Spyware/Vira Hjælp: Hijackthis Log
Antal indlæg: 8

Hej allesammen her for et par dage siden kørte jeg en fil hvorefter mit system kosede fuldstændig.. nu kan jeg sagtens åbne det men den starter meget langsomt og finder vira fra system32 konstant

Jeg har kørt mange forskellige scans og det vigtige : jeg kan ikke komme ind i task manager via ctrl alt delete og kan heller ikke installere via windows install fordi det er slået fra og har prøvet at rette det i gpedit og regetdit via guides uden held :( hva dskal jeg gøre

Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:44:46, on 24-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\WINDOWS\gktxaspm.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM\..\Run: [LanzarL2007] “C:\DOCUME~1\anybody\LOCALS~1\Temp\{FB68239E-7E72-402B-89D0-E98E36D7980F}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe” /SETUP:”/l0x0006”
O4 - HKLM\..\Run: [APVXDWIN] “C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE” /s
O4 - HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: [QuickTime Task] “C:\program files\hjælpe instalationer\Quicktime\qttask.exe” -atboottime
O4 - HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe”  -osboot
O4 - HKLM\..\Run: [Getca] C:\Program Files\WMonitor\InfoMyCa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM97e9bee1] Rundll32.exe “C:\WINDOWS\system32\idsfqqyv.dll”,s
O4 - HKLM\..\Run: [THGuard] “C:\Program Files\TrojanHunter 5.0\THGuard.exe”
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: WWU.lnk = C:\Program Files\winbond\w89c33\wwu.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198675823320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200582732028
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: gnowmebk - {767BA26D-7B5D-4E8A-8D31-5852B7244F95} - (no file)
O21 - SSODL: pxgdslro - {46E40FDD-E112-4279-B692-9DC9C81AF796} - (no file)
O21 - SSODL: ChkRam - {25549965-654e-456a-b66d-8a25679ab22e} - C:\WINDOWS\Resources\ChkRam.dll
O23 - Service: 54Mbps Wireless Network Service (54Mbps Wireless Network) - Unknown owner - C:\Program Files\WMonitor\WLService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe


End of file - 7900 bytes

Redaktør
Antal indlæg: 14106

Velkommen til Spywarefri

Du kører med 2 anti-virusprogrammer, avast og AVG, afinstaller et af dem så du kun kører med 1.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Perform full scan” - klik på Scan - lad programmet arbejde. Når det er færdig (det tager naturligvis lidt tid).

Derefter - Tryk på “Show Result” knappen efter scanningen - og herefter tryk på “Remove Selected” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.

Kopier indholdet herind sammen med de andre logfiler.

Så gør du dette >

Hent dette program: http://www.ctrlaltdel.dk/SWF_hent.exe og gem det på skrivebordet. Herefter dobbeltklikker du på det (SWF_hent.exe). Du skal måske tillade programmet at hente filer fra nettet!

Programmet henter nødvendige rense-programmer. Når programmerne er hentet, vil der være en mappe på skrivebordet med navnet “Spywarefri”. Heri ligger programmerne sammen med en kort vejledning - hvis vejledningen ikke åbner automatisk så dobbeltklik på “SWF_vejledning.html”.

Venligst følg vejledningen og kopier logfilerne herind i forum.

 

[ Rettet: 24.05.2008, 11:32 af Peder TeamSpywarefri ]
Signatur

Kaffen er drukket
Kassen er lukket
Støtten gør mere nytte
Hos de små og forknytte
Børns Vilkår

Antal indlæg: 8

Tak smile JEg er gået i gang med malware scannen. vender tilbare snarest

Antal indlæg: 8

AVG kørte i Dos mode så der kom ingen log.

Her er de 2 andre logs.

Malwarebytes’ Anti-Malware 1.12
Database version: 783

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 145184
Time elapsed: 33 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 19
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 97

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\xxyVOGxx.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\byXNhhiJ.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ef6857f-6661-466a-b2aa-a000cb357db1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2ef6857f-6661-466a-b2aa-a000cb357db1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{663656df-6bae-460c-a612-8133df519346} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{663656df-6bae-460c-a612-8133df519346} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxnhhij (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{9b19a112-5f7e-4549-bdc1-9462ddc7d0b9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6a219592-3d06-46a5-b3ff-cbc8eb6fff2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25549965-654e-456a-b66d-8a25679ab22e} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gktxaspm.bpew (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gktxaspm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{663656df-6bae-460c-a612-8133df519346} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ChkRam (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM97e9bee1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gnowmebk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pxgdslro (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvogxx -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvogxx -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\824223 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\xxyVOGxx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxGOVyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxGOVyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNhhiJ.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\antiviirus.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079144.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079145.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079148.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079168.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079170.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079181.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079182.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079207.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079208.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079219.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079222.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079223.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0079225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bYOGVpPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\824223\824223.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\ChkRam.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idsfqqyv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbinit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\mdtgkswr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\gktxaspm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


ComboFix 08-05-21.3 - Administrator 2008-05-24 10:22:07.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1707 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\Spywarefri\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM97e9bee1.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akgamubt.ini
C:\WINDOWS\system32\aporxvbc.ini
C:\WINDOWS\system32\bdyfbrax.ini
C:\WINDOWS\system32\bghsykbp.exe
C:\WINDOWS\system32\byXNhhiJ.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cbwwmvdb.ini
C:\WINDOWS\system32\ckvjfpug.ini
C:\WINDOWS\system32\clnwairh.ini
C:\WINDOWS\system32\cohrwlvy.ini
C:\WINDOWS\system32\djgdlqop.ini
C:\WINDOWS\system32\dlqsswhx.ini
C:\WINDOWS\system32\drgdxmar.ini
C:\WINDOWS\system32\dwbujxfj.exe
C:\WINDOWS\system32\dwfrwlpw.ini
C:\WINDOWS\system32\dwkeukvb.ini
C:\WINDOWS\system32\ebkbghtp.ini
C:\WINDOWS\system32\eoqhbkjc.ini
C:\WINDOWS\system32\eovrfxxy.ini
C:\WINDOWS\system32\epcrjvyu.ini
C:\WINDOWS\system32\ethuisau.ini
C:\WINDOWS\system32\fbbsyjfw.ini
C:\WINDOWS\system32\fiyddwdw.ini
C:\WINDOWS\system32\fklblefs.ini
C:\WINDOWS\system32\frbthinr.ini
C:\WINDOWS\system32\fsdvvslo.ini
C:\WINDOWS\system32\fsjyfmtm.ini
C:\WINDOWS\system32\gejhnrsa.ini
C:\WINDOWS\system32\ggrxvbqd.ini
C:\WINDOWS\system32\gjmlxpde.ini
C:\WINDOWS\system32\hjinlafk.ini
C:\WINDOWS\system32\hppmjxse.ini
C:\WINDOWS\system32\hsmpkjah.ini
C:\WINDOWS\system32\imvpljit.ini
C:\WINDOWS\system32\isleyjva.ini
C:\WINDOWS\system32\jkcskdfi.ini
C:\WINDOWS\system32\jtmksjdm.ini
C:\WINDOWS\system32\khqvrtwb.ini
C:\WINDOWS\system32\kldmtuuh.ini
C:\WINDOWS\system32\klsqfvdj.ini
C:\WINDOWS\system32\kvilqqmn.ini
C:\WINDOWS\system32\lbbqgort.ini
C:\WINDOWS\system32\lrnyncbu.ini
C:\WINDOWS\system32\lwkwahrw.ini
C:\WINDOWS\system32\lybbjbid.ini
C:\WINDOWS\system32\mbscscua.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mumfsfqe.ini
C:\WINDOWS\system32\nrylqgkr.ini
C:\WINDOWS\system32\okmhjhdp.ini
C:\WINDOWS\system32\oqhbqtmk.ini
C:\WINDOWS\system32\orqlgyeq.ini
C:\WINDOWS\system32\ppnxwuop.ini
C:\WINDOWS\system32\pwqtocoa.ini
C:\WINDOWS\system32\pxoiyjlw.ini
C:\WINDOWS\system32\qecxhmth.ini
C:\WINDOWS\system32\qiewucpr.ini
C:\WINDOWS\system32\qkivnqlx.ini
C:\WINDOWS\system32\qmptdvbv.ini
C:\WINDOWS\system32\qtboxhgk.ini
C:\WINDOWS\system32\qxopxdte.ini
C:\WINDOWS\system32\rdapjlak.ini
C:\WINDOWS\system32\sillvbyk.ini
C:\WINDOWS\system32\sisyaclo.ini
C:\WINDOWS\system32\sjvcgmgv.ini
C:\WINDOWS\system32\tuonlpab.ini
C:\WINDOWS\system32\tvbhgeqs.ini
C:\WINDOWS\system32\ujgtsijj.ini
C:\WINDOWS\system32\ultcejas.ini
C:\WINDOWS\system32\unmwkefc.ini
C:\WINDOWS\system32\vrchfnkp.ini
C:\WINDOWS\system32\vsmxotmn.ini
C:\WINDOWS\system32\VvuEgfhk.ini
C:\WINDOWS\system32\VvuEgfhk.ini2
C:\WINDOWS\system32\xghtwxha.ini
C:\WINDOWS\system32\xxGOVyxx.ini
C:\WINDOWS\system32\xxGOVyxx.ini2
C:\WINDOWS\system32\xxpckmau.ini
C:\WINDOWS\system32\xyullndp.ini
C:\WINDOWS\system32\yiggrknw.ini
C:\WINDOWS\system32\ykqdcjwt.ini
C:\WINDOWS\system32\ynhvwwbw.ini
C:\WINDOWS\system32\yujolekf.ini
C:\WINDOWS\system32\yuodhpsv.ini

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_CLBDRIVER
———-\Legacy_NWSAPAGENT
———-\Service_clbdriver
———-\Service_NwSapAgent


(((((((((((((((((((((((((  Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-24 09:26 . 2008-05-24 09:26 <DIR> d————C:\Program Files\Malwarebytes’ Anti-Malware
2008-05-24 09:26 . 2008-05-24 09:26 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-24 09:26 . 2008-05-24 09:26 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-24 09:26 . 2008-05-05 20:46 27,048—a———C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-24 09:26 . 2008-05-05 20:46 15,864—a———C:\WINDOWS\system32\drivers\mbam.sys
2008-05-24 08:44 . 2008-05-24 08:44 <DIR> d————C:\Program Files\Trend Micro
2008-05-23 23:50 . 2008-05-23 23:50 <DIR> d————C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-05-23 22:26 . 2008-05-23 22:57 <DIR> d————C:\Program Files\Spyware Terminator
2008-05-23 22:26 . 2008-05-23 22:57 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-05-23 22:26 . 2008-05-23 22:57 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-05-23 22:26 . 2008-05-23 22:26 141,312—a———C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\WINDOWS\system32\drivers\Avg
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\Program Files\AVG
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-05-23 22:00 . 2008-05-23 22:00 96,520—a———C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-23 22:00 . 2008-05-23 22:00 75,272—a———C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-23 22:00 . 2008-05-23 22:00 12,424—a———C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-23 22:00 . 2008-05-23 22:00 10,520—a———C:\WINDOWS\system32\avgrsstx.dll
2008-05-23 21:49 . 2008-05-23 21:50 <DIR> d————C:\Program Files\TrojanHunter 5.0
2008-05-23 21:41 . 2008-05-23 21:47 <DIR> d————C:\Program Files\SpywareBlaster
2008-05-23 21:41 . 2008-05-23 21:41 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-23 21:41 . 2005-08-25 18:19 115,920—a———C:\WINDOWS\system32\MSINET.OCX
2008-05-23 18:58 . 2008-05-23 19:06 <DIR> d—h——- C:\WINDOWS\system32\GroupPolicy
2008-05-23 18:42 . 2008-05-23 18:42 136,192—a———C:\WINDOWS\system32\jxshyxda.dll
2008-05-23 18:36 . 2008-05-23 18:36 373,248—a———C:\WINDOWS\system32\xxyVOGxx.dll
2008-05-23 18:31 . 2008-05-23 18:31 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-23 18:17 . 2008-05-24 10:10 <DIR> d————C:\Documents and Settings\Administrator
2008-05-21 23:06 . 2006-03-15 14:00 4,224—a———C:\WINDOWS\system32\beep.sys
2008-05-21 23:05 . 2008-05-21 17:43 94,208—a———C:\WINDOWS\elsq.exe
2008-05-21 23:05 . 2008-05-21 23:05 30,208—a———C:\WINDOWS\system32\ldshyr.old
2008-05-21 23:05 . 2008-05-21 23:05 30,208—a———C:\nnjamld.exe
2008-05-21 23:05 . 2008-05-21 23:05 2—a———C:\-1797616174
2008-05-16 20:09 . 2008-05-16 20:09 <DIR> d————C:\Program Files\Ventrilo
2008-05-16 20:09 . 2008-05-23 21:49 <DIR> d————C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 20:07 . 2008-05-16 20:07 <DIR> d————C:\Program Files\VentriloFix 1.2
2008-05-14 09:23 . 2008-05-14 09:23 <DIR> d————C:\Program Files\SmartFTP Client
2008-05-14 09:22 . 2008-05-14 09:22 <DIR> d————C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-14 02:23 . 2003-03-18 22:20 1,060,864—a———C:\WINDOWS\system32\MFC71.dll
2008-05-14 02:14 . 2008-05-14 02:14 <DIR> d————C:\Program Files\Alwil Software
2008-05-05 20:52 . 2008-05-14 02:14 <DIR> d————C:\Program Files\ECP
2008-05-05 17:22 . 2008-05-22 19:00 <DIR> d————C:\Program Files\Steam
2008-05-02 21:18 . 2008-05-02 21:18 <DIR> d————C:\Program Files\WMonitor
2008-05-02 21:18 . 2004-03-04 14:47 929,792 -ra———C:\WINDOWS\system32\AegisE5.DLL
2008-05-02 21:18 . 2003-11-20 15:28 651,264—a———C:\WINDOWS\system32\libeay32.dll
2008-05-02 21:18 . 2003-11-20 15:28 147,456—a———C:\WINDOWS\system32\ssleay32.dll
2008-05-02 21:18 . 2003-10-13 15:30 94,208—a———C:\WINDOWS\system32\GTW32N50.dll
2008-05-02 21:18 . 2003-09-25 23:28 31,930—a———C:\WINDOWS\system32\GTNDIS3.VXD
2008-05-02 21:18 . 2003-09-25 22:15 15,872—a———C:\WINDOWS\system32\GTNDIS5.sys
2008-05-02 21:18 . 2004-03-04 14:46 15,781 -ra———C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-05-02 18:42 . 2008-05-02 18:42 <DIR> d————C:\Program Files\VentriloFix 1.1
2008-04-30 19:23 . 2008-04-30 19:23 <DIR> d————C:\Documents and Settings\anybody\Logs
2008-04-29 06:18 . 2008-04-29 06:18 <DIR> d————C:\Logs

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 08:13————- d——-w C:\Program Files\Common Files\Symantec Shared
2008-05-23 20:33————- d——-w C:\Program Files\Norton Security Scan
2008-05-14 00:33————- d——-w C:\Program Files\SPAMfighter
2008-05-14 00:32————- d——-w C:\Program Files\WinTV
2008-05-14 00:29————- d——-w C:\Program Files\Common Files\Nero
2008-05-14 00:29————- d——-w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-14 00:19————- d—h—w C:\Program Files\InstallShield Installation Information
2008-05-14 00:18————- d——-w C:\Program Files\DivX
2008-05-13 18:44————- d——-w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-30 17:38————- d——-w C:\Program Files\World of Warcraft
2008-04-23 13:26————- d——-w C:\Program Files\TDC
2008-04-23 13:26————- d——-w C:\Program Files\Support.com
2008-04-23 13:26————- d——-w C:\Documents and Settings\All Users.WINDOWS\Application Data\Support.com
2008-04-22 17:40————- d——-w C:\Program Files\Common Files\Blizzard Entertainment
2008-03-24 10:39————- d——-w C:\Program Files\Winamp
2008-02-26 21:17 737,280——a-w C:\WINDOWS\iun6002.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-23 22:00 2051328—a———C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7b440ee-398d-4ad4-b0e7-8bfcb07319a1}]
2008-05-23 18:42 136192—a———C:\WINDOWS\system32\jxshyxda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC47F8CB-63FE-44E0-AC64-94FB465FBA90}]
2008-05-23 18:36 373248—a———C:\WINDOWS\system32\xxyVOGxx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{A057A204-BACC-4D26-9990-79A187E2698E}”= “C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL” [2008-05-23 22:00 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-15 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2004-08-10 14:04 59392]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-06-09 14:26 794713]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-04-27 10:48 7561216]
“nwiz”=“nwiz.exe” [2006-04-27 10:48 1519616 C:\WINDOWS\system32\nwiz.exe]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 11:11 132496]
“LanzarL2007”=“C:\DOCUME~1\anybody\LOCALS~1\Temp\{FB68239E-7E72-402B-89D0-E98E36D7980F}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe” [ ]
“APVXDWIN”=“C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe” [2007-07-20 01:23 455984]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 01:47 31016]
“QuickTime Task”=“C:\program files\hjælpe instalationer\Quicktime\qttask.exe” [ ]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-12-22 23:26 185896]
“Getca”=“C:\Program Files\WMonitor\InfoMyCa.exe” [2004-03-10 13:57 45056]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-12 18:39 79224]
“THGuard”=“C:\Program Files\TrojanHunter 5.0\THGuard.exe” [2008-03-25 19:08 1047712]
“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2008-05-23 22:00 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-15 14:00 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WWU.lnk - C:\Program Files\winbond\w89c33\wwu.exe [2007-12-17 18:17:03 942080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-16 06:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffedb]
khffedb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Program Files\\Messenger\\msmsgs.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
“C:\\Program Files\\BORGChat\\BORGChat.exe”=
“C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=
“C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“C:\\Program Files\\LimeWire\\LimeWire.exe”=
“C:\\Documents and Settings\\anybody\\Desktop\\Unreal Tournament\\System\\UnrealTournament.exe”=
“C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe”=
“C:\\Program Files\\uTorrent\\uTorrent.exe”=
“C:\\Program Files\\Internet Explorer\\iexplore.exe”=
“C:\\Program Files\\SmartFTP Client\\SmartFTP.exe”=
“C:\\Program Files\\AVG\\AVG8\\avgupd.exe”=
“C:\\Program Files\\AVG\\AVG8\\avgnsx.exe”=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-23 22:00]
R1 wbsecdrv;wbsecdrv Protocol Driver;C:\WINDOWS\system32\DRIVERS\wbsecdrv.sys [2005-06-15 00:20]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 05:49]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2006-02-22 03:32]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-23 22:00]
S2 54Mbps Wireless Network;54Mbps Wireless Network Service;C:\Program Files\WMonitor\WLService.exe [2004-03-29 10:08]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-23 22:00]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-23 22:00]
S2 SPAMfighter Update Service;SPAMfighter Update Service;“C:\Program Files\SPAMfighter\sfus.exe” [2007-12-14 19:57]
S2 wbsecsvc;wbsecsvc;C:\WINDOWS\system32\wbsecsvc.exe [2005-12-09 01:01]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-06-06 20:27]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-06-02 00:51]

.
Contents of the ‘Scheduled Tasks’ folder
“2008-05-23 16:00:06 C:\WINDOWS\Tasks\Norton Security Scan.job”
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 10:28:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
————————————Other Running Processes————————————
.
C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************
.
Completion time: 2008-05-24 10:30:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 08:30:51

Pre-Run: 39,414,579,200 bytes free
Post-Run: 39,608,139,776 bytes free

284—- E O F—- 2008-05-16 17:50:08

Antal indlæg: 8

Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:20, on 24-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {1a91370b-cfb8-7e0b-4da4-d893ee044b7a} - {a7b440ee-398d-4ad4-b0e7-8bfcb07319a1} - C:\WINDOWS\system32\jxshyxda.dll
O2 - BHO: (no name) - {BC47F8CB-63FE-44E0-AC64-94FB465FBA90} - C:\WINDOWS\system32\xxyVOGxx.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM\..\Run: [LanzarL2007] “C:\DOCUME~1\anybody\LOCALS~1\Temp\{FB68239E-7E72-402B-89D0-E98E36D7980F}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe” /SETUP:”/l0x0006”
O4 - HKLM\..\Run: [APVXDWIN] “C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE” /s
O4 - HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: [QuickTime Task] “C:\program files\hjælpe instalationer\Quicktime\qttask.exe” -atboottime
O4 - HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe”  -osboot
O4 - HKLM\..\Run: [Getca] C:\Program Files\WMonitor\InfoMyCa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] “C:\Program Files\TrojanHunter 5.0\THGuard.exe”
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: WWU.lnk = C:\Program Files\winbond\w89c33\wwu.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198675823320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200582732028
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: khffedb - khffedb.dll (file missing)
O23 - Service: 54Mbps Wireless Network Service (54Mbps Wireless Network) - Unknown owner - C:\Program Files\WMonitor\WLService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe


End of file - 8395 bytes

Antal indlæg: 8

Det skal siges jeg kører i fejlsikret tilstand ellers er det svært at åbne

Antal indlæg: 8

Her er loggen over normal tilstand¨¨

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:50, on 24-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WMonitor\WLService.exe
C:\Program Files\WMonitor\WLanCfgG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wbsecsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\program files\hjælpe instalationer\Quicktime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\WMonitor\InfoMyCa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\winbond\w89c33\wwu.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {1a91370b-cfb8-7e0b-4da4-d893ee044b7a} - {a7b440ee-398d-4ad4-b0e7-8bfcb07319a1} - C:\WINDOWS\system32\jxshyxda.dll
O2 - BHO: (no name) - {BC47F8CB-63FE-44E0-AC64-94FB465FBA90} - C:\WINDOWS\system32\xxyVOGxx.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
O4 - HKLM\..\Run: [LanzarL2007] “C:\DOCUME~1\anybody\LOCALS~1\Temp\{FB68239E-7E72-402B-89D0-E98E36D7980F}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe” /SETUP:”/l0x0006”
O4 - HKLM\..\Run: [APVXDWIN] “C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE” /s
O4 - HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: [QuickTime Task] “C:\program files\hjælpe instalationer\Quicktime\qttask.exe” -atboottime
O4 - HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe”  -osboot
O4 - HKLM\..\Run: [Getca] C:\Program Files\WMonitor\InfoMyCa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] “C:\Program Files\TrojanHunter 5.0\THGuard.exe”
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\d.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: WWU.lnk = C:\Program Files\winbond\w89c33\wwu.exe
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198675823320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200582732028
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: khffedb - khffedb.dll (file missing)
O23 - Service: 54Mbps Wireless Network Service (54Mbps Wireless Network) - Unknown owner - C:\Program Files\WMonitor\WLService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe


End of file - 9976 bytes

Administrator
Avatar
Antal indlæg: 35654

Du har stadig to antivirus programmer kørende. Fortæl hvilket du vil beholde, så fjerner vi det andet

Antal indlæg: 8

Vil godt Beholde AVG. det skal lige siges jeg kan stadig ikke komme ind i Task menu CTRL ALT DELETE i normal tilstand ellere installere ting med windows installer og den er stadig langsom

Administrator
Avatar
Antal indlæg: 35654

Ok.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe 
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Perform full scan” - klik på Scan - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på “Show Result” knappen efter scanningen - og herefter tryk på “Remove Selected” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.


Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem filen med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under “filtyper” står “alle filer”.

~~~~~~~~~~~~~~~~~~~~~~~~~~

KILLALL::

Snapshot::

 

Folder::
C:\Program Files\Panda Security
C:\Program Files\Alwil Software

 


File::
C:\WINDOWS\system32\jxshyxda.dll
C:\WINDOWS\system32\xxyVOGxx.dll
C:\WINDOWS\elsq.exe
C:\WINDOWS\system32\ldshyr.old
C:\nnjamld.exe
C:\DOCUME~1\anybody\LOCALS~1\Temp\{FB68239E-7E72-402B-89D0-E98E36D7980F}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe
C:\d.exe
C:\WINDOWS\Tasks\Norton Security Scan.job

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen. - Som vist her - >>> http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.


Send en ny combofix log herind sammen med en ny hijackthis log, og loggen fra Malwarebytes Anti-Malware

 

Antal indlæg: 8

Her er Combofix log:

ComboFix 08-05-21.3 - anybody 2008-05-24 14:42:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1422 [GMT 2:00]
Running from: C:\Documents and Settings\anybody\Desktop\Spywarefri\ComboFix.exe
Command switches used :: C:\Documents and Settings\anybody\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\d.exe
C:\DOCUME~1\anybody\LOCALS~1\Temp\{FB68239E-7E72-402B-89D0-E98E36D7980F}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe
C:\nnjamld.exe
C:\WINDOWS\elsq.exe
C:\WINDOWS\system32\jxshyxda.dll
C:\WINDOWS\system32\ldshyr.old
C:\WINDOWS\system32\xxyVOGxx.dll
C:\WINDOWS\Tasks\Norton Security Scan.job
.
The following files were disabled during the run:
C:\Program Files\TrojanHunter 5.0\THSec.dll


(((((((((((((((((((((((((((((((((((((((  Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\nnjamld.exe
C:\Program Files\Alwil Software\Avast4\AhResMai.dll
C:\Program Files\Alwil Software\Avast4\ahResMes.dll
C:\Program Files\Alwil Software\Avast4\AhResNS.dll
C:\Program Files\Alwil Software\Avast4\AhResOut.dll
C:\Program Files\Alwil Software\Avast4\ahResP2P.dll
C:\Program Files\Alwil Software\Avast4\AhResStd.dll
C:\Program Files\Alwil Software\Avast4\AhResWS.dll
C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll
C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll
C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll
C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll
C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll
C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll
C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashBase.dll
C:\Program Files\Alwil Software\Avast4\ashBug.exe
C:\Program Files\Alwil Software\Avast4\ashCfgP.dll
C:\Program Files\Alwil Software\Avast4\ashCfgT.dll
C:\Program Files\Alwil Software\Avast4\ashChest.dll
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashCnsnt.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashOutXt.dll
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashShA64.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashSODBC.dll
C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll
C:\Program Files\Alwil Software\Avast4\ashSXML.dll
C:\Program Files\Alwil Software\Avast4\ashTask.dll
C:\Program Files\Alwil Software\Avast4\ashUInt.dll
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll
C:\Program Files\Alwil Software\Avast4\aswAux.dll
C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
C:\Program Files\Alwil Software\Avast4\aswEngin.dll
C:\Program Files\Alwil Software\Avast4\aswIdle.dll
C:\Program Files\Alwil Software\Avast4\aswInteg.dll
C:\Program Files\Alwil Software\Avast4\aswMonDS.sys
C:\Program Files\Alwil Software\Avast4\aswMonVD.dll
C:\Program Files\Alwil Software\Avast4\aswRawFS.dll
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswRes.dll
C:\Program Files\Alwil Software\Avast4\aswRunDll.exe
C:\Program Files\Alwil Software\Avast4\aswScan.dll
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\AVASTSS.scr
C:\Program Files\Alwil Software\Avast4\avCommEx.dll
C:\Program Files\Alwil Software\Avast4\AVSSHOOK.dll
C:\Program Files\Alwil Software\Avast4\copyx64.exe
C:\Program Files\Alwil Software\Avast4\DANISH\aswClnTg.htm
C:\Program Files\Alwil Software\Avast4\DANISH\aswClnTg.txt
C:\Program Files\Alwil Software\Avast4\DANISH\aswInfTg.htm
C:\Program Files\Alwil Software\Avast4\DANISH\aswInfTg.txt
C:\Program Files\Alwil Software\Avast4\DANISH\Base.dll
C:\Program Files\Alwil Software\Avast4\DANISH\Boot.dll
C:\Program Files\Alwil Software\Avast4\DANISH\ENHANCED.HTM
C:\Program Files\Alwil Software\Avast4\DANISH\HELP\CheckListSimple.chm
C:\Program Files\Alwil Software\Avast4\DANISH\HELP\help.chm
C:\Program Files\Alwil Software\Avast4\DANISH\hover.wav
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\11001.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\400.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\401.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\407.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\502.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\504.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\Blocked.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\image001.gif
C:\Program Files\Alwil Software\Avast4\DANISH\Lang.dll
C:\Program Files\Alwil Software\Avast4\DANISH\LangMai.dll
C:\Program Files\Alwil Software\Avast4\DANISH\License.txt
C:\Program Files\Alwil Software\Avast4\DANISH\malfound.wav
C:\Program Files\Alwil Software\Avast4\DANISH\press.wav
C:\Program Files\Alwil Software\Avast4\DANISH\Readme.txt
C:\Program Files\Alwil Software\Avast4\DANISH\ready.wav
C:\Program Files\Alwil Software\Avast4\DANISH\suspic.wav
C:\Program Files\Alwil Software\Avast4\DANISH\virfound.gif
C:\Program Files\Alwil Software\Avast4\DANISH\virfound.wav
C:\Program Files\Alwil Software\Avast4\DANISH\vpsupd.wav
C:\Program Files\Alwil Software\Avast4\DATA\400.vps
C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db
C:\Program Files\Alwil Software\Avast4\DATA\avast4.ini
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000001
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000002
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000003
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000005
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000006
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000007
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000008
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000009
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000A
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000B
C:\Program Files\Alwil Software\Avast4\DATA\chest\index.xml
C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll
C:\Program Files\Alwil Software\Avast4\DATA\dllcc0.dat
C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll
C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws
C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log
C:\Program Files\Alwil Software\Avast4\DATA\log\aswBoot.log
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.ori
C:\Program Files\Alwil Software\Avast4\DATA\log\Error.log
C:\Program Files\Alwil Software\Avast4\DATA\log\Notice.log
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log
C:\Program Files\Alwil Software\Avast4\DATA\log\Setup.log
C:\Program Files\Alwil Software\Avast4\DATA\log\unp100081804.tmp.mdmp
C:\Program Files\Alwil Software\Avast4\DATA\log\unp103398736.tmp.mdmp
C:\Program Files\Alwil Software\Avast4\DATA\log\unp135794619.tmp.mdmp
C:\Program Files\Alwil Software\Avast4\DATA\log\unp172164105.tmp.mdmp
C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt
C:\Program Files\Alwil Software\Avast4\DATA\report\avast.xsl
C:\Program Files\Alwil Software\Avast4\DATA\report\background.gif
C:\Program Files\Alwil Software\Avast4\DATA\report\logo.gif
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident (overvågende) beskyttelse.txt
C:\Program Files\Alwil Software\Avast4\DATA\Skin\__snake.aswf
C:\Program Files\Alwil Software\Avast4\DATA\Skin\__strike.aswf
C:\Program Files\Alwil Software\Avast4\DATA\Skin\__vizer.aswf
C:\Program Files\Alwil Software\Avast4\DATA\Skin\low res.asws
C:\Program Files\Alwil Software\Avast4\DATA\Skin\silver panel.asws
C:\Program Files\Alwil Software\Avast4\DATA\Skin\SZC-KDE.asws
C:\Program Files\Alwil Software\Avast4\DefTasks.xml
C:\Program Files\Alwil Software\Avast4\images\background.bmp
C:\Program Files\Alwil Software\Avast4\images\chest.gif
C:\Program Files\Alwil Software\Avast4\images\lense.gif
C:\Program Files\Alwil Software\Avast4\images\logo.gif
C:\Program Files\Alwil Software\Avast4\images\main_01.jpg
C:\Program Files\Alwil Software\Avast4\images\main_02.jpg
C:\Program Files\Alwil Software\Avast4\images\oranz.gif
C:\Program Files\Alwil Software\Avast4\images\resident.gif
C:\Program Files\Alwil Software\Avast4\images\setting.gif
C:\Program Files\Alwil Software\Avast4\images\slogan.gif
C:\Program Files\Alwil Software\Avast4\images\spacer.gif
C:\Program Files\Alwil Software\Avast4\images\update.gif
C:\Program Files\Alwil Software\Avast4\images\virusdat.gif
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\Setup\av_pro_core-452.vpu
C:\Program Files\Alwil Software\Avast4\Setup\av_pro_dll406-2e.vpu
C:\Program Files\Alwil Software\Avast4\Setup\av_pro_hlp406-fd.vpu
C:\Program Files\Alwil Software\Avast4\Setup\av_pro_skins-14.vpu
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
C:\Program Files\Alwil Software\Avast4\Setup\avscan-31b.vpu
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswFsBlk.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMon2.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMonFlt.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswRdr.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswTdi.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\Aavmker4.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswFsBlk.inf
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswFsBlk.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AswMon2.inf
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon2.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AswMonFlt.inf
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMonFlt.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AswRdr.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AswTdi.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswFsBlk.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswMonFlt.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswRdr.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswSP.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswTdi.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AavmKer4.inf
C:\Program Files\Alwil Software\Avast4\Setup\INF\Aavmker4.sys
C:\Program Files\Alwil Software\Avast4\Setup\jrog-3a.vpu
C:\Program Files\Alwil Software\Avast4\Setup\news409-32.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-jrog-3a.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-news-4b.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-prg_av_pro-4ab.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-setup_av_pro-4ab.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-vps-8052300.vpu
C:\Program Files\Alwil Software\Avast4\Setup\prod-av_pro.vpu
C:\Program Files\Alwil Software\Avast4\Setup\servers.def
C:\Program Files\Alwil Software\Avast4\Setup\servers.def.lkg
C:\Program Files\Alwil Software\Avast4\Setup\servers.def.vpu
C:\Program Files\Alwil Software\Avast4\Setup\setif_av_pro-4ab.vpu
C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll
C:\Program Files\Alwil Software\Avast4\Setup\setiface.ovr
C:\Program Files\Alwil Software\Avast4\Setup\setup.ini
C:\Program Files\Alwil Software\Avast4\Setup\setup.log
C:\Program Files\Alwil Software\Avast4\Setup\setup.ovr
C:\Program Files\Alwil Software\Avast4\Setup\setup_av_pro-4ab.vpu
C:\Program Files\Alwil Software\Avast4\Setup\summary.txt
C:\Program Files\Alwil Software\Avast4\Setup\vps-8052300.vpu
C:\Program Files\Alwil Software\Avast4\Setup\vpsm-8052300.vpu
C:\Program Files\Alwil Software\Avast4\Setup\winsys-2.vpu
C:\Program Files\Alwil Software\Avast4\Setup\winsysgui-2.vpu
C:\Program Files\Alwil Software\Avast4\VisthAux.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\Alwil Software\Avast4\wdp-ash-updscript.vbs
C:\Program Files\Alwil Software\Avast4\XT1922.dll
C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
C:\Program Files\Alwil Software\Avast4\AavmGuih.dll
C:\Program Files\Alwil Software\Avast4\AavmRpch.dll
C:\Program Files\Panda Security
C:\Program Files\Panda Security\Panda Antivirus 2008\ACTUALIZ.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\ADiagnst.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\ADiagnst.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\ANALISIS.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ASMDAT.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\Avcic.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Avciman.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGDLL.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\AVLITE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\AvLite.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\AVLITE.MLD
C:\Program Files\Panda Security\Panda Antivirus 2008\AVLtMain.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVLTMAIN.MLD
C:\Program Files\Panda Security\Panda Antivirus 2008\AVTASK.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\borland_builder_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\borlndmm.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063KRN_DATA
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063pfdnnt.act
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES2
C:\Program Files\Panda Security\Panda Antivirus 2008\cc3250mt.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\CHMCCFG.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\COMPRESS.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\CONEXION.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\ConfData.xml
C:\Program Files\Panda Security\Panda Antivirus 2008\Countlst.cl
C:\Program Files\Panda Security\Panda Antivirus 2008\CryptMng.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Drivers\Drivers\i386\PAVDRV51.SYS
C:\Program Files\Panda Security\Panda Antivirus 2008\Drivers\Pavdrv.inf
C:\Program Files\Panda Security\Panda Antivirus 2008\Drivers\PAVDRV5X.CAT
C:\Program Files\Panda Security\Panda Antivirus 2008\ENVIO.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\EstadUpd.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\gwstore.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Help\T2008_da.chm
C:\Program Files\Panda Security\Panda Antivirus 2008\Help\term.js
C:\Program Files\Panda Security\Panda Antivirus 2008\Help\vars.js
C:\Program Files\Panda Security\Panda Antivirus 2008\ICL_CFG.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\ICL_MTR.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\icl_trf.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\ICONS.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\idiomas.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\imanager.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\ImGCfg.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\ImLocRep.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\ImRepAle.Dat
C:\Program Files\Panda Security\Panda Antivirus 2008\InstKRE.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\InstLSP.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\KernelRe.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\KernelRe.sig
C:\Program Files\Panda Security\Panda Antivirus 2008\Langm5.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\libxml2.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\libxml2_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\Licen_da.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\LITEUPG.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\LSPTest.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ltAlerts.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\LtAlerts.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\LTForms.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\LTFORMS.MLD
C:\Program Files\Panda Security\Panda Antivirus 2008\LUPGCONF.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\mapvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\memvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\microsoft_sdk_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\microsoft_visual_studio_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\MiniCrypto.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\msje8tp.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\panda.chp
C:\Program Files\Panda Security\Panda Antivirus 2008\panicsh.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pav.bkp
C:\Program Files\Panda Security\Panda Antivirus 2008\pav.sig
C:\Program Files\Panda Security\Panda Antivirus 2008\Pav2Wsc.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavAMW.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavCntrs.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\PavCntrs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVCRC.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\pavdr.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVEXCOM.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\pavexp.sig
C:\Program Files\Panda Security\Panda Antivirus 2008\PavFtp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavHttp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pavim.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavMiCli.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavNntp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVOE.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\PavPop3.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsddl.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pavsmcl.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavSmtp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvdl.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pavT.sig
C:\Program Files\Panda Security\Panda Antivirus 2008\pavtcmgr.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pavtftp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavTrc.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavVT.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavVTF.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\PavWmail.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PFDNNT.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PNDCTRLB.BPL
C:\Program Files\Panda Security\Panda Antivirus 2008\prcvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Proxy.avi
C:\Program Files\Panda Security\Panda Antivirus 2008\PSAEng.Cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\PSAEng.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSAUI.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSAUI.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\PSCookie.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PSImFltr.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PSInet.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskads.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSKAHK.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskalloc.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskas.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskcmp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskfss.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSKHTML.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskmas.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskmcf.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskmdfs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskmfs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskpack.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskscs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskudna.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskutil.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskvfs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskvm.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSREPORT.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\PsScan.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\psspa.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSVACtrl.bpl
C:\Program Files\Panda Security\Panda Antivirus 2008\PSVAMgr.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSVAMgr.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\psVers.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\PSWLabel.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSWLRes.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PsXML.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\rawvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\RECONSF.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\RESHOME.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\RSDNAPI.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\RsReport.rpt
C:\Program Files\Panda Security\Panda Antivirus 2008\Scans.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\sdthook.sys
C:\Program Files\Panda Security\Panda Antivirus 2008\sentinel.cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\sentrsc.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\setchrok.cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\SHELLTIT.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\sporder.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\sporder.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\sporder_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\TCPVFILE.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\TeeChart_Pro_v7_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\Titanium.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\TITCFG.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\TITSCAN.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\TITSCAN.MLD
C:\Program Files\Panda Security\Panda Antivirus 2008\titw.cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\titwBK.cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\UNINSTAL.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\UNINSTAL.INI
C:\Program Files\Panda Security\Panda Antivirus 2008\Upgrades.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\UPGTEST.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\URLconfig.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\vcl50.bpl
C:\Program Files\Panda Security\Panda Antivirus 2008\vclx50.bpl
C:\Program Files\Panda Security\Panda Antivirus 2008\verman.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Version.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\WebExcl.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\Welcome.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\WHISTLER.BPL
C:\Program Files\Panda Security\Panda Antivirus 2008\WizSOS.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WizSOS.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\ZIUpdate.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\ZIUPDATE.MLD
C:\WINDOWS\system32\ldshyr.old
C:\WINDOWS\Tasks\Norton Security Scan.job
C:\Program Files\Alwil Software . . . . failed to delete

.
(((((((((((((((((((((((((  Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-24 12:26 . 2008-05-24 12:26 <DIR> d————C:\Program Files\SUPERAntiSpyware
2008-05-24 12:26 . 2008-05-24 12:26 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-05-24 11:47 . 2008-05-24 14:18 <DIR> d—h——- C:\$AVG8.VAULT$
2008-05-24 10:55 . 2008-05-24 10:55 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-05-24 10:55 . 2008-05-24 10:55 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-05-24 10:55 . 2007-05-30 14:10 10,872—a———C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-24 09:26 . 2008-05-24 09:26 <DIR> d————C:\Program Files\Malwarebytes’ Anti-Malware
2008-05-24 09:26 . 2008-05-24 09:26 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-24 09:26 . 2008-05-24 09:26 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-24 09:26 . 2008-05-05 20:46 27,048—a———C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-24 09:26 . 2008-05-05 20:46 15,864—a———C:\WINDOWS\system32\drivers\mbam.sys
2008-05-24 08:44 . 2008-05-24 08:44 <DIR> d————C:\Program Files\Trend Micro
2008-05-23 23:50 . 2008-05-23 23:50 <DIR> d————C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-05-23 22:26 . 2008-05-23 22:57 <DIR> d————C:\Program Files\Spyware Terminator
2008-05-23 22:26 . 2008-05-23 22:57 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-05-23 22:26 . 2008-05-23 22:57 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-05-23 22:26 . 2008-05-23 22:26 141,312—a———C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-23 22:00 . 2008-05-24 14:25 <DIR> d————C:\WINDOWS\system32\drivers\Avg
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\Program Files\AVG
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-05-23 22:00 . 2008-05-23 22:00 96,520—a———C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-23 22:00 . 2008-05-23 22:00 75,272—a———C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-23 22:00 . 2008-05-23 22:00 12,424—a———C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-23 22:00 . 2008-05-23 22:00 10,520—a———C:\WINDOWS\system32\avgrsstx.dll
2008-05-23 21:49 . 2008-05-24 14:57 <DIR> d————C:\Program Files\TrojanHunter 5.0
2008-05-23 21:41 . 2008-05-23 21:47 <DIR> d————C:\Program Files\SpywareBlaster
2008-05-23 21:41 . 2008-05-23 21:41 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-23 21:41 . 2005-08-25 18:19 115,920—a———C:\WINDOWS\system32\MSINET.OCX
2008-05-23 18:58 . 2008-05-23 19:06 <DIR> d—h——- C:\WINDOWS\system32\GroupPolicy
2008-05-23 18:31 . 2008-05-23 18:31 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-23 18:17 . 2008-05-24 10:10 <DIR> d————C:\Documents and Settings\Administrator
2008-05-21 23:06 . 2006-03-15 14:00 4,224—a———C:\WINDOWS\system32\beep.sys
2008-05-21 23:05 . 2008-05-21 23:05 2—a———C:\-1797616174
2008-05-16 20:09 . 2008-05-16 20:09 <DIR> d————C:\Program Files\Ventrilo
2008-05-16 20:09 . 2008-05-23 21:49 <DIR> d————C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 20:07 . 2008-05-16 20:07 <DIR> d————C:\Program Files\VentriloFix 1.2
2008-05-14 09:23 . 2008-05-14 09:23 <DIR> d————C:\Program Files\SmartFTP Client
2008-05-14 09:22 . 2008-05-14 09:22 <DIR> d————C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-14 02:23 . 2003-03-18 22:20 1,060,864—a———C:\WINDOWS\system32\MFC71.dll
2008-05-14 02:14 . 2008-05-14 02:14 <DIR> d————C:\Program Files\Alwil Software
2008-05-05 20:52 . 2008-05-14 02:14 <DIR> d————C:\Program Files\ECP
2008-05-05 17:22 . 2008-05-22 19:00 <DIR> d————C:\Program Files\Steam
2008-05-02 21:18 . 2008-05-02 21:18 <DIR> d————C:\Program Files\WMonitor
2008-05-02 21:18 . 2004-03-04 14:47 929,792 -ra———C:\WINDOWS\system32\AegisE5.DLL
2008-05-02 21:18 . 2003-11-20 15:28 651,264—a———C:\WINDOWS\system32\libeay32.dll
2008-05-02 21:18 . 2003-11-20 15:28 147,456—a———C:\WINDOWS\system32\ssleay32.dll
2008-05-02 21:18 . 2003-10-13 15:30 94,208—a———C:\WINDOWS\system32\GTW32N50.dll
2008-05-02 21:18 . 2003-09-25 23:28 31,930—a———C:\WINDOWS\system32\GTNDIS3.VXD
2008-05-02 21:18 . 2003-09-25 22:15 15,872—a———C:\WINDOWS\system32\GTNDIS5.sys
2008-05-02 21:18 . 2004-03-04 14:46 15,781 -ra———C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-05-02 18:42 . 2008-05-02 18:42 <DIR> d————C:\Program Files\VentriloFix 1.1
2008-04-30 19:23 . 2008-04-30 19:23 <DIR> d————C:\Documents and Settings\anybody\Logs
2008-04-29 06:18 . 2008-04-29 06:18 <DIR> d————C:\Logs

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 10:27————- d——-w C:\Program Files\Java
2008-05-24 08:13————- d——-w C:\Program Files\Common Files\Symantec Shared
2008-05-23 20:33————- d——-w C:\Program Files\Norton Security Scan
2008-05-14 00:33————- d——-w C:\Program Files\SPAMfighter
2008-05-14 00:32————- d——-w C:\Program Files\WinTV
2008-05-14 00:29————- d——-w C:\Program Files\Common Files\Nero
2008-05-14 00:29————- d——-w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-14 00:19————- d—h—w C:\Program Files\InstallShield Installation Information
2008-05-14 00:18————- d——-w C:\Program Files\DivX
2008-05-13 18:44————- d——-w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-30 17:38————- d——-w C:\Program Files\World of Warcraft
2008-04-23 13:26————- d——-w C:\Program Files\TDC
2008-04-23 13:26————- d——-w C:\Program Files\Support.com
2008-04-23 13:26————- d——-w C:\Documents and Settings\All Users.WINDOWS\Application Data\Support.com
2008-04-22 17:40————- d——-w C:\Program Files\Common Files\Blizzard Entertainment
2008-03-24 10:39————- d——-w C:\Program Files\Winamp
2008-02-26 21:17 737,280——a-w C:\WINDOWS\iun6002.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-23 22:00 2051328—a———C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7b440ee-398d-4ad4-b0e7-8bfcb07319a1}]
  C:\WINDOWS\system32\jxshyxda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC47F8CB-63FE-44E0-AC64-94FB465FBA90}]
  C:\WINDOWS\system32\xxyVOGxx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{A057A204-BACC-4D26-9990-79A187E2698E}”= “C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL” [2008-05-23 22:00 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{A057A204-BACC-4D26-9990-79A187E2698E}”= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-23 22:00 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-15 14:00 15360]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2004-08-10 14:04 59392]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-06-09 14:26 794713]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-04-27 10:48 7561216]
“nwiz”=“nwiz.exe” [2006-04-27 10:48 1519616 C:\WINDOWS\system32\nwiz.exe]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“APVXDWIN”=“C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe” [ ]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 01:47 31016]
“QuickTime Task”=“C:\program files\hjælpe instalationer\Quicktime\qttask.exe” [ ]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-12-22 23:26 185896]
“Getca”=“C:\Program Files\WMonitor\InfoMyCa.exe” [2004-03-10 13:57 45056]
“THGuard”=“C:\Program Files\TrojanHunter 5.0\THGuard.exe” [2008-03-25 19:08 1047712]
“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2008-05-23 22:00 1177368]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-15 14:00 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WWU.lnk - C:\Program Files\winbond\w89c33\wwu.exe [2007-12-17 18:17:03 942080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-16 06:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffedb]
khffedb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Program Files\\Messenger\\msmsgs.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
“C:\\Program Files\\BORGChat\\BORGChat.exe”=
“C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=
“C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“C:\\Program Files\\LimeWire\\LimeWire.exe”=
“C:\\Documents and Settings\\anybody\\Desktop\\Unreal Tournament\\System\\UnrealTournament.exe”=
“C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe”=
“C:\\Program Files\\uTorrent\\uTorrent.exe”=
“C:\\Program Files\\Internet Explorer\\iexplore.exe”=
“C:\\Program Files\\SmartFTP Client\\SmartFTP.exe”=
“C:\\Program Files\\AVG\\AVG8\\avgupd.exe”=
“C:\\Program Files\\AVG\\AVG8\\avgnsx.exe”=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-23 22:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-23 22:00]
R1 wbsecdrv;wbsecdrv Protocol Driver;C:\WINDOWS\system32\DRIVERS\wbsecdrv.sys [2005-06-15 00:20]
R2 54Mbps Wireless Network;54Mbps Wireless Network Service;C:\Program Files\WMonitor\WLService.exe [2004-03-29 10:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-23 22:00]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-23 22:00]
R2 wbsecsvc;wbsecsvc;C:\WINDOWS\system32\wbsecsvc.exe [2005-12-09 01:01]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 05:49]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2006-02-22 03:32]
S2 SPAMfighter Update Service;SPAMfighter Update Service;“C:\Program Files\SPAMfighter\sfus.exe” [2007-12-14 19:57]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-06-06 20:27]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-06-02 00:51]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 14:59:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\anybody\Application Data\Microsoft Games\Zoo Tycoon 2\Klinke\Saved\sara,s zoo grin.z2s 355306 bytes hidden from API

scan completed successfully
hidden files: 1

**************************************************************************
.
——————————- DLLs Loaded Under Running Processes——————————-

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TrojanHunter 5.0\THSec.dll
-> C:\WINDOWS\system32\nview.dll
.
————————————Other Running Processes————————————
.
C:\Program Files\WMonitor\WLanCfgG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-24 15:04:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 13:04:20
ComboFix2.txt 2008-05-24 08:30:54

Pre-Run: 39,334,043,648 bytes free
Post-Run: 39,256,715,264 bytes free

625—- E O F—- 2008-05-16 17:50:08

Malwayre log:

Malwarebytes’ Anti-Malware 1.12
Database version: 783

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 144451
Time elapsed: 2 hour(s), 0 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNhhiJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0083464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:47, on 24-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WMonitor\WLService.exe
C:\Program Files\WMonitor\WLanCfgG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wbsecsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\program files\hjælpe instalationer\Quicktime\qttask.exe
C:\Program Files\WMonitor\InfoMyCa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\winbond\w89c33\wwu.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {1a91370b-cfb8-7e0b-4da4-d893ee044b7a} - {a7b440ee-398d-4ad4-b0e7-8bfcb07319a1} - C:\WINDOWS\system32\jxshyxda.dll (file missing)
O2 - BHO: (no name) - {BC47F8CB-63FE-44E0-AC64-94FB465FBA90} - C:\WINDOWS\system32\xxyVOGxx.dll (file missing)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM\..\Run: [APVXDWIN] “C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE” /s
O4 - HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: [QuickTime Task] “C:\program files\hjælpe instalationer\Quicktime\qttask.exe” -atboottime
O4 - HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe”  -osboot
O4 - HKLM\..\Run: [Getca] C:\Program Files\WMonitor\InfoMyCa.exe
O4 - HKLM\..\Run: [THGuard] “C:\Program Files\TrojanHunter 5.0\THGuard.exe”
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: WWU.lnk = C:\Program Files\winbond\w89c33\wwu.exe
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198675823320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200582732028
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khffedb - khffedb.dll (file missing)
O23 - Service: 54Mbps Wireless Network Service (54Mbps Wireless Network) - Unknown owner - C:\Program Files\WMonitor\WLService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe


End of file - 9617 bytes

Redaktør
Antal indlæg: 14106

Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under “filtyper” står “alle filer”.

~~~~~~~~~~~~~~~~~~~~~~~~~~


Killall::

Snapshot::

File::
C:\WINDOWS\system32\drivers\aswSP.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\jxshyxda.dll
C:\WINDOWS\system32\xxyVOGxx.dll
C:\WINDOWS\system32\avldr.dll

Folder::
C:\\Program Files\LimeWire
C:\\Program Files\uTorrent


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7b440ee-398d-4ad4-b0e7-8bfcb07319a1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC47F8CB-63FE-44E0-AC64-94FB465FBA90}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“APVXDWIN”=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffedb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“C:\\Program Files\\LimeWire\\LimeWire.exe”=-
“C:\\Program Files\\uTorrent\\uTorrent.exe”=-

Driver::
aswSP
aswFsBlk

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over SWF-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
———————————————————-

Læg den Combofix log herind og en ny fra HijackThis.

[ Rettet: 24.05.2008, 20:49 af Peder TeamSpywarefri ]
Signatur

Kaffen er drukket
Kassen er lukket
Støtten gør mere nytte
Hos de små og forknytte
Børns Vilkår