Hjælp til Hijackthis

Følg denne vejledning http://www.eksperten.dk/artikler/954

Tja - endnu én i MSN Orm/Virus klubben - SUK...
Der er stadig mindst 10 (velkendte) Uønskede elementer på systemet ifølge Loggen...

Jeg synes ikke jeg kan få øje på nogle MSN-tegn i den log?

Følgende log er der kommet frem. ;-)

rundll32.exe;C:\WINNT\system32;Win32.Virut.5131;Will be cured after reboot.;
osndyrn.exe;C:\WINNT\system32;Win32.HLLW.SpyBot.78;Deleted.;
HijackThis.exe;C:\Documents and Settings\Sandra Christensen\Skrivebord;Win32.Virut.5131;Will be cured after reboot.;
mobsync.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
VTTimer.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
VTtrayp.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mcmnhdlr.exe;C:\PROGRA~1\McAfee.com\VSO;Win32.Virut.5131;Cured.;
mcvsshld.exe;C:\Programmer\McAfee.com\VSO;Win32.Virut.5131;Cured.;
oasclnt.exe;C:\Programmer\McAfee.com\VSO;Win32.Virut.5131;Cured.;
mcagent.exe;c:\PROGRA~1\mcafee.com\agent;Win32.Virut.5131;Cured.;
McUpdate.exe;C:\PROGRA~1\mcafee.com\agent;Win32.Virut.5131;Cured.;
bootini.exe;C:\;BackDoor.IRC.Sdbot.795;Deleted.;
nwnmff_e26.exe;C:\;Adware.DollarRevenue;;
dfndrff_e26.exe;C:\;Adware.DollarRevenue;;
kybrdff_e26.exe;C:\;Win32.Virut.5131;Cured.;
81411_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
internat.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
82154_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
MS32.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.777;Deleted.;
Adobe Gamma Loader.exe;C:\Programmer\Fælles filer\Adobe\Calibration;Win32.Virut.5131;Cured.;
reader_sl.exe;C:\Programmer\Adobe\Acrobat 7.0\Reader;Win32.Virut.5131;Cured.;
mllmm.dll;C:\WINNT\system32;Trojan.Virtumod;Will be cured after reboot.;
awtssss.dll;C:\WINNT\system32;Trojan.Virtumod;Will be cured after reboot.;
cisvc.exe;C:\WINNT\System32;Win32.Virut.5131;Cured.;
clipsrv.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
dmadmin.exe;c:\winnt\system32;Win32.Virut.5131;Cured.;
faxsvc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mnmsrvc.exe;C:\WINNT\System32;Win32.Virut.5131;Cured.;
msdtc.exe;C:\WINNT\System32;Win32.Virut.5131;Cured.;
msiexec.exe;c:\winnt\system32;Win32.Virut.5131;Cured.;
netdde.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
regsvc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
locator.exe;C:\WINNT\System32;Win32.Virut.5131;Cured.;
rsvp.exe;c:\winnt\system32;Win32.Virut.5131;Cured.;
SCardSvr.exe;C:\WINNT\System32;Win32.Virut.5131;Cured.;
MSTask.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
spoolsv.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sqlsvc32.exe;C:\WINNT;Win32.Virut.5131;Cured.;
stisvc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
smlogsvc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
tlntsvr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ups.exe;C:\WINNT\System32;Win32.Virut.5131;Cured.;
UtilMan.exe;C:\WINNT\System32;Win32.Virut.5131;Cured.;
mspmspsv.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ntsd.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
dfndrff_e26.exe;C:\;Adware.DollarRevenue;Deleted.;
drsmartload1.exe;C:\;Adware.DollarRevenue;Deleted.;
drsmartload45a45a45s.exe;C:\;Adware.DollarRevenue;Deleted.;
Installer4.exe;C:\;Adware.Look2me;Deleted.;
nwnmff_e26.exe;C:\;Adware.DollarRevenue;Deleted.;
aw1.exe;C:\Documents and Settings\Administrator;Adware.DollarRevenue;Deleted.;
devcon.exe;C:\Documents and Settings\Administrator\Lokale indstillinger\Temp\ISKTempFolder\Xtras;Win32.Virut.5131;Cured.;
loader[1].exe;C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\5IDZLS2L;Win32.Virut.5131;Cured.;
loader[1].exe;C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\5IDZLS2L;Adware.DollarRevenue;Deleted.;
04764_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\4QRAKLVK;BackDoor.IRC.Sdbot.777;Deleted.;
25124_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\4QRAKLVK;BackDoor.IRC.Sdbot.777;Deleted.;
37045_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\4QRAKLVK;BackDoor.IRC.Sdbot.777;Deleted.;
38167_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\4QRAKLVK;Win32.HLLW.SpyBot.78;Deleted.;
51210_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\4QRAKLVK;BackDoor.IRC.Sdbot.777;Deleted.;
72643_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\4QRAKLVK;BackDoor.IRC.Sdbot.795;Deleted.;
AppWrap[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\4QRAKLVK;Adware.Zesty;Deleted.;
dr[1].gif;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\4QRAKLVK;Trojan.DownLoader.13555;Deleted.;
ff3[1];C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\4QRAKLVK;Trojan.Virtumod;Deleted.;
40244_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\5IDZLS2L;BackDoor.IRC.Sdbot.777;Deleted.;
43573_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\5IDZLS2L;BackDoor.IRC.Sdbot.795;Deleted.;
44474_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\5IDZLS2L;BackDoor.IRC.Sdbot.795;Deleted.;
64581_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\5IDZLS2L;BackDoor.IRC.Sdbot.795;Deleted.;
65152_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\5IDZLS2L;BackDoor.IRC.Sdbot.795;Deleted.;
AppWrap[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\5IDZLS2L;Adware.AddUrl;Deleted.;
30026_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\LY5I1804;BackDoor.IRC.Sdbot.795;Deleted.;
46446_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\LY5I1804;BackDoor.IRC.Sdbot.795;Deleted.;
62067_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\LY5I1804;BackDoor.IRC.Sdbot.795;Deleted.;
70748_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\LY5I1804;BackDoor.IRC.Sdbot.777;Deleted.;
85680_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\LY5I1804;BackDoor.IRC.Sdbot.795;Deleted.;
AppWrap[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\LY5I1804;Adware.AddUrl;Deleted.;
dr[2].gif;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\LY5I1804;Trojan.DownLoader.13555;Deleted.;
18388_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\OG59YE9M;BackDoor.IRC.Sdbot.795;Deleted.;
32327_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\OG59YE9M;BackDoor.IRC.Sdbot.795;Deleted.;
43003_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\OG59YE9M;BackDoor.IRC.Sdbot.795;Deleted.;
51835_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\OG59YE9M;BackDoor.IRC.Sdbot.777;Deleted.;
75477_netapi[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\OG59YE9M;BackDoor.IRC.Sdbot.795;Deleted.;
AppWrap[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\OG59YE9M;Adware.AddUrl;Deleted.;
drsmartload[1].exe;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\OG59YE9M;Adware.DollarRevenue;Deleted.;
dr[1].gif;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\OG59YE9M;Trojan.DownLoader.13555;Deleted.;
dr[2].gif;C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\OG59YE9M;Trojan.DownLoader.13555;Deleted.;
aw1.exe;C:\Documents and Settings\Sandra Christensen;Adware.DollarRevenue;Deleted.;
aw2.exe;C:\Documents and Settings\Sandra Christensen;Trojan.Virtumod;Deleted.;
20.tmp;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp;Trojan.Spambot;Deleted.;
setup_wm.exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp;Win32.Virut.5131;Cured.;
DelDvc.exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\{E4E929CE-EF1D-407C-A14B-E1DDEDA8FA0E};Win32.Virut.5131;Cured.;
bsegqnkg[1].htm;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\6JE1DM2I;Trojan.Spambot;Deleted.;
dfndrff_16[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\6JE1DM2I;Trojan.Click.1408;Deleted.;
ff3[1];C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\6JE1DM2I;Trojan.Virtumod;Deleted.;
klcfyheoq[1].txt;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\6JE1DM2I;Trojan.Click.1050;Deleted.;
nwnmff_e[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\8DYZS9I3;Adware.DollarRevenue;Deleted.;
dfndrff_e_uit[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\IDHQB2L8;Adware.DollarRevenue;Deleted.;
drsmartload46a[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\IDHQB2L8;Adware.DollarRevenue;Deleted.;
drsmartload849a[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\KXGF4J8F;Adware.DollarRevenue;Deleted.;
nwnmff_16[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\LBJ7TPWE;Adware.DollarRevenue;Deleted.;
ErrorSafeFreeInstall_dk[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OFHN2UR1;Trojan.DownLoader.10963;Deleted.;
drsmartload[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OL2ROLIF;Adware.DollarRevenue;Deleted.;
eidcifpl[1].htm;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OL2ROLIF;Trojan.Proxy.1070;Deleted.;
Installer[2].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OL2ROLIF;Adware.Look2me;Deleted.;
loader[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OL2ROLIF;Win32.Virut.5131;Cured.;
loader[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OL2ROLIF;Adware.DollarRevenue;Deleted.;
MTE3NDI6ODoxNg[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OL2ROLIF;Win32.Virut.5131;Cured.;
MTE3NDI6ODoxNg[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OL2ROLIF;Trojan.DownLoader.5013;Deleted.;
dr[1].gif;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OPQRSTUV;Trojan.DownLoader.13555;Deleted.;
qygvsclvk[1].txt;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\OPQRSTUV;Trojan.PWS.Snap;Deleted.;
drsmartload45a[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\WHM78D63;Adware.DollarRevenue;Deleted.;
kybrdff_16[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\ZM8JZHK9;Win32.Virut.5131;Cured.;
kybrdff_16[1].exe;C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temporary Internet Files\Content.IE5\ZM8JZHK9;Trojan.DownLoader.12711;Deleted.;
HijackThis.exe.delete_on_reboot;C:\Documents and Settings\Sandra Christensen\Skrivebord;Win32.Virut.5131;Will be cured after reboot.;
SpySheriff.exe;C:\Program Files\SpySheriff;Win32.Virut.5131;Cured.;
Uninstall.exe;C:\Program Files\SpySheriff;Adware.Spysheriff;Deleted.;
AcroRd32.exe;C:\Programmer\Adobe\Acrobat 7.0\Reader;Win32.Virut.5131;Cured.;
AcroRd32Info.exe;C:\Programmer\Adobe\Acrobat 7.0\Reader;Win32.Virut.5131;Cured.;
AdobeUpdateManager.exe;C:\Programmer\Adobe\Acrobat 7.0\Reader;Win32.Virut.5131;Cured.;
acroaum.exe;C:\Programmer\Adobe\Acrobat 7.0\Reader\Updater;Win32.Virut.5131;Cured.;
setup.exe;C:\Programmer\Adobe\Acrobat 7.0\Setup Files\RdrBig705\DAN;Win32.Virut.5131;Cured.;
ImageReady.exe;C:\Programmer\Adobe\Adobe Photoshop CS;Win32.Virut.5131;Cured.;
Photoshop.exe;C:\Programmer\Adobe\Adobe Photoshop CS;Win32.Virut.5131;Cured.;
Begræns til 200 x 200 pixel.exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Begræns til 64X64 pixel.exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Gem flere størrelser.exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Lås 350, Opret JPG 30.exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Opret GIF (128 farver).exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Opret GIF (32, ingen rastersimulering).exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Opret GIF (64 farver).exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Opret JPEG (kvalitet 10).exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Opret JPEG (kvalitet 30).exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Opret JPEG (kvalitet 60).exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Opret knap.exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Uskarp maskning.exe;C:\Programmer\Adobe\Adobe Photoshop CS\Eksempler\Slipværktøjer\ImageReady-slipværktøjer;Win32.Virut.5131;Cured.;
Droplet Template.exe;C:\Programmer\Adobe\Adobe Photoshop CS\Required;Win32.Virut.5131;Cured.;
CMIRMDRV.EXE;C:\Programmer\C-Media 3D Audio\Driver\Win;Win32.Virut.5131;Cured.;
Setup.exe;C:\Programmer\C-Media 3D Audio\Driver\Win;Win32.Virut.5131;Cured.;
SmWizard.exe;C:\Programmer\C-Media 3D Audio\Driver\Win;Win32.Virut.5131;Cured.;
EWATCH.EXE;C:\Programmer\Canon\Camera TWAIN 66;Win32.Virut.5131;Cured.;
CameraLauncherDS.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDS;Win32.Virut.5131;Cured.;
CameraLauncherDSPTP.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDS;Win32.Virut.5131;Cured.;
CameraWindowCompDS.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDS;Win32.Virut.5131;Cured.;
CameraWindowCompDSPTP.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDS;Win32.Virut.5131;Cured.;
CamMenuLaunch.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDS;Win32.Virut.5131;Cured.;
CameraLauncherDVC.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC;Win32.Virut.5131;Cured.;
CameraWindowCompDVC.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC;Win32.Virut.5131;Cured.;
CamMenuLaunch.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC;Win32.Virut.5131;Cured.;
RCTask.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC;Win32.Virut.5131;Cured.;
CameraLauncherDVC6.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC6;Win32.Virut.5131;Cured.;
CameraWindowCompDVC6.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC6;Win32.Virut.5131;Cured.;
CamSetDlg.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC6;Win32.Virut.5131;Cured.;
DirectTransfer.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC6;Win32.Virut.5131;Cured.;
MyCameraDVC6.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC6;Win32.Virut.5131;Cured.;
RCTask.exe;C:\Programmer\Canon\CameraWindow\CameraWindowDVC6;Win32.Virut.5131;Cured.;
CAMERALAUNCHER.EXE;C:\Programmer\Canon\CameraWindow\CameraWindowMC;Win32.Virut.5131;Cured.;
CameraLauncherMC.exe;C:\Programmer\Canon\CameraWindow\CameraWindowMC;Win32.Virut.5131;Cured.;
CameraWindowCompMC.exe;C:\Programmer\Canon\CameraWindow\CameraWindowMC;Win32.Virut.5131;Cured.;
MyCameraMC.exe;C:\Programmer\Canon\CameraWindow\CameraWindowMC;Win32.Virut.5131;Cured.;
CDPROC.exe;C:\Programmer\Canon\CSCLIB;Win32.Virut.5131;Cured.;
CDPROCMN.exe;C:\Programmer\Canon\CSCLIB;Win32.Virut.5131;Cured.;
EWatch.exe;C:\Programmer\Canon\CSCLIB;Win32.Virut.5131;Cured.;
Tutorial.exe;C:\Programmer\Canon\PhotoRecord\Help;Win32.Virut.5131;Cured.;
OpPrintServer.exe;C:\Programmer\Canon\PhotoRecord\OpPrintCom;Win32.Virut.5131;Cured.;
PhotoRecord.exe;C:\Programmer\Canon\PhotoRecord\Program;Win32.Virut.5131;Cured.;
360view.exe;C:\Programmer\Canon\PhotoStitch;Win32.Virut.5131;Cured.;
Launcher.exe;C:\Programmer\Canon\PhotoStitch;Win32.Virut.5131;Cured.;
stitch.exe;C:\Programmer\Canon\PhotoStitch;Win32.Virut.5131;Cured.;
Viewer.exe;C:\Programmer\Canon\PhotoStitch;Win32.Virut.5131;Cured.;
RAWImage.exe;C:\Programmer\Canon\RAW Image Task;Win32.Virut.5131;Cured.;
dbconverter.exe;C:\Programmer\Canon\ZoomBrowser EX\Program;Win32.Virut.5131;Cured.;
UnInstall.exe;C:\Programmer\Canon\ZoomBrowser EX\Program;Win32.Virut.5131;Cured.;
ZbScreenSaver.exe;C:\Programmer\Canon\ZoomBrowser EX\Program;Win32.Virut.5131;Cured.;
ZoomBrowser.exe;C:\Programmer\Canon\ZoomBrowser EX\Program;Win32.Virut.5131;Cured.;
deskbar.dll;C:\Programmer\Deskbar;Adware.Softomate;Deleted.;
oldewido.exe;C:\Programmer\ewido\security suite;Win32.Virut.5131;Cured.;
AdobeDownloadManager.exe;C:\Programmer\Fælles filer\Adobe\ESD;Win32.Virut.5131;Cured.;
DLMCleanup.exe;C:\Programmer\Fælles filer\Adobe\ESD;Win32.Virut.5131;Cured.;
IDriver.exe;C:\Programmer\Fælles filer\InstallShield\Driver\7\Intel 32;Win32.Virut.5131;Cured.;
IDriver.exe;C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32;Win32.Virut.5131;Cured.;
IDriver2.exe;C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32;Win32.Virut.5131;Cured.;
IKernel.exe;C:\Programmer\Fælles filer\InstallShield\Engine\6\Intel 32;Win32.Virut.5131;Cured.;
DotNetInstaller.exe;C:\Programmer\Fælles filer\InstallShield\Professional\RunTime\0701\Intel32;Win32.Virut.5131;Cured.;
DotNetInstaller.exe;C:\Programmer\Fælles filer\InstallShield\Professional\RunTime\09\01\Intel32;Win32.Virut.5131;Cured.;
msinfo32.exe;C:\Programmer\Fælles filer\Microsoft Shared\MSInfo;Win32.Virut.5131;Cured.;
ibm00010.dll;C:\Programmer\Fælles filer\Microsoft Shared\Web Folders;Trojan.PWS.Snap;Deleted.;
ibm00010.exe;C:\Programmer\Fælles filer\Microsoft Shared\Web Folders;Trojan.PWS.Snap;Deleted.;
ibm00011.dll;C:\Programmer\Fælles filer\Microsoft Shared\Web Folders;Trojan.PWS.Snap;Deleted.;
Config.exe;C:\Programmer\GT Interactive\Driver;Win32.Virut.5131;Cured.;
Game.exe;C:\Programmer\GT Interactive\Driver;Win32.Virut.5131;Cured.;
Setup.exe;C:\Programmer\InstallShield Installation Information\{3784D3A0-760A-11D5-A808-008048E654E3};Win32.Virut.5131;Cured.;
setup.exe;C:\Programmer\InstallShield Installation Information\{D52ECEBC-9B20-41A5-81C4-A62DE2367419};Win32.Virut.5131;Cured.;
DW15.EXE;C:\Programmer\Internet Explorer;Win32.Virut.5131;Cured.;
IEXPLORE.EXE;C:\Programmer\Internet Explorer;Win32.Virut.5131;Cured.;
icwconn1.exe;C:\Programmer\Internet Explorer\Connection Wizard;Win32.Virut.5131;Cured.;
icwconn2.exe;C:\Programmer\Internet Explorer\Connection Wizard;Win32.Virut.5131;Cured.;
icwrmind.exe;C:\Programmer\Internet Explorer\Connection Wizard;Win32.Virut.5131;Cured.;
icwtutor.exe;C:\Programmer\Internet Explorer\Connection Wizard;Win32.Virut.5131;Cured.;
inetwiz.exe;C:\Programmer\Internet Explorer\Connection Wizard;Win32.Virut.5131;Cured.;
isignup.exe;C:\Programmer\Internet Explorer\Connection Wizard;Win32.Virut.5131;Cured.;
w2kexcp.exe;C:\Programmer\Internet Explorer\IE Uninstall;Win32.Virut.5131;Cured.;
expinst.exe;C:\Programmer\Internet Explorer\W2K;Win32.Virut.5131;Cured.;
Ad-Aware.exe;C:\Programmer\Lavasoft\Ad-Aware SE Personal;Win32.Virut.5131;Cured.;
unregaaw.exe;C:\Programmer\Lavasoft\Ad-Aware SE Personal;Win32.Virut.5131;Cured.;
UNWISE.EXE;C:\Programmer\Lavasoft\Ad-Aware SE Personal;Win32.Virut.5131;Cured.;
mcdash.exe;C:\Programmer\McAfee.com\Agent;Win32.Virut.5131;Cured.;
Mcdetect.exe;C:\Programmer\McAfee.com\Agent;Win32.Virut.5131;Cured.;
McTskshd.exe;C:\Programmer\McAfee.com\Agent;Win32.Virut.5131;Cured.;
mcupdmgr.exe;C:\Programmer\McAfee.com\Agent;Win32.Virut.5131;Cured.;
mcupdui.exe;C:\Programmer\McAfee.com\Agent;Win32.Virut.5131;Cured.;
mcappins.exe;C:\Programmer\McAfee.com\Shared;Win32.Virut.5131;Cured.;
mcinfo.exe;C:\Programmer\McAfee.com\Shared;Win32.Virut.5131;Cured.;
mghtml.exe;C:\Programmer\McAfee.com\Shared;Win32.Virut.5131;Cured.;
mcinsupd.exe;C:\Programmer\McAfee.com\VSO;Win32.Virut.5131;Cured.;
McShield.exe;C:\Programmer\McAfee.com\VSO;Win32.Virut.5131;Cured.;
McVSEscn.exe;C:\Programmer\McAfee.com\VSO;Win32.Virut.5131;Cured.;
mcvsftsn.exe;C:\Programmer\McAfee.com\VSO;Win32.Virut.5131;Cured.;
mcvsmap.exe;C:\Programmer\McAfee.com\VSO;Win32.Virut.5131;Cured.;
naiavfin.exe;C:\Programmer\McAfee.com\VSO;Win32.Virut.5131;Cured.;
cb32.exe;C:\Programmer\NetMeeting;Win32.Virut.5131;Cured.;
conf.exe;C:\Programmer\NetMeeting;Win32.Virut.5131;Cured.;
wb32.exe;C:\Programmer\NetMeeting;Win32.Virut.5131;Cured.;
MSIMN.EXE;C:\Programmer\Outlook Express;Win32.Virut.5131;Cured.;
OEMIG50.EXE;C:\Programmer\Outlook Express;Win32.Virut.5131;Cured.;
setup50.exe;C:\Programmer\Outlook Express;Win32.Virut.5131;Cured.;
WAB.EXE;C:\Programmer\Outlook Express;Win32.Virut.5131;Cured.;
WABMIG.EXE;C:\Programmer\Outlook Express;Win32.Virut.5131;Cured.;
RegSupreme.exe;C:\Programmer\RegSupreme;Win32.Virut.5131;Cured.;
s3minset.exe;C:\Programmer\VIA\UChromeP;Win32.Virut.5131;Cured.;
dlimport.exe;C:\Programmer\Windows Media Player;Win32.Virut.5131;Cured.;
logagent.exe;C:\Programmer\Windows Media Player;Win32.Virut.5131;Cured.;
mplayer2.exe;C:\Programmer\Windows Media Player;Win32.Virut.5131;Cured.;
setup_wm.exe;C:\Programmer\Windows Media Player;Win32.Virut.5131;Cured.;
wmplayer.exe;C:\Programmer\Windows Media Player;Win32.Virut.5131;Cured.;
dialer.exe;C:\Programmer\Windows NT;Win32.Virut.5131;Cured.;
hypertrm.exe;C:\Programmer\Windows NT;Win32.Virut.5131;Cured.;
PINBALL.EXE;C:\Programmer\Windows NT\Pinball;Win32.Virut.5131;Cured.;
wordpad.exe;C:\Programmer\Windows NT\Tilbehør;Win32.Virut.5131;Cured.;
kodakimg.exe;C:\Programmer\Windows NT\Tilbehør\ImageVue;Win32.Virut.5131;Cured.;
kodakprv.exe;C:\Programmer\Windows NT\Tilbehør\ImageVue;Win32.Virut.5131;Cured.;
CmiRmRedundDir.exe;C:\WINNT;Win32.Virut.5131;Cured.;
CMIUninstall.exe;C:\WINNT;Win32.Virut.5131;Cured.;
delttsul.exe;C:\WINNT;Win32.Virut.5131;Cured.;
discover.exe;C:\WINNT;Win32.Virut.5131;Cured.;
eraseme_34730.exe;C:\WINNT;Win32.HLLW.MyBot;Deleted.;
hh.exe;C:\WINNT;Win32.Virut.5131;Cured.;
icont.exe;C:\WINNT;Adware.AddUrl;Deleted.;
iconu.exe;C:\WINNT;Adware.Zesty;Deleted.;
IsUninst.exe;C:\WINNT;Win32.Virut.5131;Cured.;
muninst.exe;C:\WINNT;Win32.Virut.5131;Cured.;
NOTEPAD.EXE;C:\WINNT;Win32.Virut.5131;Cured.;
oeuninst.exe;C:\WINNT;Win32.Virut.5131;Cured.;
regedit.exe;C:\WINNT;Win32.Virut.5131;Cured.;
setdebug.exe;C:\WINNT;Win32.Virut.5131;Cured.;
TASKMAN.EXE;C:\WINNT;Win32.Virut.5131;Cured.;
twunk_32.exe;C:\WINNT;Win32.Virut.5131;Cured.;
upwizun.exe;C:\WINNT;Win32.Virut.5131;Cured.;
welcome.exe;C:\WINNT;Win32.Virut.5131;Cured.;
winhlp32.exe;C:\WINNT;Win32.Virut.5131;Cured.;
winrep.exe;C:\WINNT;Win32.Virut.5131;Cured.;
msiexec.exe;C:\WINNT\$MSI31Uninstall_KB893803v2$;Win32.Virut.5131;Cured.;
accwiz.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
admin.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
at.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
author.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
cacls.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
cfgwiz.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
chkdsk.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
chkntfs.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
cipher.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
cleanjpm.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
cliconfg.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
cluster.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
cmd.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
cmstp.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
conf.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
conime.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
control.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
convert.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
convlog.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
dcomcnfg.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
dfrgfat.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
dfrgntfs.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
diskperf.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
dllhost.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
dllhst3g.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
dmadmin.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
dmremote.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
drwtsn32.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
dxdiag.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
encinst.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
esentutl.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
eudcedit.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
evntwin.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
explorer.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
faxsvc.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
find.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
findstr.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
fortutil.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
fpadmcgi.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
fpcount.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
fpremadm.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ftp.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
hh.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
htimage.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
hypertrm.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
icwconn1.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
iisreset.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
iisrstas.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
imagemap.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
inetinfo.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
inetmgr.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
label.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
locator.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
lodctr.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
logagent.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
logon.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
lsass.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
magnify.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mmc.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mobsync.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mofcomp.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mplayer2.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mq1sync.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mqbkup.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mqmig.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mqsvc.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
msiexec.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
msinfo32.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mspaint.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
msswchx.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mstask.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
mtstocom.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
narrator.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
nbtstat.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
nddeapir.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
net1.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
netdde.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
netstat.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
nslookup.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ntbackup.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ntdsutil.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ntvdm.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
odbcad32.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
odbcconf.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
osk.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
packager.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
pws.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
pwstray.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
recover.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
regedit.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
regedt32.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
regsvc.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
regsvr32.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
rsh.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
rsm.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
rsnotify.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
rsvp.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
runas.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
savedump.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
scardsvr.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
scrcons.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
scrnsave.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
secedit.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
services.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
shmgrate.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
shtml.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
skeys.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
smlogsvc.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
sndrec32.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
snmp.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
snmptrap.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
spoolsv.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ss3dfo.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ssbezier.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ssflwbox.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ssmarque.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ssmaze.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ssmyst.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
sspipes.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
ssstars.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
sstext3d.scr;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
stimon.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
stisvc.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
subst.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
taskmgr.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
tcptest.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
telnet.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
tftp.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
tlntsess.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
tlntsvr.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
unregmp2.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
unsecapp.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
userinit.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
utilman.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
w32tm.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
wbemtest.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
winhlp32.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
winhstb.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
winlogon.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
winmgmt.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
winrep.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
winver.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
wpnpinst.exe;C:\WINNT\$NtServicePackUninstall$;Win32.Virut.5131;Cured.;
spuninst.exe;C:\WINNT\$NtServicePackUninstall$\spuninst;Win32.Virut.5131;Cured.;
spuninst.exe;C:\WINNT\$NtUninstallKB833407$\spuninst;Win32.Virut.5131;Cured.;
spuninst.exe;C:\WINNT\$NtUninstallKB842773$\spuninst;Win32.Virut.5131;Cured.;
hh.exe;C:\WINNT\$NtUninstallKB896358$;Win32.Virut.5131;Cured.;
spoolsv.exe;C:\WINNT\$NtUninstallKB896423$;Win32.Virut.5131;Cured.;
mtstocom.exe;C:\WINNT\$NtUninstallKB902400$;Win32.Virut.5131;Cured.;
spuninst.exe;C:\WINNT\$NtUninstallQ828026$\spuninst;Win32.Virut.5131;Cured.;
chkdsk.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
cmd.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
fontview.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
grpconv.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
lsass.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
mstask.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
netdde.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
ntvdm.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
psxss.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
services.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
w32tm.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
winlogon.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
wordpad.exe;C:\WINNT\$NtUpdateRollupPackUninstall$;Win32.Virut.5131;Cured.;
unregmp2.exe;C:\WINNT\inf;Win32.Virut.5131;Cured.;
places.exe;C:\WINNT\Installer\{6F716DA8-398F-11D3-85E1-005004838609};Win32.Virut.5131;Cured.;
accicons.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
cagicon.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
inficon.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
misc.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
mspicons.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
oisicon.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
opwicon.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
outicon.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
pptico.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
pubs.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
unbndico.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
wordicon.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
xlicons.exe;C:\WINNT\Installer\{90110406-6000-11D3-8CFE-0150048383C9};Win32.Virut.5131;Cured.;
ARPPRODUCTICON.exe;C:\WINNT\Installer\{A1D0D14A-B776-4907-BC00-5149F2298086};Win32.Virut.5131;Cured.;
ARPPRODUCTICON.exe;C:\WINNT\Installer\{B147DC1B-49B3-4368-8A01-5AD9992CD58D};Win32.Virut.5131;Cured.;
ARPPRODUCTICON.exe;C:\WINNT\Installer\{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4};Win32.Virut.5131;Cured.;
ARPPRODUCTICON.exe;C:\WINNT\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2};Win32.Virut.5131;Cured.;
NewShortcut1_E7EA5FE4C88949B68E0A63A8572E53B9.exe;C:\WINNT\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2};Win32.Virut.5131;Cured.;
NewShortcut2_E7EA5FE4C88949B68E0A63A8572E53B9.exe;C:\WINNT\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2};Win32.Virut.5131;Cured.;
ARPPRODUCTICON.exe;C:\WINNT\Installer\{D0E8C34D-19D2-49FD-A900-88DEB788FF86};Win32.Virut.5131;Cured.;
ARPPRODUCTICON.exe;C:\WINNT\Installer\{E4E929CE-EF1D-407C-A14B-E1DDEDA8FA0E};Win32.Virut.5131;Cured.;
agentsvr.exe;C:\WINNT\msagent;Win32.Virut.5131;Cured.;
msiexec.exe;C:\WINNT\msiinst.tmp;Win32.Virut.5131;Cured.;
accwiz.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
at.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
cacls.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
chkdsk.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
chkntfs.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
cipher.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
cliconfg.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
cluster.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
cmd.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
cmstp.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
conf.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
conime.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
control.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
convert.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
convlog.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
dcomcnfg.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
dfrgfat.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
dfrgntfs.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
diskperf.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
dllhost.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
dllhst3g.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
dmadmin.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
dmremote.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
drwtsn32.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
dxdiag.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
encinst.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
esentutl.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
eudcedit.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
evntwin.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
explorer.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
faxsvc.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
find.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
findstr.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
fortutil.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ftp.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
hh.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
hidserv.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
hypertrm.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
icwconn1.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
iisreset.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
iisrstas.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
inetinfo.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
inetmgr.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
label.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
locator.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
lodctr.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
logagent.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
logon.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
lsass.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
magnify.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mmc.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mobsync.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mofcomp.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mplayer2.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mq1sync.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mqbkup.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mqmig.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mqsvc.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mshta.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
msiexec.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
msinfo32.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
msiregmv.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mspaint.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
msswchx.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mstask.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
mtstocom.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
narrator.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
nbtstat.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
nddeapir.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
net1.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
netdde.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
netstat.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
nslookup.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ntbackup.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ntdsutil.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ntvdm.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
odbcad32.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
odbcconf.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
osk.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
packager.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
pws.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
pwstray.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
recover.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
regedit.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
regedt32.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
regsvc.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
regsvr32.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
rsh.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
rsm.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
rsnotify.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
rsvp.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
runas.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
savedump.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
scardsvr.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
scrcons.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
scrnsave.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
secedit.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
services.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
setup50.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
shmgrate.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
skeys.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
smlogsvc.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
sndrec32.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
snmp.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
snmptrap.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
sp4iis.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
spiisupd.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
spoolsv.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ss3dfo.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ssbezier.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ssflwbox.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ssmarque.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ssmaze.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ssmyst.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
sspipes.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
ssstars.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
sstext3d.scr;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
stimon.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
stisvc.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
subst.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
taskmgr.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
telnet.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
tftp.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
tlntsess.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
tlntsvr.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
unregmp2.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
unsecapp.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
userinit.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
utilman.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
w32tm.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
wbemtest.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
winhlp32.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
winhstb.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
winlogon.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
winmgmt.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
winrep.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
winver.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
wmpocm.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
wpnpinst.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
wuauclt.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
wzcsetup.exe;C:\WINNT\ServicePackFiles\i386;Win32.Virut.5131;Cured.;
imejpmig.exe;C:\WINNT\ServicePackFiles\i386\lang\jpn;Win32.Virut.5131;Cured.;
vcmd.exe;C:\WINNT\Speech;Win32.Virut.5131;Cured.;
SmWizard.exe;C:\WINNT\system;Win32.Virut.5131;Cured.;
00134_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
01681_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
06718_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
08762_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
16222_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
22372_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
24227_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
24425_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
25344_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
25825_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
26645_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
28462_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
30208_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
38436_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
44416_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
44477_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
44880_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
47705_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
55254_netapi.exe;C:\WINNT\system32;Win32.HLLW.SpyBot.78;Deleted.;
58432_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
60146_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
64704_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
65848_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.762;Deleted.;
71242_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
73516_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.777;Deleted.;
74624_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
82255_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
83115_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
84577_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
88861_netapi.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.777;Deleted.;
accwiz.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
acnpfcdg.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
acnpfcdg.exe;C:\WINNT\system32;Trojan.Sklog;Deleted.;
actmovie.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
arp.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
at.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
atmadm.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
attrib.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
aw1.exe;C:\WINNT\system32;Adware.DollarRevenue;Deleted.;
awtsrsr.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
awtssss.dll;C:\WINNT\system32;Trojan.Virtumod;Will be cured after reboot.;
bootini.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.795;Deleted.;
bootok.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
bootvrfy.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
CACLS.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
calc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cdplayer.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
charmap.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
CHKDSK.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
CHKNTFS.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cidaemon.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cipher.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ckcnv.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cleanmgr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cliconfg.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
clipbrd.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
clspack.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
CLUSTER.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
CMD.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cmdl32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cmirmdrv.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cmmgr32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cmmon32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cmstp.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
comclust.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
comp.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
compact.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
conime.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
control.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
CONVERT.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
cscript.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
DCOMCNFG.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ddeshare.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ddmprxy.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
dfrgfat.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
dfrgntfs.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
diantz.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
diskperf.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
DLLHOST.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
dllhst3g.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
dmremote.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
doskey.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
dplaysvr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
DRWTSN32.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
dvdplay.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
dxdiag.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
esentutl.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
eudcedit.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
eventvwr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
expand.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
extrac32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
faxcover.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
faxqueue.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
faxsend.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
fc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
fccbbya.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
find.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
findstr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
finger.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
fixmapi.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
fltmc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
FONTVIEW.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
forcedos.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
freecell.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
FTP.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ftpqfe.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
gpresult.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
GRPCONV.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
help.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
hostname.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ibl32.exe;C:\WINNT\system32;BackDoor.IRC.Zorbot;Deleted.;
ie4uinit.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ieshwiz.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
iexpress.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
iifcbcc.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
ipconfig.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ipsecmon.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ipxroute.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
irftp.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
jdbgmgr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
jkkjjjh.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
jview.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
Kanaler.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
l6r00g9me6.dll;C:\WINNT\system32;Adware.Look2me;Deleted.;
LABEL.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
lights.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ljjggef.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
lnkstub.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
LODCTR.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
logagent.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
logon.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
lpq.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
lpr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
magnify.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
makecab.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mcilnoeb.exe;C:\WINNT\system32;Trojan.Sklog;Deleted.;
migpwd.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mllmm.dll;C:\WINNT\system32;Trojan.Virtumod;Will be cured after reboot.;
mmc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mountvol.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mplay32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mpnotify.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mrinfo.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mshta.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
msiregmv.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
msmqprop.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
msnchecker.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
MSPAINT.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
msswchx.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
mstinit.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
narrator.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
NBTSTAT.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
NDDEAPIR.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
net.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
net1.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
netsh.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
NETSTAT.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
notepad.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
NSLOOKUP.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
NTBACKUP.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ntdsutil.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
NTVDM.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
nwscript.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
o0ns0a57ed.dll;C:\WINNT\system32;Adware.Look2me;Deleted.;
ODBCAD32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
odbcconf.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
os2.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
os2srv.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
osk.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
packager.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
pathping.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
pax.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
pentnt.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
perfmon.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
perfvd.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ping.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
pmnollk.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
posix.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
pqrfnet.dll;C:\WINNT\system32;Adware.Look2me;Deleted.;
print.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
progman.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
proquota.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
psxss.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rasadmin.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rasautou.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rasdial.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rasphone.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rcp.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
RECOVER.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
regedt32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
REGSVR32.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
regwiz.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
replace.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rexec.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
route.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
routemon.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rsh.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rsm.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rsnotify.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
runas.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
rundll32.exe.delete_on_reboot;C:\WINNT\system32;Win32.Virut.5131;Will be cured after reboot.;
runonce.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
s4pule791h.dll;C:\WINNT\system32;Adware.Look2me;Deleted.;
SAVEDUMP.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
scrnsave.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
secedit.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sethc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
setreg.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
setup.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sfc.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
shmgrate.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
shrpubw.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sigverif.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
skeys.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sndrec32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sndvol32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sol.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sort.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sp4iis.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
spdwnw2k.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
spiisupd.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sptsupd.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
spupdw2k.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ss3dfo.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ssbezier.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ssflwbox.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ssmarque.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ssmaze.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ssmyst.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sspipes.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
ssqnllm.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
ssstars.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sstext3d.scr;C:\WINNT\system32;Win32.Virut.5131;Cured.;
stimon.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
subst.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
syncapp.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
syskey.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
sysocmgr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
systray.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
taskman.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
TASKMGR.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
tcmsetup.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
tcpsvcs.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
telnet.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
tftp.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
themes.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
tlntadmn.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
tlntsess.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
tracert.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
tuvwtst.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
unlodctr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
updcrl.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
USERINIT.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
verifier.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
VModes.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
vtutrss.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
w32tm.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
wextract.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
winhlp32.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
winmine.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
winmsd.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
winver.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
WISPTIS.EXE;C:\WINNT\system32;Win32.Virut.5131;Cured.;
wjview.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
wpnpinst.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
write.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
wscript.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
wupdmgr.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
wzcsetup.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
xcopy.exe;C:\WINNT\system32;Win32.Virut.5131;Cured.;
yaywtqq.dll;C:\WINNT\system32;Trojan.Virtumod;Deleted.;
cafixweb.exe;C:\WINNT\system32\CertSrv;Win32.Virut.5131;Cured.;
comrepl.exe;C:\WINNT\system32\Com;Win32.Virut.5131;Cured.;
comrereg.exe;C:\WINNT\system32\Com;Win32.Virut.5131;Cured.;
actmovie.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
agentsvr.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
arp.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
atmadm.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
attrib.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
bootok.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
bootvrfy.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
calc.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
cb32.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
cdplayer.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
charmap.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
chkdsk.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
cidaemon.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
cisvc.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
ckcnv.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
cleanmgr.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
clipbrd.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
clipsrv.exe;C:\WINNT\system32\dllcache;Win32.Virut.5131;Cured.;
clspack.exe;C:\WINNT\system32\dllcache;Win32.Viru

Der mangler da et par log ??

SUPERAntiSpyware Scan Log
Generated 10/11/2006 at 12:35 PM

Core Rules Database Version : 2847
Trace Rules Database Version: 1028

Memory threats detected  : 1
Registry threats detected : 8
File threats detected    : 69

Trojan.WinFixer
    C:\WINNT\SYSTEM32\MLLMM.DLL
    C:\WINNT\SYSTEM32\MLLMM.DLL
    HKLM\Software\Classes\CLSID\{705A0ADB-4171-4339-8982-17D725FD4CA5}
    HKCR\CLSID\{705A0ADB-4171-4339-8982-17D725FD4CA5}
    HKCR\CLSID\{705A0ADB-4171-4339-8982-17D725FD4CA5}\InprocServer32
    HKCR\CLSID\{705A0ADB-4171-4339-8982-17D725FD4CA5}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{705A0ADB-4171-4339-8982-17D725FD4CA5}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mllmm

Trojan.MS32
    [Ms Java for Windows NT] MS32.exe
    MS32.exe

Trojan.SysTray/Exbr
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SysTray.Exbr

Adware.Tracking Cookie
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@mediaplex[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@adtech[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@partypoker[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@14871[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@tradedoubler[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@wavpro_4in1[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@ad.yieldmanager[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@indexstats[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@2006[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@2006[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@cassava[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@rambler[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@atdmt[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@stats1.reliablestats[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@project2.realtracker[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@doubleclick[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@scanner[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@www.winantiviruspro[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@click.matas.creunacampaign[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@www.globaladvertisingservices[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@winantivirus[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@1070847646[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@dk.winantivirus[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@stats.drivecleaner[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@bannere.fyens[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@888[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@www.winantivirus[1].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@overture[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@e2.emediate[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@revenue[2].txt
    C:\Documents and Settings\Sandra Christensen\Cookies\sandra@cpvfeed[2].txt
    C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\Cookies\sandra@ad.yieldmanager[1].txt
    C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\Cookies\sandra@ads.realtechnetwork[2].txt
    C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\Cookies\sandra@belnk[1].txt
    C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\Cookies\sandra@clicktorrent[1].txt
    C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\Cookies\sandra@dist.belnk[2].txt
    C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\Cookies\sandra@fastclick[2].txt
    C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\Cookies\sandra@hurricanedigitalmedia[1].txt
    C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\Cookies\sandra@track.adform[1].txt
    C:\Documents and Settings\Sandra Christensen\Lokale indstillinger\Temp\Cookies\sandra@yieldmanager[1].txt

Trojan.SpySheriff
    C:\Program Files\SpySheriff\base.avd
    C:\Program Files\SpySheriff\base001.avd
    C:\Program Files\SpySheriff\base002.avd
    C:\Program Files\SpySheriff\found.wav
    C:\Program Files\SpySheriff\heur000.dll
    C:\Program Files\SpySheriff\heur001.dll
    C:\Program Files\SpySheriff\notfound.wav
    C:\Program Files\SpySheriff\removed.wav
    C:\Program Files\SpySheriff\SpySheriff.dvm
    C:\Program Files\SpySheriff\SpySheriff.exe
    C:\Program Files\SpySheriff

Trojan.Freeprod
    C:\Documents and Settings\Administrator\aw3.exe
    C:\Documents and Settings\Sandra Christensen\aw3.exe
    C:\WINNT\system32\aw3.exe

Adware.NicTech Networks
    C:\Documents and Settings\Default User\Lokale indstillinger\Temporary Internet Files\Content.IE5\5IDZLS2L\AppWrap[1].exe
    C:\WINNT\system32\bg549.dll

Browser Hijacker.Favorites
    C:\Documents and Settings\Sandra Christensen\Skrivebord\Cheap Holiday Travel.url
    C:\Documents and Settings\Sandra Christensen\Skrivebord\Free Online Music.url
    C:\Documents and Settings\Sandra Christensen\Skrivebord\Online Dating.url
    C:\RECYCLER\S-1-5-21-1078081533-651377827-839522115-1000\Dc4.url
    C:\RECYCLER\S-1-5-21-1078081533-651377827-839522115-1000\Dc5.url
    C:\RECYCLER\S-1-5-21-1078081533-651377827-839522115-1000\Dc7.url

Adware.Affiliate
    C:\Documents and Settings\Sandra Christensen\Skrivebord\REMOVE SPYWARE.url
    C:\RECYCLER\S-1-5-21-1078081533-651377827-839522115-1000\Dc6.url

Trojan.CamCap
    C:\WINNT\system32\TheMatrixHasYou.exe

Og Hijack:


Logfile of HijackThis v1.99.1
Scan saved at 12:46:30, on 11-10-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\Programmer\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\system32\rundll32.exe
C:\kybrdff_e26.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Sandra Christensen\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,osndyrn.exe
O2 - BHO: (no name) - {D6EC03D8-438B-4C5C-AC83-1B73C429041A} - C:\WINNT\system32\awtssss.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmer\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmer\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e26.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e26.exe
O4 - HKLM\..\Run: [pnsmon] rundll32.exe C:\WINNT\system32\pnsmon.dll,start
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e26.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: awtssss - C:\WINNT\SYSTEM32\awtssss.dll
O20 - Winlogon Notify: H323TSP - C:\WINNT\
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\system32\m646lghs1646.dll (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Syncmgr - C:\WINNT\
O20 - Winlogon Notify: Telephony - C:\WINNT\system32\guard.tmp
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
O23 - Service: sql svcwin (sqlsvcwin) - Unknown owner - C:\WINNT\sqlsvc32.exe


Mvh
Jan

Genstart din maskine og lav en ny HiJackThis-log

Jeg vil for øvrigt foreslå at du renser diverse temp-filer med denne http://www.spywarefri.dk/manualer/ccleaner-manual.htm

Jeg ved ikke hvor meget tid jeg får til at hjælpe ( jeg er på arbejde ) så andre må gerne bryde ind.

<ejvindh>: Det var
C:\\nwnmff_e26.exe
C:\\dfndrff_e26.exe
C:\\kybrdff_e26.exe
blandt flere jeg tænkte på...
Du må gerne rulle videre procedure - jeg er arbejdsramt udenfor E resten af dagen...

<nva>: TempFiler sletning ka' hurtigst gøres med
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Dr1: De filer kommer ikke specifikt fra MSN-virussen. Det er alcan-filer...

Ok, jeg overtager her så. Det kommer til at tage et par trin endnu, for der er en del tilbage.

-- Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

-- Hent AVG Anti-Spyware herfra (30 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1.htm
Installer og opdater programmet. Vent med at scanne.

-- Hent Brute Force Uninstaller, og pak det ud til sin egen mappe (c:\BFU):
http://www.merijn.org/files/bfu.zip

-- Højreklik på følgende link, og vælg "Gem som" for at downloade Alcan Remover. Gem det i samme mappe som du gemte Brute Force Uninstaller i (c:\BFU):
http://metallica.geekstogo.com/alcanshorty.bfu

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du hentede tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

-- Genstart så til fejlsikret igen.

-- Klik på "Min computer", og naviger frem til c:\BFU mappen. Dobbeltklik på BFU.exe. Så åbnes "The Brute Force Uninstaller". Til højre for det øverste indtastningsfelt, skal du nu klikke på det gule mappe-ikon ("Open script file"), og navigere frem til alcanshorty.bfu, som du hentede tidligere:
c:\bfu\alcanshorty.bfu

Klik herefter på "execute", og lad programmet gøre sit arbejde. Når scriptet er færdig, klikker du på OK, og derefter på EXIT.

-- Kør en fuld scanning med AVG Anti-Spyware, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra AVG Anti-Spyware og Sdfix.

Så er de forskellige log klar.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    16:44:07 11-10-2006

+ Scan result:   



C:\WINNT\system32\hr2605fse.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\mhpbde40.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\awtssss.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINNT\system32\transys.dll -> Backdoor.Agent.vc : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\aws32.exe/aw1.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\WINNT\system32\aws32.exe/aw1.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\Documents and Settings\Sandra Christensen\Cookies\sandra@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Sandra Christensen\Cookies\sandra@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Sandra Christensen\Cookies\sandra@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\WINNT\system32\mpkkkwsd.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).


::Report end


SDFix: Version 1.28
-------------------

Scan run on:
on 11-10-2006

Time:
15:42


Microsoft Windows 2000 [version 5.00.2195]

Running from: C:\Documents and Settings\Sandra Christensen\Skrivebord\SDFix

                                Stage One...

Checking Services...

Name:
-----


Path:
----





Repairing Registry...









Restoring Default Hosts File...

Stage One Complete

Rebooting!

                                Stage Two...

Registry Cleaning Finished...

Checking For Malware Files:
--------------------------

C:\WINNT\system32\02606_netapi.exe
C:\WINNT\system32\05503_netapi.exe
C:\WINNT\system32\14210_netapi.exe
C:\WINNT\system32\25021_netapi.exe
C:\WINNT\system32\31514_netapi.exe
C:\WINNT\system32\32026_netapi.exe
C:\WINNT\system32\74733_netapi.exe
C:\WINNT\system32\88862_netapi.exe
C:\uniq
C:\WINNT\system32\i
C:\WINNT\system32\msnchecker.exe

Backing Up and Removing any Files Found...

                                Final Check:

Remaining Services:
------------------

Remaining Files:
--------------



*Any removed Files are saved in the SDFix\backups Folder*

                                *FINISHED*

Logfile of HijackThis v1.99.1
Scan saved at 16:51:22, on 11-10-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\Programmer\McAfee.com\VSO\mcvsshld.exe
c:\programmer\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Sandra Christensen\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Programmer\VSToolbar\VSToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmer\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmer\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - (no file)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
O23 - Service: sql svcwin (sqlsvcwin) - Unknown owner - C:\WINNT\sqlsvc32.exe


Mvh
Jan

Det hjalp gevaldigt på den. Men prøv lige at gøre følgende også:

-- Hent VirtumundoBeGone, gem det på skrivebordet:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

-- Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.

-- Det sker sommetider at fixet afslutter med "BSOD"(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.

-- Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind.

-- Klik på Start-kør. Skriv: Services.msc, og klik på OK.
Find følgende services, højreklik på dem og vælg egenskaber. Under starttype vælger du deaktiveret. Klik også på Stop:

"Microsoft NetWork FireWall Services"
"sql svcwin"

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - (no file)

-- Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med filen fra Virtumondebegone.

Her er så de næste.


[10/11/2006, 17:22:55] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sandra Christensen\Skrivebord\VirtumundoBeGone.exe" )
[10/11/2006, 17:23:05] - Detected System Information:
[10/11/2006, 17:23:05] -  Windows Version: 5.0.2195, Service Pack 4
[10/11/2006, 17:23:05] -  Current Username: Sandra (Admin)
[10/11/2006, 17:23:05] -  Windows is in NORMAL mode.
[10/11/2006, 17:23:05] - Searching for Browser Helper Objects:
[10/11/2006, 17:23:05] -  BHO 1: {148F2927-87A0-43B1-970F-A7D3141C8640} ()
[10/11/2006, 17:23:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2006, 17:23:05] -  Checking for HKLM\...\Winlogon\Notify\ssqro
[10/11/2006, 17:23:05] -  Found: HKLM\...\Winlogon\Notify\ssqro - This is probably Virtumundo.
[10/11/2006, 17:23:05] -  Assigning {148F2927-87A0-43B1-970F-A7D3141C8640} MSEvents Object
[10/11/2006, 17:23:05] - BHO list has been changed! Starting over...
[10/11/2006, 17:23:05] -  BHO 1: {148F2927-87A0-43B1-970F-A7D3141C8640} (MSEvents Object)
[10/11/2006, 17:23:05] - ALERT: Found MSEvents Object!
[10/11/2006, 17:23:05] - Finished Searching Browser Helper Objects
[10/11/2006, 17:23:05] - *** Detected MSEvents Object
[10/11/2006, 17:23:05] - Trying to remove MSEvents Object...
[10/11/2006, 17:23:06] -    Terminating Process: IEXPLORE.EXE
[10/11/2006, 17:23:07] -    Terminating Process: RUNDLL32.EXE
[10/11/2006, 17:23:07] -    Disabling Automatic Shell Restart
[10/11/2006, 17:23:07] -    Terminating Process: EXPLORER.EXE
[10/11/2006, 17:23:07] -    Suspending the NT Session Manager System Service
[10/11/2006, 17:23:07] -    Terminating Windows NT Logon/Logoff Manager
[10/11/2006, 17:23:08] -    Re-enabling Automatic Shell Restart
[10/11/2006, 17:23:08] -  File to disable: C:\WINNT\system32\ssqro.dll
[10/11/2006, 17:23:08] -  Renaming C:\WINNT\system32\ssqro.dll -> C:\WINNT\system32\ssqro.dll.vir
[10/11/2006, 17:23:08] - ! File rename was unsucessful.
[10/11/2006, 17:23:08] -  Attempting to Deny Access to C:\WINNT\system32\ssqro.dll
[10/11/2006, 17:23:08] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[10/11/2006, 17:23:08] -  ERROR: Der blev ikke udført nogen afbildning mellem kontonavne og sikkerheds-id.

[10/11/2006, 17:23:08] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[10/11/2006, 17:23:08] -  Removing HKLM\...\Browser Helper Objects\{148F2927-87A0-43B1-970F-A7D3141C8640}
[10/11/2006, 17:23:08] -  Removing HKCR\CLSID\{148F2927-87A0-43B1-970F-A7D3141C8640}
[10/11/2006, 17:23:08] -  Adding Kill Bit for ActiveX for GUID: {148F2927-87A0-43B1-970F-A7D3141C8640}
[10/11/2006, 17:23:08] -  Deleting ATLEvents/MSEvents Registry entries
[10/11/2006, 17:23:08] -  Removing HKLM\...\Winlogon\Notify\ssqro
[10/11/2006, 17:23:08] - Searching for Browser Helper Objects:
[10/11/2006, 17:23:08] - Finished Searching Browser Helper Objects
[10/11/2006, 17:23:08] - Finishing up...
[10/11/2006, 17:23:08] - A restart is needed.
[10/11/2006, 17:23:16] - Attempting to Restart via STOP error (Blue Screen!)


Logfile of HijackThis v1.99.1
Scan saved at 17:32:48, on 11-10-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\Programmer\McAfee.com\VSO\mcvsshld.exe
c:\programmer\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmer\McAfee.com\VSO\oasclnt.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Sandra Christensen\Skrivebord\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Programmer\VSToolbar\VSToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmer\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmer\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINNT\system32\m646lghs1646.dll (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Syncmgr - C:\WINNT\
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

Mvh
Jan

Der var gevinst, og der dukkede derfor lidt mere op. Prøv nu dette:

-- Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe

--  Klik så på START-KØR, og kopier følgende tekst ind i det vindue, der dukker op:
"%userprofile%\Skrivebord\combofix.exe" /v ssqro

Klik herefter på OK, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Sandra - on 11-10-2006 19:34:09,81    Service Pack 4
ComboFix 06.10.11 - Running from: "C:\Documents and Settings\Sandra Christensen\Skrivebord"
Command switches used :: /v ssqro

(((((((((((((((((((((((((((((((((((((((((((((  Look2Me's Log  ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{88D6103A-6625-4B73-BC02-F08F6B3516F3}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{88D6103A-6625-4B73-BC02-F08F6B3516F3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88D6103A-6625-4B73-BC02-F08F6B3516F3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88D6103A-6625-4B73-BC02-F08F6B3516F3}\InprocServer32]
@="C:\\WINNT\\system32\\iHspipe.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{A627FBB6-D3A9-4E0E-B32B-CB082B513B83}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A627FBB6-D3A9-4E0E-B32B-CB082B513B83}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A627FBB6-D3A9-4E0E-B32B-CB082B513B83}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A627FBB6-D3A9-4E0E-B32B-CB082B513B83}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Granting sedebugprivilege to Administratorer  ... successful


((((((((((((((((((((((((((((((((((((((((((((((((  Vundo Log  )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\orqss.bak1
C:\WINNT\system32\orqss.ini


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\MTE3NDI6ODoxNgV2.exe
C:\Programmer\Deskbar
C:\Programmer\F‘lles filer\{A860CA75-09E5-1030-1014-05042205002d}
C:\Programmer\F‘lles filer\{A860CA75-09E6-1030-1014-05042205002d}


(((((((((((((((((((((((((((((((  Files Created from 2006-09-11 to 2006-10-11  ))))))))))))))))))))))))))))))))))


2006-10-11    14:40    3,968    --a------    C:\WINNT\system32\drivers\AvgAsCln.sys
2006-10-11    08:49    5    --ahs----    C:\WINNT\system32\bcfcdb_g.dll


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-11 19:34     --------    d-a------    C:\Programmer\F‘lles filer
2006-10-11 18:39     --------    d--------    C:\Programmer\VSToolbar
2006-10-11 14:05     --------    d--------    C:\Programmer\Grisoft
2006-10-11 13:24     --------    d--------    C:\Programmer\Yahoo!
2006-10-11 13:24     --------    d--------    C:\Programmer\CCleaner
2006-10-11 12:52     --------    d--------    C:\Documents and Settings\Sandra Christensen\Application Data\SearchToolbarCorp
2006-10-11 12:09     --------    d--------    C:\Programmer\SUPERAntiSpyware
2006-10-11 12:08     --------    d--------    C:\Documents and Settings\Sandra Christensen\Application Data\SUPERAntiSpyware.com
2006-10-11 12:02     --------    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2006-10-11 11:29     9728    --a------    C:\WINNT\system32\rundll32.exe
2006-10-11 08:49     --------    d--------    C:\Programmer\RegSupreme
2006-10-10 21:06     --------    d--------    C:\Programmer\XnView
2006-09-07 14:33     619909    ---hs----    C:\WINNT\system32\mmllm.bak2
2006-09-05 20:59     --------    d--------    C:\Programmer\Spyware Doctor
2006-09-05 19:49     --------    d--------    C:\Programmer\ewido
2006-09-05 13:45     78336    -r-hs----    C:\WINNT\sqlsvc32.exe
2006-09-05 11:38     --------    d--------    C:\Programmer\Webroot
2006-08-30 09:39     81920    --a------    C:\WINNT\system32\Packet.dll
2006-08-30 09:39     61440    --a------    C:\WINNT\system32\WanPacket.dll
2006-08-30 09:39     32512    --a------    C:\WINNT\system32\drivers\npf.sys
2006-08-30 09:39     233472    --a------    C:\WINNT\system32\wpcap.dll
2006-08-18 10:47     --------    d--------    C:\Documents and Settings\Sandra Christensen\Application Data\PC Tools
2006-08-16 12:45     --------    d--------    C:\Documents and Settings\Sandra Christensen\Application Data\XnView
2006-08-16 12:39     --------    d--------    C:\Documents and Settings\Sandra Christensen\Application Data\Adobe


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"Spyware Doctor"="\"C:\\Programmer\\Spyware Doctor\\swdoctor.exe\" /Q"
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Programmer\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Programmer\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\McAfee.com\\Agent\\McUpdate.exe"
"!AVG Anti-Spyware"="\"C:\\Programmer\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"CleanUp"="C:\\PROGRA~1\\McAfee.com\\Shared\\mcappins.exe /v=3 /cleanup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuelle startside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
  00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"Spyware Doctor"="\"C:\\Programmer\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{A860CA75-09E5-1030-1014-05042205002d}"="\"c:\\programmer\\spyware doctor\\update.exe\" mc-110-12-0000229"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ  msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Wed 2006-10-11 19:38:45.15
ComboFix.txt

Du skal nu til at slette nogle filer manuelt. Som indledning hertil skal du have slået "Udvidet filvisning" til:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

C:\WINNT\system32\bcfcdb_g.dll
C:\WINNT\system32\mmllm.bak2
C:\WINNT\sqlsvc32.exe

Hvis du lykkes med dette, så vil jeg mene at computeren er ved at være ren. Kører den også bedre nu?

Hov for resten. Jeg må hellere lige få en ny log fra Hijackthis at se. Der var lige nogle ting, jeg skulle se om er forsvundet.

Logfile of HijackThis v1.99.1
Scan saved at 21:11:49, on 11-10-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\Programmer\McAfee.com\VSO\mcvsshld.exe
C:\Programmer\McAfee.com\VSO\oasclnt.exe
c:\programmer\mcafee.com\agent\mcagent.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sandra Christensen\Skrivebord\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmer\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmer\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

Jeg overså et af dine svar.. ;-o

Den kører meget bedre. ;-))

Logfile of HijackThis v1.99.1
Scan saved at 21:32:06, on 11-10-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\Programmer\McAfee.com\VSO\mcvsshld.exe
C:\Programmer\McAfee.com\VSO\oasclnt.exe
c:\programmer\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Sandra Christensen\Skrivebord\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmer\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmer\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

Jeg er desværre på arbejde uden for hjemmet indtil mandag eftermiddag, så jeg kan først besvare, når jeg kommer hjem igen.
I første omgang mange tak for hjælpen.

Mvh
Jan

Loggen er ren. Du kan fixe denne linie med Hijackthis, men det er ren oprydning:
O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)

For at gøre arbejdet helt færdig:
Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

Så der det gjort.

Takker mange gange for den uvurderlige hjælp. Computeren kører meget bedre nu. ;-))

Jeg vil anbefale dine råd til datteren.

Mvh
Jan

Du er velkommen :-)