hijack this log

Hvad med denne? http://www.eksperten.dk/spm/717302

Der er både Norton og McAfee på den her, fjern resterne af Norton i Tilføj/fjern programmer.

-- Hent S!Ri's SmitfraudFix.zip og pak det ud til dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.

-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og opdater programmet, men vent med at scanne.

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Kør en fuld scanning med Ewido, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra Ewido og loggen fra SmitfraudFix (C:\rapport.txt).

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            21:40:48, 29-06-2006
+ Rapport-Checksum:        644DF168

+ Scanningsresultat:
    C:\Documents and Settings\Mevlüt Altuntas\Skrivebord\tes.cmd -> Not-A-Virus.Eicar.TestFile : Renset med backup


::Rapport slut


SmitFraudFix v2.65

Scan done at 20:34:59,92, 29-06-2006
Run from C:\Documents and Settings\Mevlt Altuntas\Skrivebord\tempes\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems"

[HKEY_CLASSES_ROOT\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32]
@="C:\WINDOWS\system32\guxxa.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32]
@="C:\WINDOWS\system32\guxxa.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\guxxa.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ALLUSE~1\SKRIVE~1\Online Security Guide.url Deleted
C:\DOCUME~1\MEVLTA~1\FORETR~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Det ser rigtigt ud, så skal vi have en frisk Hijackthislog.

Logfile of HijackThis v1.99.1
Scan saved at 22:05:36, on 29-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\OfficeScan NT\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\OfficeScan NT\Pop3Trap.exe
C:\OfficeScan NT\ntrtscan.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\OfficeScan NT\tmlisten.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\QL980D.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\OfficeScan NT\pccnt.exe
C:\Documents and Settings\Mevlüt Altuntas\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\2006629202753_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\2006629202756_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {582BD011-3AB7-41D0-B855-BDED7C4207F0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

Download og gem denne scanner på skrivebordet. Du skal ikke aktivere den endnu.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Kig denne vejledning grundigt igennem.
http://fromsej.dk/Vejledninger/html/drweb.html
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O18 - Protocol: Alle

---------------------------------------
Har du selv sat restriktioner på indstillingsmulighederne i Internet Explorer?
Hvis nej skal de to her også fixes:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
---------------------------------------
Sletning af \mapper\ og filer:
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
<Ingen>
-------------------
Filer:
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
---------------------------------------
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen CureIt.log kopier det nederste af teksten herind, startende med:
Scan statistics.
---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog.

O18 - Protocol: Alle
hvad er det ?

Alle linier der starter med O18 - Protocol skal fixes.

<fromsej>: GoSub http://www.eksperten.dk/spm/716900 ?

Logfile of HijackThis v1.99.1
Scan saved at 22:34:22, on 29-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\OfficeScan NT\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\OfficeScan NT\Pop3Trap.exe
C:\OfficeScan NT\ntrtscan.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\OfficeScan NT\tmlisten.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\QL980D.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mevlüt Altuntas\Skrivebord\tempes\drweb-cureit.exe
C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cureit.exe
C:\Documents and Settings\Mevlüt Altuntas\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\2006629202753_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\2006629202756_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

kommer med scan log når det er færdig, men hvordan ser det ud

Det ser godt ud, men jeg afventer lige Dr.Web inden jeg tør erklære den ren.

Dr1 >> Jeg har været der.*S*

er op på 45 %, der går lige en lille ½ times tid,

Så er det godt der er en dag i morgen, plejehjemmet lukker nemlig for internettet nu.*S*

ok helt i orden. tak for hjælpen foreløbig, det var pænt af dig. sender resultatet i løbet af natten så kAN du se på den i løbet af i morgen. og bidrage med din ekspert viden. tak foreløbig.......

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-06-29, 22:30:34 [MEVLÜT][Mevlüt Altuntas]
Command-line: "C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.3.06020)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 547 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 86 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 145 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 127814
Key file: C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\ati2evxx.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\Explorer.EXE
[Scan path] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
[Scan path] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
[Scan path] C:\WINDOWS\system32\ctfmon.exe
[Scan path] C:\WINDOWS\KHALMNPR.EXE
[Scan path] C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
[Scan path] C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
[Scan path] C:\WINDOWS\System32\Wbem\wmiprvse.exe
[Scan path] C:\Programmer\Internet Explorer\IEXPLORE.EXE
[Scan path] C:\WINDOWS\system32\alg.exe
[Scan path] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\MEVLTA~1\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] C:\Programmer\Apoint\Apoint.exe
[Scan path] c:\programmer\intel\wireless\bin\ifrmewrk.exe
[Scan path] C:\Programmer\Dell\QuickSet\quickset.exe
[Scan path] C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
[Scan path] c:\progra~1\fælles~1\instal~1\update~1\isuspm.exe
[Scan path] C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
[Scan path] C:\WINDOWS\system32\dla\tfswctrl.exe
[Scan path] C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
[Scan path] C:\OfficeScan NT\pccntmon.exe
[Scan path] C:\Programmer\Messenger\msmsgs.exe
[Scan path] C:\Programmer\MSN Messenger\MsnMsgr.Exe
[Scan path] C:\Documents and Settings\Mevlüt Altuntas\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[Scan path] C:\Programmer\Fælles filer\Autodesk Shared\acstart16.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Digital Line Detect\DLG.exe
[Scan path] C:\Programmer\Logitech\SetPoint\SetPoint.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\system32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\system32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\system32\remotepg.dll
[Scan path] C:\WINDOWS\system32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\system32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\WINDOWS\system32\twext.dll
[Scan path] C:\WINDOWS\system32\shmedia.dll
[Scan path] C:\WINDOWS\system32\browseui.dll
[Scan path] C:\WINDOWS\system32\sendmail.dll
[Scan path] C:\WINDOWS\system32\occache.dll
[Scan path] C:\WINDOWS\system32\webcheck.dll
[Scan path] C:\WINDOWS\system32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\system32\netplwiz.dll
[Scan path] C:\WINDOWS\system32\zipfldr.dll
[Scan path] C:\WINDOWS\system32\cdfview.dll
[Scan path] C:\WINDOWS\system32\extmgr.dll
[Scan path] C:\WINDOWS\system32\msieftp.dll
[Scan path] C:\WINDOWS\system32\docprop2.dll
[Scan path] C:\WINDOWS\system32\dsquery.dll
[Scan path] C:\WINDOWS\system32\dsuiext.dll
[Scan path] C:\WINDOWS\system32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\system32\dfsshlex.dll
[Scan path] C:\WINDOWS\system32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\WINDOWS\system32\mscoree.dll
[Scan path] C:\PROGRA~1\FÆLLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
[Scan path] C:\Programmer\Microsoft Office\OFFICE11\msohev.dll
[Scan path] C:\WINDOWS\system32\AcSignIcon.dll
[Scan path] C:\Programmer\Fælles filer\Autodesk Shared\Thumbnail\AcThumbnail16.dll
[Scan path] C:\Programmer\Fælles filer\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
[Scan path] C:\WINDOWS\system32\dla\tfswshx.dll
[Scan path] C:\Programmer\Real\RealPlayer\rpshell.dll
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\system32\stobject.dll
[Scan path] C:\WINDOWS\system32\Ati2evxx.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\Programmer\Intel\Wireless\Bin\LgNotify.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\WgaLogon.dll
[Scan path] C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\adpu160m.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\AegisP.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agp440.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aha154x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78u2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78xx.sys
[Scan path] c:\windows\system32\svchost.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\aliide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\alim1541.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amdagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amsint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
[Scan path] C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\arp1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3350p.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3550.sys
[Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\audstub.sys
[Scan path] C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
[Scan path] C:\WINDOWS\system32\drivers\CDAC11BA.EXE
[Scan path] C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
[Scan path] C:\WINDOWS\system32\drivers\CdaC15BA.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\CmBatt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cmdide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\compbatt.sys
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\cpqarray.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dac960nt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\disk.sys
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dpti2o.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\WINDOWS\system32\drivers\drvmcdb.sys
[Scan path] C:\WINDOWS\system32\drivers\drvnddm.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\e100b325.sys
[Scan path] C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
[Scan path] C:\Programmer\ewido\security suite\ewidoctrl.exe
[Scan path] C:\Programmer\ewido\security suite\guard.sys
[Scan path] C:\Programmer\ewido\security suite\ewidoguard.exe
[Scan path] C:\WINDOWS\system32\fxssvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\fltMgr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hidusb.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hpn.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i2omp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\system32\imapi.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ini910u.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\intelide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\intelppm.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipnat.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\iwca.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
[Scan path] C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
[Scan path] C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
[Scan path] C:\WINDOWS\system32\mnmsrvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mouhid.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mraid35x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\system32\msdtc.exe
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\nic1394.sys
[Scan path] C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
[Scan path] C:\OfficeScan NT\ntrtscan.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\OfficeScan NT\OfcPfwSvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ohci1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\omci.sys
[Scan path] C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
[Scan path] C:\WINDOWS\system32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pcmcia.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2hib.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1080.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql12160.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1240.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1280.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\system32\locator.exe
[Scan path] C:\WINDOWS\system32\rsvp.exe
[Scan path] C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\s24trans.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sdbus.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\System32\Drivers\SENTINEL.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sffdisk.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sisagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sparrow.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\system32\drivers\sscdbhk5.sys
[Scan path] C:\WINDOWS\system32\drivers\ssrtln.sys
[Scan path] C:\WINDOWS\system32\drivers\STAC97.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc810.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc8xx.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_hi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_u3.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnboio.sys
[Scan path] C:\WINDOWS\system32\dla\tfsncofs.sys
[Scan path] C:\WINDOWS\system32\dla\tfsndrct.sys
[Scan path] C:\WINDOWS\system32\dla\tfsndres.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnifs.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnopio.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnpool.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnudf.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnudfa.sys
[Scan path] C:\OfficeScan NT\TmXPFlt.sys
[Scan path] C:\OfficeScan NT\tmlisten.exe
[Scan path] C:\OfficeScan NT\TmPreFlt.sys
[Scan path] C:\OfficeScan NT\tm_cfw.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\toside.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ultra.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaide.sys
[Scan path] C:\OfficeScan NT\VSApiNt.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\w29n51.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
[Scan path] C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
[Scan path] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\System32\drivers\ws2ifsl.sys
[Scan path] C:\WINDOWS\system32\ntsd.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 320
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 3298 Kb/s
Scan time: 00:00:20
-----------------------------------------------------------------------------

[Scan path] C:\
C:\hiberfil.sys - read error
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Mevlüt Altuntas\NTUSER.DAT - read error
C:\Documents and Settings\Mevlüt Altuntas\NTUSER~1.LOG - read error
C:\Documents and Settings\Mevlüt Altuntas\Application Data\Microsoft\Office\Seneste\DOGRU*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Application Data\Microsoft\Office\Seneste\ktubAGIR*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Application Data\Microsoft\Office\Seneste\kutubBIRLIK*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Application Data\Microsoft\Office\Seneste\kyubSAVASA*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Application Data\Microsoft\Office\Seneste\SAHIH*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Application Data\Microsoft\Office\Seneste\SIYASET*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Dokumenter\ARTIKLER\DOGRU*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Dokumenter\ARTIKLER\SAHIH*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Dokumenter\ARTIKLER\SIYASET*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Dokumenter\My eBooks\bog, seyyid kutub og mevdudi\ktubAGIR*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Dokumenter\My eBooks\bog, seyyid kutub og mevdudi\kutubBIRLIK*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Dokumenter\My eBooks\bog, seyyid kutub og mevdudi\kyubSAVASA*.* - read error
C:\Documents and Settings\Mevlüt Altuntas\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Mevlüt Altuntas\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Mevlüt Altuntas\Lokale indstillinger\Temp\Midlertidig mappe 1 for SmitfraudFix.zip\SmitfraudFix\Process.exe is hacktool program Tool.Prockill - renamed
C:\Documents and Settings\Mevlüt Altuntas\Skrivebord\tempes\SmitfraudFix\Process.exe is hacktool program Tool.Prockill - renamed
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\Programmer\Mpgdvd\AVOne - All to MP3 Converter (a)\AVOneAll2Mp3.exe>C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP127\A0021257.exe infected with Trojan.DownLoader.6550 - deleted
>C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP141\A0024292.exe infected with Trojan.DownLoader.6550 - deleted
>C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP141\A0024659.exe\data001 infected with Trojan.Popuper
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP141\A0024659.exe - archive contains infected objects - moved
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP141\A0024661.exe infected with Trojan.Popuper - deleted
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP143\A0024735.exe is hacktool program Tool.Prockill - renamed
C:\WINDOWS\system32\Process.exe is hacktool program Tool.Prockill - renamed
C:\WINDOWS\system32\config\DEFAULT - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\SOFTWARE - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\SYSTEM - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 337464
Infected objects found: 4
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 4
Objects cured: 0
Objects deleted: 3
Objects renamed: 4
Objects moved: 1
Objects ignored: 0
Scan speed: 107 Kb/s
Scan time: 05:51:47
-----------------------------------------------------------------------------

hej fromsej, det har godt nok taget lang tid med dr Web, men her er resultatet i hvertfald. så jeg venter på din ekspert vudering.....

Det ser godt ud, med de midler vi har tør jeg godt erklære din maskine for ren.*S*

Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

Super tak for det!!!! spm: er det godt for computeren med så mange spyware programmer?

Ja, de fire programmer er uundværlige, bruger ikke mange rescourcer og holder det meste utøj ude.

tak for hjælpen :)

Velbekomme, tak for point. :-)