griped Skrevet 22. januar 2007 Skrevet 22. januar 2007 (endret) SAS, SmitfraudFix og UBC hjelper ikke! ja har et virus som er slikt at når jeg slår på dataen kommer det opp mange små error bokser og opptil 100 internet sider popper ukontrollert opp. har startet i sikkerhetsmodus å kjørt både SAS og SmitfraudFix med det begynner igjen når jeg slår på dataen normalt! hva gjør jeg? Endret 25. januar 2007 av griped
hailgodset91 Skrevet 22. januar 2007 Skrevet 22. januar 2007 Prøv og last ned dette programmet http://www.ultimatebootcd.com/download.html og brenn det ut på cd Så booter du opp fra den cden og kjører de virus programmene som ligger der
quakie Skrevet 22. januar 2007 Skrevet 22. januar 2007 (endret) Last ned HiJackThis, legg ut loggen her. UBC er jo selvfølgelig også verdt et forsøk først . Endret 22. januar 2007 av quakie
griped Skrevet 22. januar 2007 Forfatter Skrevet 22. januar 2007 takk for tipsene skal prøve UBC først deretter hvis ikke det hjelper vil jeg legge ut en hijackThis logg
griped Skrevet 23. januar 2007 Forfatter Skrevet 23. januar 2007 (endret) UBC hjalp ikke Endret 23. januar 2007 av griped
Caze Skrevet 24. januar 2007 Skrevet 24. januar 2007 (endret) Og hvor mange timer er medgått til feilsøking nå? Og er du 100% sikker på at ALT snusk er borte? I alle tilfeller jeg har vært borti virus/spyware, har det tatt under 1 time å løse problemet. Reinstallasjon av Windows. Selvsagt tar det tid å installere programmer/spill også, men dette er den sikreste måten etter at man har blitt infisert. Bare en tanke... Endret 24. januar 2007 av Caze
hailgodset91 Skrevet 24. januar 2007 Skrevet 24. januar 2007 Ja men hvis han har en OEM versjon av windows kan han jo ikke gjøre dette til evig tid... Så det er jo lurt å prøve andre muligheter først
norbat Skrevet 24. januar 2007 Skrevet 24. januar 2007 Da prøver du HijackThis 7782367[/snapback] https://www.diskusjon.no/index.php?showtopic=691246
Hjelmn Skrevet 24. januar 2007 Skrevet 24. januar 2007 noen som vet hvordan jeg får fjernet et virus en kompis har fått gjennom MSN? han åpna et "bilde" og av det ble et virusprogram installert. Nå får han ikke gjort en dritt på pcn. Fins det noe fjerne-program?
norbat Skrevet 24. januar 2007 Skrevet 24. januar 2007 (endret) noen som vet hvordan jeg får fjernet et virus en kompis har fått gjennom MSN? han åpna et "bilde" og av det ble et virusprogram installert. Nå får han ikke gjort en dritt på pcn. Fins det noe fjerne-program? 7791439[/snapback] Avinstallere MSN fra Legg til/fjern programmer Hent deretter DrWeb Hent SAS, installer og oppdater programmet. Restart i Sikker modus (tapp F8 under oppstart) Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Når scanningen er ferdig, velg file – Trykk på- 'Save Report list'. Det vil da ligge en fil som heter "drweb.csv" på skrivebordet. Kjør deretter en full scan med SAS Restart maskinen i normal modus Last ned Combofix. Kjør programmet. Pc'n vil antakelig restarte og lage en logg, combofix.txt. Denne kopierer du og legger ved neste post sammen med loggen fra Hijackthis + loggen fra DrWeb Endret 24. januar 2007 av norbat
tfw Skrevet 24. januar 2007 Skrevet 24. januar 2007 det er så kult det problemet. du har surfa for mye porno ^^ jeg formaterte bare. men det vil neppe du så. gjør som nr 2 fortalte
griped Skrevet 25. januar 2007 Forfatter Skrevet 25. januar 2007 Her er loggen: Logfile of HijackThis v1.99.1 Scan saved at 02:33:35, on 02.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\sxserv101.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\VIAudioi\HDADeck\HDeck.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Telenor\Online Start\OnlineStart.exe C:\Program Files\BearShare\BearShare.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\program files\valve\steam\steam.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Peder\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - (no file) O2 - BHO: (no name) - {202EAA17-9666-0D88-329C-055F888F645E} - C:\WINDOWS\system32\mxawmeh.dll (file missing) O2 - BHO: (no name) - {25C7CE21-E543-46A9-B4B3-01B845B28A6D} - C:\WINDOWS\system32\admparsex.dll O2 - BHO: (no name) - {2C07ED9E-B4D8-4114-AD15-DF7F2CB0E04E} - (no file) O2 - BHO: (no name) - {55708BA5-2D36-AAB5-7A8C-08A36CBCA347} - C:\WINDOWS\system32\xyeamnh.dll O2 - BHO: (no name) - {6B754AA2-0CE7-4822-9865-E33AFD03E407} - C:\WINDOWS\system32\fontextg.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\fontextc.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - C:\WINDOWS\system32\fontextd.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00405} - C:\WINDOWS\fontexte.dll (file missing) O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100407} - C:\WINDOWS\system32\d3dxofa.dll O2 - BHO: (no name) - {DDEC2387-6435-46B6-AF8C-1075F6EBF08B} - C:\WINDOWS\admparsez.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\KGB Spy\winlogons.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [showwnd] showwnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ecc] C:\Program Files\Telenor\Online Start\OnlineStart.exe O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Patch] C:\WINDOWS\Patch.exe /nomsg O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [bitComet] "D:\Program Files\BitLord\BitLord.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.coop.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153828430421 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153828616375 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing) O20 - Winlogon Notify: winup2date - C:\WINDOWS\system32\servmswinp.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Hammarhaus Skrevet 25. januar 2007 Skrevet 25. januar 2007 (endret) C:\Program Files\BearShare\BearShare.exe 7798309[/snapback] BearShare er fy fy Det følger med spyware når du nedlaster det. Endret 25. januar 2007 av kennethsa91
griped Skrevet 25. januar 2007 Forfatter Skrevet 25. januar 2007 ja vet men men det er ikke no alvorlig noe og det er ikke bear share som er det viruset jeg snakker om
griped Skrevet 25. januar 2007 Forfatter Skrevet 25. januar 2007 loggen fra combofix: "Peder" - 06-01-02 3:59:23 Service Pack 2 ComboFix 07-01-25 - Running from: "C:\Program Files\Mozilla Firefox" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\{4C2F8~1 C:\Program Files\VSAdd-in C:\WINDOWS\system32\components ((((((((((((((((((((((((((((((( Files Created from 2005-12-02 to 2006-01-02 )))))))))))))))))))))))))))))))))) 2006-01-02 04:09 <DIR> d-------- C:\Program Files\Globe7 2006-01-02 03:13 <DIR> d-------- C:\c5d1347471e3f0e0f1146978f801 2005-12-09 05:53 162,944 -ra------ C:\WINDOWS\system32\drivers\rt25usbap.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-15 22:54 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2006-10-20 13:04 31680 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys 2006-10-20 11:18 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS 2006-10-18 20:00 38528 --------- C:\WINDOWS\system32\drivers\wpdusb.sys 2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys 2006-10-12 02:08 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2006-10-12 02:02 96256 --a------ C:\WINDOWS\system32\drivers\sptd6749.sys 2006-10-12 02:02 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2006-09-28 19:00 82944 --------- C:\WINDOWS\system32\drivers\WudfRd.sys 2006-09-28 18:55 77568 --------- C:\WINDOWS\system32\drivers\WudfPf.sys 2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-16 10:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys 2006-08-14 11:34 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys 2006-07-27 18:28 20640 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2006-07-18 02:33 137216 --------- C:\WINDOWS\system32\drivers\viahduaa.sys 2006-07-13 09:48 202240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys 2006-06-14 10:00 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2006-06-14 09:47 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2006-06-14 09:47 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2006-05-19 06:11 1574400 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2006-05-05 10:47 174592 --a------ C:\WINDOWS\system32\drivers\rdbss.sys 2006-05-05 10:41 453120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys 2006-04-29 00:34 882688 -r------- C:\WINDOWS\system32\drivers\3xHybrid.sys 2006-03-17 01:33 262784 --a------ C:\WINDOWS\system32\drivers\http.sys 2006-03-16 11:20 155992 --------- C:\WINDOWS\system32\drivers\ino_fltr.sys 2006-03-14 11:15 24152 --------- C:\WINDOWS\system32\drivers\ino_flpy.sys 2006-02-15 01:22 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2006-01-11 01:48 46592 --a------ C:\WINDOWS\system32\drivers\irbus.sys 2006-01-11 01:48 19200 --a------ C:\WINDOWS\system32\drivers\hidir.sys 2006-01-04 04:35 68096 --a------ C:\WINDOWS\system32\webclnt.dll 2006-01-02 04:12 75 --a------ C:\WINDOWS\taskmen32.pif 2006-01-02 04:06 -------- d-------- C:\Program Files\mozilla firefox 2006-01-02 02:40 -------- d-------- C:\Program Files\superantispyware 2006-01-02 02:27 102 --a------ C:\WINDOWS\ztaskmen32.pif 2006-01-02 00:30 16896 --a------ C:\WINDOWS\system32\sxserv101.dll 2006-01-01 22:10 -------- d-------- C:\Program Files\msn messenger 2005-12-30 19:18 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2005-12-30 19:10 761856 --a------ C:\WINDOWS\system32\xvidcore.dll 2005-12-29 04:04 280064 --a------ C:\WINDOWS\system32\gdi32.dll 2005-11-28 18:45 7040 --------- C:\WINDOWS\system32\drivers\x10hid.sys 2005-11-17 22:12 533504 --------- C:\WINDOWS\opuc.dll 2005-11-10 13:41 5585408 --a------ C:\WINDOWS\cnyhkey.exe 2005-11-03 15:40 63488 --a------ C:\WINDOWS\system32\drivers\sfvfs02.sys 2005-10-29 07:49 84480 --------- C:\WINDOWS\system32\pintool.exe 2005-10-29 07:49 25600 --------- C:\WINDOWS\system32\bcsprsrc.dll 2005-10-29 07:49 151552 --------- C:\WINDOWS\system32\ifxcardm.dll 2005-10-29 07:49 133120 --------- C:\WINDOWS\system32\axaltocm.dll 2005-10-29 04:12 29384 --a------ C:\WINDOWS\system32\mdimon.dll 2005-10-29 01:40 32456 --a------ C:\WINDOWS\system32\fm20enu.dll 2005-10-29 01:40 1116864 --a------ C:\WINDOWS\system32\fm20.dll 2005-10-29 00:40 96792 --------- C:\WINDOWS\system32\basecsp.dll 2005-10-20 23:20 1082368 --a------ C:\WINDOWS\system32\esent.dll 2005-10-17 22:14 80896 --a------ C:\WINDOWS\system32\fontsub.dll 2005-10-17 22:14 118272 --a------ C:\WINDOWS\system32\t2embed.dll 2005-10-06 01:10 1839360 --a------ C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent" "BitComet"="\"D:\\Program Files\\BitLord\\BitLord.exe\"" "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "HDAudDeck"="C:\\Program Files\\VIAudioi\\HDADeck\\HDeck.exe 1" "Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s" @="" "winlogons.exe"="C:\\Program Files\\KGB Spy\\winlogons.exe" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "ledpointer"="CNYHKey.exe" "Showwnd"="showwnd.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ecc"="C:\\Program Files\\Telenor\\Online Start\\OnlineStart.exe" "BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause" "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "Patch"="C:\\WINDOWS\\Patch.exe /nomsg" "Globe7"="\"C:\\Program Files\\Globe7\\Globe7.exe\" /hide" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00403}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"="z" "{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00405}"="z" "{6B754AA2-0CE7-4822-9865-E33AFD03E407}"="z" "{25C7CE21-E543-46A9-B4B3-01B845B28A6D}"="Master Browseui" "{DDEC2387-6435-46B6-AF8C-1075F6EBF08B}"="Master Browseui" "{D1159422-16E3-462F-A93D-FB718E100407}"="za" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "clc"="C:\\WINDOWS\\system32\\clc.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "clc"="C:\\WINDOWS\\system32\\clc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winup2date [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J] Shell\AutoRun\command J:\MLLaunch.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aaf0a50-598e-11db-90e3-001617880d0f}] Shell\AutoRun\command J:\MLLaunch.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70498916-920f-11db-9148-001617880d0f}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL docs\index.html Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AAD4309D91A7A105.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 06-01-02 4:13:06
griped Skrevet 25. januar 2007 Forfatter Skrevet 25. januar 2007 Og her er loggen fra Dr. Web: ============================================================================= Dr.Web® Scanner for Windows v4.33.2 (4.33.2.10060) Copyright © Igor Daniloff, 1992-2006 Log generated on: 2006-01-02, 04:18:34 [PELLE][Peder] Command-line: "C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2 ============================================================================= Engine version: 4.33 (4.33.5.10110) Engine API version: 2.01 [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 853 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 403 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 558 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 171613 Key file: C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini [scan path] c:\documents and settings\peder\desktop\drweb-cureit.exe [scan path] c:\documents and settings\peder\local settings\temp\rarsfx0\_start.exe [scan path] c:\documents and settings\peder\local settings\temp\rarsfx0\cureit.exe [scan path] c:\documents and settings\peder\start menu\programs\startup\desktop.ini [scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll [scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll [scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe [scan path] c:\program files\ati technologies\ati.ace\atiacmxx.dll [scan path] c:\program files\ati technologies\ati.ace\cli.exe [scan path] c:\program files\bearshare\bearshare.exe [scan path] c:\program files\ca\etrust antivirus\inorpc.exe [scan path] c:\program files\ca\etrust antivirus\inort.exe [scan path] c:\program files\ca\etrust antivirus\inoshell.dll [scan path] c:\program files\ca\etrust antivirus\inotask.exe [scan path] c:\program files\ca\etrust antivirus\realmon.exe [scan path] c:\program files\common files\adobe systems shared\service\adobelmsvc.exe [scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe [scan path] c:\program files\common files\ahead\lib\nerocheck.exe [scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll [scan path] c:\program files\common files\ahead\lib\nmbgmonitor.exe [scan path] c:\program files\common files\ahead\lib\nmindexstoresvr.exe [scan path] c:\program files\common files\logitech\khal\khalmnpr.exe [scan path] c:\program files\common files\microsoft shared\help\hxds.dll [scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll [scan path] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll [scan path] c:\program files\common files\microsoft shared\office12\msoshext.dll [scan path] c:\program files\common files\microsoft shared\office12\odserv.exe [scan path] c:\program files\common files\microsoft shared\source engine\ose.exe [scan path] c:\program files\common files\microsoft shared\vs7debug\mdm.exe [scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll [scan path] c:\program files\common files\microsoft shared\web components\11\owc11.dll [scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll [scan path] c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll [scan path] c:\program files\common files\microsoft shared\works shared\wkcalrem.exe [scan path] c:\program files\common files\system\ole db\oledb32.dll [scan path] c:\program files\common files\x10\common\x10nets.exe [scan path] c:\program files\globe7\globe7.exe [scan path] c:\program files\hp\hp software update\hpwuschd2.exe [scan path] c:\program files\hp\hpcoretech\comp\hpuiprot.dll [scan path] c:\program files\java\jre1.5.0_07\bin\ssv.dll [scan path] c:\program files\logitech\setpoint\setpoint.exe [scan path] c:\program files\messenger\msmsgs.exe [scan path] c:\program files\messengerplus! 3\msgplus.exe [scan path] c:\program files\microsoft office\office11\mlshext.dll [scan path] c:\program files\microsoft office\office11\msohev.dll [scan path] c:\program files\microsoft office\office11\olkfstub.dll [scan path] c:\program files\mozilla firefox\firefox.exe [scan path] c:\program files\msn messenger\fsshext.8.0.0812.00.dll [scan path] c:\program files\msn messenger\msgrapp.8.0.0812.00.dll [scan path] c:\program files\msn messenger\msnmsgr.exe [scan path] c:\program files\nero\nero 7\nero backitup\nbservice.exe [scan path] c:\program files\outlook express\setup50.exe [scan path] c:\program files\outlook express\wabfind.dll [scan path] c:\program files\quicktime\qttask.exe [scan path] c:\program files\superantispyware\sasdifsv.sys [scan path] c:\program files\superantispyware\sasenum.sys [scan path] c:\program files\superantispyware\saskutil.sys [scan path] c:\program files\superantispyware\sasseh.dll [scan path] c:\program files\superantispyware\saswinlo.dll [scan path] c:\program files\superantispyware\superantispyware.exe [scan path] c:\program files\telenor\online start\onlinestart.exe [scan path] c:\program files\valve\steam\steam.exe [scan path] c:\program files\viaudioi\hdadeck\hdeck.exe [scan path] c:\program files\windows media player\wmpnetwk.exe [scan path] c:\program files\windows media player\wmpnscfg.exe [scan path] c:\program files\winrar\rarext.dll [scan path] c:\program files\yahoo!\companion\installs\cpn0\yt.dll [scan path] c:\windows\admparsez.dll [scan path] c:\windows\cnyhkey.exe [scan path] c:\windows\ehome\ehmsas.exe [scan path] c:\windows\ehome\ehrecvr.exe [scan path] c:\windows\ehome\ehsched.exe [scan path] c:\windows\ehome\ehtray.exe [scan path] c:\windows\ehome\mcrdsvc.exe [scan path] c:\windows\explorer.exe [scan path] c:\windows\inf\unregmp2.exe [scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe [scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe [scan path] c:\windows\msagent\agentpsh.dll [scan path] c:\windows\network diagnostic\xpnetdiag.exe [scan path] c:\windows\showwnd.exe [scan path] c:\windows\system32\admparsex.dll [scan path] c:\windows\system32\advapi32.dll [scan path] c:\windows\system32\advpack.dll [scan path] c:\windows\system32\alg.exe [scan path] c:\windows\system32\appwiz.cpl [scan path] c:\windows\system32\ati2evxx.dll [scan path] c:\windows\system32\ati2evxx.exe [scan path] c:\windows\system32\audiodev.dll [scan path] c:\windows\system32\autochk.exe [scan path] c:\windows\system32\browseui.dll [scan path] c:\windows\system32\cabview.dll [scan path] c:\windows\system32\cdfview.dll [scan path] c:\windows\system32\cisvc.exe [scan path] c:\windows\system32\clipsrv.exe [scan path] c:\windows\system32\cnbjmon.dll [scan path] c:\windows\system32\comdlg32.dll [scan path] c:\windows\system32\crypt32.dll [scan path] c:\windows\system32\cryptext.dll [scan path] c:\windows\system32\cryptnet.dll [scan path] c:\windows\system32\cscdll.dll [scan path] c:\windows\system32\cscui.dll [scan path] c:\windows\system32\csrss.exe [scan path] c:\windows\system32\ctfmon.exe [scan path] c:\windows\system32\d3dxofa.dll [scan path] c:\windows\system32\deskadp.dll [scan path] c:\windows\system32\deskmon.dll [scan path] c:\windows\system32\deskperf.dll [scan path] c:\windows\system32\dfshim.dll [scan path] c:\windows\system32\dfsshlex.dll [scan path] c:\windows\system32\diskcopy.dll [scan path] c:\windows\system32\dllhost.exe [scan path] c:\windows\system32\dmadmin.exe [scan path] c:\windows\system32\docprop.dll [scan path] c:\windows\system32\docprop2.dll [scan path] c:\windows\system32\drivers\3xhybrid.sys [scan path] c:\windows\system32\drivers\acpi.sys [scan path] c:\windows\system32\drivers\aec.sys [scan path] c:\windows\system32\drivers\afd.sys [scan path] c:\windows\system32\drivers\arp1394.sys [scan path] c:\windows\system32\drivers\asyncmac.sys [scan path] c:\windows\system32\drivers\atapi.sys [scan path] c:\windows\system32\drivers\ati2mtag.sys [scan path] c:\windows\system32\drivers\atmarpc.sys [scan path] c:\windows\system32\drivers\audstub.sys [scan path] c:\windows\system32\drivers\ccdecode.sys [scan path] c:\windows\system32\drivers\cdrom.sys [scan path] c:\windows\system32\drivers\disk.sys [scan path] c:\windows\system32\drivers\dmboot.sys [scan path] c:\windows\system32\drivers\dmio.sys [scan path] c:\windows\system32\drivers\dmload.sys [scan path] c:\windows\system32\drivers\dmusic.sys [scan path] c:\windows\system32\drivers\drmkaud.sys [scan path] c:\windows\system32\drivers\dtscsi.sys c:\windows\system32\drivers\dtscsi.sys - read error [scan path] c:\windows\system32\drivers\fdc.sys [scan path] c:\windows\system32\drivers\fetnd5.sys [scan path] c:\windows\system32\drivers\fetnd5b.sys [scan path] c:\windows\system32\drivers\flpydisk.sys [scan path] c:\windows\system32\drivers\fltmgr.sys [scan path] c:\windows\system32\drivers\ftdisk.sys [scan path] c:\windows\system32\drivers\hamachi.sys [scan path] c:\windows\system32\drivers\hdaudbus.sys [scan path] c:\windows\system32\drivers\hidusb.sys [scan path] c:\windows\system32\drivers\http.sys [scan path] c:\windows\system32\drivers\i8042prt.sys [scan path] c:\windows\system32\drivers\imapi.sys [scan path] c:\windows\system32\drivers\ino_flpy.sys [scan path] c:\windows\system32\drivers\ino_fltr.sys [scan path] c:\windows\system32\drivers\intelppm.sys [scan path] c:\windows\system32\drivers\ip6fw.sys [scan path] c:\windows\system32\drivers\ipfltdrv.sys [scan path] c:\windows\system32\drivers\ipinip.sys [scan path] c:\windows\system32\drivers\ipnat.sys [scan path] c:\windows\system32\drivers\ipsec.sys [scan path] c:\windows\system32\drivers\irenum.sys [scan path] c:\windows\system32\drivers\isapnp.sys [scan path] c:\windows\system32\drivers\kbdclass.sys [scan path] c:\windows\system32\drivers\kbdhid.sys [scan path] c:\windows\system32\drivers\kmixer.sys [scan path] c:\windows\system32\drivers\l8042mou.sys [scan path] c:\windows\system32\drivers\lmouke.sys [scan path] c:\windows\system32\drivers\mhndrv.sys [scan path] c:\windows\system32\drivers\mouclass.sys [scan path] c:\windows\system32\drivers\mouhid.sys [scan path] c:\windows\system32\drivers\mpe.sys [scan path] c:\windows\system32\drivers\mrxdav.sys [scan path] c:\windows\system32\drivers\mrxsmb.sys [scan path] c:\windows\system32\drivers\msgpc.sys [scan path] c:\windows\system32\drivers\mskssrv.sys [scan path] c:\windows\system32\drivers\mspclock.sys [scan path] c:\windows\system32\drivers\mspqm.sys [scan path] c:\windows\system32\drivers\mssmbios.sys [scan path] c:\windows\system32\drivers\mstee.sys [scan path] c:\windows\system32\drivers\nabtsfec.sys [scan path] c:\windows\system32\drivers\ndisip.sys [scan path] c:\windows\system32\drivers\ndistapi.sys [scan path] c:\windows\system32\drivers\ndisuio.sys [scan path] c:\windows\system32\drivers\ndiswan.sys [scan path] c:\windows\system32\drivers\netbios.sys [scan path] c:\windows\system32\drivers\netbt.sys [scan path] c:\windows\system32\drivers\nic1394.sys [scan path] c:\windows\system32\drivers\nwlnkflt.sys [scan path] c:\windows\system32\drivers\nwlnkfwd.sys [scan path] c:\windows\system32\drivers\ohci1394.sys [scan path] c:\windows\system32\drivers\parport.sys [scan path] c:\windows\system32\drivers\pci.sys [scan path] c:\windows\system32\drivers\pciide.sys [scan path] c:\windows\system32\drivers\pcouffin.sys [scan path] c:\windows\system32\drivers\ptilink.sys [scan path] c:\windows\system32\drivers\pxhelp20.sys [scan path] c:\windows\system32\drivers\rasacd.sys [scan path] c:\windows\system32\drivers\rasl2tp.sys [scan path] c:\windows\system32\drivers\raspppoe.sys [scan path] c:\windows\system32\drivers\raspptp.sys [scan path] c:\windows\system32\drivers\raspti.sys [scan path] c:\windows\system32\drivers\rdbss.sys [scan path] c:\windows\system32\drivers\rdpcdd.sys [scan path] c:\windows\system32\drivers\rdpdr.sys [scan path] c:\windows\system32\drivers\redbook.sys [scan path] c:\windows\system32\drivers\rt25usbap.sys [scan path] c:\windows\system32\drivers\secdrv.sys [scan path] c:\windows\system32\drivers\serenum.sys [scan path] c:\windows\system32\drivers\serial.sys [scan path] c:\windows\system32\drivers\sfdrv01.sys [scan path] c:\windows\system32\drivers\sfhlp02.sys [scan path] c:\windows\system32\drivers\sfvfs02.sys [scan path] c:\windows\system32\drivers\slip.sys [scan path] c:\windows\system32\drivers\splitter.sys [scan path] c:\windows\system32\drivers\sptd.sys c:\windows\system32\drivers\sptd.sys - read error [scan path] c:\windows\system32\drivers\sr.sys [scan path] c:\windows\system32\drivers\srv.sys [scan path] c:\windows\system32\drivers\streamip.sys [scan path] c:\windows\system32\drivers\swenum.sys [scan path] c:\windows\system32\drivers\swmidi.sys [scan path] c:\windows\system32\drivers\sysaudio.sys [scan path] c:\windows\system32\drivers\tcpip.sys [scan path] c:\windows\system32\drivers\termdd.sys [scan path] c:\windows\system32\drivers\uagp35.sys [scan path] c:\windows\system32\drivers\ukbflt.sys [scan path] c:\windows\system32\drivers\update.sys [scan path] c:\windows\system32\drivers\usbccgp.sys [scan path] c:\windows\system32\drivers\usbehci.sys [scan path] c:\windows\system32\drivers\usbhub.sys [scan path] c:\windows\system32\drivers\usbscan.sys [scan path] c:\windows\system32\drivers\usbstor.sys [scan path] c:\windows\system32\drivers\usbuhci.sys [scan path] c:\windows\system32\drivers\vga.sys [scan path] c:\windows\system32\drivers\viaagp1.sys [scan path] c:\windows\system32\drivers\viahduaa.sys [scan path] c:\windows\system32\drivers\viaide.sys [scan path] c:\windows\system32\drivers\wanarp.sys [scan path] c:\windows\system32\drivers\wdmaud.sys [scan path] c:\windows\system32\drivers\wstcodec.sys [scan path] c:\windows\system32\drivers\wudfpf.sys [scan path] c:\windows\system32\drivers\wudfrd.sys [scan path] c:\windows\system32\drivers\x10hid.sys [scan path] c:\windows\system32\drivers\x10ufx2.sys [scan path] c:\windows\system32\dskquoui.dll [scan path] c:\windows\system32\dsquery.dll [scan path] c:\windows\system32\dssec.dll [scan path] c:\windows\system32\dsuiext.dll [scan path] c:\windows\system32\extmgr.dll [scan path] c:\windows\system32\fontext.dll [scan path] c:\windows\system32\fxsmon.dll [scan path] c:\windows\system32\fxssvc.exe [scan path] c:\windows\system32\gdi32.dll [scan path] c:\windows\system32\hticons.dll [scan path] c:\windows\system32\icmui.dll [scan path] c:\windows\system32\ie4uinit.exe [scan path] c:\windows\system32\ieudinit.exe [scan path] c:\windows\system32\imagehlp.dll [scan path] c:\windows\system32\imapi.exe [scan path] c:\windows\system32\inetcomm.dll [scan path] c:\windows\system32\itss.dll [scan path] c:\windows\system32\kerberos.dll [scan path] c:\windows\system32\kernel32.dll [scan path] c:\windows\system32\localspl.dll [scan path] c:\windows\system32\locator.exe [scan path] c:\windows\system32\logonui.exe [scan path] c:\windows\system32\lsass.exe [scan path] c:\windows\system32\lz32.dll [scan path] c:\windows\system32\mdimon.dll [scan path] c:\windows\system32\mmcshext.dll [scan path] c:\windows\system32\mmsys.cpl [scan path] c:\windows\system32\mnmsrvc.exe [scan path] c:\windows\system32\mscoree.dll [scan path] c:\windows\system32\mscories.dll [scan path] c:\windows\system32\msdtc.exe [scan path] c:\windows\system32\mshtml.dll [scan path] c:\windows\system32\msieftp.dll [scan path] c:\windows\system32\msiexec.exe [scan path] c:\windows\system32\mstask.dll [scan path] c:\windows\system32\msv1_0.dll [scan path] c:\windows\system32\msvidctl.dll [scan path] c:\windows\system32\mswsock.dll [scan path] c:\windows\system32\mydocs.dll [scan path] c:\windows\system32\netdde.exe [scan path] c:\windows\system32\netplwiz.dll [scan path] c:\windows\system32\netshell.dll [scan path] c:\windows\system32\ntlanui2.dll [scan path] c:\windows\system32\ntsd.exe [scan path] c:\windows\system32\ntshrui.dll [scan path] c:\windows\system32\ntsim.sys [scan path] c:\windows\system32\occache.dll [scan path] c:\windows\system32\ole32.dll [scan path] c:\windows\system32\oleaut32.dll [scan path] c:\windows\system32\olecli32.dll [scan path] c:\windows\system32\olecnv32.dll [scan path] c:\windows\system32\olesvr32.dll [scan path] c:\windows\system32\olethk32.dll [scan path] c:\windows\system32\photowiz.dll [scan path] c:\windows\system32\pjlmon.dll [scan path] c:\windows\system32\printui.dll [scan path] c:\windows\system32\regsvr32.exe [scan path] c:\windows\system32\remotepg.dll [scan path] c:\windows\system32\rpcrt4.dll [scan path] c:\windows\system32\rpcss.dll [scan path] c:\windows\system32\rshx32.dll [scan path] c:\windows\system32\rsvp.exe [scan path] c:\windows\system32\rsvpsp.dll [scan path] c:\windows\system32\rundll32.exe [scan path] c:\windows\system32\scardsvr.exe [scan path] c:\windows\system32\scecli.dll [scan path] c:\windows\system32\schannel.dll [scan path] c:\windows\system32\sclgntfy.dll [scan path] c:\windows\system32\sendmail.dll [scan path] c:\windows\system32\services.exe [scan path] c:\windows\system32\servmswinp.dll [scan path] c:\windows\system32\sessmgr.exe [scan path] c:\windows\system32\setupapi.dll [scan path] c:\windows\system32\shdocvw.dll [scan path] c:\windows\system32\shell32.dll [scan path] c:\windows\system32\shimgvw.dll [scan path] c:\windows\system32\shmedia.dll [scan path] c:\windows\system32\shmgrate.exe [scan path] c:\windows\system32\shscrap.dll [scan path] c:\windows\system32\slayerxp.dll [scan path] c:\windows\system32\smlogsvc.exe [scan path] c:\windows\system32\smss.exe [scan path] c:\windows\system32\spoolsv.exe [scan path] c:\windows\system32\stobject.dll [scan path] c:\windows\system32\svchost.exe [scan path] c:\windows\system32\sxserv101.exe >>c:\windows\system32\sxserv101.exe probably infected with BINARYRES [scan path] c:\windows\system32\syncui.dll [scan path] c:\windows\system32\tcpmon.dll [scan path] c:\windows\system32\themeui.dll [scan path] c:\windows\system32\tlntsvr.exe [scan path] c:\windows\system32\twext.dll [scan path] c:\windows\system32\ups.exe [scan path] c:\windows\system32\url.dll [scan path] c:\windows\system32\urlmon.dll [scan path] c:\windows\system32\usbmon.dll [scan path] c:\windows\system32\user32.dll [scan path] c:\windows\system32\version.dll [scan path] c:\windows\system32\vssvc.exe [scan path] c:\windows\system32\wbem\wmiapsrv.exe [scan path] c:\windows\system32\wdigest.dll [scan path] c:\windows\system32\webcheck.dll [scan path] c:\windows\system32\wgalogon.dll [scan path] c:\windows\system32\wiascr.dll [scan path] c:\windows\system32\wiashext.dll [scan path] c:\windows\system32\wininet.dll [scan path] c:\windows\system32\winlogon.exe [scan path] c:\windows\system32\wldap32.dll [scan path] c:\windows\system32\wlnotify.dll [scan path] c:\windows\system32\wmpshell.dll [scan path] c:\windows\system32\wpdshext.dll [scan path] c:\windows\system32\wpdshserviceobj.dll [scan path] c:\windows\system32\wshext.dll [scan path] c:\windows\system32\wuaucpl.cpl [scan path] c:\windows\system32\xyeamnh.dll c:\windows\system32\xyeamnh.dll infected with Trojan.DownLoader.based - will be cured after reboot [scan path] c:\windows\system32\zipfldr.dll [scan path] d:\program files\bitlord\bitlord.exe ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 356 Infected objects found: 1 Objects with modifications found: 0 Suspicious objects found: 1 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 4832 Kb/s Scan time: 00:00:28 ----------------------------------------------------------------------------- c:\windows\system32\sxserv101.exe - will be deleted after reboot ============================================================================= Total session statistics ============================================================================= Objects scanned: 356 Infected objects found: 1 Objects with modifications found: 0 Suspicious objects found: 1 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 1 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 4832 Kb/s Scan time: 00:00:28 ============================================================================= ============================================================================= Dr.Web® Scanner for Windows v4.33.2 (4.33.2.10060) Copyright © Igor Daniloff, 1992-2006 Log generated on: 2006-01-02, 04:21:21 [PELLE][Peder] Command-line: "C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2 ============================================================================= Engine version: 4.33 (4.33.5.10110) Engine API version: 2.01 [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 853 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 403 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 558 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records [Virus base] C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 171613 Key file: C:\DOCUME~1\Peder\LOCALS~1\Temp\RarSFX0\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini [scan path] c:\documents and settings\peder\desktop\drweb-cureit.exe [scan path] c:\documents and settings\peder\local settings\temp\rarsfx0\_start.exe [scan path] c:\documents and settings\peder\local settings\temp\rarsfx0\cureit.exe [scan path] c:\documents and settings\peder\start menu\programs\startup\desktop.ini [scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll [scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll [scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe [scan path] c:\program files\ati technologies\ati.ace\atiacmxx.dll [scan path] c:\program files\ati technologies\ati.ace\cli.exe [scan path] c:\program files\bearshare\bearshare.exe [scan path] c:\program files\ca\etrust antivirus\inorpc.exe [scan path] c:\program files\ca\etrust antivirus\inort.exe [scan path] c:\program files\ca\etrust antivirus\inoshell.dll [scan path] c:\program files\ca\etrust antivirus\inotask.exe [scan path] c:\program files\ca\etrust antivirus\realmon.exe [scan path] c:\program files\common files\adobe systems shared\service\adobelmsvc.exe [scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe [scan path] c:\program files\common files\ahead\lib\nerocheck.exe [scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll [scan path] c:\program files\common files\ahead\lib\nmbgmonitor.exe [scan path] c:\program files\common files\ahead\lib\nmindexstoresvr.exe [scan path] c:\program files\common files\logitech\khal\khalmnpr.exe [scan path] c:\program files\common files\microsoft shared\help\hxds.dll [scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll [scan path] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll [scan path] c:\program files\common files\microsoft shared\office12\msoshext.dll [scan path] c:\program files\common files\microsoft shared\office12\odserv.exe [scan path] c:\program files\common files\microsoft shared\source engine\ose.exe [scan path] c:\program files\common files\microsoft shared\vs7debug\mdm.exe [scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll [scan path] c:\program files\common files\microsoft shared\web components\11\owc11.dll [scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll [scan path] c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll [scan path] c:\program files\common files\microsoft shared\works shared\wkcalrem.exe [scan path] c:\program files\common files\system\ole db\oledb32.dll [scan path] c:\program files\common files\x10\common\x10nets.exe [scan path] c:\program files\globe7\globe7.exe [scan path] c:\program files\hp\hp software update\hpwuschd2.exe [scan path] c:\program files\hp\hpcoretech\comp\hpuiprot.dll [scan path] c:\program files\java\jre1.5.0_07\bin\ssv.dll [scan path] c:\program files\logitech\setpoint\setpoint.exe [scan path] c:\program files\messenger\msmsgs.exe [scan path] c:\program files\messengerplus! 3\msgplus.exe [scan path] c:\program files\microsoft office\office11\mlshext.dll [scan path] c:\program files\microsoft office\office11\msohev.dll [scan path] c:\program files\microsoft office\office11\olkfstub.dll [scan path] c:\program files\mozilla firefox\firefox.exe [scan path] c:\program files\msn messenger\fsshext.8.0.0812.00.dll [scan path] c:\program files\msn messenger\msgrapp.8.0.0812.00.dll [scan path] c:\program files\msn messenger\msnmsgr.exe [scan path] c:\program files\nero\nero 7\nero backitup\nbservice.exe [scan path] c:\program files\outlook express\setup50.exe [scan path] c:\program files\outlook express\wabfind.dll [scan path] c:\program files\quicktime\qttask.exe [scan path] c:\program files\superantispyware\sasdifsv.sys [scan path] c:\program files\superantispyware\sasenum.sys [scan path] c:\program files\superantispyware\saskutil.sys [scan path] c:\program files\superantispyware\sasseh.dll [scan path] c:\program files\superantispyware\saswinlo.dll [scan path] c:\program files\superantispyware\superantispyware.exe [scan path] c:\program files\telenor\online start\onlinestart.exe [scan path] c:\program files\valve\steam\steam.exe [scan path] c:\program files\viaudioi\hdadeck\hdeck.exe [scan path] c:\program files\windows media player\wmpnetwk.exe [scan path] c:\program files\windows media player\wmpnscfg.exe [scan path] c:\program files\winrar\rarext.dll [scan path] c:\program files\yahoo!\companion\installs\cpn0\yt.dll [scan path] c:\windows\admparsez.dll [scan path] c:\windows\cnyhkey.exe [scan path] c:\windows\ehome\ehmsas.exe [scan path] c:\windows\ehome\ehrecvr.exe [scan path] c:\windows\ehome\ehsched.exe [scan path] c:\windows\ehome\ehtray.exe [scan path] c:\windows\ehome\mcrdsvc.exe [scan path] c:\windows\explorer.exe [scan path] c:\windows\inf\unregmp2.exe [scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe [scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe [scan path] c:\windows\msagent\agentpsh.dll [scan path] c:\windows\network diagnostic\xpnetdiag.exe [scan path] c:\windows\showwnd.exe [scan path] c:\windows\system32\admparsex.dll [scan path] c:\windows\system32\advapi32.dll [scan path] c:\windows\system32\advpack.dll [scan path] c:\windows\system32\alg.exe [scan path] c:\windows\system32\appwiz.cpl [scan path] c:\windows\system32\ati2evxx.dll [scan path] c:\windows\system32\ati2evxx.exe [scan path] c:\windows\system32\audiodev.dll [scan path] c:\windows\system32\autochk.exe [scan path] c:\windows\system32\browseui.dll [scan path] c:\windows\system32\cabview.dll [scan path] c:\windows\system32\cdfview.dll [scan path] c:\windows\system32\cisvc.exe [scan path] c:\windows\system32\clipsrv.exe [scan path] c:\windows\system32\cnbjmon.dll [scan path] c:\windows\system32\comdlg32.dll [scan path] c:\windows\system32\crypt32.dll [scan path] c:\windows\system32\cryptext.dll [scan path] c:\windows\system32\cryptnet.dll [scan path] c:\windows\system32\cscdll.dll [scan path] c:\windows\system32\cscui.dll [scan path] c:\windows\system32\csrss.exe [scan path] c:\windows\system32\ctfmon.exe [scan path] c:\windows\system32\d3dxofa.dll [scan path] c:\windows\system32\deskadp.dll [scan path] c:\windows\system32\deskmon.dll [scan path] c:\windows\system32\deskperf.dll [scan path] c:\windows\system32\dfshim.dll [scan path] c:\windows\system32\dfsshlex.dll [scan path] c:\windows\system32\diskcopy.dll [scan path] c:\windows\system32\dllhost.exe [scan path] c:\windows\system32\dmadmin.exe [scan path] c:\windows\system32\docprop.dll [scan path] c:\windows\system32\docprop2.dll [scan path] c:\windows\system32\drivers\3xhybrid.sys [scan path] c:\windows\system32\drivers\acpi.sys [scan path] c:\windows\system32\drivers\aec.sys [scan path] c:\windows\system32\drivers\afd.sys [scan path] c:\windows\system32\drivers\arp1394.sys [scan path] c:\windows\system32\drivers\asyncmac.sys [scan path] c:\windows\system32\drivers\atapi.sys [scan path] c:\windows\system32\drivers\ati2mtag.sys [scan path] c:\windows\system32\drivers\atmarpc.sys [scan path] c:\windows\system32\drivers\audstub.sys [scan path] c:\windows\system32\drivers\ccdecode.sys [scan path] c:\windows\system32\drivers\cdrom.sys [scan path] c:\windows\system32\drivers\disk.sys [scan path] c:\windows\system32\drivers\dmboot.sys [scan path] c:\windows\system32\drivers\dmio.sys [scan path] c:\windows\system32\drivers\dmload.sys [scan path] c:\windows\system32\drivers\dmusic.sys [scan path] c:\windows\system32\drivers\drmkaud.sys [scan path] c:\windows\system32\drivers\dtscsi.sys c:\windows\system32\drivers\dtscsi.sys - read error [scan path] c:\windows\system32\drivers\fdc.sys [scan path] c:\windows\system32\drivers\fetnd5.sys [scan path] c:\windows\system32\drivers\fetnd5b.sys [scan path] c:\windows\system32\drivers\flpydisk.sys [scan path] c:\windows\system32\drivers\fltmgr.sys [scan path] c:\windows\system32\drivers\ftdisk.sys [scan path] c:\windows\system32\drivers\hamachi.sys [scan path] c:\windows\system32\drivers\hdaudbus.sys [scan path] c:\windows\system32\drivers\hidusb.sys [scan path] c:\windows\system32\drivers\http.sys [scan path] c:\windows\system32\drivers\i8042prt.sys [scan path] c:\windows\system32\drivers\imapi.sys [scan path] c:\windows\system32\drivers\ino_flpy.sys [scan path] c:\windows\system32\drivers\ino_fltr.sys [scan path] c:\windows\system32\drivers\intelppm.sys [scan path] c:\windows\system32\drivers\ip6fw.sys [scan path] c:\windows\system32\drivers\ipfltdrv.sys [scan path] c:\windows\system32\drivers\ipinip.sys [scan path] c:\windows\system32\drivers\ipnat.sys [scan path] c:\windows\system32\drivers\ipsec.sys [scan path] c:\windows\system32\drivers\irenum.sys [scan path] c:\windows\system32\drivers\isapnp.sys [scan path] c:\windows\system32\drivers\kbdclass.sys [scan path] c:\windows\system32\drivers\kbdhid.sys [scan path] c:\windows\system32\drivers\kmixer.sys [scan path] c:\windows\system32\drivers\l8042mou.sys [scan path] c:\windows\system32\drivers\lmouke.sys [scan path] c:\windows\system32\drivers\mhndrv.sys [scan path] c:\windows\system32\drivers\mouclass.sys [scan path] c:\windows\system32\drivers\mouhid.sys [scan path] c:\windows\system32\drivers\mpe.sys [scan path] c:\windows\s
griped Skrevet 26. januar 2007 Forfatter Skrevet 26. januar 2007 Trenger hjelp av noen eksperter her!
JimL Skrevet 26. januar 2007 Skrevet 26. januar 2007 Lim inn hijackthis-loggen din her så forteller den deg litt av hvert http://www.hijackthis.de/
norbat Skrevet 26. januar 2007 Skrevet 26. januar 2007 griped: Ser du fulgte anvisningen som ble gitt til Blazter. Det blir gjerne slikt når noen poster i andres poster Kunne du ha postet en ny HJT-logg?
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå