 7316
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 3798 Kb/s
Scan time: 00:05:35
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 7648
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 3697 Kb/s
Scan time: 00:06:01
=============================================================================

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-10-11, 12:53:14 [SNNECCI][Anna]
Command-line: "C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 160 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 284 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 690 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 147028
Key file: C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\system32\ZCfgSvc.exe
[Scan path] C:\WINDOWS\explorer.exe
[Scan path] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\Anna\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
[Scan path] c:\windows\system32\ime\tintlgnt\tintsetp.exe
[Scan path] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
[Scan path] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
[Scan path] C:\WINDOWS\system32\igfxtray.exe
[Scan path] c:\Apps\Powercinema\PCMService.exe
[Scan path] C:\WINDOWS\System32\hkcmd.exe
[Scan path] C:\Programmer\QuickTime\qttask.exe
[Scan path] C:\Programmer\ClamWin\bin\ClamTray.exe
[Scan path] C:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[Scan path] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
[Scan path] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[Scan path] C:\WINDOWS\KHALMNPR.EXE
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
[Scan path] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[Scan path] C:\WINDOWS\system32\ctfmon.exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
[Scan path] C:\Documents and Settings\Anna\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
[Scan path] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[Scan path] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[Scan path] C:\Programmer\Logitech\SetPoint\KEM.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\system32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\system32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\system32\remotepg.dll
[Scan path] C:\WINDOWS\system32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\system32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\WINDOWS\system32\twext.dll
[Scan path] C:\WINDOWS\system32\shmedia.dll
[Scan path] C:\WINDOWS\system32\browseui.dll
[Scan path] C:\WINDOWS\system32\sendmail.dll
[Scan path] C:\WINDOWS\system32\occache.dll
[Scan path] C:\WINDOWS\system32\webcheck.dll
[Scan path] C:\WINDOWS\system32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\system32\netplwiz.dll
[Scan path] C:\WINDOWS\system32\zipfldr.dll
[Scan path] C:\WINDOWS\system32\cdfview.dll
[Scan path] C:\WINDOWS\system32\extmgr.dll
[Scan path] C:\WINDOWS\system32\msieftp.dll
[Scan path] C:\WINDOWS\system32\docprop2.dll
[Scan path] C:\WINDOWS\system32\dsquery.dll
[Scan path] C:\WINDOWS\system32\dsuiext.dll
[Scan path] C:\WINDOWS\system32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\system32\dfsshlex.dll
[Scan path] C:\WINDOWS\system32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\Programmer\Synaptics\SynTP\SynTPCpl.dll
[Scan path] C:\WINDOWS\system32\mscoree.dll
[Scan path] C:\Programmer\Real\RealPlayer\rpshell.dll
[Scan path] C:\Apps\RecordNow\shlext.dll
[Scan path] C:\PROGRA~1\FÆLLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
[Scan path] C:\Programmer\Microsoft Office\OFFICE11\msohev.dll
[Scan path] C:\Programmer\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
[Scan path] C:\PROGRAMMER\FÆLLES FILER\INTERGRAPH\RAD\symbext.dll
[Scan path] C:\WINDOWS\system32\Audiodev.dll
[Scan path] C:\Programmer\MSN Messenger\fsshext.8.0.0812.00.dll
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
[Scan path] C:\Programmer\IDM\QUICKfind\PlugIns\IEHelp.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\system32\stobject.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\WINDOWS\system32\igfxsrvc.dll
[Scan path] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\LgNotify.dll
[Scan path] C:\WINDOWS\system32\WgaLogon.dll
[Scan path] C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\adpu160m.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\AegisP.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agp440.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aha154x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78u2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78xx.sys
[Scan path] c:\windows\system32\svchost.exe
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\aliide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\alim1541.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amdagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amsint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\arp1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3350p.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3550.sys
[Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\audstub.sys
[Scan path] C:\WINDOWS\system32\drivers\CDAC11BA.EXE
[Scan path] C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
[Scan path] C:\WINDOWS\system32\drivers\CdaC15BA.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\CmBatt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cmdide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\compbatt.sys
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] C:\WINDOWS\system32\drivers\o2mmb.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cpqarray.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dac960nt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\disk.sys
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dpti2o.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\fltMgr.sys
[Scan path] C:\WINDOWS\system32\drivers\ftdibus.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\system32\drivers\ftser2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hidusb.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hpn.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HPZid412.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HPZius12.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i2omp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\system32\imapi.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ini910u.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\intelide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\intelppm.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipnat.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\kbdhid.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
[Scan path] C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
[Scan path] C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
[Scan path] C:\WINDOWS\System32\Drivers\LUsbKbd.Sys
[Scan path] C:\WINDOWS\system32\drivers\MbxStby.sys
[Scan path] C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
[Scan path] C:\WINDOWS\system32\mnmsrvc.exe
[Scan path] C:\WINDOWS\system32\drivers\MODEMCSA.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mouhid.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mraid35x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\system32\msdtc.exe
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
[Scan path] C:\PROGRA~1\FÆLLES~1\SYMANT~1\VIRUSD~1\20030814.007\NAVENG.SYS
[Scan path] C:\PROGRA~1\FÆLLES~1\SYMANT~1\VIRUSD~1\20030814.007\NAVEX15.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\system32\drivers\ksecdd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\nic1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ohci1394.sys
[Scan path] C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
[Scan path] C:\WINDOWS\system32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pcmcia.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2hib.sys
[Scan path] C:\WINDOWS\system32\HPZipm12.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\processr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1080.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql12160.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1240.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1280.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\RecAgent.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\system32\RegSrvc.exe
[Scan path] C:\WINDOWS\system32\locator.exe
[Scan path] C:\WINDOWS\system32\rsvp.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
[Scan path] C:\WINDOWS\system32\S24EvMon.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\s24trans.sys
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
[Scan path] C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
[Scan path] C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sisagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\slntamr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Slnthal.sys
[Scan path] C:\WINDOWS\system32\slserv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sparrow.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc810.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc8xx.sys
[Scan path] C:\Programmer\Symantec\SYMEVENT.SYS
[Scan path] C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
[Scan path] C:\WINDOWS\System32\Drivers\SYMTDI.SYS
[Scan path] C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_hi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_u3.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\SynTP.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\toside.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ultra.sys
[Scan path] C:\WINDOWS\system32\wdfmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\usbccgp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbohci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbprint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbscan.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[Scan path] C:\WINDOWS\system32\UAService.exe
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaide.sys
[Scan path] C:\WINDOWS\system32\drivers\vinyl97.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\w22n51.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 331
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 2383 Kb/s
Scan time: 00:00:26
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\Anna\NTUSER.DAT - read error
C:\Documents and Settings\Anna\NTUSER~1.LOG - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\~DF675.tmp - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\~DFE9A1.tmp - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temporary Internet Files\Content.IE5\GTI7S1EF\frm_readappt[1].js probably infected with SCRIPT.Virus
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP129\A0080591.exe is hacktool program Tool.Prockill
C:\WINDOWS\system32\config\DEFAULT - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\SOFTWARE - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\SYSTEM - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 176054
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 1
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 60 Kb/s
Scan time: 01:28:14
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\Anna\NTUSER.DAT - read error
C:\Documents and Settings\Anna\NTUSER~1.LOG - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\MPS14.tmp - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\MPS1A.tmp - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\MPS1B.tmp - read error
C:\Documents and Settings\Anna\Lokale indstillinger\Temp\MPS20.tmp - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP129\A0080591.exe is hacktool program Tool.Prockill - moved
C:\WINDOWS\system32\config\DEFAULT - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\SOFTWARE - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\SYSTEM - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 176043
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 1
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 80 Kb/s
Scan time: 01:05:52
-----------------------------------------------------------------------------

Scanning interrupted by user! - viruses found
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 352428
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 2
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 75 Kb/s
Scan time: 02:34:32
=============================================================================




Kommentar
Fra : stl_s


Dato : 11-10-06 21:04

Det var da utroligt så genstridig den er

Kør lige en onlinescanning her hos Ewido http://www.ewido.net/en/onlinescan/ Du skal installere den activeX der dukker op øverst i vinduet.

Kommentar
Fra : huskat


Dato : 15-10-06 19:31

nu har jeg kørt den, og den siger, at den ikke kunne finde noget

Kommentar
Fra : stl_s


Dato : 15-10-06 20:26

Og den er stadigvæk i loggen formoder jeg ? Prøv lige dette, og så fix den igen i HijackThis:

Hent CleanUp her, og installer programmet. Et godt lille renseprogram, som du også kan have nytte af fremover http://www.greyknight17.com/spy/CleanUp.exe

Gå i "options", og sørg for at der kun er flueben ved Cookies og CleanUp all users. Kør en cleanup, og tillad programmet at logge af efter rensningen.

Stadigvæk ikke noget resultat, så lad os prøve en regsøgning med et andet program.

Brug denne fil http://download.bleepingcomputer.com/steelwerx/regsearch.zip Udpak den, og søg med søgeordet winantivirus Skriv det ind øverst i ruden, og klik ok. Kopier resultatet her ind, når det er færdig med at søge.

Kommentar
Fra : huskat


Dato : 16-10-06 21:34

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 16-10-2006 21:07:02 for strings:
; 'winantivirus'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NI.UWA6PK_0001_N91M2107"="\"c:\\documents and settings\\anna\\application data\\winantiviruspro2006freeinstall_dk[1].exe\" -nag "

; End Of The Log...


Kommentar
Fra : stl_s


Dato : 17-10-06 00:45

Nu skal du i registreringsdatabasen og slette den værdi manuelt. Der er en vejledning til registreringsdatabasen her http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=3441

Husk at lave backuppen først.

I venstre side klikker du dig frem til denne nøgle (markeret med fed skrift) og markerer den:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I det højre vindue finder du denne værdi:

NI.UWA6PK_0001_N91M2107

Højreklik på den, og slet den.

Tjek at den er væk efter genstart.

Kommentar
Fra : huskat


Dato : 17-10-06 11:13

backuppen?

Kommentar
Fra : stl_s


Dato : 17-10-06 16:14

Det står beskrevet i linket jeg lagde til dig http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=3441


Kommentar
Fra : huskat


Dato : 17-10-06 21:46

jeg forstår ikke det her i vejledningen:

derefter klikker du på Filer i XP og på Registreringsdatabase i alle andre styresystemer.


Kommentar
Fra : stl_s


Dato : 17-10-06 21:53

Focuser på dette: derefter klikker du på Filer i XP

Ignorer dette og på Registreringsdatabase i alle andre styresystemer og læs videre.

Kommentar
Fra : huskat


Dato : 19-10-06 07:37

øhh... undskyld, jeg er tungnem, men hvor står der filer i xp?

Kommentar
Fra : stl_s


Dato : 19-10-06 14:41

Sorry, jeg burde have forklaret det lidt tydeligere.

Når du har åbnet regedit, så markerer du "Denne Computer", og går op i "Filer" i øverste venstre hjørne. Klik "eksporter", Giv filen et navn, og gem den et sted hvor du kan finde den igen, hvis du skulle få brug for den.

Og så er det ellers bare at klikke dig frem til den angivne værdi, og slette den. Efter en genstart burde den være væk i HJT.

Kommentar
Fra : huskat


Dato : 24-10-06 09:47

Nu er den væk i HJT, vil det så sige, at det stads nu er helt fjernet fra min computer??

Kommentar
Fra : stl_s


Dato : 24-10-06 12:53

Jeps, nu er det skidt væk.

Kommentar
Fra : huskat


Dato : 24-10-06 12:55

IIIIIHHH mange tusind tak for (tålmodig) hjælp, det er jeg meget glad for

Accepteret svar
Fra : stl_s

Modtaget 20 point
Dato : 24-10-06 13:36

Velbekomme .

Kommentar
Fra : miritdk


Dato : 24-10-06 14:11

ooohh sikke en omgang

huskat - husk at acceptere svar og give stl_s de stjerne han fortjener

så lige du er rimelig ny bruger så tag ikke mit lille pip ilde op

Godkendelse af svar
Fra : huskat


Dato : 24-10-06 14:15

Tak for svaret stl_s.

Du har følgende muligheder
Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.
Søg
Reklame
Statistik
Spørgsmål : 177552
Tips : 31968
Nyheder : 719565
Indlæg : 6408847
Brugere : 218887

Månedens bedste
Årets bedste
Sidste års bedste