hijackthis log bedes tjekkes

Hent værktøjet About:Buster lavet af Rubber Ducky.
http://tools.zerosrealm.com/AboutBuster.zip
Opret en mappe på dit skrivebord, og pak About:Buster ud i denne mappe.

Hent og installer denne engangsskanner fra Kaspersky: http://www.mwti.net/download/tools/mwav.exe

Hent: http://www.spywarefri.dk/vaerktoj.htm#emptytemp
Og læs manualen til opsætning af programmet her:
http://www.spywarefri.dk/emptytempfolders.manual.htm

Slå systemgendannelse fra. Hvis du ikke ved, hvordan du gør det, så kig her: http://www.spywarefri.dk/virusscannere.htm#alle

Tag computeren af Nettet – stikket fysisk ud.
Deaktiver dine sikkerhedsprogrammer (virusprogram, Spybot m.m.)

Brug "Taskmanager/procesliste" (Ctrl+Alt+Del) til at afslutte følgende processer, hvis
du kan finde dem:

C:\WINDOWS\Lan.exe
C:\WINDOWS\winhost.exe
C:\WINDOWS\setuperr.log:wukqn
C:\WINDOWS\apiwb32.exe

Herunder er der nogle filer, som du skal fixe. Sæt en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned.

Fix disse med HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dsycz.dll/sp.html#11111
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dsycz.dll/sp.html#11111
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dsycz.dll/sp.html#11111
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dsycz.dll/sp.html#11111
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dsycz.dll/sp.html#11111
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dsycz.dll/sp.html#11111
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dsycz.dll/sp.html#11111
O2 - BHO: (no name) - {7DB11ADC-366B-476F-A044-6EDCAD101014} - C:\WINDOWS\apijw32.dll
O4 - HKLM\..\Run: [ippw32.exe] C:\WINDOWS\system32\ippw32.exe
O4 - HKLM\..\Run: [d3ke32.exe] C:\WINDOWS\system32\d3ke32.exe
O4 - HKLM\..\Run: [addgs.exe] C:\WINDOWS\system32\addgs.exe
O4 - HKLM\..\Run: [apphq32.exe] C:\WINDOWS\system32\apphq32.exe
O4 - HKLM\..\Run: [apiwb32.exe] C:\WINDOWS\apiwb32.exe
O16 - DPF: {2456741B-1567-7682-A355-939856783603} - ms-its:mhtml:file://C:\foo.mht!http://www.xpehbam.biz/be//T.CHM::/load.exe
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://advnt01.com/dialer/internazionale_ver3.CAB

----
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
----

Genstart i fejlsikret tilstand (F8 i opstart). Find og slet filerne

C:\WINDOWS\system32\dsycz.dll
C:\WINDOWS\apijw32.dll
C:\WINDOWS\system32\ippw32.exe
C:\WINDOWS\system32\d3ke32.exe
C:\WINDOWS\system32\addgs.exe
C:\WINDOWS\system32\apphq32.exe
C:\WINDOWS\apiwb32.exe

Brug Start > Søg. Find og slet: wmmon32.exe




Nu lukker du ALLE vinduer. Find den mappe hvori du lagde About:Buster og Kør programmet.

Brug derefter EmptyTempFolders til at rydde op i computerens Temp filer.

Tag også en tur med engangsscanneren mwav.exe – aktiver så den scanner mest muligt.

Genstart normalt, Nettet på igen og kom med en ny log fra HijackThis – tak. Husk at genaktivere dine sikkerhedsprogrammer.

Du skal forresten også lige hente en ny HiJackThis her:
http://www.spywarefri.dk/vaerktoj.htm
og bruge den efterfølgende. Den du har brugt er temmelig gammel.

Denne linie skal ignoreres:
Brug Start > Søg. Find og slet: wmmon32.exe
Den kom desværre med ved en fejl.

Hej tonnybrandt
Det var lidt af en opgave,:.) når jeg køre mwav, skriver den at der er fundet 40 viruser, og jeg skal købe programmet for at fjerne dem. jeg har kørt norton antivirus og den finder ingenting. Ellers har jeg gjort som du skrev. Hvad med de viruser??.
Wed Nov 17 21:25:37 2004 => **********************************************************
Wed Nov 17 21:25:37 2004 => eScan AntiVirus Toolkit Utility.
Wed Nov 17 21:25:37 2004 => Copyright © 2003-2004,  MicroWorld Technologies Inc.
Wed Nov 17 21:25:37 2004 => **********************************************************
Wed Nov 17 21:25:37 2004 => Version 4.6.6 (C:\DOCUME~1\Jess\LOKALE~1\Temp\mwavscan.com)
Wed Nov 17 21:25:37 2004 => Log File: C:\DOCUME~1\Jess\LOKALE~1\Temp\mwav.log
Wed Nov 17 21:25:37 2004 => Command Line Options Given: /s
Wed Nov 17 21:25:38 2004 => Latest Date of files inside MWAV: 16 Nov 2004  22:01:05.
Wed Nov 17 21:25:40 2004 => AV Library Loaded...

Wed Nov 17 21:25:40 2004 => **********************************************************
Wed Nov 17 21:25:40 2004 => eScan AntiVirus Toolkit Utility.
Wed Nov 17 21:25:40 2004 => Copyright © 2003-2004,  MicroWorld Technologies Inc.
Wed Nov 17 21:25:40 2004 =>
Wed Nov 17 21:25:40 2004 => Support: support@mwti.net
Wed Nov 17 21:25:40 2004 => Web: http://www.mwti.net
Wed Nov 17 21:25:40 2004 => **********************************************************
Wed Nov 17 21:25:40 2004 => Version 4.6.6 (C:\DOCUME~1\Jess\LOKALE~1\Temp\mwavscan.com)
Wed Nov 17 21:25:40 2004 => Log File: C:\DOCUME~1\Jess\LOKALE~1\Temp\mwav.log
Wed Nov 17 21:25:40 2004 => Latest Date of files inside MWAV: 16 Nov 2004  22:01:05.

Wed Nov 17 21:25:40 2004 => Options Selected by User:
Wed Nov 17 21:25:40 2004 => Memory Check: Enabled
Wed Nov 17 21:25:40 2004 => Registry Check: Enabled
Wed Nov 17 21:25:40 2004 => StartUp Folder Check: Enabled
Wed Nov 17 21:25:40 2004 => System Folder Check: Enabled
Wed Nov 17 21:25:40 2004 => System Area Check: Disabled
Wed Nov 17 21:25:40 2004 => Services Check: Enabled
Wed Nov 17 21:25:40 2004 => Drive Check Option Disabled
Wed Nov 17 21:25:40 2004 => Folder Check: Disabled

Wed Nov 17 21:25:40 2004 => ***** Scanning Memory Files *****
Wed Nov 17 21:25:40 2004 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Wed Nov 17 21:25:40 2004 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Wed Nov 17 21:25:40 2004 => Scanning File C:\WINDOWS\System32\smss.exe
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\ipc.dll
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\kavss.dll
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\kavss.exe
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\kavssd.dll
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\kavssdi.dll
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\kavssi.dll
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\msvlclnt.dll
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\mwavscan.com
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\PSAPI.DLL
Wed Nov 17 21:25:41 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\RICHED32.DLL
Wed Nov 17 21:25:41 2004 => Scanning File C:\PROGRA~1\NORTON~1\apwcmdnt.dll
Wed Nov 17 21:25:41 2004 => Scanning File C:\PROGRA~1\NORTON~1\apwutil.dll
Wed Nov 17 21:25:41 2004 => Scanning File C:\PROGRA~1\NORTON~1\DefAlert.dll
Wed Nov 17 21:25:41 2004 => Scanning File C:\PROGRA~1\NORTON~1\navapw32.exe
Wed Nov 17 21:25:42 2004 => Scanning File C:\PROGRA~1\NORTON~1\NAVProxy.dll
Wed Nov 17 21:25:42 2004 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Wed Nov 17 21:25:42 2004 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~1\unrar.dll
Wed Nov 17 21:25:42 2004 => Scanning File C:\PROGRA~1\SYMNET~1\SNDMon.exe
Wed Nov 17 21:25:42 2004 => Scanning File C:\Programmer\D-Tools\daemon.exe
Wed Nov 17 21:25:42 2004 => Scanning File C:\Programmer\D-Tools\PFCTOC.DLL
Wed Nov 17 21:25:42 2004 => Scanning File C:\PROGRA~1\FLLESF~1\MICROS~1\VS7Debug\mdm.exe
Wed Nov 17 21:25:42 2004 => Scanning File C:\PROGRA~1\NORTON~1\navapsvc.exe
Wed Nov 17 21:25:42 2004 => Scanning File C:\Programmer\Symantec\LiveUpdate\LuComServerPS_2_5.DLL
Wed Nov 17 21:25:42 2004 => Scanning File C:\Programmer\Symantec\LiveUpdate\NetDetectController_2_5.DLL
Wed Nov 17 21:25:42 2004 => Scanning File C:\Programmer\Symantec\LiveUpdate\ProductRegCom_2_5.DLL
Wed Nov 17 21:25:42 2004 => Scanning File C:\WINDOWS\daemon.dll
Wed Nov 17 21:25:42 2004 => Scanning File C:\WINDOWS\Explorer.EXE
Wed Nov 17 21:25:43 2004 => Scanning File C:\WINDOWS\Lan.exe
Wed Nov 17 21:25:44 2004 => File C:\WINDOWS\Lan.exe infected by "TrojanDownloader.Win32.Delf.ch" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:25:44 2004 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Wed Nov 17 21:25:44 2004 => Scanning File C:\WINDOWS\system32\ACTIVEDS.dll
Wed Nov 17 21:25:44 2004 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Wed Nov 17 21:25:44 2004 => Scanning File C:\WINDOWS\system32\adsldpc.dll
Wed Nov 17 21:25:44 2004 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\System32\ADVPACK.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\ATL.DLL
Wed Nov 17 21:25:45 2004 => Scanning File c:\windows\system32\audiosrv.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\basesrv.dll
Wed Nov 17 21:25:45 2004 => Scanning File c:\windows\system32\browser.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\System32\BROWSEUI.dll
Wed Nov 17 21:25:45 2004 => Scanning File c:\windows\system32\certcli.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\System32\CLUSAPI.DLL
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\colbact.DLL
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\COMRes.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\comsvcs.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\credui.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Wed Nov 17 21:25:45 2004 => Scanning File c:\windows\system32\cryptsvc.dll
Wed Nov 17 21:25:45 2004 => Scanning File c:\windows\system32\CRYPTUI.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\cscdll.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\cscui.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Wed Nov 17 21:25:45 2004 => Scanning File C:\WINDOWS\system32\DHCPCSVC.DLL
Wed Nov 17 21:25:45 2004 => Scanning File c:\windows\system32\dmserver.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Wed Nov 17 21:25:46 2004 => Scanning File c:\windows\system32\dnsrslvr.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\System32\dsound.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\System32\dssenh.dll
Wed Nov 17 21:25:46 2004 => Scanning File c:\windows\system32\ersvc.dll
Wed Nov 17 21:25:46 2004 => Scanning File c:\windows\system32\es.dll
Wed Nov 17 21:25:46 2004 => Scanning File c:\windows\system32\ESENT.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\eventlog.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\GDI32.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\System32\hnetcfg.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\icmp.dll
Wed Nov 17 21:25:46 2004 => Scanning File c:\windows\system32\ICAAPI.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\inetpp.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\kerberos.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\System32\LINKINFO.dll
Wed Nov 17 21:25:46 2004 => Scanning File c:\windows\system32\lmhsvc.dll
Wed Nov 17 21:25:46 2004 => Scanning File C:\WINDOWS\system32\localspl.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\system32\midimap.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\System32\mlang.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\system32\MPR.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\system32\MPRAPI.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\system32\msacm32.drv
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\System32\MSCTF.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Wed Nov 17 21:25:47 2004 => Scanning File c:\windows\system32\msgsvc.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\System32\msi.dll
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\System32\MSIDLE.DLL
Wed Nov 17 21:25:47 2004 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Wed Nov 17 21:25:47 2004 => Scanning File c:\windows\system32\mspmspsv.dll
Wed Nov 17 21:25:48 2004 => Scanning File C:\WINDOWS\system32\msprivs.dll
Wed Nov 17 21:25:48 2004 => Scanning File C:\WINDOWS\System32\mstask.dll
Wed Nov 17 21:25:48 2004 => Scanning File c:\windows\system32\mstlsapi.dll
Wed Nov 17 21:25:48 2004 => Scanning File C:\WINDOWS\System32\msutb.dll
Wed Nov 17 21:25:48 2004 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Wed Nov 17 21:25:48 2004 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Wed Nov 17 21:25:48 2004 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Wed Nov 17 21:25:49 2004 => Scanning File C:\WINDOWS\system32\mswsock.dll
Wed Nov 17 21:25:49 2004 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL
Wed Nov 17 21:25:49 2004 => Scanning File C:\WINDOWS\System32\mtxoci.dll
Wed Nov 17 21:25:49 2004 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Wed Nov 17 21:25:49 2004 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Wed Nov 17 21:25:49 2004 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Wed Nov 17 21:25:49 2004 => Scanning File C:\WINDOWS\System32\netcfgx.dll
Wed Nov 17 21:25:50 2004 => Scanning File C:\WINDOWS\system32\netlogon.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\netman.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\NETRAP.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\System32\ntdll.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\System32\ntshrui.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\oakley.DLL
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\odbcint.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\ole32.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\System32\olepro32.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\pjlmon.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Wed Nov 17 21:25:51 2004 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\psbase.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\RASAPI32.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\System32\raschap.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\rasman.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\System32\rastls.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Wed Nov 17 21:25:52 2004 => Scanning File c:\windows\system32\regsvc.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\System32\RESUTILS.DLL
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Wed Nov 17 21:25:52 2004 => Scanning File c:\windows\system32\rpcss.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\System32\rsaenh.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\rtutils.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\scecli.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\schannel.dll
Wed Nov 17 21:25:52 2004 => Scanning File c:\windows\system32\schedsvc.dll
Wed Nov 17 21:25:52 2004 => Scanning File c:\windows\system32\seclogon.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\system32\Secur32.dll
Wed Nov 17 21:25:52 2004 => Scanning File c:\windows\system32\sens.dll
Wed Nov 17 21:25:52 2004 => Scanning File C:\WINDOWS\System32\sensapi.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\services.exe
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\sfc.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\System32\SHDOCVW.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Wed Nov 17 21:25:53 2004 => Scanning File c:\windows\system32\srsvc.dll
Wed Nov 17 21:25:53 2004 => Scanning File c:\windows\system32\srvsvc.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\System32\SSDPAPI.dll
Wed Nov 17 21:25:53 2004 => Scanning File c:\windows\system32\ssdpsrv.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\System32\sxs.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\System32\SYMREDIR.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\TAPI32.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Wed Nov 17 21:25:53 2004 => Scanning File c:\windows\system32\termsrv.dll
Wed Nov 17 21:25:53 2004 => Scanning File C:\WINDOWS\System32\themeui.dll
Wed Nov 17 21:25:53 2004 => Scanning File c:\windows\system32\trkwks.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\System32\upnp.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\urlmon.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\usbmon.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\USER32.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\USERENV.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\userinit.exe
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\System32\VDMDBG.DLL
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\VERSION.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\system32\w32time.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\System32\Wbem\esscli.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\System32\Wbem\FastProx.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Wed Nov 17 21:25:54 2004 => Scanning File c:\windows\system32\wbem\wbemcomn.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\System32\Wbem\wbemcore.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Wed Nov 17 21:25:54 2004 => Scanning File C:\WINDOWS\System32\wbem\wbemprox.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\System32\wbem\wbemsvc.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Wed Nov 17 21:25:55 2004 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\wdigest.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Wed Nov 17 21:25:55 2004 => Scanning File c:\windows\system32\webclnt.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\win32spl.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WININET.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WINMM.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\System32\winrnr.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WINSCARD.DLL
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\winsrv.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Wed Nov 17 21:25:55 2004 => Scanning File c:\windows\system32\wkssvc.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\wldap32.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WMI.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Wed Nov 17 21:25:55 2004 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\System32\wuaueng.dll
Wed Nov 17 21:25:56 2004 => Scanning File c:\windows\system32\wuauserv.dll
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\system32\WZCSvc.DLL
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\winhost.exe
Wed Nov 17 21:25:56 2004 => File C:\WINDOWS\winhost.exe infected by "TrojanDownloader.Win32.Delf.ch" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

Wed Nov 17 21:25:56 2004 => ***** Scanning Registry Files *****

Wed Nov 17 21:25:56 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Wed Nov 17 21:25:56 2004 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Wed Nov 17 21:25:56 2004 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\System32\stobject.dll

Wed Nov 17 21:25:56 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects

Wed Nov 17 21:25:56 2004 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Wed Nov 17 21:25:56 2004 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Wed Nov 17 21:25:56 2004 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\system32\ie4uinit.exe

Wed Nov 17 21:25:56 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\Lan.exe
Wed Nov 17 21:25:56 2004 => File C:\WINDOWS\Lan.exe infected by "TrojanDownloader.Win32.Delf.ch" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:25:56 2004 => Scanning File C:\WINDOWS\winhost.exe
Wed Nov 17 21:25:56 2004 => File C:\WINDOWS\winhost.exe infected by "TrojanDownloader.Win32.Delf.ch" Virus. Action Taken: No Action Taken.


Wed Nov 17 21:25:56 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Wed Nov 17 21:25:56 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Nov 17 21:25:57 2004 => Scanning File C:\Programmer\D-Tools\daemon.exe
Wed Nov 17 21:25:57 2004 => Scanning File C:\DOCUME~1\Jess\LOKALE~1\Temp\mwavscan.com
Wed Nov 17 21:25:57 2004 => Scanning File C:\PROGRA~1\NORTON~1\navapw32.exe
Wed Nov 17 21:25:57 2004 => Scanning File C:\WINDOWS\ntrn32.exe
Wed Nov 17 21:25:57 2004 => File C:\WINDOWS\ntrn32.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.


Wed Nov 17 21:25:57 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Nov 17 21:25:57 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Nov 17 21:25:57 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Nov 17 21:25:57 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Wed Nov 17 21:25:57 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Nov 17 21:25:57 2004 => Scanning File C:\PROGRA~1\SYMNET~1\SNDMon.exe

Wed Nov 17 21:25:57 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Nov 17 21:25:57 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Nov 17 21:25:57 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Nov 17 21:25:57 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Wed Nov 17 21:25:57 2004 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Nov 17 21:25:57 2004 => Scanning File C:\WINDOWS\System32\CTFMON.EXE

Wed Nov 17 21:25:57 2004 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Nov 17 21:25:57 2004 => Scanning HKCR\txtfile\shell\open\command
Wed Nov 17 21:25:57 2004 => Scanning File C:\WINDOWS\system32\NOTEPAD.EXE

Wed Nov 17 21:25:57 2004 => Scanning HKCR\comfile\shell\open\command

Wed Nov 17 21:25:57 2004 => Scanning HKCR\exefile\shell\open\command

Wed Nov 17 21:25:57 2004 => Scanning HKCR\dllfile\shell\open\command

Wed Nov 17 21:25:57 2004 => Scanning HKCR\batfile\shell\open\command

Wed Nov 17 21:25:57 2004 => Scanning HKCR\piffile\shell\open\command

Wed Nov 17 21:25:57 2004 => Scanning HKCR\scrfile\shell\open\command

Wed Nov 17 21:25:57 2004 => Scanning HKCR\scrfile\shell\config\command

Wed Nov 17 21:25:57 2004 => Scanning HKCR\regfile\shell\open\command

Wed Nov 17 21:25:57 2004 => Scanning HKCR\htmlfile\shell\open\command
Wed Nov 17 21:25:57 2004 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Wed Nov 17 21:25:57 2004 => Scanning HKCR\htafile\shell\open\command
Wed Nov 17 21:25:57 2004 => Scanning File C:\WINDOWS\System32\mshta.exe

Wed Nov 17 21:25:57 2004 => Scanning HKCR\jsfile\shell\open\command
Wed Nov 17 21:25:57 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Nov 17 21:25:57 2004 => Scanning HKCR\jsefile\shell\open\command
Wed Nov 17 21:25:57 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Nov 17 21:25:57 2004 => Scanning HKCR\vbsfile\shell\open\command
Wed Nov 17 21:25:57 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Nov 17 21:25:58 2004 => Scanning HKCR\vbefile\shell\open\command
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Nov 17 21:25:58 2004 => Scanning HKCR\wshfile\shell\open\command
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Nov 17 21:25:58 2004 => Scanning HKCR\wsffile\shell\open\command
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Nov 17 21:25:58 2004 => ***** Scanning StartUp Folders *****

Wed Nov 17 21:25:58 2004 => ***** Scanning C:\Documents and Settings\Jess\Menuen Start\Programmer\Start Folder *****
Wed Nov 17 21:25:58 2004 => Scanning Folder: C:\Documents and Settings\Jess\Menuen Start\Programmer\Start\*.*
Wed Nov 17 21:25:58 2004 => Scanning File C:\Documents and Settings\Jess\Menuen Start\Programmer\Start\desktop.ini [**]

Wed Nov 17 21:25:58 2004 => ***** Scanning C:\Documents and Settings\All Users\Menuen Start\Programmer\Start Folder *****
Wed Nov 17 21:25:58 2004 => Scanning Folder: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\*.*
Wed Nov 17 21:25:58 2004 => Scanning File C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini [**]

Wed Nov 17 21:25:58 2004 => ***** Scanning Service Files *****
Wed Nov 17 21:25:58 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:58 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\Drivers\ElbyDelay.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\drivers\es1371mp.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\system32\services.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\imapi.exe
Wed Nov 17 21:25:59 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:00 2004 => Scanning File C:\PROGRA~1\FLLESF~1\MICROS~1\VS7Debug\mdm.exe
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\System32\drivers\msmpu401.sys
Wed Nov 17 21:26:00 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\NAVAP.SYS
Wed Nov 17 21:26:00 2004 => Scanning File C:\PROGRA~1\NORTON~1\navapsvc.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\PROGRA~1\FLLESF~1\SYMANT~1\VIRUSD~1\20041112.009\NAVENG.SYS
Wed Nov 17 21:26:01 2004 => Scanning File C:\PROGRA~1\FLLESF~1\SYMANT~1\VIRUSD~1\20041112.009\NAVEX15.SYS
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nv4.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ousb2hub.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\Drivers\ousbehci.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\system32\services.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Wed Nov 17 21:26:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\locator.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Wed Nov 17 21:26:02 2004 => Scanning File C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sisagp.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sisnic.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\PROGRA~1\FLLESF~1\SYMANT~1\SNDSrvc.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Wed Nov 17 21:26:03 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Wed Nov 17 21:26:03 2004 => Scanning File C:\PROGRAMMER\SYMANTEC\SYMEVENT.SYS
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SYMREDRV.SYS
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SYMTDI.SYS
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\ups.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbohci.sys
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Nov 17 21:26:04 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe

Wed Nov 17 21:26:05 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\system32\JAVASUP.VXD

Wed Nov 17 21:26:05 2004 => ***** Scanning System32 Folders *****
Wed Nov 17 21:26:05 2004 => Scanning C:\WINDOWS Directory
Wed Nov 17 21:26:05 2004 => Scanning Folder: C:\WINDOWS\*.*
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\0.log [**]
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\1310.exe [**]
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\3256.exe [**]
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\3275.exe [**]
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\apivi32.exe
Wed Nov 17 21:26:05 2004 => File C:\WINDOWS\apivi32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\aryha.log [**]
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\atleh.exe
Wed Nov 17 21:26:05 2004 => File C:\WINDOWS\atleh.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\Blå silke 16.bmp [**]
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\bootstat.dat [**]
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\clock.avi [**]
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\comsetup.log [**]
Wed Nov 17 21:26:05 2004 => Scanning File C:\WINDOWS\control.ini [**]
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\d3oj.exe
Wed Nov 17 21:26:06 2004 => File C:\WINDOWS\d3oj.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\d3yl32.exe
Wed Nov 17 21:26:06 2004 => File C:\WINDOWS\d3yl32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\daemon.dll
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\dculw.txt [**]
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\desktop.ini [**]
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\Directx.log [**]
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\Downloaded
Wed Nov 17 21:26:06 2004 => File C:\WINDOWS\Downloaded infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\DtcInstall.log [**]
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\eReg.dat [**]
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\explorer.exe
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\explorer.scf [**]
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\FaxSetup.log [**]
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\Fjerstruktur.bmp [**]
Wed Nov 17 21:26:06 2004 => Scanning File C:\WINDOWS\Floden Sumida.bmp [**]
Wed Nov 17 21:26:07 2004 => Scanning File C:\WINDOWS\graau.log [**]
Wed Nov 17 21:26:07 2004 => Scanning File C:\WINDOWS\Grønne sten.bmp [**]
Wed Nov 17 21:26:07 2004 => Scanning File C:\WINDOWS\hh.exe
Wed Nov 17 21:26:07 2004 => Scanning File C:\WINDOWS\hosts [**]
Wed Nov 17 21:26:07 2004 => Scanning File C:\WINDOWS\iis6.log [**]
Wed Nov 17 21:26:07 2004 => Scanning File C:\WINDOWS\imsins.log [**]
Wed Nov 17 21:26:07 2004 => Scanning File C:\WINDOWS\ipnc.exe
Wed Nov 17 21:26:07 2004 => File C:\WINDOWS\ipnc.exe infected by "TrojanDownloader.Win32.Agent.cd" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:07 2004 => Scanning File C:\WINDOWS\IsUninst.exe
Wed Nov 17 21:26:07 2004 => Scanning File C:\WINDOWS\iupsm.log [**]
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\jautoexp.dat [**]
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\javavh32.exe
Wed Nov 17 21:26:08 2004 => File C:\WINDOWS\javavh32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\Kaffebønne.bmp [**]
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\Lan.exe
Wed Nov 17 21:26:08 2004 => File C:\WINDOWS\Lan.exe infected by "TrojanDownloader.Win32.Delf.ch" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\ljtsx.dll
Wed Nov 17 21:26:08 2004 => File C:\WINDOWS\ljtsx.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\LUINSTALL.LOG [**]
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\msdfmap.ini [**]
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\msgsocm.log [**]
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\msmqinst.log [**]
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\msxmidi.exe.js [**]
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\netkr.dll
Wed Nov 17 21:26:08 2004 => File C:\WINDOWS\netkr.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\nsw.log [**]
Wed Nov 17 21:26:08 2004 => Scanning File C:\WINDOWS\ntdtcsetup.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\ntrn32.dll
Wed Nov 17 21:26:09 2004 => File C:\WINDOWS\ntrn32.dll infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\ntrn32.exe
Wed Nov 17 21:26:09 2004 => File C:\WINDOWS\ntrn32.exe infected by "TrojanDownloader.Win32.Agent.bc" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\nyqhh.dll
Wed Nov 17 21:26:09 2004 => File C:\WINDOWS\nyqhh.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\ocgen.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\ocmsn.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\ODBC.INI [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\ODBCINST.INI [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\OEWABLog.txt [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\okqdo.dll
Wed Nov 17 21:26:09 2004 => File C:\WINDOWS\okqdo.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\Prærievind.bmp [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\På fisketur.bmp [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\regedit.exe
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\regopt.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\Rhododendron.bmp [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\rldsq.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\Santa Fe Stucco.bmp [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\SchedLgU.Txt [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\sessmgr.setup.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\setdebug.exe
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\setupact.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\setupapi.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\setuperr.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\setuplog.txt [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\SYMEVENT.LOG [**]
Wed Nov 17 21:26:09 2004 => Scanning File C:\WINDOWS\sysjc32.dll
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\system.ini [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\Sæbebobler.bmp [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\TASKMAN.EXE
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\TLCAPPS.INI [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\tmhyo.txt [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\tsoc.log [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\twain.dll
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\twain_32.dll
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\twgnb.dll
Wed Nov 17 21:26:10 2004 => File C:\WINDOWS\twgnb.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\twunk_16.exe
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\twunk_32.exe
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\txzty.log [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\uninst.exe
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\unvise.exe
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\unvise32.exe
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\vb.ini [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\vbaddin.ini [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\vimah.txt [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\vminst.log [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\vmmreg32.dll
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\wiadebug.log [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\wiaservc.log [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\win.ini [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\Windows Update.log [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\WindowsShell.Manifest [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\winhelp.exe
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\winhlp32.exe
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\winhost.exe
Wed Nov 17 21:26:10 2004 => File C:\WINDOWS\winhost.exe infected by "TrojanDownloader.Win32.Delf.ch" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\winnt.bmp [**]
Wed Nov 17 21:26:10 2004 => Scanning File C:\WINDOWS\winnt256.bmp [**]
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\winok32.exe
Wed Nov 17 21:26:11 2004 => File C:\WINDOWS\winok32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\winri32.exe
Wed Nov 17 21:26:11 2004 => File C:\WINDOWS\winri32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\wmprfDAN.prx [**]
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\WMSysPrx.prx [**]
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\wqjcn.dll
Wed Nov 17 21:26:11 2004 => File C:\WINDOWS\wqjcn.dll infected by "TrojanDownloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\xsmiq.log [**]
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\zaebalinah.exe
Wed Nov 17 21:26:11 2004 => File C:\WINDOWS\zaebalinah.exe infected by "TrojanDownloader.Win32.Apher.gen" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\Zapotec.bmp [**]
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\_default.pif [**]
Wed Nov 17 21:26:11 2004 => Scanning C:\WINDOWS\System32 Directory
Wed Nov 17 21:26:11 2004 => Scanning Folder: C:\WINDOWS\System32\*.*
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\System32\$winnt$.inf [**]
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\System32\12520437.cpx [**]
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\System32\12520850.cpx [**]
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\System32\6to4svc.dll
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\System32\aaaamon.dll
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\System32\access.cpl
Wed Nov 17 21:26:11 2004 => Scanning File C:\WINDOWS\System32\acctres.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\accwiz.exe
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\acelpdec.ax
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\acledit.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\aclui.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\activeds.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\activeds.tlb
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\actmovie.exe
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\addya32.exe
Wed Nov 17 21:26:12 2004 => File C:\WINDOWS\System32\addya32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\admparse.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\adptif.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\adsldp.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\adsldpc.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\adsmsext.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\adsnds.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\adsnt.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\adsnw.dll
Wed Nov 17 21:26:12 2004 => Scanning File C:\WINDOWS\System32\advapi32.dll
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\advpack.dll
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\ahui.exe
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\alrsvc.dll
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\amcompat.tlb [**]
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\amstream.dll
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\ansi.sys [**]
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\apcups.dll
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\append.exe
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\apphelp.dll
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\appmgmts.dll
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\appmgr.dll
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\appmw32.exe
Wed Nov 17 21:26:13 2004 => File C:\WINDOWS\System32\appmw32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Wed Nov 17 21:26:13 2004 => Scanning File C:\WINDOWS\System32\arp.exe
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\asctrls.ocx
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\asferror.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\asfsipc.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\asr_fmt.exe
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\asr_ldm.exe
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\asycfilt.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\at.exe
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\ATHPRXY.DLL
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\atkctrs.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\atl.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\atmadm.exe
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\atmfd.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\atmlib.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\atmpvcno.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\atrace.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\attrib.exe
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\audiosrv.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\authz.dll
Wed Nov 17 21:26:14 2004 => Scanning File C:\WINDOWS\System32\autochk.exe
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\autoconv.exe
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\autodisc.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\AUTOEXEC.NT [**]
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\autofmt.exe
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\autolfn.exe
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\avicap.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\avicap32.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\avifil32.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\avifile.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\avmeter.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\avtapi.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\avwav.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\basesrv.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\batmeter.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\batt.dll
Wed Nov 17 21:26:15 2004 => Scanning File C:\WINDOWS\System32\bidispl.dll
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\bios1.rom [**]
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\bios4.rom [**]
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\bksjw.txt [**]
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\blackbox.dll
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\bootcfg.exe
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\bootok.exe
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\bootvid.dll
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\bootvrfy.exe
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\bopomofo.uce [**]
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\browselc.dll
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\browser.dll
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\browsewm.dll
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\cabinet.dll
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\cabview.dll
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\cacls.exe
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\calc.exe
Wed Nov 17 21:26:16 2004 => Scanning File C:\WINDOWS\System32\camocx.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\capesnpn.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\capicom.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\cards.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\catsrv.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\catsrvps.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\catsrvut.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\ccfgnt.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\cdfrf.log [**]
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\cdfview.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\cdm.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\cdmodem.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\cdosys.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\cdplayer.exe.manifest [**]
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\certcli.dll
Wed Nov 17 21:26:17 2004 => Scanning File C:\WINDOWS\System32\certmgr.dll
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\certmgr.msc [**]
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\cewmdm.dll
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\cfgbkend.dll
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\cfgmgr32.dll
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\charmap.exe
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\chcp.com
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\chkdsk.exe
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\chkntfs.exe
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\ciadmin.dll
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\ciadv.msc [**]
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\cic.dll
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\cidaemon.exe
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\ciodm.dll
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\cipher.exe
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\ckcnv.exe
Wed Nov 17 21:26:18 2004 => Scanning File C:\WINDOWS\System32\clb.dll
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\clbcatex.dll
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\clbcatq.dll
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\cleanmgr.exe
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\cliconf.chm [**]
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\cliconfg.dll
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\cliconfg.exe
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\cliconfg.rll
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\clipbrd.exe
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\clipsrv.exe
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\clspack.exe
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\clusapi.dll
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\cmcfg32.dll
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\cmd.exe
Wed Nov 17 21:26:19 2004 => Scanning File C:\WINDOWS\System32\cmdial32.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmdl32.exe
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmdlib.wsc [**]
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmgln.txt [**]
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmmgr32.hlp [**]
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmmon32.exe
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmos.ram [**]
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmpbk32.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmprops.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmstp.exe
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cmutil.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cnbjmon.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cnetcfg.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\cnvfat.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\colbact.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\comaddin.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\comcat.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\comctl32.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\comdlg32.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\comm.drv
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\command.com [**]
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\commdlg.dll
Wed Nov 17 21:26:20 2004 => Scanning File C:\WINDOWS\System32\comp.exe
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\compact.exe
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\compatUI.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\compmgmt.msc [**]
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\compobj.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\compstui.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\comrepl.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\comres.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\comsnap.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\comsvcs.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\comuid.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\CONFIG.NT [**]
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\confmsp.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\conime.exe
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\console.dll
Wed Nov 17 21:26:21 2004 => Scanning File C:\WINDOWS\System32\control.exe
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\convert.exe
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\corpol.dll
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\country.sys [**]
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\credui.dll
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\crtdll.dll
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\crypt32.dll
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\cryptdlg.dll
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\cryptdll.dll
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\cryptext.dll
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\cryptnet.dll
Wed Nov 17 21:26:22 2004 => Scanning File C:\WINDOWS\System32\cryptsvc.dll
Wed Nov 17 21:26:22 2004 => Scanning

Undskyld... min fejl.
Det var det forkerte link du fik. Her er det rigtige link: http://www.spywareinfo.dk/download/mwav.exe
Den skal nok gøre noget ved de vira.

Hej tonnybrandt
Nu køre det bare :-)
Kan du ligge st svar så du kan få dine fortjente point.

mvh
Jess

Det lyder godt, og svaret kommer her.

Vil du ikke lige have en ny HiJackThis log kontrolleret, så vi er sikker på at der ikke er nogle rester et eller andet sted ?

Her er en ny log.

Den der engangsskanner fra Kaspersky, duer den kun en gang??, den er ellers effiktiv.

Logfile of HijackThis v1.98.2
Scan saved at 17:05:39, on 21-11-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\D-Tools\daemon.exe
C:\PROGRA~1\NORTON~1\Navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Jess\Skrivebord\HijackThis.exe

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\Navapw32.exe

Den er pinligt ren.

Du bør få den opdateret med servicepacks på både styresystem og internet explorer med det samme. De kan hentes her:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-----------------

Hent en nyere version af HiJackThis her:
http://www.spywarefri.dk/vaerktoj.htm
og brug den efterfølgende.

Gå i Start -> Kør og skriv services.msc

Find den serivce der hedder Network Security Service - dobbeltklik på den og vælg "Stop". I samme vindue står der "Sti til eksekverbar fil" - skriv navn og sti ned, den skal slettes om lidt. I samme vindue skal du ændre Starttype til "deaktiveret".

-----------------
Højreklik bundlinien, vælg jobliste, vælg fanebladet Processer, find og højreklik på processerne og vælg "Afslut process"

c:\windows\d3hf.exe

(hvis den er der)

-----------------

Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tbmau.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\services\wmplayer.exe
O2 - BHO: (no name) - {1168F197-9125-6D52-2D9D-CBCE51B1F230} - C:\WINDOWS\mszl32.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [goojsepvwp] C:\WINDOWS\System32\hpdzpa.exe
O4 - HKLM\..\Run: [sais] c:\programmer\180solutions\sais.exe
O4 - HKLM\..\Run: [winht32.exe] C:\WINDOWS\system32\winht32.exe
O9 - Extra button: SideFind (HKLM)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://www.advnt01.com/dialer/emsat_ver3.CAB
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {AD688740-5246-40C3-AF27-090006046834} - http://www.xpehbam.biz/5/load.exe
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.gabs.dk/diginet/XUpload.ocx

-----------------

Genstart i Fejlsikret tilstand (ved at taste F8 under opstart).

Find og slet følgende (du har muligvis ikke alle):

c:\windows\d3hf.exe
C:\WINDOWS\tbmau.dll
C:\WINDOWS\mszl32.dll
C:\WINDOWS\System32\mmrtkrnl.exe
C:\WINDOWS\System32\hpdzpa.exe
C:\WINDOWS\system32\winht32.exe

c:\programmer\180solutions <-- Hele mappen 180solutions

Åben Notepad/notesblokken, Kopier teksten i fed skrift (startende med REGEDIT4) ind i en tekstfil - gem filen på Skrivebordet som "Rens.reg" (i filtype skal du vælge Alle filer inden du trykker Gem). Find filen Rens.reg på skrivebordet og dobbeltklik på den - svar ja til at flette den ind i registreringsdatabasen.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\__NS_Service_3]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

-----------------

Hent control.exe her:
http://www.spywareinfo.com/~merijn/files/windows/control_xpsp1.zip
...pak den ud og læg den her: C:\WINDOWS\System32

-----------------

Infektionen ødelægger også din hosts-fil. Du kan lave en ny, ved at kopiere indholdet fra denne adresse:

http://www.mvps.org/winhelp2002/hosts.htm

...ind i din hosts-fil, der ligger her

C:\Windows\System32\Drivers\etc

-----------------

Genstart i Normal tilstand, kør HijackThis, scan og læg en frisk log herind.

Når loggen er erklæret ren skal du opdatere dit styresystem og Internet explorer med minimum Servicepack 1, som kan hentes her:
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold

Takker for point :)

Hej Tonnybrandt

1. den serivce der hedder Network Security Service kan jeg ikke finde ??

2. Den fil der hedder hosts jeg har hentet, skal den bare kopiers og overskrive den der er der, eller skal jeg åbne den med noteblok og kopier teksten over i min egen. min hosts er helt blank og fylder 1kb.
hvis jeg kun skal kopier teksten i hosts hvorfra starter jeg så, helt fra "# This MVPS HOSTS file is a free..... eller længere nede ??

3. control.exe lader til at være på tysk, er det et problem "Configuratiescherm voor Windows"

Undskyld, undskyld, undskyld......Det er pinligt.

Den procedure, var ikke til dig. Der skulle blot have været et link til sdu hvor du kunne hente servicepack's.

Dette link:
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold

Det er vist gået for stærkt...

Så du skal ikke udføre noget af det, bortset fra at opdatere din xp og IE med servicepack's.

ok :-) og tak for hjælpen.
Den der engangsskanner fra Kaspersky, duer den kun en gang? og hvis ja, er der så en der er ligeså god du kan anbefale.

Ja, den er beregnet som en engangsscanner, og mangler f.eks resident bekyttelse som rigtige virusscannere har.

Her kan du se dem vi anbefaler:
http://www.spywarefri.dk/pakken.htm
Og skal den være gratis, betyder det så Avast.