Her er Combofix log:
ComboFix 08-05-21.3 - anybody 2008-05-24 14:42:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1422 [GMT 2:00]
Running from: C:\Documents and Settings\anybody\Desktop\Spywarefri\ComboFix.exe
Command switches used :: C:\Documents and Settings\anybody\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\d.exe
C:\DOCUME~1\anybody\LOCALS~1\Temp\{FB68239E-7E72-402B-89D0-E98E36D7980F}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe
C:\nnjamld.exe
C:\WINDOWS\elsq.exe
C:\WINDOWS\system32\jxshyxda.dll
C:\WINDOWS\system32\ldshyr.old
C:\WINDOWS\system32\xxyVOGxx.dll
C:\WINDOWS\Tasks\Norton Security Scan.job
.
The following files were disabled during the run:
C:\Program Files\TrojanHunter 5.0\THSec.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\nnjamld.exe
C:\Program Files\Alwil Software\Avast4\AhResMai.dll
C:\Program Files\Alwil Software\Avast4\ahResMes.dll
C:\Program Files\Alwil Software\Avast4\AhResNS.dll
C:\Program Files\Alwil Software\Avast4\AhResOut.dll
C:\Program Files\Alwil Software\Avast4\ahResP2P.dll
C:\Program Files\Alwil Software\Avast4\AhResStd.dll
C:\Program Files\Alwil Software\Avast4\AhResWS.dll
C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll
C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll
C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll
C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll
C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll
C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll
C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashBase.dll
C:\Program Files\Alwil Software\Avast4\ashBug.exe
C:\Program Files\Alwil Software\Avast4\ashCfgP.dll
C:\Program Files\Alwil Software\Avast4\ashCfgT.dll
C:\Program Files\Alwil Software\Avast4\ashChest.dll
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashCnsnt.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashOutXt.dll
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashShA64.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashSODBC.dll
C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll
C:\Program Files\Alwil Software\Avast4\ashSXML.dll
C:\Program Files\Alwil Software\Avast4\ashTask.dll
C:\Program Files\Alwil Software\Avast4\ashUInt.dll
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll
C:\Program Files\Alwil Software\Avast4\aswAux.dll
C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
C:\Program Files\Alwil Software\Avast4\aswEngin.dll
C:\Program Files\Alwil Software\Avast4\aswIdle.dll
C:\Program Files\Alwil Software\Avast4\aswInteg.dll
C:\Program Files\Alwil Software\Avast4\aswMonDS.sys
C:\Program Files\Alwil Software\Avast4\aswMonVD.dll
C:\Program Files\Alwil Software\Avast4\aswRawFS.dll
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswRes.dll
C:\Program Files\Alwil Software\Avast4\aswRunDll.exe
C:\Program Files\Alwil Software\Avast4\aswScan.dll
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\AVASTSS.scr
C:\Program Files\Alwil Software\Avast4\avCommEx.dll
C:\Program Files\Alwil Software\Avast4\AVSSHOOK.dll
C:\Program Files\Alwil Software\Avast4\copyx64.exe
C:\Program Files\Alwil Software\Avast4\DANISH\aswClnTg.htm
C:\Program Files\Alwil Software\Avast4\DANISH\aswClnTg.txt
C:\Program Files\Alwil Software\Avast4\DANISH\aswInfTg.htm
C:\Program Files\Alwil Software\Avast4\DANISH\aswInfTg.txt
C:\Program Files\Alwil Software\Avast4\DANISH\Base.dll
C:\Program Files\Alwil Software\Avast4\DANISH\Boot.dll
C:\Program Files\Alwil Software\Avast4\DANISH\ENHANCED.HTM
C:\Program Files\Alwil Software\Avast4\DANISH\HELP\CheckListSimple.chm
C:\Program Files\Alwil Software\Avast4\DANISH\HELP\help.chm
C:\Program Files\Alwil Software\Avast4\DANISH\hover.wav
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\11001.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\400.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\401.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\407.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\502.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\504.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\Blocked.htm
C:\Program Files\Alwil Software\Avast4\DANISH\HtmlData\image001.gif
C:\Program Files\Alwil Software\Avast4\DANISH\Lang.dll
C:\Program Files\Alwil Software\Avast4\DANISH\LangMai.dll
C:\Program Files\Alwil Software\Avast4\DANISH\License.txt
C:\Program Files\Alwil Software\Avast4\DANISH\malfound.wav
C:\Program Files\Alwil Software\Avast4\DANISH\press.wav
C:\Program Files\Alwil Software\Avast4\DANISH\Readme.txt
C:\Program Files\Alwil Software\Avast4\DANISH\ready.wav
C:\Program Files\Alwil Software\Avast4\DANISH\suspic.wav
C:\Program Files\Alwil Software\Avast4\DANISH\virfound.gif
C:\Program Files\Alwil Software\Avast4\DANISH\virfound.wav
C:\Program Files\Alwil Software\Avast4\DANISH\vpsupd.wav
C:\Program Files\Alwil Software\Avast4\DATA\400.vps
C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db
C:\Program Files\Alwil Software\Avast4\DATA\avast4.ini
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000001
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000002
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000003
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000005
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000006
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000007
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000008
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000009
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000A
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000B
C:\Program Files\Alwil Software\Avast4\DATA\chest\index.xml
C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll
C:\Program Files\Alwil Software\Avast4\DATA\dllcc0.dat
C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll
C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws
C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log
C:\Program Files\Alwil Software\Avast4\DATA\log\aswBoot.log
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.ori
C:\Program Files\Alwil Software\Avast4\DATA\log\Error.log
C:\Program Files\Alwil Software\Avast4\DATA\log\Notice.log
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log
C:\Program Files\Alwil Software\Avast4\DATA\log\Setup.log
C:\Program Files\Alwil Software\Avast4\DATA\log\unp100081804.tmp.mdmp
C:\Program Files\Alwil Software\Avast4\DATA\log\unp103398736.tmp.mdmp
C:\Program Files\Alwil Software\Avast4\DATA\log\unp135794619.tmp.mdmp
C:\Program Files\Alwil Software\Avast4\DATA\log\unp172164105.tmp.mdmp
C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt
C:\Program Files\Alwil Software\Avast4\DATA\report\avast.xsl
C:\Program Files\Alwil Software\Avast4\DATA\report\background.gif
C:\Program Files\Alwil Software\Avast4\DATA\report\logo.gif
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident (overvågende) beskyttelse.txt
C:\Program Files\Alwil Software\Avast4\DATA\Skin\__snake.aswf
C:\Program Files\Alwil Software\Avast4\DATA\Skin\__strike.aswf
C:\Program Files\Alwil Software\Avast4\DATA\Skin\__vizer.aswf
C:\Program Files\Alwil Software\Avast4\DATA\Skin\low res.asws
C:\Program Files\Alwil Software\Avast4\DATA\Skin\silver panel.asws
C:\Program Files\Alwil Software\Avast4\DATA\Skin\SZC-KDE.asws
C:\Program Files\Alwil Software\Avast4\DefTasks.xml
C:\Program Files\Alwil Software\Avast4\images\background.bmp
C:\Program Files\Alwil Software\Avast4\images\chest.gif
C:\Program Files\Alwil Software\Avast4\images\lense.gif
C:\Program Files\Alwil Software\Avast4\images\logo.gif
C:\Program Files\Alwil Software\Avast4\images\main_01.jpg
C:\Program Files\Alwil Software\Avast4\images\main_02.jpg
C:\Program Files\Alwil Software\Avast4\images\oranz.gif
C:\Program Files\Alwil Software\Avast4\images\resident.gif
C:\Program Files\Alwil Software\Avast4\images\setting.gif
C:\Program Files\Alwil Software\Avast4\images\slogan.gif
C:\Program Files\Alwil Software\Avast4\images\spacer.gif
C:\Program Files\Alwil Software\Avast4\images\update.gif
C:\Program Files\Alwil Software\Avast4\images\virusdat.gif
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\Setup\av_pro_core-452.vpu
C:\Program Files\Alwil Software\Avast4\Setup\av_pro_dll406-2e.vpu
C:\Program Files\Alwil Software\Avast4\Setup\av_pro_hlp406-fd.vpu
C:\Program Files\Alwil Software\Avast4\Setup\av_pro_skins-14.vpu
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
C:\Program Files\Alwil Software\Avast4\Setup\avscan-31b.vpu
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswFsBlk.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMon2.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMonFlt.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswRdr.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswTdi.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\Aavmker4.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswFsBlk.inf
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswFsBlk.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AswMon2.inf
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon2.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AswMonFlt.inf
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMonFlt.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AswRdr.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AswTdi.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswFsBlk.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswMonFlt.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswRdr.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswSP.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswTdi.sys
C:\Program Files\Alwil Software\Avast4\Setup\INF\AavmKer4.inf
C:\Program Files\Alwil Software\Avast4\Setup\INF\Aavmker4.sys
C:\Program Files\Alwil Software\Avast4\Setup\jrog-3a.vpu
C:\Program Files\Alwil Software\Avast4\Setup\news409-32.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-jrog-3a.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-news-4b.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-prg_av_pro-4ab.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-setup_av_pro-4ab.vpu
C:\Program Files\Alwil Software\Avast4\Setup\part-vps-8052300.vpu
C:\Program Files\Alwil Software\Avast4\Setup\prod-av_pro.vpu
C:\Program Files\Alwil Software\Avast4\Setup\servers.def
C:\Program Files\Alwil Software\Avast4\Setup\servers.def.lkg
C:\Program Files\Alwil Software\Avast4\Setup\servers.def.vpu
C:\Program Files\Alwil Software\Avast4\Setup\setif_av_pro-4ab.vpu
C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll
C:\Program Files\Alwil Software\Avast4\Setup\setiface.ovr
C:\Program Files\Alwil Software\Avast4\Setup\setup.ini
C:\Program Files\Alwil Software\Avast4\Setup\setup.log
C:\Program Files\Alwil Software\Avast4\Setup\setup.ovr
C:\Program Files\Alwil Software\Avast4\Setup\setup_av_pro-4ab.vpu
C:\Program Files\Alwil Software\Avast4\Setup\summary.txt
C:\Program Files\Alwil Software\Avast4\Setup\vps-8052300.vpu
C:\Program Files\Alwil Software\Avast4\Setup\vpsm-8052300.vpu
C:\Program Files\Alwil Software\Avast4\Setup\winsys-2.vpu
C:\Program Files\Alwil Software\Avast4\Setup\winsysgui-2.vpu
C:\Program Files\Alwil Software\Avast4\VisthAux.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\Alwil Software\Avast4\wdp-ash-updscript.vbs
C:\Program Files\Alwil Software\Avast4\XT1922.dll
C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
C:\Program Files\Alwil Software\Avast4\AavmGuih.dll
C:\Program Files\Alwil Software\Avast4\AavmRpch.dll
C:\Program Files\Panda Security
C:\Program Files\Panda Security\Panda Antivirus 2008\ACTUALIZ.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\ADiagnst.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\ADiagnst.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\ANALISIS.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ASMDAT.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\Avcic.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Avciman.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGDLL.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\AVLITE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\AvLite.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\AVLITE.MLD
C:\Program Files\Panda Security\Panda Antivirus 2008\AVLtMain.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVLTMAIN.MLD
C:\Program Files\Panda Security\Panda Antivirus 2008\AVTASK.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\borland_builder_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\borlndmm.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063KRN_DATA
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063pfdnnt.act
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES2
C:\Program Files\Panda Security\Panda Antivirus 2008\cc3250mt.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\CHMCCFG.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\COMPRESS.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\CONEXION.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\ConfData.xml
C:\Program Files\Panda Security\Panda Antivirus 2008\Countlst.cl
C:\Program Files\Panda Security\Panda Antivirus 2008\CryptMng.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Drivers\Drivers\i386\PAVDRV51.SYS
C:\Program Files\Panda Security\Panda Antivirus 2008\Drivers\Pavdrv.inf
C:\Program Files\Panda Security\Panda Antivirus 2008\Drivers\PAVDRV5X.CAT
C:\Program Files\Panda Security\Panda Antivirus 2008\ENVIO.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\EstadUpd.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\gwstore.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Help\T2008_da.chm
C:\Program Files\Panda Security\Panda Antivirus 2008\Help\term.js
C:\Program Files\Panda Security\Panda Antivirus 2008\Help\vars.js
C:\Program Files\Panda Security\Panda Antivirus 2008\ICL_CFG.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\ICL_MTR.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\icl_trf.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\ICONS.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\idiomas.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\imanager.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\ImGCfg.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\ImLocRep.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\ImRepAle.Dat
C:\Program Files\Panda Security\Panda Antivirus 2008\InstKRE.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\InstLSP.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\KernelRe.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\KernelRe.sig
C:\Program Files\Panda Security\Panda Antivirus 2008\Langm5.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\libxml2.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\libxml2_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\Licen_da.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\LITEUPG.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\LSPTest.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ltAlerts.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\LtAlerts.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\LTForms.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\LTFORMS.MLD
C:\Program Files\Panda Security\Panda Antivirus 2008\LUPGCONF.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\mapvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\memvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\microsoft_sdk_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\microsoft_visual_studio_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\MiniCrypto.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\msje8tp.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\panda.chp
C:\Program Files\Panda Security\Panda Antivirus 2008\panicsh.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pav.bkp
C:\Program Files\Panda Security\Panda Antivirus 2008\pav.sig
C:\Program Files\Panda Security\Panda Antivirus 2008\Pav2Wsc.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavAMW.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavCntrs.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\PavCntrs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVCRC.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\pavdr.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVEXCOM.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\pavexp.sig
C:\Program Files\Panda Security\Panda Antivirus 2008\PavFtp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavHttp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pavim.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavMiCli.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavNntp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVOE.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\PavPop3.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsddl.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pavsmcl.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavSmtp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvdl.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pavT.sig
C:\Program Files\Panda Security\Panda Antivirus 2008\pavtcmgr.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pavtftp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavTrc.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavVT.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PavVTF.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\PavWmail.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PFDNNT.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PNDCTRLB.BPL
C:\Program Files\Panda Security\Panda Antivirus 2008\prcvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Proxy.avi
C:\Program Files\Panda Security\Panda Antivirus 2008\PSAEng.Cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\PSAEng.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSAUI.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSAUI.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\PSCookie.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PSImFltr.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PSInet.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskads.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSKAHK.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskalloc.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskas.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskcmp.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskfss.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSKHTML.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskmas.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskmcf.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskmdfs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskmfs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskpack.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskscs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskudna.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskutil.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Pskvfs.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\pskvm.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSREPORT.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\PsScan.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\psspa.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSVACtrl.bpl
C:\Program Files\Panda Security\Panda Antivirus 2008\PSVAMgr.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSVAMgr.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\psVers.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\PSWLabel.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PSWLRes.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\PsXML.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\rawvfile.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\RECONSF.AVI
C:\Program Files\Panda Security\Panda Antivirus 2008\RESHOME.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\RSDNAPI.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\RsReport.rpt
C:\Program Files\Panda Security\Panda Antivirus 2008\Scans.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\sdthook.sys
C:\Program Files\Panda Security\Panda Antivirus 2008\sentinel.cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\sentrsc.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\setchrok.cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\SHELLTIT.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\sporder.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\sporder.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\sporder_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\TCPVFILE.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\TeeChart_Pro_v7_license.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\Titanium.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\TITCFG.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\TITSCAN.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\TITSCAN.MLD
C:\Program Files\Panda Security\Panda Antivirus 2008\titw.cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\titwBK.cfg
C:\Program Files\Panda Security\Panda Antivirus 2008\UNINSTAL.DLL
C:\Program Files\Panda Security\Panda Antivirus 2008\UNINSTAL.INI
C:\Program Files\Panda Security\Panda Antivirus 2008\Upgrades.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\UPGTEST.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\URLconfig.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\vcl50.bpl
C:\Program Files\Panda Security\Panda Antivirus 2008\vclx50.bpl
C:\Program Files\Panda Security\Panda Antivirus 2008\verman.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\Version.txt
C:\Program Files\Panda Security\Panda Antivirus 2008\WebExcl.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.ini
C:\Program Files\Panda Security\Panda Antivirus 2008\Welcome.dat
C:\Program Files\Panda Security\Panda Antivirus 2008\WHISTLER.BPL
C:\Program Files\Panda Security\Panda Antivirus 2008\WizSOS.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WizSOS.mld
C:\Program Files\Panda Security\Panda Antivirus 2008\ZIUpdate.dll
C:\Program Files\Panda Security\Panda Antivirus 2008\ZIUPDATE.MLD
C:\WINDOWS\system32\ldshyr.old
C:\WINDOWS\Tasks\Norton Security Scan.job
C:\Program Files\Alwil Software . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-24 12:26 . 2008-05-24 12:26 <DIR> d————C:\Program Files\SUPERAntiSpyware
2008-05-24 12:26 . 2008-05-24 12:26 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-05-24 11:47 . 2008-05-24 14:18 <DIR> d—h——- C:\$AVG8.VAULT$
2008-05-24 10:55 . 2008-05-24 10:55 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-05-24 10:55 . 2008-05-24 10:55 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-05-24 10:55 . 2007-05-30 14:10 10,872—a———C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-24 09:26 . 2008-05-24 09:26 <DIR> d————C:\Program Files\Malwarebytes’ Anti-Malware
2008-05-24 09:26 . 2008-05-24 09:26 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-24 09:26 . 2008-05-24 09:26 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-24 09:26 . 2008-05-05 20:46 27,048—a———C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-24 09:26 . 2008-05-05 20:46 15,864—a———C:\WINDOWS\system32\drivers\mbam.sys
2008-05-24 08:44 . 2008-05-24 08:44 <DIR> d————C:\Program Files\Trend Micro
2008-05-23 23:50 . 2008-05-23 23:50 <DIR> d————C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-05-23 22:26 . 2008-05-23 22:57 <DIR> d————C:\Program Files\Spyware Terminator
2008-05-23 22:26 . 2008-05-23 22:57 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-05-23 22:26 . 2008-05-23 22:57 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-05-23 22:26 . 2008-05-23 22:26 141,312—a———C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-23 22:00 . 2008-05-24 14:25 <DIR> d————C:\WINDOWS\system32\drivers\Avg
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\Program Files\AVG
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-23 22:00 . 2008-05-23 22:00 <DIR> d————C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-05-23 22:00 . 2008-05-23 22:00 96,520—a———C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-23 22:00 . 2008-05-23 22:00 75,272—a———C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-23 22:00 . 2008-05-23 22:00 12,424—a———C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-23 22:00 . 2008-05-23 22:00 10,520—a———C:\WINDOWS\system32\avgrsstx.dll
2008-05-23 21:49 . 2008-05-24 14:57 <DIR> d————C:\Program Files\TrojanHunter 5.0
2008-05-23 21:41 . 2008-05-23 21:47 <DIR> d————C:\Program Files\SpywareBlaster
2008-05-23 21:41 . 2008-05-23 21:41 <DIR> d————C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-23 21:41 . 2005-08-25 18:19 115,920—a———C:\WINDOWS\system32\MSINET.OCX
2008-05-23 18:58 . 2008-05-23 19:06 <DIR> d—h——- C:\WINDOWS\system32\GroupPolicy
2008-05-23 18:31 . 2008-05-23 18:31 <DIR> d————C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-23 18:17 . 2008-05-24 10:10 <DIR> d————C:\Documents and Settings\Administrator
2008-05-21 23:06 . 2006-03-15 14:00 4,224—a———C:\WINDOWS\system32\beep.sys
2008-05-21 23:05 . 2008-05-21 23:05 2—a———C:\-1797616174
2008-05-16 20:09 . 2008-05-16 20:09 <DIR> d————C:\Program Files\Ventrilo
2008-05-16 20:09 . 2008-05-23 21:49 <DIR> d————C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 20:07 . 2008-05-16 20:07 <DIR> d————C:\Program Files\VentriloFix 1.2
2008-05-14 09:23 . 2008-05-14 09:23 <DIR> d————C:\Program Files\SmartFTP Client
2008-05-14 09:22 . 2008-05-14 09:22 <DIR> d————C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-14 02:23 . 2003-03-18 22:20 1,060,864—a———C:\WINDOWS\system32\MFC71.dll
2008-05-14 02:14 . 2008-05-14 02:14 <DIR> d————C:\Program Files\Alwil Software
2008-05-05 20:52 . 2008-05-14 02:14 <DIR> d————C:\Program Files\ECP
2008-05-05 17:22 . 2008-05-22 19:00 <DIR> d————C:\Program Files\Steam
2008-05-02 21:18 . 2008-05-02 21:18 <DIR> d————C:\Program Files\WMonitor
2008-05-02 21:18 . 2004-03-04 14:47 929,792 -ra———C:\WINDOWS\system32\AegisE5.DLL
2008-05-02 21:18 . 2003-11-20 15:28 651,264—a———C:\WINDOWS\system32\libeay32.dll
2008-05-02 21:18 . 2003-11-20 15:28 147,456—a———C:\WINDOWS\system32\ssleay32.dll
2008-05-02 21:18 . 2003-10-13 15:30 94,208—a———C:\WINDOWS\system32\GTW32N50.dll
2008-05-02 21:18 . 2003-09-25 23:28 31,930—a———C:\WINDOWS\system32\GTNDIS3.VXD
2008-05-02 21:18 . 2003-09-25 22:15 15,872—a———C:\WINDOWS\system32\GTNDIS5.sys
2008-05-02 21:18 . 2004-03-04 14:46 15,781 -ra———C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-05-02 18:42 . 2008-05-02 18:42 <DIR> d————C:\Program Files\VentriloFix 1.1
2008-04-30 19:23 . 2008-04-30 19:23 <DIR> d————C:\Documents and Settings\anybody\Logs
2008-04-29 06:18 . 2008-04-29 06:18 <DIR> d————C:\Logs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 10:27————- d——-w C:\Program Files\Java
2008-05-24 08:13————- d——-w C:\Program Files\Common Files\Symantec Shared
2008-05-23 20:33————- d——-w C:\Program Files\Norton Security Scan
2008-05-14 00:33————- d——-w C:\Program Files\SPAMfighter
2008-05-14 00:32————- d——-w C:\Program Files\WinTV
2008-05-14 00:29————- d——-w C:\Program Files\Common Files\Nero
2008-05-14 00:29————- d——-w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-14 00:19————- d—h—w C:\Program Files\InstallShield Installation Information
2008-05-14 00:18————- d——-w C:\Program Files\DivX
2008-05-13 18:44————- d——-w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-30 17:38————- d——-w C:\Program Files\World of Warcraft
2008-04-23 13:26————- d——-w C:\Program Files\TDC
2008-04-23 13:26————- d——-w C:\Program Files\Support.com
2008-04-23 13:26————- d——-w C:\Documents and Settings\All Users.WINDOWS\Application Data\Support.com
2008-04-22 17:40————- d——-w C:\Program Files\Common Files\Blizzard Entertainment
2008-03-24 10:39————- d——-w C:\Program Files\Winamp
2008-02-26 21:17 737,280——a-w C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-23 22:00 2051328—a———C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7b440ee-398d-4ad4-b0e7-8bfcb07319a1}]
C:\WINDOWS\system32\jxshyxda.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC47F8CB-63FE-44E0-AC64-94FB465FBA90}]
C:\WINDOWS\system32\xxyVOGxx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{A057A204-BACC-4D26-9990-79A187E2698E}”= “C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL” [2008-05-23 22:00 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{A057A204-BACC-4D26-9990-79A187E2698E}”= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-23 22:00 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-15 14:00 15360]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2004-08-10 14:04 59392]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-06-09 14:26 794713]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-04-27 10:48 7561216]
“nwiz”=“nwiz.exe” [2006-04-27 10:48 1519616 C:\WINDOWS\system32\nwiz.exe]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“APVXDWIN”=“C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe” [ ]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 01:47 31016]
“QuickTime Task”=“C:\program files\hjælpe instalationer\Quicktime\qttask.exe” [ ]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-12-22 23:26 185896]
“Getca”=“C:\Program Files\WMonitor\InfoMyCa.exe” [2004-03-10 13:57 45056]
“THGuard”=“C:\Program Files\TrojanHunter 5.0\THGuard.exe” [2008-03-25 19:08 1047712]
“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2008-05-23 22:00 1177368]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-15 14:00 15360]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WWU.lnk - C:\Program Files\winbond\w89c33\wwu.exe [2007-12-17 18:17:03 942080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-16 06:02 50736 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffedb]
khffedb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Program Files\\Messenger\\msmsgs.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“C:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
“C:\\Program Files\\BORGChat\\BORGChat.exe”=
“C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=
“C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“C:\\Program Files\\LimeWire\\LimeWire.exe”=
“C:\\Documents and Settings\\anybody\\Desktop\\Unreal Tournament\\System\\UnrealTournament.exe”=
“C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe”=
“C:\\Program Files\\uTorrent\\uTorrent.exe”=
“C:\\Program Files\\Internet Explorer\\iexplore.exe”=
“C:\\Program Files\\SmartFTP Client\\SmartFTP.exe”=
“C:\\Program Files\\AVG\\AVG8\\avgupd.exe”=
“C:\\Program Files\\AVG\\AVG8\\avgnsx.exe”=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-23 22:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-23 22:00]
R1 wbsecdrv;wbsecdrv Protocol Driver;C:\WINDOWS\system32\DRIVERS\wbsecdrv.sys [2005-06-15 00:20]
R2 54Mbps Wireless Network;54Mbps Wireless Network Service;C:\Program Files\WMonitor\WLService.exe [2004-03-29 10:08]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-23 22:00]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-23 22:00]
R2 wbsecsvc;wbsecsvc;C:\WINDOWS\system32\wbsecsvc.exe [2005-12-09 01:01]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 05:49]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2006-02-22 03:32]
S2 SPAMfighter Update Service;SPAMfighter Update Service;“C:\Program Files\SPAMfighter\sfus.exe” [2007-12-14 19:57]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-06-06 20:27]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-06-02 00:51]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 14:59:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\anybody\Application Data\Microsoft Games\Zoo Tycoon 2\Klinke\Saved\sara,s zoo 
.z2s 355306 bytes hidden from API
scan completed successfully
hidden files: 1
**************************************************************************
.
——————————- DLLs Loaded Under Running Processes——————————-
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TrojanHunter 5.0\THSec.dll
-> C:\WINDOWS\system32\nview.dll
.
————————————Other Running Processes————————————
.
C:\Program Files\WMonitor\WLanCfgG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-24 15:04:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 13:04:20
ComboFix2.txt 2008-05-24 08:30:54
Pre-Run: 39,334,043,648 bytes free
Post-Run: 39,256,715,264 bytes free
625—- E O F—- 2008-05-16 17:50:08
Malwayre log:
Malwarebytes’ Anti-Malware 1.12
Database version: 783
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 144451
Time elapsed: 2 hour(s), 0 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNhhiJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8D20B88B-00B2-43A3-ACCF-4CCBE23C2290}\RP79\A0083464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:47, on 24-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WMonitor\WLService.exe
C:\Program Files\WMonitor\WLanCfgG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wbsecsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\program files\hjælpe instalationer\Quicktime\qttask.exe
C:\Program Files\WMonitor\InfoMyCa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\winbond\w89c33\wwu.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {1a91370b-cfb8-7e0b-4da4-d893ee044b7a} - {a7b440ee-398d-4ad4-b0e7-8bfcb07319a1} - C:\WINDOWS\system32\jxshyxda.dll (file missing)
O2 - BHO: (no name) - {BC47F8CB-63FE-44E0-AC64-94FB465FBA90} - C:\WINDOWS\system32\xxyVOGxx.dll (file missing)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM\..\Run: [APVXDWIN] “C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE” /s
O4 - HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: [QuickTime Task] “C:\program files\hjælpe instalationer\Quicktime\qttask.exe” -atboottime
O4 - HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: [Getca] C:\Program Files\WMonitor\InfoMyCa.exe
O4 - HKLM\..\Run: [THGuard] “C:\Program Files\TrojanHunter 5.0\THGuard.exe”
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: WWU.lnk = C:\Program Files\winbond\w89c33\wwu.exe
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198675823320
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200582732028
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khffedb - khffedb.dll (file missing)
O23 - Service: 54Mbps Wireless Network Service (54Mbps Wireless Network) - Unknown owner - C:\Program Files\WMonitor\WLService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe
—
End of file - 9617 bytes
JEg er gået i gang med malware scannen. vender tilbare snarest
