Søg
Avatar billede eurodont Juniormester
13. oktober 2004 - 22:36 Der er 15 kommentarer og
2 løsninger

Min computer er nede

Kære Eksperter.

I de seneste par uger, har jeg haft store problemer med min computer. Har prøvet at scanne den af flere omgange, og med flere programmer - men har ikke været istand til at rense den.

Nu så jeg så, via Jeres hjemmeside at der er mulighed for at få onlinehjælp, ved at sende log-filen fra Hijackthis.exe ind.

Det gør jeg så, i håb om at kunne modtage hjælp.

Desperate hilsener,
Sirus

-----------------------------------------------------------------
Loggen ser ud som følger:
-----------------------------------------------------------------

Logfile of HijackThis v1.98.2
Scan saved at 22:28:07, on 13-10-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\services\wmplayer.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\ahead\InCD\InCD.exe
C:\Programmer\SpyHunter\SpyHunter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SpyKiller\spykiller.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Empty Temp Folders 2.8.3\emprun.exe
C:\Documents and Settings\Sirus\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F3 - REG:win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll
O2 - BHO: (no name) - {EE2F3087-1F7B-49EC-853E-B98151AB9869} - C:\WINDOWS\System32\ddofc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [SpyHunter] C:\Programmer\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\system32\services\wmplayer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpyKiller] C:\Programmer\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\system32\services\wmplayer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {1A00E037-774F-02D2-CA1A-34815B4437A4} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {2BBB5EB1-6611-5171-094B-42B26C06E60C} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {32E9953D-4147-275E-7EA8-471A2EDF4342} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {70B699D5-1D58-2744-BDC9-46B565883F05} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94B2AF5C-A5A3-4B6E-8855-75FB2BC8D1B3}: NameServer = 195.82.195.101 129.142.7.101
O18 - Protocol: start - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\LORUX[^a.dll (file missing)
O18 - Filter: text/html - {685622C1-6952-4A7D-A7FF-B79382F73850} - C:\WINDOWS\System32\ddofc.dll
O18 - Filter: text/plain - {685622C1-6952-4A7D-A7FF-B79382F73850} - C:\WINDOWS\System32\ddofc.dll
Avatar billede resist Nybegynder
13. oktober 2004 - 22:56 #1
Du kan begynde med at afinstallere Spyhunter og Spykiller via tilføj/fjern programmer.

Dernæst skal du have opdateret computeren med Service Pack 1 til Windows og IE. SP1 kan hentes her: http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/

Herefter sender du en ny HijackThis-log herind i tråden - tak.
Avatar billede resist Nybegynder
13. oktober 2004 - 23:05 #2
Luk også DCom: http://www.spywarefri.dk/tipsogtricks.htm#DCom

Download også lige denne engangsscanner: http://www.spywareinfo.dk/download/mwav.exe

Genstart i fejlsikret tilstand (F8 i opstart) og kør mwav.exe – aktiver så den scanner mest muligt.

Efter scanningen genstartes normalt.

Når du har lukket DCom, opdateret og kørt engangsscanneren, vil jeg godt se en ny log fra HijackThis - tak
Avatar billede eurodont Juniormester
14. oktober 2004 - 00:17 #3
Hej Resist.

Tusind tak fordi, at du vil hjælpe mig.
Jeg får først sendt en ny log imorgen, når jeg får hentet SP1 på arbejdet.
Lige et praktisk spørgsmål: Skal jeg både hente Service Pack 1 til Windows XP - og derudover Service Pack 1 til Internet Explorer?

Med venlig hilsen,
Sirus
Avatar billede resist Nybegynder
14. oktober 2004 - 00:58 #4
Service Pack 1 ligger som en samlet pakke her: http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/ under "Windows XP Service Pack 1"
Avatar billede pillpopper Nybegynder
14. oktober 2004 - 10:43 #5
.
Avatar billede fromsej Praktikant
14. oktober 2004 - 11:01 #6
Hvis du alligevel skal hente og brænde SP 1, så tag SP 2 med på samme skive.
Du behøver ikke at hente Internet Explorer, den er indbygget både i SP 1 og SP 2.
Avatar billede resist Nybegynder
14. oktober 2004 - 11:06 #7
Som fromsej siger kan du også hente SP2, men installer kun SP1 på maskinen indtil videre.
Avatar billede eurodont Juniormester
14. oktober 2004 - 12:54 #8
Tak for hjælpen.
Jeg er på arbejdet nu, og har fået en kollega til at hente SP 2 til mig.
Installerer den så, når jeg kommer hjem fra arbejdet.

Han fortalte mig, at jeg også skulle køre ADaware og CWShredder, efterfølgende.

Er der hold i det, eller???

Med venlig hilsen,
Sirus
Avatar billede fromsej Praktikant
14. oktober 2004 - 13:14 #9
Både og, det er bedre at du lader være, indtil du har fået den rigtige vejledning, men programmerne skal bruges.
Avatar billede eurodont Juniormester
14. oktober 2004 - 13:39 #10
OK - tak!

Jeg lader være med, at køre disse programmer, indtil at jeg har fået vejledning af Jer, herom.  :)

-Sirus
Avatar billede resist Nybegynder
14. oktober 2004 - 13:46 #11
Jeg vil anbefale, at du i første omgang nøjes med at installere Service Pack 1 + kritiske opdateringer på computeren. Når computeren er ren, kan SP2 installeres.
Avatar billede eurodont Juniormester
20. oktober 2004 - 00:03 #12
Hej igen.
Undskyld, at jeg ikke får reageret før nu... men det er først nu, at det er lykkedes for mig, at få en version af Service Pack, som der ikke var Cyklisk Resundans på.

Jeg har gjort, som i har bedt mig om, og min nye log ser ud som følger:

-------------------------------------------------------------------------------------

Logfile of HijackThis v1.98.2
Scan saved at 23:54:48, on 19-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\ahead\InCD\InCD.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SpyKiller\spykiller.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Sirus\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F3 - REG:win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpyKiller] C:\Programmer\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {1A00E037-774F-02D2-CA1A-34815B4437A4} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {2BBB5EB1-6611-5171-094B-42B26C06E60C} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {32E9953D-4147-275E-7EA8-471A2EDF4342} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {70B699D5-1D58-2744-BDC9-46B565883F05} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O18 - Protocol: start - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\LORUX[^a.dll (file missing)
O18 - Filter: text/html - {685622C1-6952-4A7D-A7FF-B79382F73850} - C:\WINDOWS\System32\ddofc.dll
O18 - Filter: text/plain - {685622C1-6952-4A7D-A7FF-B79382F73850} - C:\WINDOWS\System32\ddofc.dll

-------------------------------------------------------------------------------------

P.S. Hvis loggen fra mvaw.exe kan have nogen interesse, ser den således ud:

-------------------------------------------------------------------------------------

Tue Oct 19 23:42:36 2004 => **********************************************************
Tue Oct 19 23:42:36 2004 => eScan AntiVirus Toolkit Utility.
Tue Oct 19 23:42:36 2004 => Copyright © 2003-2004,  MicroWorld Technologies Inc.
Tue Oct 19 23:42:36 2004 => **********************************************************
Tue Oct 19 23:42:36 2004 => Version 4.4.7
Tue Oct 19 23:42:36 2004 => Log File: C:\DOCUME~1\Sirus\LOKALE~1\Temp\mwav.log
Tue Oct 19 23:42:36 2004 => Latest Date of files inside MWAV: 08 Sep 2004  13:01:21.
Tue Oct 19 23:42:40 2004 => AV Library Loaded...
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\kavss.exe
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\Getvlist.exe
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\kavss.dll
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\kavssdi.dll
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\kavssi.dll
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\kavvlg.dll
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\msvlclnt.dll
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\ipc.dll
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\main.avi
Tue Oct 19 23:42:40 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\virus.avi
Tue Oct 19 23:42:41 2004 => Virus Database Date: 2004/09/08
Tue Oct 19 23:42:41 2004 => Virus Database Count: 103474
Tue Oct 19 23:43:05 2004 => Generating Virus List... getvlist.exe C:\DOCUME~1\Sirus\LOKALE~1\Temp\vlist.txt
Tue Oct 19 23:43:40 2004 => Generating Virus List... getvlist.exe C:\DOCUME~1\Sirus\LOKALE~1\Temp\vlist.txt

Tue Oct 19 23:45:08 2004 => **********************************************************
Tue Oct 19 23:45:08 2004 => eScan AntiVirus Toolkit Utility.
Tue Oct 19 23:45:08 2004 => Copyright © 2003-2004,  MicroWorld Technologies Inc.
Tue Oct 19 23:45:08 2004 =>
Tue Oct 19 23:45:08 2004 => Support: support@mwti.net
Tue Oct 19 23:45:08 2004 => Web: http://www.mwti.net
Tue Oct 19 23:45:08 2004 => **********************************************************
Tue Oct 19 23:45:08 2004 => Version 4.4.7
Tue Oct 19 23:45:08 2004 => Log File: C:\DOCUME~1\Sirus\LOKALE~1\Temp\mwav.log
Tue Oct 19 23:45:08 2004 => Latest Date of files inside MWAV: 08 Sep 2004  13:01:21.

Tue Oct 19 23:45:08 2004 => Options Selected by User:
Tue Oct 19 23:45:08 2004 => Memory Check: Enabled
Tue Oct 19 23:45:08 2004 => Registry Check: Enabled
Tue Oct 19 23:45:08 2004 => StartUp Folder Check: Enabled
Tue Oct 19 23:45:08 2004 => System Folder Check: Enabled
Tue Oct 19 23:45:08 2004 => System Area Check: Disabled
Tue Oct 19 23:45:08 2004 => Services Check: Enabled
Tue Oct 19 23:45:08 2004 => Drive Check Option Disabled
Tue Oct 19 23:45:08 2004 => Scanning Type: Scan And Clean
Tue Oct 19 23:45:08 2004 => Folder Check: Disabled

Tue Oct 19 23:45:08 2004 => ***** Scanning Memory Files *****
Tue Oct 19 23:45:08 2004 => Scanning File C:\WINDOWS\system32\services.exe
Tue Oct 19 23:45:08 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Oct 19 23:45:08 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:08 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:08 2004 => Scanning File C:\WINDOWS\Explorer.EXE
Tue Oct 19 23:45:09 2004 => Scanning File C:\DOCUME~1\Sirus\SKRIVE~1\mwav.exe
Tue Oct 19 23:45:10 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\mwavscan.com
Tue Oct 19 23:45:10 2004 => Scanning File C:\DOCUME~1\Sirus\LOKALE~1\Temp\kavss.exe

Tue Oct 19 23:45:11 2004 => ***** Scanning Registry Files *****

Tue Oct 19 23:45:11 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Tue Oct 19 23:45:11 2004 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Tue Oct 19 23:45:11 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Tue Oct 19 23:45:11 2004 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Tue Oct 19 23:45:11 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Tue Oct 19 23:45:11 2004 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Oct 19 23:45:11 2004 => Scanning File C:\WINDOWS\System32\stobject.dll

Tue Oct 19 23:45:11 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Tue Oct 19 23:45:11 2004 => {5321E378-FFAD-4999-8C62-03CA8155F0B3} = C:\WINDOWS\System32\services\2.01.00.dll
Tue Oct 19 23:45:11 2004 => Scanning File C:\WINDOWS\System32\services\2.01.00.dll
Tue Oct 19 23:45:11 2004 => File C:\WINDOWS\System32\services\2.01.00.dll infected by "TrojanDownloader.Win32.Small.me" Virus. Action Taken: File Deleted.

Tue Oct 19 23:45:11 2004 => *** Reg Key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} deleted because ImagePath file infected by a Virus
Tue Oct 19 23:45:11 2004 => {EE2F3087-1F7B-49EC-853E-B98151AB9869} = C:\WINDOWS\System32\ddofc.dll
Tue Oct 19 23:45:11 2004 => Scanning File C:\WINDOWS\System32\ddofc.dll
Tue Oct 19 23:45:11 2004 => File C:\WINDOWS\System32\ddofc.dll infected by "Trojan.Win32.StartPage.ix" Virus. Action Taken: File Deleted.

Tue Oct 19 23:45:11 2004 => *** Reg Key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{EE2F3087-1F7B-49EC-853E-B98151AB9869} deleted because ImagePath file infected by a Virus

Tue Oct 19 23:45:11 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Tue Oct 19 23:45:11 2004 => Scanning File C:\WINDOWS\Explorer.exe
Tue Oct 19 23:45:11 2004 => Scanning File C:\WINDOWS\system32\userinit.exe

Tue Oct 19 23:45:11 2004 => Scanning HKCU\Control Panel\Desktop
Tue Oct 19 23:45:11 2004 => Scanning File C:\WINDOWS\System32\logon.scr

Tue Oct 19 23:45:12 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Oct 19 23:45:12 2004 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE
Tue Oct 19 23:45:12 2004 => Scanning File C:\WINDOWS\system32\nwiz.exe
Tue Oct 19 23:45:12 2004 => Scanning File C:\PROGRA~1\LEXMAR~1\lxbkbmgr.exe
Tue Oct 19 23:45:12 2004 => Scanning File C:\WINDOWS\system32\NeroCheck.exe
Tue Oct 19 23:45:12 2004 => Scanning File C:\Programmer\ahead\InCD\InCD.exe
Tue Oct 19 23:45:12 2004 => Scanning File C:\WINDOWS\regedit.exe
Tue Oct 19 23:45:12 2004 => Scanning File C:\WINDOWS\system32\services\wmplayer.exe
Tue Oct 19 23:45:13 2004 => File C:\WINDOWS\system32\services\wmplayer.exe infected by "TrojanDownloader.Win32.Small.ka" Virus. Action Taken: File Deleted.

Tue Oct 19 23:45:13 2004 => *** SOFTWARE\Microsoft\Windows\CurrentVersion\Run has RunningProcess defined as C:\WINDOWS\system32\services\wmplayer.exe (which is infected)!
Tue Oct 19 23:45:13 2004 => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xpsystem deleted because it is infected by a Virus

Tue Oct 19 23:45:13 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Tue Oct 19 23:45:13 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Tue Oct 19 23:45:13 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Tue Oct 19 23:45:13 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Oct 19 23:45:13 2004 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Tue Oct 19 23:45:13 2004 => Scanning File C:\Programmer\Messenger\msmsgs.exe
Tue Oct 19 23:45:13 2004 => Scanning File C:\PROGRA~1\INCRED~1\bin\IncMail.exe
Tue Oct 19 23:45:13 2004 => Scanning File C:\Programmer\SpyKiller\spykiller.exe
Tue Oct 19 23:45:13 2004 => *** SOFTWARE\Microsoft\Windows\CurrentVersion\Run has RunningProcess defined as C:\WINDOWS\system32\services\wmplayer.exe (which is infected)!
Tue Oct 19 23:45:13 2004 => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xpsystem deleted because it is infected by a Virus

Tue Oct 19 23:45:13 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Tue Oct 19 23:45:14 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Tue Oct 19 23:45:14 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Tue Oct 19 23:45:14 2004 => Scanning HKCR\txtfile\shell\open\command

Tue Oct 19 23:45:14 2004 => Scanning HKCR\comfile\shell\open\command

Tue Oct 19 23:45:14 2004 => Scanning HKCR\exefile\shell\open\command

Tue Oct 19 23:45:14 2004 => Scanning HKCR\dllfile\shell\open\command

Tue Oct 19 23:45:14 2004 => Scanning HKCR\batfile\shell\open\command

Tue Oct 19 23:45:14 2004 => Scanning HKCR\piffile\shell\open\command

Tue Oct 19 23:45:14 2004 => Scanning HKCR\scrfile\shell\open\command

Tue Oct 19 23:45:14 2004 => Scanning HKCR\scrfile\shell\config\command

Tue Oct 19 23:45:14 2004 => Scanning HKCR\regfile\shell\open\command

Tue Oct 19 23:45:14 2004 => ***** Scanning StartUp Folders *****

Tue Oct 19 23:45:14 2004 => ***** Scanning C:\Documents and Settings\Sirus\Menuen Start\Programmer\Start Folder *****
Tue Oct 19 23:45:14 2004 => Scanning Folder: C:\Documents and Settings\Sirus\Menuen Start\Programmer\Start\*.*
Tue Oct 19 23:45:14 2004 => Scanning File C:\Documents and Settings\Sirus\Menuen Start\Programmer\Start\desktop.ini

Tue Oct 19 23:45:14 2004 => ***** Scanning C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start Folder *****
Tue Oct 19 23:45:14 2004 => Scanning Folder: C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\*.*
Tue Oct 19 23:45:15 2004 => Scanning File C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\desktop.ini
Tue Oct 19 23:45:15 2004 => Scanning File C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\Microsoft Office.lnk
Tue Oct 19 23:45:15 2004 => Scanning File C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\InterVideo WinCinema Manager.lnk
Tue Oct 19 23:45:15 2004 => Scanning File C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\WinZip Quick Pick.lnk

Tue Oct 19 23:45:15 2004 => ***** Scanning Service Files *****
Tue Oct 19 23:45:15 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\amdk7.sys
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Tue Oct 19 23:45:15 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Tue Oct 19 23:45:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\services.exe
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\Drivers\fwdrv.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\gameenum.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
Tue Oct 19 23:45:17 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\System32\imapi.exe
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\DOCUME~1\SIRUS\LOKALE~1\TEMP\JNV4_MIB.SYS
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Tue Oct 19 23:45:18 2004 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\system32\LEXBCES.EXE
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Tue Oct 19 23:45:19 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Tue Oct 19 23:45:20 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\PROGRA~1\Kerio\PERSON~1\persfw.exe
Tue Oct 19 23:45:21 2004 => ERROR!!! Invalid Entry \??\C:\WINDOWS\System32\PfModNT.sys in SYSTEM\CurrentControlSet\Services\PfModNT...
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\services.exe
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Tue Oct 19 23:45:21 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\System32\locator.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Tue Oct 19 23:45:22 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:23 2004 => Scanning File C:\WINDOWS\System32\ups.exe
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\viaagp.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\viaide.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\drivers\ac97via.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:24 2004 => Scanning File C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\System32\svchost.exe

Tue Oct 19 23:45:25 2004 => ***** Scanning System32 Folders *****
Tue Oct 19 23:45:25 2004 => Scanning C:\WINDOWS Directory
Tue Oct 19 23:45:25 2004 => Scanning Folder: C:\WINDOWS\*.*
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\system.ini
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\win.ini
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\spupdsvc.log
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\notepad.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\_default.pif
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\explorer.scf
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\imsins.BAK
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\msdfmap.ini
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\twain.dll
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\regedit.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\twunk_16.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\twunk_32.exe
Tue Oct 19 23:45:25 2004 => Scanning File C:\WINDOWS\winhelp.exe
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\twain_32.dll
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\sys.reg
Tue Oct 19 23:45:26 2004 => File C:\WINDOWS\sys.reg infected by "Trojan.WinREG.StartPage" Virus. Action Taken: File Deleted.

Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\wmprfDAN.prx
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\clock.avi
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\vmmreg32.dll
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\setuplog.txt
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\setupact.log
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\setuperr.log [**]
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\KB840987.log
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\Ins.INI [**]
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\EAConfigInfo.txt
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\SET3.tmp
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\IsUninst.exe
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\Sof2.INI
Tue Oct 19 23:45:26 2004 => Scanning File C:\WINDOWS\imsins.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\winhlp32.exe
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\ieuninst.exe
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\SET7.tmp
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\Q330994.exe
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\dahotfix.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\xpsp1hfm.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\KB828028.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\Q329048.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\KB828035.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\ntbtlog.txt
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\KB825119.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\hh.exe
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\Q828026.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\TASKMAN.EXE
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\regopt.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\ODBCINST.INI
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\ocgen.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\FaxSetup.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\iis6.log
Tue Oct 19 23:45:27 2004 => Scanning File C:\WINDOWS\comsetup.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\ntdtcsetup.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\tsoc.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\msmqinst.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\Q328940.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\msgsocm.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\ocmsn.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\wiaservc.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\wiadebug.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\KB824105.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\KB823182.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\Blå silke 16.bmp
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\KB824141.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\KB824146.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\Sæbebobler.bmp
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\KB821557.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\KB823559.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\Kaffebønne.bmp
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\Q819696.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\Q817606.log
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\Fjerstruktur.bmp
Tue Oct 19 23:45:28 2004 => Scanning File C:\WINDOWS\Q815021.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q329441.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\På fisketur.bmp
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q329834.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q324096.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Grønne sten.bmp
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q323172.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q326830.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Prærievind.bmp
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q324380.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q318138.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Rhododendron.bmp
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q313450.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q323255.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Floden Sumida.bmp
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\explorer.exe
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q311967.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Santa Fe Stucco.bmp
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q319580.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q317277.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Zapotec.bmp
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\DtcInstall.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\vb.ini
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\vbaddin.ini
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\sessmgr.setup.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q315403.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\desktop.ini
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\Q314862.log
Tue Oct 19 23:45:29 2004 => Scanning File C:\WINDOWS\winnt.bmp
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\Q315000.log
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\winnt256.bmp
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\Q311889.log
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\Q309521.log
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\WindowsShell.Manifest
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\Windows Update.log
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\OEWABLog.txt
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\WMSysPrx.prx
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\control.ini [**]
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\bootstat.dat
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\REGLOCS.OLD
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\SchedLgU.Txt
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\nsw.log
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\0.log [**]
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\AceHTML 5 Freeware Setup Log.txt
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\iun6002.exe
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\MF_C420.lfa
Tue Oct 19 23:45:30 2004 => Scanning File C:\WINDOWS\MF_C421.lfa
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\MF_C425.lfa
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\Active Setup Log.BAK
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\Q329390.log
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\Q329115.log
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\Q811630.log
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\Active Setup Log.txt
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\ModemLog_Generic SoftK56.txt
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\ODBC.INI
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\unin0406.exe
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\Q329170.log
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\Q810577.log
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\lexstat.ini
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\Q811493.log
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\UNNMP.exe
Tue Oct 19 23:45:31 2004 => Scanning File C:\WINDOWS\UNNMP.cfg
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\NuNInst.exe
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\NuNInst.cfg
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\pcdlib32.dll
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\PI_setup.ini
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\VI_setup.ini
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\videoimp.ini
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\PB_setup.ini
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\FH_setup.ini
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\vsp.ini
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\wmsetup.log
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\d3dx.dat
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\SIERRA.INI
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\KB842773.log
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\svcpack.log
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\netfxocm.log
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\ModemLog_Generic SoftK56 #2.txt
Tue Oct 19 23:45:32 2004 => Scanning File C:\WINDOWS\ModemLog_Generic SoftK56 #3.txt
Tue Oct 19 23:45:33 2004 => Scanning File C:\WINDOWS\DirectX.log
Tue Oct 19 23:45:33 2004 => Scanning File C:\WINDOWS\unin041d.exe
Tue Oct 19 23:45:33 2004 => Scanning File C:\WINDOWS\fierm.exe
Tue Oct 19 23:45:33 2004 => File C:\WINDOWS\fierm.exe infected by "TrojanDropper.Win32.Delf.cy" Virus. Action Taken: File Deleted.

Tue Oct 19 23:45:33 2004 => Scanning File C:\WINDOWS\madopew.dll12
Tue Oct 19 23:45:33 2004 => File C:\WINDOWS\madopew.dll12 infected by "Trojan.Win32.StartPage.is" Virus. Action Taken: File Deleted.

Tue Oct 19 23:45:33 2004 => Scanning File C:\WINDOWS\unin040a.exe
Tue Oct 19 23:45:33 2004 => Scanning File C:\WINDOWS\ACROREAD.INI
Tue Oct 19 23:45:33 2004 => Scanning File C:\WINDOWS\WindowsUpdate.log
Tue Oct 19 23:45:33 2004 => Scanning File C:\WINDOWS\setupapi.log.0.old
Tue Oct 19 23:45:33 2004 => Scanning File C:\WINDOWS\setupapi.log
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\medctroc.Log
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\002493_.tmp
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\slrundll.exe
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\WMSysPr9.prx
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\cmsetacl.log
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\tabletoc.log
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\eReg.dat
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\uninst.exe
Tue Oct 19 23:45:34 2004 => Scanning C:\WINDOWS\system32 Directory
Tue Oct 19 23:45:34 2004 => Scanning Folder: C:\WINDOWS\system32\*.*
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\system32\bootvid.dll
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\system32\kdcom.dll
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\system32\c_1252.nls
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\system32\c_437.nls
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\system32\l_intl.nls
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\system32\wldap32.dll
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\system32\winver.exe
Tue Oct 19 23:45:34 2004 => Scanning File C:\WINDOWS\system32\wintrust.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\winsta.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\winsrv.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\spupdwxp.log
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\winscard.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\winrnr.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\lz32.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\winntbbu.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\winmm.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\olecli32.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\olecnv32.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\olesvr32.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\olethk32.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\winlogon.exe
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\winipsec.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\wininet.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\wiavideo.dll
Tue Oct 19 23:45:35 2004 => Scanning File C:\WINDOWS\system32\wiashext.dll
Tue Oct 19 23:45:36 2004 => Scanning File C:\WINDOWS\system32\wiaservc.dll
Tue Oct 19 23:45:36 2004 => Scanning File C:\WINDOWS\system32\wiascr.dll
Tue Oct 19 23:45:36 2004 => Scanning File C:\WINDOWS\system32\wiadss.dll
Tue Oct 19 23:45:36 2004 => Scanning File C:\WINDOWS\system32\wiadefui.dll
Tue Oct 19 23:45:36 2004 => Scanning File C:\WINDOWS\system32\wiaacmgr.exe
Tue Oct 19 23:45:36 2004 => Scanning File C:\WINDOWS\system32\wextract.exe
Tue Oct 19 23:45:36 2004 => Scanning File C:\WINDOWS\system32\webvw.dll
Tue Oct 19 23:45:36 2004 => Scanning File C:\WINDOWS\system32\w32time.dll
Tue Oct 19 23:45:36 2004 => Scanning File C:\WINDOWS\system32\webfldrs.msi
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\unicode.nls
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\webclnt.dll
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\webcheck.dll
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\vga.dll
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\mscpxl32.dLL
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\mscpx32r.dLL
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\ctype.nls
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\sortkey.nls
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\kbdus.dll
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\wdigest.dll
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\sl_anet.acm
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\advpack.dll
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\watchdog.sys
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\vssvc.exe
Tue Oct 19 23:45:37 2004 => Scanning File C:\WINDOWS\system32\vssapi.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\version.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\vdmredir.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\vdmdbg.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\netevent.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\vbscript.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\vbisurf.ax
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\lxbkcoin.ini
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\vbajet32.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\msacm32.drv
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\utilman.exe
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\netmsg.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\extrac32.exe
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\wpa.dbl
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\usp10.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\userenv.dll
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\stdole2.tlb
Tue Oct 19 23:45:38 2004 => Scanning File C:\WINDOWS\system32\user32.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\usbui.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\usbmon.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\laprxy.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\pidgen.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\urlmon.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\url.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\ups.exe
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\upnpui.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\tscupgrd.exe
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\upnphost.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\upnpcont.exe
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\upnp.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\accwiz.exe
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\uniplat.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\clb.dll
Tue Oct 19 23:45:39 2004 => Scanning File C:\WINDOWS\system32\idq.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\unimdmat.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\unimdm.tsp
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\autolfn.exe
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\mindex.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\msxbde40.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\msxmlr.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\msisam11.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\msuni11.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\umandlg.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\udhisapi.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\rtutils.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\regsvc.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\txflog.dll
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\imaadp32.acm
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\ipconf.tsp
Tue Oct 19 23:45:40 2004 => Scanning File C:\WINDOWS\system32\tsddd.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\ndptsp.tsp
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\net.exe
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\crtdll.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\psbase.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\mnmsrvc.exe
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\tscfgwmi.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\inetres.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\ieaksie.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\ieuinit.inf
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\msi.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\msidntld.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\trkwks.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\tracert.exe
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\timedate.cpl
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\themeui.dll
Tue Oct 19 23:45:41 2004 => Scanning File C:\WINDOWS\system32\packager.exe
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\termsrv.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\cryptext.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\lmrt.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\mprui.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\netui2.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\ddrawex.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\dfrgres.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\devmgr.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\dfrgfat.exe
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\filemgmt.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\logagent.exe
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\net.hlp
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\nmmkcert.dll
Tue Oct 19 23:45:42 2004 => Scanning File C:\WINDOWS\system32\sort.exe
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\perfc009.dat
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\perfh009.dat
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\termmgr.dll
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\console.dll
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\daxctle.ocx
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\more.com
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\telnet.exe
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\logon.scr
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\tdc.ocx
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\schedsvc.dll
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\shfolder.dll
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\apphelp.dll
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\blackbox.dll
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\tcpmon.ini
Tue Oct 19 23:45:43 2004 => Scanning File C:\WINDOWS\system32\mtxoci.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\dumprep.exe
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\12520437.cpx
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\12520850.cpx
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\wsecedit.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\aaaamon.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\acelpdec.ax
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\acledit.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\activeds.tlb
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\activeds.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\actxprxy.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\adptif.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\admparse.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\adsldpc.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\adsnds.dll
Tue Oct 19 23:45:44 2004 => Scanning File C:\WINDOWS\system32\adsmsext.dll
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\adsnw.dll
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\alg.exe
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\alrsvc.dll
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\ansi.sys
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\apcups.dll
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\append.exe
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\xmlprovi.dll
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\appmgmts.dll
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\arp.exe
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\appwiz.cpl
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\asctrls.ocx
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\appmgr.dll
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\asr_ldm.exe
Tue Oct 19 23:45:45 2004 => Scanning File C:\WINDOWS\system32\asycfilt.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\atkctrs.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\atl.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\atmadm.exe
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\atmfd.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\atmpvcno.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\attrib.exe
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\tcpmib.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\autodisc.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\authz.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\autofmt.exe
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\avicap.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\avicap32.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\avifile.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\batt.dll
Tue Oct 19 23:45:46 2004 => Scanning File C:\WINDOWS\system32\bios1.rom
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\bios4.rom
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\bidispl.dll
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\bootcfg.exe
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\bootok.exe
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\bootvrfy.exe
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\browseui.dll
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_037.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_10000.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_10079.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_1026.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_1250.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_1251.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_1253.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_1254.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_1255.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_1256.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_1257.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_1258.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_20261.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_20866.nls
Tue Oct 19 23:45:47 2004 => Scanning File C:\WINDOWS\system32\c_20905.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_21866.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_28591.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_28592.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_28593.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_28598.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_28605.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_500.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_775.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_850.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_860.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_861.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_863.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_865.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_874.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_932.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_936.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_949.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\c_950.nls
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\cabinet.dll
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\cacls.exe
Tue Oct 19 23:45:48 2004 => Scanning File C:\WINDOWS\system32\cabview.dll
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\capesnpn.dll
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\cards.dll
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\ccfgnt.dll
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\catsrvut.dll
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\taskmgr.exe
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\cdfview.dll
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\certcli.dll
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\certmgr.msc
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\certmgr.dll
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\noise.nld
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\Vis kanaler.scf
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\chcp.com
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\chkdsk.exe
Tue Oct 19 23:45:49 2004 => Scanning File C:\WINDOWS\system32\chkntfs.exe
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\ciadmin.dll
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\ciadv.msc
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\cic.dll
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\cidaemon.exe
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\cfgmgr32.dll
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\asr_fmt.exe
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\ciodm.dll
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\ckcnv.exe
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\noise.sve
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\shellstyle.dll
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\clbcatq.dll
Tue Oct 19 23:45:50 2004 => Scanning File C:\WINDOWS\system32\cliconf.chm
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cleanmgr.exe
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cliconfg.dll
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cliconfg.exe
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\clipbrd.exe
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\clusapi.dll
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cmcfg32.dll
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cmdial32.dll
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cmdlib.wsc
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cmmgr32.hlp
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cmdl32.exe
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cmos.ram
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cmpbk32.dll
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cmprops.dll
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cmstp.exe
Tue Oct 19 23:45:51 2004 => Scanning File C:\WINDOWS\system32\cnetcfg.dll
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\cnvfat.dll
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\comcat.dll
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\comm.drv
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\command.com
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\commdlg.dll
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\comp.exe
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\compact.exe
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\notepad.exe
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\compatUI.dll
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\compmgmt.msc
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\compobj.dll
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\colbact.dll
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\confmsp.dll
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\control.exe
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\convert.exe
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\conime.exe
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\country.sys
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\crypt32.dll
Tue Oct 19 23:45:52 2004 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\cscdll.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\csseqchk.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\ctl3dv2.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\d3d8.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\d3dim.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\d3d8thk.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\d3dpmesh.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\d3drm.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\d3dxof.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\d3dim700.dll
Tue Oct 19 23:45:53 2004 => Scanning File C:\WINDOWS\system32\danim.dll
Tue Oct 19 23:45:54 2004 => Scanning File C:\WINDOWS\system32\datime.dll
Tue Oct 19 23:45:54 2004 => Scanning File C:\WINDOWS\system32\davclnt.dll
Tue Oct 19 23:45:54 2004 => Scanning File C:\WINDOWS\system32\dbgeng.dll
Tue Oct 19 23:45:54 2004 => Scanning File C:\WINDOWS\system32\dbmsadsn.dll
Tue Oct 19 23:45:54 2004 => Scanning File C:\WINDOWS\system32\dbghelp.dll
Avatar billede resist Nybegynder
20. oktober 2004 - 15:39 #13
Først skal du slå systemgendannelse fra.
Hvis du ikke ved, hvordan du gør det så kig her: http://www.spywarefri.dk/virusscannere.htm#alle

Du skal have engangsscanneren mwav.exe parat. Hent eventuelt nyeste version her: http://www.spywareinfo.dk/download/mwav.exe
Du skal bruge programmet senere.

Hent det her program:
http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix

Efter download dobbeltklikkes på exe-filen, og der klikkes på knappen: Desinfektion starten"
Herefter skal computeren genstartes. Cleaneren starter nu automatisk for at afslutte desinfektionen.
Herefter køres engang med CWShredder, da den lige skal fjerne en enkelt registrering.

Hent CWShredder her: http://danborg.org/spy/CWS/cwshredder.exe

Kør programmet, afbryd din internetforbindelse fysisk (stikket ud), deaktiver ALLE sikkerhedsprogrammer (f.eks. Antivirus, Firewall, SpywareGuard m.m.), luk alle vinduer undtaget CWShredder, klik på Fix, den scanner nu, når den er færdig, så klik på Next, klik på Exit.

Kør engangsscanneren (mwav.exe). Aktiver det hele i opsætningen derinde, så du får scannet alt igennem.

---------------------------------------------------------------------------------------------
Prøv så en tur med Regedit.
Klik på Start - Kør skriv: regedit og klik OK.
Du får et vindue lidt ligesom stifinder.
Klik dig i venstre side frem til:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Tjek om der ligger en nøgle/tekst der hedder "HOMEOldSP", gør der det slet den.
Ligger der herinde nogle filer under search page, search bar som ender på noget ....\sp. Skal du også slette dem.

Gå i rediger - ned i søg - i linjen skriver du: HOMEOldSP
Klik på find næste. Delete filen hvis den findes. Tast F3 for at finde næste (der er sikkert kun en).
Samme fremgangsmåde med søgeordet About:blank
Luk på X når du får at vide der ikke er flere filer at finde.
------------------------------------------------------------------------
Kør en scanning med Hijackthis, så du kan se alle filer.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Sirus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

F3 - REG:win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe

O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKCU\..\Run: [SpyKiller] C:\Programmer\SpyKiller\spykiller.exe /startup

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {1A00E037-774F-02D2-CA1A-34815B4437A4} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {2BBB5EB1-6611-5171-094B-42B26C06E60C} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {32E9953D-4147-275E-7EA8-471A2EDF4342} - http://209.8.161.54/1/gdnDK897.exe
O16 - DPF: {70B699D5-1D58-2744-BDC9-46B565883F05} - http://209.8.161.54/1/gdnDK897.exe

O18 - Protocol: start - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\LORUX[^a.dll (file missing)
O18 - Filter: text/html - {685622C1-6952-4A7D-A7FF-B79382F73850} - C:\WINDOWS\System32\ddofc.dll
O18 - Filter: text/plain - {685622C1-6952-4A7D-A7FF-B79382F73850} - C:\WINDOWS\System32\ddofc.dll

-------------------------------------------------------------------
For at kunne se alle filer og mapper, følg denne vejledning:
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
---------------------------------------------------------------------
Genstart i fejlsikret tilstand (F8 ved opstart). Find og slet:

C:\WINDOWS\System32\ddofc.dll >>>> filen
C:\WINDOWS\system32\services\wmplayer.exe >>>> filen
C:\Programmer\SpyKiller\ >>>> mappen
C:\DOCUME~1\Sirus\LOKALE~1\Temp\>>> tøm mappen Temp for indhold


---------------------------------------------------
Husk at genaktivere dine sikkerhedsprogrammer inden du går på nettet.

Genstart din computer og kopier en ny log fra HijackThis herind – tak.
Avatar billede eurodont Juniormester
21. oktober 2004 - 00:02 #14
Hej Resist.

Jeg har nu gjort, det ovenstående - og kommer frem med denne nye log:

-------------------------------------------------------------------------------------

Logfile of HijackThis v1.98.2
Scan saved at 23:17:21, on 20-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sirus\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab

-------------------------------------------------------------------------------------

Jeg har lige et par spørgsmål:

1) Skal jeg rette mappeindstillingerne tilbage til de gamle værdier?
2) Skal systemgendannelsen, aktiveres igen?

Jeg takker indtil videre ufatteligt meget for din hjælp.

Med venlig hilsen,
Sirus
Avatar billede resist Nybegynder
21. oktober 2004 - 11:16 #15
Velbekomme ;-)

Din log ser ren ud, og du må slå systemgendannelse til igen og sætte mappeindstillinger tilbage til oprindelige indstillinger.

Hvis du ikke allerede har Ad-Aware, så hent og installer programmet. Opdater det straks efter installationen - inden du kører en scanning. Fjern alt hvad programmet finder. Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/vaerktoj.htm#adaware

Her er et link til sikker surfing: http://www.spywarefri.dk/pakken.htm

Hjalp ”kuren”?
Avatar billede eurodont Juniormester
21. oktober 2004 - 11:53 #16
Hej Resist.

Det glæder jeg mig til at komme hjem og gøre - og jeg takker endnu engang for hjælpen... alle de ting, ville jeg aldrig have haft kunne finde ud af selv.

Jeg har installeret AVG - fra www.grisoft.com og installerer Lavasoft ADAware senere idag, og håber på at jeg ikke løber ind i flere lignende problemer!!!  :)

Med venlig hilsen,
Sirus Aghajari
Avatar billede resist Nybegynder
21. oktober 2004 - 12:42 #17
Endnu engang velbekomme ;-)

Hvis kuren hjalp, og du vil ”lukke” her, kan du markere mit navn og acceptere svaret.

Her er en artikel om sikkerhed: http://www.eksperten.dk/artikler/254
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 17:11 Har glemt navn på min ene konto på eksperten! Af ErikHg i Fri debat
I går 15:00 RIP af DVD med MakeMKV Af dcedata1977 i Servere
I går 10:08 slet windows Af jajoh i Windows
07/0514:15 PHP Html Af Asky i Programmeringsværktøjer
07/0511:06 Rufus mange muligheder - valg ved install Windows Af Uvanga i Windows
White papers
Flere white papers »