CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede trinepigen Nybegynder
01. juni 2006 - 20:24 Der er 7 kommentarer og
1 løsning

Virusangreb - En der vil hjælpe og tjekke log?

Hej

Jeg har desværre fået virus og andet godt! En der vil hjælpe med at kigge min logfil igennem?

Logfile of HijackThis v1.98.2
Scan saved at 20:23:15, on 01-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\Trine\LOKALE~1\Temp\ICD1.tmp\n.exe
C:\DOCUME~1\Trine\LOKALE~1\Temp\ICD1.tmp\ad.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Trine\Lokale indstillinger\Temporary Internet Files\Content.IE5\4RDF6MR5\WinAntiVirusPro2006FreeInstall[1].exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\DOCUME~1\Trine\LOKALE~1\Temp\Midlertidig mappe 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloudPlugin] "C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [fb924b06.exe] C:\WINDOWS\system32\fb924b06.exe
O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Trine\Lokale indstillinger\Temporary Internet Files\Content.IE5\4RDF6MR5\WinAntiVirusPro2006FreeInstall[1].exe" -nag
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Programmer\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [fb924b06.exe] C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\fb924b06.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8da12ccbabb44f79fb75b4fc91e3c5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8da12ccbabb44f79fb75b4fc91e3c5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124913667718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.securityport.dk/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.jubii.dk/app/uploader/FileUploader.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://zllin.info/n/us00/00.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Mvh. Trine
Avatar billede forevernewbie Nybegynder
01. juni 2006 - 20:51 #1
1. Hent og pak SmitfraudFix.zip ud til dit Skrivebord.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.


2. Hent denne scanner http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Installer scanneren, og opdater den manuelt. OBS, ved installationen bliver det foreslået at du registrerer med din email. Det behøver du ikke at gøre.

Du skal ikke scanne endnu.


3. Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1


4. Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Hvis fixet genstarter computeren, så skal du bagefter starte op i fejlsikret igen, og fortsætte proceduren med SuperAntiSpyware.


5. Start SuperantiSpyware, og klik "Scan your computer". Sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scanneren fjerne det.

Genstart til normal tilstand (scanneren tilbyder måske at gøre det).


6. Åbn scanneren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med en frisk HijackThis log. SmitfraudFix laver også en lille tekstfil (log). Kopier også denne log ind.
Avatar billede trinepigen Nybegynder
01. juni 2006 - 22:12 #2
Hej

Håber det er lykkedes til trods for at jeg synes det var lidt kringlet...

SUPERAntiSpyware Scan Log
Generated 06/01/2006 at 10:01 PM

Core Rules Database Version : 2959
Trace Rules Database Version: 1064

Memory threats detected  : 4
Registry threats detected : 183
File threats detected    : 152

Unclassified.Unknown Origin/System
    C:\WINDOWS\SYSTEM32\FB924B06.EXE
    C:\WINDOWS\SYSTEM32\FB924B06.EXE
    [fb924b06.exe] C:\WINDOWS\system32\fb924b06.exe
    [fb924b06.exe] C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\fb924b06.exe
    C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\fb924b06.exe
    C:\Documents and Settings\Trine\Lokale indstillinger\Temp\ICD1.tmp\ad.exe
    C:\System Volume Information\_restore{EF509B7B-569D-41D5-8BFD-DBE97273A294}\RP114\A0007026.exe

Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\PROGRAMMER\WINANTIVIRUS PRO 2006\WINAV.EXE
    C:\PROGRAMMER\WINANTIVIRUS PRO 2006\WINAV.EXE
    C:\PROGRAMMER\WINANTIVIRUS PRO 2006\FWSVC.EXE
    C:\PROGRAMMER\WINANTIVIRUS PRO 2006\FWSVC.EXE
    C:\PROGRAMMER\WINANTIVIRUS PRO 2006\RULSRV.DLL
    C:\PROGRAMMER\WINANTIVIRUS PRO 2006\RULSRV.DLL
    [WinAntiVirusPro2006] C:\Programmer\WinAntiVirus Pro 2006\WinAV.exe
    HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}#AppID
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\InprocServer32
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\ProgID
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\Programmable
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\TypeLib
    HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}\VersionIndependentProgID
    C:\Programmer\WinAntiVirus Pro 2006\winpgi.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
    HKCR\AntiVirusCOM.AVOfficeProtect
    HKCR\AntiVirusCOM.AVOfficeProtect\CLSID
    HKCR\AntiVirusCOM.AVOfficeProtect.1
    HKCR\AntiVirusCOM.AVOfficeProtect.1\CLSID
    HKCR\AVExplorer.ShellExtension
    HKCR\AVExplorer.ShellExtension\CLSID
    HKCR\AVExplorer.ShellExtension\CurVer
    HKCR\AVExplorer.ShellExtension.2
    HKCR\AVExplorer.ShellExtension.2\CLSID
    HKCR\WAP6.PCheck
    HKCR\WAP6.PCheck\CLSID
    HKCR\WAP6.PCheck\CurVer
    HKCR\WAP6.PCheck.1
    HKCR\WAP6.PCheck.1\CLSID
    HKCR\WinPGIntegrator.IEIntegrator
    HKCR\WinPGIntegrator.IEIntegrator\CLSID
    HKCR\WinPGIntegrator.IEIntegrator\CurVer
    HKCR\WinPGIntegrator.IEIntegrator.1
    HKCR\WinPGIntegrator.IEIntegrator.1\CLSID
    HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}
    HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}#AppID
    HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\InprocServer32
    HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\ProgID
    HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\Programmable
    HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\TypeLib
    HKCR\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\VersionIndependentProgID
    HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}
    HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\Implemented Categories
    HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
    HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\InprocServer32
    HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\InprocServer32#ThreadingModel
    HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\ProgID
    HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\Programmable
    HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\TypeLib
    HKCR\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}\VersionIndependentProgID
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32#ThreadingModel
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\ProgID
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Programmable
    HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\VersionIndependentProgID
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0\win32
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\FLAGS
    HKCR\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\HELPDIR
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\0
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\0\win32
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\FLAGS
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\HELPDIR
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid32
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib#Version
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version
    HKCR\AppId\WinPGI.DLL
    HKCR\AppId\WinPGI.DLL#AppID
    HKCR\AppId\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    HKU\S-1-5-21-790525478-776561741-725345543-1004\Software\WinAntiVirus Pro 2006
    HKLM\Software\WinAntiVirus Pro 2006
    HKLM\Software\WinAntiVirus Pro 2006#EulUWA6P_0001_N822M1605
    HKLM\Software\WinAntiVirus Pro 2006#ProductCode
    HKLM\Software\WinAntiVirus Pro 2006#InstallPath
    HKLM\Software\WinAntiVirus Pro 2006#Abbr
    HKLM\Software\WinAntiVirus Pro 2006#ActivationCode
    HKLM\Software\WinAntiVirus Pro 2006#InstallDate
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#Inno Setup: Setup Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#Inno Setup: App Path
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#InstallLocation
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#Inno Setup: Icon Group
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#Inno Setup: User
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#QuietUninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#URLInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#URLUpdateInfo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#NoModify
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1#NoRepair
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Type
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Start
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Tag
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Group
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Overflow
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WBEM\REPOSITORY\FS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\SUPPORT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\TRINE\LOKALE INDSTILLINGER\APPLICATION DATA\MICROSOFT\WINDOWS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\TRINE\LOKALE INDSTILLINGER\APPLICATION DATA
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TASKS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\TRINE\LOKALE~1\TEMP\MIDLERTIDIG MAPPE 4 FOR SMITFRAUDFIX.ZIP\SMITFRAUDFIX
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\TRINE\LOKALE~1\TEMP\MIDLERTIDIG MAPPE 3 FOR SMITFRAUDFIX.ZIP\SMITFRAUDFIX
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\TRINE\SKRIVEBORD\SMITFRAUDFIX\SMITFRAUDFIX
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WBEM\LOGS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WBEM\REPOSITORY
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\TRINE\LOKALE~1\TEMP\MIDLERTIDIG MAPPE 1 FOR SMITFRAUDFIX.ZIP\SMITFRAUDFIX
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\TRINE\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\TRINE\APPLICATION DATA\MICROSOFT\CREDENTIALS\S-1-5-21-790525478-776561741-725345543-1004
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\TRINE\LOKALE INDSTILLINGER
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\SYSTEM VOLUME INFORMATION\_RESTORE{EF509B7B-569D-41D5-8BFD-DBE97273A294}
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\TRINE
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOKALE INDSTILLINGER
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\CONFIG
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#NextInstance
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#WinAntiVirusPro2006 [ "C:\Programmer\WinAntiVirus Pro 2006\WinAV.exe" /min ]
    C:\WINDOWS\system32\av.cpl
    C:\WINDOWS\system32\drivers\FOPN.sys
    C:\WINDOWS\system32\stera.exe
    C:\WINDOWS\system32\stera.job
    C:\Documents and Settings\All Users\Skrivebord\WinAntiVirus Pro 2006.lnk
    C:\Programmer\WinAntiVirus Pro 2006\Activate.exe
    C:\Programmer\WinAntiVirus Pro 2006\asmngr.dll
    C:\Programmer\WinAntiVirus Pro 2006\ASupdater.dat
    C:\Programmer\WinAntiVirus Pro 2006\avcom.log
    C:\Programmer\WinAntiVirus Pro 2006\avkernel.dll
    C:\Programmer\WinAntiVirus Pro 2006\AWBase\database\enemies.dat
    C:\Programmer\WinAntiVirus Pro 2006\AWBase\database
    C:\Programmer\WinAntiVirus Pro 2006\AWBase\vbpv.dat
    C:\Programmer\WinAntiVirus Pro 2006\AWBase
    C:\Programmer\WinAntiVirus Pro 2006\BkSites.dat
    C:\Programmer\WinAntiVirus Pro 2006\bnlink.dat
    C:\Programmer\WinAntiVirus Pro 2006\bpupdater.dat
    C:\Programmer\WinAntiVirus Pro 2006\CompWiz.exe
    C:\Programmer\WinAntiVirus Pro 2006\Download
    C:\Programmer\WinAntiVirus Pro 2006\fat.exe
    C:\Programmer\WinAntiVirus Pro 2006\fopn.exe
    C:\Programmer\WinAntiVirus Pro 2006\fopn.sys
    C:\Programmer\WinAntiVirus Pro 2006\fopnl.dll
    C:\Programmer\WinAntiVirus Pro 2006\history.db
    C:\Programmer\WinAntiVirus Pro 2006\img\button.gif
    C:\Programmer\WinAntiVirus Pro 2006\img\button2.gif
    C:\Programmer\WinAntiVirus Pro 2006\img\header.gif
    C:\Programmer\WinAntiVirus Pro 2006\img\logo.gif
    C:\Programmer\WinAntiVirus Pro 2006\img\spacer.gif
    C:\Programmer\WinAntiVirus Pro 2006\img\top1.jpg
    C:\Programmer\WinAntiVirus Pro 2006\img\top2.jpg
    C:\Programmer\WinAntiVirus Pro 2006\img\top_line.gif
    C:\Programmer\WinAntiVirus Pro 2006\img
    C:\Programmer\WinAntiVirus Pro 2006\index.dat
    C:\Programmer\WinAntiVirus Pro 2006\install.exe
    C:\Programmer\WinAntiVirus Pro 2006\InstHelp.exe
    C:\Programmer\WinAntiVirus Pro 2006\lapv.dat
    C:\Programmer\WinAntiVirus Pro 2006\License.rtf
    C:\Programmer\WinAntiVirus Pro 2006\online.url
    C:\Programmer\WinAntiVirus Pro 2006\PGBase\vbpv.dat
    C:\Programmer\WinAntiVirus Pro 2006\PGBase
    C:\Programmer\WinAntiVirus Pro 2006\PGupdater.dat
    C:\Programmer\WinAntiVirus Pro 2006\phigh.bin
    C:\Programmer\WinAntiVirus Pro 2006\pmedium.bin
    C:\Programmer\WinAntiVirus Pro 2006\prc.dat
    C:\Programmer\WinAntiVirus Pro 2006\prerules.xml
    C:\Programmer\WinAntiVirus Pro 2006\ps.dat
    C:\Programmer\WinAntiVirus Pro 2006\pv.dat
    C:\Programmer\WinAntiVirus Pro 2006\pv.exe
    C:\Programmer\WinAntiVirus Pro 2006\res\cross.gif
    C:\Programmer\WinAntiVirus Pro 2006\res\Register.gif
    C:\Programmer\WinAntiVirus Pro 2006\res\wa6p.gif
    C:\Programmer\WinAntiVirus Pro 2006\res
    C:\Programmer\WinAntiVirus Pro 2006\rpt.dll
    C:\Programmer\WinAntiVirus Pro 2006\settings.bin
    C:\Programmer\WinAntiVirus Pro 2006\sqlite3.dll
    C:\Programmer\WinAntiVirus Pro 2006\sr.log
    C:\Programmer\WinAntiVirus Pro 2006\st.dat
    C:\Programmer\WinAntiVirus Pro 2006\support.url
    C:\Programmer\WinAntiVirus Pro 2006\unins000.dat
    C:\Programmer\WinAntiVirus Pro 2006\unins000.exe
    C:\Programmer\WinAntiVirus Pro 2006\uninstall.ico
    C:\Programmer\WinAntiVirus Pro 2006\UninstallPage.html
    C:\Programmer\WinAntiVirus Pro 2006\up.dat
    C:\Programmer\WinAntiVirus Pro 2006\updater.dat
    C:\Programmer\WinAntiVirus Pro 2006\Updater.exe
    C:\Programmer\WinAntiVirus Pro 2006\VAExt.exe
    C:\Programmer\WinAntiVirus Pro 2006\WABase\vbase000.dat
    C:\Programmer\WinAntiVirus Pro 2006\WABase\vbpv.dat
    C:\Programmer\WinAntiVirus Pro 2006\WABase
    C:\Programmer\WinAntiVirus Pro 2006\WAupdater.dat
    C:\Programmer\WinAntiVirus Pro 2006\WAV6COM.dll
    C:\Programmer\WinAntiVirus Pro 2006\worldmap.swf
    C:\Programmer\WinAntiVirus Pro 2006
    C:\Documents and Settings\Trine\Application Data\WinAntiVirus Pro 2006\Logs\update.log
    C:\Documents and Settings\Trine\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
    C:\Documents and Settings\Trine\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
    C:\Documents and Settings\Trine\Application Data\WinAntiVirus Pro 2006\Logs
    C:\Documents and Settings\Trine\Application Data\WinAntiVirus Pro 2006
    C:\Documents and Settings\All Users\Menuen Start\Programmer\WinAntiVirus Pro 2006\Uninstall WinAntiVirus Pro 2006.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\WinAntiVirus Pro 2006\WinAntiVirus Pro 2006 Manual.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\WinAntiVirus Pro 2006\WinAntiVirus Pro 2006.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\WinAntiVirus Pro 2006
    C:\WINDOWS\Prefetch\ACTIVATE.EXE-19204010.pf
    C:\WINDOWS\Prefetch\FOPN.EXE-1A120BE3.pf
    C:\WINDOWS\Prefetch\FWSVC.EXE-04D8F4B0.pf
    C:\WINDOWS\Prefetch\INSTALL.EXE-27626623.pf
    C:\WINDOWS\Prefetch\INSTHELP.EXE-0DC7B85E.pf
    C:\WINDOWS\Prefetch\UPDATER.EXE-1D32F3FD.pf
    C:\WINDOWS\Prefetch\VAEXT.EXE-3ACD02F7.pf
    C:\WINDOWS\Prefetch\WINAV.EXE-1D4F8AC5.pf

Trojan.WinSoftware/WinFixer
    HKLM\Software\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}
    HKCR\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}
    HKCR\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}
    HKCR\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}#AppID
    HKCR\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}\InprocServer32
    HKCR\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}\InprocServer32#ThreadingModel
    HKCR\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}\ProgID
    HKCR\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}\Programmable
    HKCR\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}\TypeLib
    HKCR\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}\VersionIndependentProgID
    C:\Programmer\WinAntiVirus Pro 2006\IEFWBHO.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}

Adware.Tracking Cookie
    C:\Documents and Settings\Trine\Cookies\trine@uTFZV47G8K[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@ads.transfermarkt[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@serving-sys[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@bs.serving-sys[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@e2.emediate[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@adtech[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@ad1.emediate[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@adserver.banneradministration[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@track.adform[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@as-eu.falkag[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@adfair[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@1070352136[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@fastclick[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@ads.pointroll[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@clicks.hmcampaign[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@ads.arto[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@perf.overture[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@as1.falkag[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@tribalfusion[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@tracking.notabenestats[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@tradedoubler[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@1071362903[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@www.winantivirus[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@stats1.reliablestats[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@cgi-bin[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@adserver[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@atwola[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@revenue[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@ads.realtechnetwork[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@winantivirus[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@a[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@revsci[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@1067641419[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@html[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@edge.ru4[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@ads1.revenue[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@ad.yieldmanager[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@trafficmp[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@indextools[1].txt
    C:\Documents and Settings\Trine\Cookies\trine@ads.estart[2].txt
    C:\Documents and Settings\Trine\Cookies\trine@2o7[1].txt

Trojan.NewDotNet
    HKU\.DEFAULT\Software\New.net
    HKU\S-1-5-18\Software\New.net

Trojan.PestTrap
    C:\Documents and Settings\Trine\Menuen Start\Programmer\PestTrap
    C:\Documents and Settings\Trine\Skrivebord\PestTrap.lnk
    HKU\S-1-5-21-790525478-776561741-725345543-1004\Software\SNO2

Adware.MyWay
    HKLM\Software\MyWay
    HKLM\Software\MyWay\myBar
    HKLM\Software\MyWay\myBar#Dir
    HKLM\Software\MyWay\myBar#pid
    HKLM\Software\MyWay\myBar#CurInstall
    HKLM\Software\MyWay\myBar#sr
    HKLM\Software\MyWay\SearchAssistant
    HKLM\Software\MyWay\SearchAssistant#Dir
    HKLM\Software\MyWay\SearchAssistant#pid
    HKLM\Software\MyWay\SearchAssistant#CurInstall
    HKLM\Software\MyWay\SearchAssistant#sr
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UrlInfoAbout
    C:\Programmer\MyWay\myBar\1.bin
    C:\Programmer\MyWay\myBar
    C:\Programmer\MyWay\SrchAstt\1.bin
    C:\Programmer\MyWay\SrchAstt
    C:\Programmer\MyWay

Trojan.SpySheriff
    C:\Documents and Settings\Trine\Lokale indstillinger\Temp\ICD1.tmp\n.exe
    C:\System Volume Information\_restore{EF509B7B-569D-41D5-8BFD-DBE97273A294}\RP113\A0007011.exe



Logfile of HijackThis v1.98.2
Scan saved at 22:11:46, on 01-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\Trine\LOKALE~1\Temp\Midlertidig mappe 8 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloudPlugin] "C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Programmer\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8da12ccbabb44f79fb75b4fc91e3c5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8da12ccbabb44f79fb75b4fc91e3c5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124913667718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.securityport.dk/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.jubii.dk/app/uploader/FileUploader.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://zllin.info/n/us00/00.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Jeg har ikke en logfil for Smit..det virkede ikke!

Trine
Avatar billede forevernewbie Nybegynder
02. juni 2006 - 00:07 #3
Det ser fint ud. SuperAntiSpyware mugede ud i skidtet. Lige en scanning til, og lidt oprydning:


Download og gem denne scanner på skrivebordet. Du skal ikke aktivere den endnu.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Kig denne vejledning grundigt igennem.
http://fromsej.dk/Vejledninger/html/drweb.html

Start op i fejlsikret tilstand (tast f8 flere gange under opstart)

Kør så drwebcureit. Når du har dobbeltklikket filen laver den en kort memoryscan. Når den er færdig markerer du dine drev, og klikker på den grønne pil. Lad den kurere, eller slette, det den finder. Klik så på Start->Søg, find filen cureit.log og kopier det nederste af teksten herind, startende med:
Total session statistics.


Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved disse linier, og klik fix checked.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.dk/
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Programmer\Spyware Cleaner\SpywareCleaner.Exe" /boot
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://zllin.info/n/us00/00.cab


Slet denne mappe:

C:\Programmer\ Spyware Cleaner <- Mappen


Genstart, og så lige en frisk HijackThis log.
Avatar billede trinepigen Nybegynder
03. juni 2006 - 16:06 #4
Hej igen

Nu har jeg kørt det hele igennem men er lidt i tvivl med den første scan, da min computer gik i baglås hver gang efter en time!! Men her er resultatet af scanningerne:


Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.03283)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-06-03, 12:21:06 [TRINE-PC][Trine]
Command-line: "C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini

Engine version: 4.33 (4.33.3.06020)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 872 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 51 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 701 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 124171
Key file: C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05


Scan statistics

Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00


[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\system32\userinit.exe
[Scan path] C:\WINDOWS\explorer.exe
[Scan path] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] C:\WINDOWS\system32\sstray.exe
[Scan path] C:\WINDOWS\system32\RUNDLL32.EXE
[Scan path] C:\WINDOWS\system32\nwiz.exe
[Scan path] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
[Scan path] C:\Programmer\QuickTime\qttask.exe
[Scan path] C:\Programmer\iTunes\iTunesHelper.exe
[Scan path] C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe
[Scan path] C:\Programmer\Winamp\winampa.exe
[Scan path] C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
[Scan path] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[Scan path] C:\Programmer\Windows Defender\MSASCui.exe
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
[Scan path] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
[Scan path] C:\WINDOWS\System32\CTFMON.EXE
[Scan path] C:\Documents and Settings\Trine\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\System32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\System32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\System32\remotepg.dll
[Scan path] C:\WINDOWS\System32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\System32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\System32\shmedia.dll
[Scan path] C:\WINDOWS\System32\browseui.dll
[Scan path] C:\WINDOWS\System32\sendmail.dll
[Scan path] C:\WINDOWS\System32\occache.dll
[Scan path] C:\WINDOWS\System32\webcheck.dll
[Scan path] C:\WINDOWS\System32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\System32\netplwiz.dll
[Scan path] C:\WINDOWS\System32\zipfldr.dll
[Scan path] C:\WINDOWS\System32\cdfview.dll
[Scan path] C:\WINDOWS\System32\msieftp.dll
[Scan path] C:\WINDOWS\System32\docprop2.dll
[Scan path] C:\WINDOWS\System32\dsquery.dll
[Scan path] C:\WINDOWS\System32\dsuiext.dll
[Scan path] C:\WINDOWS\System32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\System32\dfsshlex.dll
[Scan path] C:\WINDOWS\System32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\WINDOWS\System32\nvshell.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\PROGRA~1\FLLESF~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\Programmer\Microsoft Office\OFFICE11\msohev.dll
[Scan path] C:\Programmer\WinRAR\rarext.dll
[Scan path] C:\Programmer\Microsoft Office\Visio10\VisShe.dll
[Scan path] C:\WINDOWS\system32\twext.dll
[Scan path] C:\WINDOWS\system32\extmgr.dll
[Scan path] C:\Programmer\Real\RealPlayer\rpshell.dll
[Scan path] C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
[Scan path] C:\WINDOWS\system32\Audiodev.dll
[Scan path] C:\Programmer\iTunes\iTunesMiniPlayer.dll
[Scan path] C:\Programmer\MSN Toolbar Suite\EXT\02.05.0001.1119\en-us\msnlExt.dll
[Scan path] C:\Programmer\MSN Toolbar Suite\DB\02.05.0000.1082\en-us\deskbar.dll
[Scan path] C:\Programmer\Alwil Software\Avast4\ashShell.dll
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
[Scan path] C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\System32\stobject.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\WgaLogon.dll
[Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\amdk7.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\arp1394.sys
[Scan path] C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys
[Scan path] C:\Programmer\Alwil Software\Avast4\ashServ.exe
[Scan path] C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
[Scan path] C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\System32\dllhost.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys
[Scan path] C:\WINDOWS\System32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\Programmer\ewido anti-malware\ewidoctrl.exe
[Scan path] C:\Programmer\ewido anti-malware\guard.sys
[Scan path] C:\Programmer\ewido anti-malware\ewidoguard.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\system32\drivers\fltmgr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\System32\imapi.exe
[Scan path] C:\WINDOWS\system32\drivers\ip6fw.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys
[Scan path] C:\Programmer\iPod\bin\iPodService.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\Mini98.sys
[Scan path] C:\WINDOWS\System32\mnmsrvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\System32\msdtc.exe
[Scan path] C:\WINDOWS\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NetMotCM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NdisIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nic1394.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
[Scan path] C:\WINDOWS\system32\drivers\nvax.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NVENET.sys
[Scan path] C:\WINDOWS\system32\drivers\nvapu.sys
[Scan path] C:\WINDOWS\System32\nvsvc32.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nv_agp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ohci1394.sys
[Scan path] C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
[Scan path] C:\WINDOWS\System32\DRIVERS\P1131Vid.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\processr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\System32\locator.exe
[Scan path] C:\WINDOWS\System32\rsvp.exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\drivers\scsiport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\SLIP.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\System32\Drivers\ssoftnt4.sys
[Scan path] C:\WINDOWS\system32\ssoftsrv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\StreamIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\wdfmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbohci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbser.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\system32\drivers\vspf5.sys
[Scan path] C:\WINDOWS\system32\drivers\vspf_hk5.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\Programmer\Windows Defender\MsMpEng.exe
[Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Windows Desktop Search.lnk

Scan statistics

Objects scanned: 249
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 2704 Kb/s
Scan time: 00:00:17


[Scan path] C:\
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Trine\NTUSER.DAT - read error
C:\Documents and Settings\Trine\NTUSER~1.LOG - read error
C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Trine\Lokale indstillinger\Temp\Midlertidig mappe 3 for SmitfraudFix.zip\SmitfraudFix\Process.exe is hacktool program Tool.Prockill - ignored
C:\Documents and Settings\Trine\Skrivebord\CAJISB3T - read error
C:\Documents and Settings\Trine\Skrivebord\CAKHA7OT - read error
C:\Documents and Settings\Trine\Skrivebord\CAKLYT7O - read error
C:\Documents and Settings\Trine\Skrivebord\CAPS4RD9 - read error
C:\Documents and Settings\Trine\Skrivebord\CAU74HEZ - read error
C:\Documents and Settings\Trine\Skrivebord\SmitfraudFix\SmitfraudFix\Process.exe is hacktool program Tool.Prockill - ignored

Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.03283)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-06-03, 13:12:27 [TRINE-PC][Trine]
Command-line: "C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini

Engine version: 4.33 (4.33.3.06020)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 872 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 51 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 701 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 124171
Key file: C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05


Scan statistics

Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00


[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\explorer.exe
[Scan path] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] C:\WINDOWS\system32\sstray.exe
[Scan path] C:\WINDOWS\system32\RUNDLL32.EXE
[Scan path] C:\WINDOWS\system32\nwiz.exe
[Scan path] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
[Scan path] C:\Programmer\QuickTime\qttask.exe
[Scan path] C:\Programmer\iTunes\iTunesHelper.exe
[Scan path] C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe
[Scan path] C:\Programmer\Winamp\winampa.exe
[Scan path] C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
[Scan path] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[Scan path] C:\Programmer\Windows Defender\MSASCui.exe
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
[Scan path] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
[Scan path] C:\WINDOWS\System32\CTFMON.EXE
[Scan path] C:\Documents and Settings\Trine\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\System32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\System32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\System32\remotepg.dll
[Scan path] C:\WINDOWS\System32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\System32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\System32\shmedia.dll
[Scan path] C:\WINDOWS\System32\browseui.dll
[Scan path] C:\WINDOWS\System32\sendmail.dll
[Scan path] C:\WINDOWS\System32\occache.dll
[Scan path] C:\WINDOWS\System32\webcheck.dll
[Scan path] C:\WINDOWS\System32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\System32\netplwiz.dll
[Scan path] C:\WINDOWS\System32\zipfldr.dll
[Scan path] C:\WINDOWS\System32\cdfview.dll
[Scan path] C:\WINDOWS\System32\msieftp.dll
[Scan path] C:\WINDOWS\System32\docprop2.dll
[Scan path] C:\WINDOWS\System32\dsquery.dll
[Scan path] C:\WINDOWS\System32\dsuiext.dll
[Scan path] C:\WINDOWS\System32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\System32\dfsshlex.dll
[Scan path] C:\WINDOWS\System32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\WINDOWS\System32\nvshell.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\PROGRA~1\FLLESF~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\Programmer\Microsoft Office\OFFICE11\msohev.dll
[Scan path] C:\Programmer\WinRAR\rarext.dll
[Scan path] C:\Programmer\Microsoft Office\Visio10\VisShe.dll
[Scan path] C:\WINDOWS\system32\twext.dll
[Scan path] C:\WINDOWS\system32\extmgr.dll
[Scan path] C:\Programmer\Real\RealPlayer\rpshell.dll
[Scan path] C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
[Scan path] C:\WINDOWS\system32\Audiodev.dll
[Scan path] C:\Programmer\iTunes\iTunesMiniPlayer.dll
[Scan path] C:\Programmer\MSN Toolbar Suite\EXT\02.05.0001.1119\en-us\msnlExt.dll
[Scan path] C:\Programmer\MSN Toolbar Suite\DB\02.05.0000.1082\en-us\deskbar.dll
[Scan path] C:\Programmer\Alwil Software\Avast4\ashShell.dll
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
[Scan path] C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\System32\stobject.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\WgaLogon.dll
[Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\amdk7.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\arp1394.sys
[Scan path] C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys
[Scan path] C:\Programmer\Alwil Software\Avast4\ashServ.exe
[Scan path] C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
[Scan path] C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\System32\dllhost.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys
[Scan path] C:\WINDOWS\System32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\Programmer\ewido anti-malware\ewidoctrl.exe
[Scan path] C:\Programmer\ewido anti-malware\guard.sys
[Scan path] C:\Programmer\ewido anti-malware\ewidoguard.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\system32\drivers\fltmgr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\System32\imapi.exe
[Scan path] C:\WINDOWS\system32\drivers\ip6fw.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys
[Scan path] C:\Programmer\iPod\bin\iPodService.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\Mini98.sys
[Scan path] C:\WINDOWS\System32\mnmsrvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\System32\msdtc.exe
[Scan path] C:\WINDOWS\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NetMotCM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NdisIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nic1394.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
[Scan path] C:\WINDOWS\system32\drivers\nvax.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NVENET.sys
[Scan path] C:\WINDOWS\system32\drivers\nvapu.sys
[Scan path] C:\WINDOWS\System32\nvsvc32.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nv_agp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ohci1394.sys
[Scan path] C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
[Scan path] C:\WINDOWS\System32\DRIVERS\P1131Vid.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\processr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\System32\locator.exe
[Scan path] C:\WINDOWS\System32\rsvp.exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\drivers\scsiport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\SLIP.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\System32\Drivers\ssoftnt4.sys
[Scan path] C:\WINDOWS\system32\ssoftsrv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\StreamIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\wdfmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbohci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbser.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\system32\drivers\vspf5.sys
[Scan path] C:\WINDOWS\system32\drivers\vspf_hk5.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\Programmer\Windows Defender\MsMpEng.exe
[Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Windows Desktop Search.lnk

Scan statistics

Objects scanned: 248
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 2297 Kb/s
Scan time: 00:00:20


[Scan path] C:\
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Trine\NTUSER.DAT - read error
C:\Documents and Settings\Trine\NTUSER~1.LOG - read error
C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Trine\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Trine\Lokale indstillinger\Temp\Midlertidig mappe 3 for SmitfraudFix.zip\SmitfraudFix\Process.exe is hacktool program Tool.Prockill - ignored
C:\Documents and Settings\Trine\Skrivebord\CAJISB3T - read error
C:\Documents and Settings\Trine\Skrivebord\CAKHA7OT - read error
C:\Documents and Settings\Trine\Skrivebord\CAKLYT7O - read error
C:\Documents and Settings\Trine\Skrivebord\CAPS4RD9 - read error
C:\Documents and Settings\Trine\Skrivebord\CAU74HEZ - read error
C:\Documents and Settings\Trine\Skrivebord\SmitfraudFix\SmitfraudFix\Process.exe is hacktool program Tool.Prockill - ignored

Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.03283)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-06-03, 13:56:53 [TRINE-PC][Trine]
Command-line: "C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini

Engine version: 4.33 (4.33.3.06020)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 872 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 51 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 701 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 124171
Key file: C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05


Scan statistics

Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00


[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\Explorer.EXE
[Scan path] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\Trine\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] C:\WINDOWS\system32\sstray.exe
[Scan path] C:\WINDOWS\system32\RUNDLL32.EXE
[Scan path] C:\WINDOWS\system32\nwiz.exe
[Scan path] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
[Scan path] C:\Programmer\QuickTime\qttask.exe
[Scan path] C:\Programmer\iTunes\iTunesHelper.exe
[Scan path] C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe
[Scan path] C:\Programmer\Winamp\winampa.exe
[Scan path] C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
[Scan path] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[Scan path] C:\Programmer\Windows Defender\MSASCui.exe
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
[Scan path] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
[Scan path] C:\WINDOWS\System32\CTFMON.EXE
[Scan path] C:\Documents and Settings\Trine\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\System32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\System32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\System32\remotepg.dll
[Scan path] C:\WINDOWS\System32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\System32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\System32\shmedia.dll
[Scan path] C:\WINDOWS\System32\browseui.dll
[Scan path] C:\WINDOWS\System32\sendmail.dll
[Scan path] C:\WINDOWS\System32\occache.dll
[Scan path] C:\WINDOWS\System32\webcheck.dll
[Scan path] C:\WINDOWS\System32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\System32\netplwiz.dll
[Scan path] C:\WINDOWS\System32\zipfldr.dll
[Scan path] C:\WINDOWS\System32\cdfview.dll
[Scan path] C:\WINDOWS\System32\msieftp.dll
[Scan path] C:\WINDOWS\System32\docprop2.dll
[Scan path] C:\WINDOWS\System32\dsquery.dll
[Scan path] C:\WINDOWS\System32\dsuiext.dll
[Scan path] C:\WINDOWS\System32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\System32\dfsshlex.dll
[Scan path] C:\WINDOWS\System32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\WINDOWS\System32\nvshell.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\PROGRA~1\FLLESF~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\Programmer\Microsoft Office\OFFICE11\msohev.dll
[Scan path] C:\Programmer\WinRAR\rarext.dll
[Scan path] C:\Programmer\Microsoft Office\Visio10\VisShe.dll
[Scan path] C:\WINDOWS\system32\twext.dll
[Scan path] C:\WINDOWS\system32\extmgr.dll
[Scan path] C:\Programmer\Real\RealPlayer\rpshell.dll
[Scan path] C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
[Scan path] C:\WINDOWS\system32\Audiodev.dll
[Scan path] C:\Programmer\iTunes\iTunesMiniPlayer.dll
[Scan path] C:\Programmer\MSN Toolbar Suite\EXT\02.05.0001.1119\en-us\msnlExt.dll
[Scan path] C:\Programmer\MSN Toolbar Suite\DB\02.05.0000.1082\en-us\deskbar.dll
[Scan path] C:\Programmer\Alwil Software\Avast4\ashShell.dll
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[Scan path] C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
[Scan path] C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\System32\stobject.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\WgaLogon.dll
[Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\amdk7.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\arp1394.sys
[Scan path] C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys
[Scan path] C:\Programmer\Alwil Software\Avast4\ashServ.exe
[Scan path] C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
[Scan path] C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\System32\dllhost.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys
[Scan path] C:\WINDOWS\System32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\Programmer\ewido anti-malware\ewidoctrl.exe
[Scan path] C:\Programmer\ewido anti-malware\guard.sys
[Scan path] C:\Programmer\ewido anti-malware\ewidoguard.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\system32\drivers\fltmgr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\System32\imapi.exe
[Scan path] C:\WINDOWS\system32\drivers\ip6fw.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys
[Scan path] C:\Programmer\iPod\bin\iPodService.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\Mini98.sys
[Scan path] C:\WINDOWS\System32\mnmsrvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\System32\msdtc.exe
[Scan path] C:\WINDOWS\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NetMotCM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NdisIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nic1394.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
[Scan path] C:\WINDOWS\system32\drivers\nvax.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\NVENET.sys
[Scan path] C:\WINDOWS\system32\drivers\nvapu.sys
[Scan path] C:\WINDOWS\System32\nvsvc32.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nv_agp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ohci1394.sys
[Scan path] C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
[Scan path] C:\WINDOWS\System32\DRIVERS\P1131Vid.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\processr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\System32\locator.exe
[Scan path] C:\WINDOWS\System32\rsvp.exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\drivers\scsiport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\SLIP.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\System32\Drivers\ssoftnt4.sys
[Scan path] C:\WINDOWS\system32\ssoftsrv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\StreamIP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\wdfmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\usbohci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbser.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\system32\drivers\vspf5.sys
[Scan path] C:\WINDOWS\system32\drivers\vspf_hk5.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\Programmer\Windows Defender\MsMpEng.exe
[Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Windows Desktop Search.lnk

Scan statistics

Objects scanned: 248
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1998 Kb/s
Scan time: 00:00:23


[Scan path] C:\
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Trine\NTUSER.DAT - read error
C:\Documents and Settings\Trine\NTUSER~1.LOG - read error

Logfile of HijackThis v1.99.1
Scan saved at 16:00:08, on 03-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\DOCUME~1\Trine\LOKALE~1\Temp\Midlertidig mappe 10 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloudPlugin] "C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8da12ccbabb44f79fb75b4fc91e3c5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8da12ccbabb44f79fb75b4fc91e3c5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124913667718
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.securityport.dk/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.jubii.dk/app/uploader/FileUploader.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon
Avatar billede forevernewbie Nybegynder
03. juni 2006 - 18:31 #5
Ikke noget kritisk, men fix lige disse to:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.dk/
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot

Og slet denne fil:

C:\Programmer\Fælles filer\Real\Update_OB\ realsched.exe <- Slet filen

Jeg behøver ikke at se flere logs, men prøv lige at køre en scanning med denne scanner, så skulle det være ok:

http://www.spywareinfo.dk/download/mwav.exe

Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files.

Tip: du skal ikke klikke på Add to Startup folders så scannes din maskine hver gang du starter Windows op.

Så trykker du på Scan Clean.



Efter et virus/spyware angreb, er det altid en god ide at rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.

Hent ATF Cleaner her fra http://www.atribune.org/content/view/19/2/

Start ATF Cleaner. Sæt flueben i "Select all" (du kan undlade cookies, hvis du vil). Klik "Empty selected".

Link til sikring af din computer http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Husk at "skjule" dine filer igen, hvis du har visning af skjulte filer aktiveret.
Avatar billede forevernewbie Nybegynder
11. juni 2006 - 02:34 #6
Tilbagemelding ? Kører det som det skal nu ?
Avatar billede trinepigen Nybegynder
15. juni 2006 - 22:59 #7
Hej igen

Ja, er lige kommet hjem fra ferie og den er vist helt klar igen.

Mange tak for din hjælp :-)
Avatar billede forevernewbie Nybegynder
15. juni 2006 - 23:28 #8
Det var da godt :). Tak for point
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 01:39 Ipad lyd slår fra Af nu_igen i Apps til iOS
I går 14:48 Datoformat ved eksport til Excel Af dane022 i PHP
I går 10:01 Tæl celle hvis baggrundsfarve er blå Af MichaelBS i Excel
16/0921:30 gendan Iphone 13 Af lurup i Mobiltelefoner
16/0920:34 Wifi 6 eller Wifi 7 Af skolevej321 i Routere & Switches
White papers
Flere white papers »


Premium
Teaser billede
Microsoft lukker kæmpe-aftale: Sælger 68.000 Copilot-licenser med et pennestrøg
Læs mere »
Her er EU's nye tech-kommissær: Se de 19 konkrete punkter, som hun får til opgave at arbejde efter
Nvidias GPU'er knuser Moores lov - så stærkt går udviklingen med AI
Efter hård kritik: Opstramning på vej i kontrollen af de danske bankers it-sikkerhed
Se alle »
Computerworld
Teaser billede
Apple ændrer grundlæggende om på den måde, som din iPhone skal opdateres på
Læs mere »
Guide: Sådan wiper du dine harddrev og andre medier, så ingen kan læse dem – nogensinde
Test: Det kan ikke gå helt galt med B&O-lyd til under 1.000 kroner
Et af verdens største it-sikkerhedsselskaber ramt af hackerangreb – hackere har haft adgang til kundedata
Se alle »
CIO
Teaser billede
Dansk top-CIO går i rette med professor: Vi kan altså ikke undvære it-afdelingerne - vil være helt forkert beslutning at afvikle dem
Læs mere »
Nu kommer næste store version af Copilot
Tre måneder efter sin tiltræden har Nilfisk-CIO Anders Liechti lagt sin it-strategi - her er de fem store punkter
Søstrene Grene skifter Microsoft ud med SAP og rykker for første gang i clouden i stor ERP-transformation
Se alle »
Job & Karriere
Teaser billede
Pludselig exit fra Schultz kom som en overraskelse for Merete Søby: Derfor stoppede samarbejdet
Læs mere »
Merete Søby fratræder med omgående virkning som CEO for Schultz efter blot tre måneder på posten
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
Kom tæt på Danmarks nye digitaliserings-minister: 33-årige Caroline Stage Olsen er tidligere tobaks-lobbyist - har været aktiv i politik siden hun var helt ung
Se alle »
White paper
Teaser billede
Det behøver ikke at gøre ondt: Sådan gør du livet lettere for kunder med multicloud
Læs mere »
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
SASE: Træf det rette valg – første gang
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »