[Løst]AVG Varsler virus! XP + Vista filer!

[HLSolbjorg]

Da får jeg plage dere litt på søndagen igjen da ^^

 

XP

 

MBAM

 

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1437

Windows 5.1.2600 Service Pack 3

 

30.11.2008 14:42:07

mbam-log-2008-11-30 (14-42-07).txt

 

Skanntype: Rask Skann

Objekter skannet: 47904

Tid tilbakelagt: 3 minute(s), 33 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 1

Registernøkler infisert: 5

Registerverdier infisert: 0

Registerfiler infisert: 6

Mapper infisert: 1

Filer infisert: 40

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

E:\WINDOWS\system32\oqwhnjy.dll (Trojan.FakeAlert) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati8rhxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati8rhxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati8rhxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d3717d91-3cfa-46cd-8a55-3942bce735be}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.121;85.255.112.76 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d3717d91-3cfa-46cd-8a55-3942bce735be}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.121;85.255.112.76 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d3717d91-3cfa-46cd-8a55-3942bce735be}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.121;85.255.112.76 -> Quarantined and deleted successfully.

 

Mapper infisert:

E:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Filer infisert:

E:\WINDOWS\system32\winhlp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\oqwhnjy.dll (Trojan.FakeAlert) -> Delete on reboot.

E:\WINDOWS\system32\TDSSoexh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\drivers\ati8rhxx.sys (Rootkit.Agent) -> Delete on reboot.

E:\Documents and Settings\Administrator\Local Settings\Temp\BN4E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temp\573.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3GCE7KPU\aasuper1[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3GCE7KPU\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3GCE7KPU\czvsjkk[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3GCE7KPU\czvsjkk[2].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3GCE7KPU\xeeob[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3GCE7KPU\xeeob[2].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4AYNLP7C\eyeessftq[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4AYNLP7C\eyeessftq[2].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4AYNLP7C\tpmmnnbo[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4AYNLP7C\tpmmnnbo[2].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DM7Y042F\aasuper1[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DM7Y042F\aasuper3[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XN3X1D1G\jdwtth[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XN3X1D1G\jdwtth[2].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XN3X1D1G\loaderadv563[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XN3X1D1G\aasuper2[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XN3X1D1G\ovrfpgtdd[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XN3X1D1G\ovrfpgtdd[2].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.

E:\WINDOWS\Temp\BN56.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

E:\WINDOWS\Temp\BN58.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

E:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.

E:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temp\TDSS22e0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temp\TDSS22ef.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temp\TDSSe365.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

E:\Documents and Settings\Administrator\Local Settings\Temp\TDSSe374.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

E:\WINDOWS\Temp\TDSS5c4f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

E:\WINDOWS\Temp\TDSS60f2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

E:\WINDOWS\Temp\tempo-0CB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

E:\WINDOWS\Temp\tempo-B6F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\TDSSoiqt.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\rs32net.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

 

 

 

 

ComboFix

 

 

ComboFix 08-11-29.03 - Administrator 2008-11-30 14:51:38.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2950 [GMT 1:00]

Running from: e:\documents and settings\Administrator\Desktop\ComboFix.exe

.

ADS - svchost.exe: deleted 25600 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

D:\Autorun.inf

D:\resycled

d:\resycled\boot.com

E:\Autorun.inf

e:\windows\system32\drivers\ati8rhxx.sys

e:\windows\system32\oqwhnjy.dll

e:\windows\system32\TDSSosvd.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ATI8RHXX

-------\Legacy_TDSSSERV.SYS

-------\Service_ati8rhxx

-------\Service_ICF

-------\Service_restore

-------\Service_TDSSserv.sys

 

 

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))

.

 

2008-11-30 14:54 . 2008-11-30 14:54 <DIR> d-------- e:\windows\system32\xircom

2008-11-30 14:54 . 2008-11-30 14:54 <DIR> d-------- e:\windows\system32\oobe

2008-11-30 14:54 . 2008-11-30 14:54 <DIR> d-------- e:\windows\srchasst

2008-11-30 14:54 . 2008-11-30 14:54 <DIR> d-------- e:\program files\microsoft frontpage

2008-11-30 14:40 . 2008-11-30 14:40 <DIR> d--hs---- e:\windows\system32\config\systemprofile\PrivacIE

2008-11-30 14:38 . 2008-11-30 14:38 <DIR> d-------- e:\program files\Trend Micro

2008-11-30 14:36 . 2008-11-30 14:36 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware

2008-11-30 14:36 . 2008-11-30 14:36 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-30 14:36 . 2008-11-30 14:36 <DIR> d-------- e:\documents and settings\Administrator\Application Data\Malwarebytes

2008-11-30 14:36 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys

2008-11-30 14:36 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys

2008-11-30 13:58 . 2008-11-30 13:58 27,904 --a------ e:\windows\system32\drivers\ndisprot.sys

2008-11-30 13:52 . 2008-11-30 13:52 <DIR> d-------- e:\program files\LcdStudio

2008-11-30 13:47 . 2008-11-30 13:47 <DIR> d-------- e:\program files\SpeedFan

2008-11-30 13:47 . 2008-11-30 13:47 45 --a------ e:\windows\system32\initdebug.nfo

2008-11-30 00:27 . 2008-11-30 00:27 <DIR> d-------- e:\program files\Rockstar Games

2008-11-29 23:43 . 2008-11-29 23:43 <DIR> d-------- e:\program files\Winamp

2008-11-29 23:43 . 2008-11-29 23:45 <DIR> d-------- e:\documents and settings\Administrator\Application Data\Winamp

2008-11-29 15:58 . 2008-11-29 15:58 <DIR> d-------- e:\documents and settings\All Users\Application Data\Messenger Plus!

2008-11-29 15:51 . 2008-11-29 15:51 <DIR> d-------- e:\program files\Messenger Plus! Live

2008-11-26 19:13 . 2008-11-26 19:13 5,760,054 --a------ e:\windows\AW_XenoMorph1600.bmp

2008-11-23 14:06 . 2008-11-30 14:00 <DIR> d--h----- E:\$AVG8.VAULT$

2008-11-16 13:34 . 2008-11-16 13:34 <DIR> d-------- e:\program files\Echovoice

2008-11-16 12:02 . 2008-11-16 12:02 <DIR> d-------- e:\program files\Microsoft Works

2008-11-16 12:02 . 2006-10-26 19:56 32,592 --a------ e:\windows\system32\msonpmon.dll

2008-11-16 12:01 . 2008-11-16 12:01 <DIR> d-------- e:\program files\Microsoft.NET

2008-11-16 11:59 . 2008-11-16 11:59 <DIR> dr-h----- E:\MSOCache

2008-11-11 15:06 . 2008-11-11 15:07 <DIR> d-------- e:\windows\SHELLNEW

2008-11-11 15:05 . 2008-11-16 12:02 <DIR> d-------- e:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-11 14:59 . 2008-11-11 14:59 <DIR> d-------- e:\program files\Alcohol Soft

2008-11-11 14:57 . 2008-04-14 04:42 16,384 --a------ e:\windows\system32\ipsink.ax

2008-11-11 14:57 . 2008-04-13 23:16 15,232 --a------ e:\windows\system32\drivers\StreamIP.sys

2008-11-11 14:57 . 2008-04-13 23:16 11,136 --a------ e:\windows\system32\drivers\SLIP.sys

2008-11-11 14:57 . 2008-04-13 23:16 10,880 --a------ e:\windows\system32\drivers\NdisIP.sys

2008-11-11 14:57 . 2008-04-13 23:09 5,504 --a------ e:\windows\system32\drivers\MSTEE.sys

2008-11-11 14:56 . 2008-04-13 23:16 121,984 --a------ e:\windows\system32\drivers\usbvideo.sys

2008-11-11 14:56 . 2008-04-14 04:42 91,136 --a------ e:\windows\system32\kswdmcap.ax

2008-11-11 14:56 . 2008-04-13 23:16 85,248 --a------ e:\windows\system32\drivers\NABTSFEC.sys

2008-11-11 14:56 . 2008-04-14 04:42 61,952 --a------ e:\windows\system32\kstvtune.ax

2008-11-11 14:56 . 2008-04-14 04:42 53,760 --a------ e:\windows\system32\vfwwdm32.dll

2008-11-11 14:56 . 2008-04-14 04:42 43,008 --a------ e:\windows\system32\ksxbar.ax

2008-11-11 14:56 . 2008-04-14 04:42 28,672 --a------ e:\windows\system32\vidcap.ax

2008-11-11 14:56 . 2008-04-14 04:42 20,992 --a------ e:\windows\system32\dshowext.ax

2008-11-11 14:56 . 2008-04-13 23:16 19,200 --a------ e:\windows\system32\drivers\WSTCODEC.SYS

2008-11-11 14:56 . 2008-04-13 23:16 17,024 --a------ e:\windows\system32\drivers\CCDECODE.sys

2008-11-11 14:54 . 2008-11-12 07:43 <DIR> d-a------ e:\documents and settings\All Users\Application Data\TEMP

2008-11-11 14:54 . 2008-11-11 14:54 <DIR> d-------- e:\documents and settings\Administrator\Application Data\Sony

2008-11-11 14:54 . 2008-11-11 14:54 <DIR> d-------- e:\documents and settings\Administrator\Application Data\Publish Providers

2008-11-11 14:52 . 2008-11-11 14:52 <DIR> d-------- e:\program files\Sony

2008-11-11 14:52 . 2008-11-11 14:52 <DIR> d-------- e:\documents and settings\All Users\Application Data\Sony

2008-11-11 14:51 . 2008-11-11 14:51 <DIR> d-------- e:\program files\Sony Setup

2008-11-05 21:23 . 2008-04-14 04:42 159,232 --a------ e:\windows\system32\ptpusd.dll

2008-11-05 21:23 . 2008-04-13 23:15 15,104 --a------ e:\windows\system32\drivers\usbscan.sys

2008-11-05 21:23 . 2001-08-17 21:36 5,632 --a------ e:\windows\system32\ptpusb.dll

2008-11-05 19:09 . 2008-11-05 19:09 <DIR> d-------- e:\windows\Sun

2008-11-05 19:09 . 2008-11-16 16:39 30 --a------ e:\documents and settings\Administrator\jagex_runescape_preferences.dat

2008-11-05 19:03 . 2008-11-17 14:25 <DIR> d-------- e:\program files\mIRC

2008-11-05 19:03 . 2008-11-05 19:03 <DIR> d-------- e:\documents and settings\Administrator\Application Data\mIRC

2008-11-03 18:05 . 2008-11-03 18:05 <DIR> d--h----- e:\documents and settings\All Users\Application Data\CanonBJ

2008-11-03 18:05 . 2006-05-01 12:00 161,792 --a------ e:\windows\system32\CNMLM86.DLL

2008-11-03 18:01 . 2008-04-13 23:17 25,856 --a------ e:\windows\system32\drivers\usbprint.sys

2008-11-01 23:06 . 2008-11-01 23:06 <DIR> d--hs---- e:\documents and settings\Administrator\PrivacIE

2008-11-01 22:40 . 2008-11-01 22:40 <DIR> d-------- e:\program files\Java

2008-11-01 22:40 . 2008-11-01 22:40 410,976 --a------ e:\windows\system32\deploytk.dll

2008-11-01 22:40 . 2008-11-01 22:40 73,728 --a------ e:\windows\system32\javacpl.cpl

2008-11-01 22:25 . 2008-11-16 17:01 <DIR> d-------- e:\program files\SwiftKit

2008-11-01 22:25 . 2008-11-01 22:25 <DIR> d-------- e:\documents and settings\All Users\Application Data\SwiftKit

2008-11-01 22:20 . 2008-11-01 22:21 <DIR> d-------- e:\program files\MediaMonkey

2008-11-01 22:15 . 2008-11-01 22:15 <DIR> d-------- e:\documents and settings\Administrator\Contacts

2008-11-01 22:09 . 2008-11-01 22:14 <DIR> d--hsc--- e:\program files\Common Files\WindowsLiveInstaller

2008-11-01 22:08 . 2008-11-01 22:14 <DIR> d-------- e:\program files\Windows Live

2008-11-01 22:08 . 2008-11-01 22:08 <DIR> d-------- e:\documents and settings\All Users\Application Data\WLInstaller

2008-11-01 11:39 . 2008-10-07 13:33 201,157 --a------ e:\windows\system32\nvapps.nvb

2008-10-27 07:27 . 2008-10-27 07:27 <DIR> d-------- e:\program files\BF2G15Mod

2008-10-25 17:43 . 2008-10-25 17:44 <DIR> d-------- e:\program files\Warsow

2008-10-25 17:43 . 2008-10-25 17:43 <DIR> d-------- e:\documents and settings\Administrator\Application Data\Warsow

2008-10-20 19:28 . 2008-10-20 19:28 <DIR> d-------- e:\program files\MySQL

2008-10-20 19:17 . 2008-10-20 19:35 <DIR> d-------- e:\program files\CoD4 RCON Commander Pro

2008-10-20 19:17 . 2008-10-20 19:17 167,254 --a------ e:\windows\CoD4 RCON Commander Pro Uninstaller.exe

2008-10-17 20:33 . 2008-10-17 23:18 <DIR> d-------- e:\program files\DC++

2008-10-17 20:13 . 2008-10-17 20:13 <DIR> d-------- e:\program files\Sierra Entertainment

2008-10-17 20:13 . 2008-10-17 20:13 <DIR> d-------- e:\documents and settings\Administrator\Application Data\InstallShield

2008-10-17 14:39 . 2008-10-17 14:39 <DIR> d-------- e:\program files\Hamachi

2008-10-17 14:39 . 2008-11-24 21:04 <DIR> d-------- e:\documents and settings\Administrator\Application Data\Hamachi

2008-10-17 14:39 . 2008-10-17 14:39 25,280 --a------ e:\windows\system32\drivers\hamachi.sys

2008-10-17 14:30 . 2008-10-23 18:17 <DIR> d-------- e:\program files\Teamspeak2_RC2

2008-10-17 14:30 . 2008-10-17 14:31 <DIR> d-------- e:\documents and settings\Administrator\Application Data\teamspeak2

2008-10-17 14:30 . 2008-10-17 14:30 34,064 --a------ e:\windows\system32\lhacm.acm

2008-10-17 14:29 . 2008-10-17 14:29 8 --a------ e:\windows\system32\nvModes.dat

2008-10-17 14:28 . 2008-10-17 14:28 <DIR> d-------- e:\documents and settings\All Users\Application Data\nView_Profiles

2008-10-12 15:36 . 2008-10-12 15:36 3,932,214 --a------ e:\windows\AW_XenoMorph1280.bmp

2008-10-12 15:35 . 2008-11-30 14:54 <DIR> d-------- e:\program files\AlienGUIse

2008-10-12 15:35 . 2003-02-26 22:27 36,864 --a------ e:\windows\system32\wbsys.dll

2008-10-12 13:07 . 2008-10-12 13:07 <DIR> d-------- e:\documents and settings\All Users\Application Data\hps

2008-10-12 12:52 . 2008-10-12 12:52 <DIR> d-------- e:\program files\CeWe Color

2008-10-12 10:17 . 2006-11-29 13:06 3,426,072 --a------ e:\windows\system32\d3dx9_32.dll

2008-10-11 20:20 . 2008-10-11 20:20 <DIR> d-------- e:\program files\MSBuild

2008-10-11 20:15 . 2008-10-11 20:15 <DIR> d-------- e:\windows\SxsCaPendDel

2008-10-10 12:31 . 2008-10-10 12:31 <DIR> d--hs---- E:\$RECYCLE.BIN

2008-10-08 19:37 . 2008-10-08 19:37 319 --a------ e:\windows\game.ini

2008-10-08 19:28 . 2008-10-08 19:28 <DIR> d--hs---- e:\windows\ftpcache

2008-10-08 19:28 . 2008-10-08 19:28 <DIR> d-------- e:\program files\Activision

2008-10-08 17:25 . 2008-10-08 17:34 <DIR> d-------- e:\documents and settings\Administrator\Application Data\Ventrilo

2008-10-08 17:24 . 2008-10-08 17:24 <DIR> d-------- e:\program files\Ventrilo

2008-10-08 14:48 . 2008-10-08 14:48 778,240 --a------ e:\windows\SkinCrafter2.dll

2008-10-07 14:33 . 2008-10-07 14:33 <DIR> d--h-c--- e:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

2008-10-07 14:27 . 2008-10-07 14:27 <DIR> d-------- E:\ProgramData

2008-10-07 14:25 . 2008-10-09 17:55 107,888 --a------ e:\windows\system32\CmdLineExt.dll

2008-10-07 14:25 . 2008-10-07 14:25 5,958 --a------ e:\windows\system32\ealregsnapshot1.reg

2008-10-06 16:13 . 2008-10-06 16:13 <DIR> d-------- e:\documents and settings\Administrator\Application Data\TortoiseSVN

2008-10-06 16:13 . 2008-10-06 16:13 <DIR> d-------- e:\documents and settings\Administrator\Application Data\Subversion

2008-10-06 16:12 . 2008-10-06 16:12 <DIR> d-------- e:\program files\TortoiseSVN

2008-10-06 16:12 . 2008-10-06 16:12 <DIR> d-------- e:\program files\Common Files\TortoiseOverlays

2008-10-06 13:57 . 2008-11-29 16:40 <DIR> d-------- e:\program files\Steam

2008-10-06 13:49 . 2008-10-11 20:32 <DIR> d-------- e:\windows\system32\XPSViewer

2008-10-06 13:49 . 2008-10-06 13:49 <DIR> d-------- e:\program files\Reference Assemblies

2008-10-06 13:49 . 2006-06-29 12:07 14,048 --------- e:\windows\system32\spmsg2.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-30 12:54 --------- d-----w e:\documents and settings\Administrator\Application Data\uTorrent

2008-11-30 10:18 140,216 ----a-w e:\windows\system32\drivers\PnkBstrK.sys

2008-11-29 17:21 --------- d-----w e:\program files\Mozilla Thunderbird

2008-11-16 17:26 --------- d-----w e:\program files\ESET

2008-10-17 19:13 --------- d--h--w e:\program files\InstallShield Installation Information

2008-10-11 18:58 --------- d-----w e:\program files\Electronic Arts

2008-10-11 15:32 --------- d-----w e:\program files\EA GAMES

2008-10-08 18:38 22,328 ----a-w e:\documents and settings\Administrator\Application Data\PnkBstrK.sys

2008-10-08 16:23 --------- d-----w e:\program files\Common Files\Wise Installation Wizard

2008-10-07 13:25 --------- d-----w e:\program files\Common Files\InstallShield

2008-10-07 12:33 6,133,856 ----a-w e:\windows\system32\drivers\nv4_mini.sys

2008-10-05 18:54 --------- d-----w e:\program files\SteelSeries USB Soundcard

2008-10-05 17:46 --------- d-----w e:\program files\AGEIA Technologies

2008-10-05 17:40 --------- d-----w e:\program files\Cobian Backup 9

2008-10-05 17:38 315,392 ----a-w e:\windows\HideWin.exe

2008-10-05 17:38 --------- d-----w e:\program files\Realtek

2008-10-05 17:36 --------- d-----w e:\program files\Intel

2008-10-05 17:34 --------- d-----w e:\program files\uTorrent

2008-10-05 17:32 --------- d-----w e:\program files\Common Files\Thraex Software

2008-10-05 17:29 --------- d-----w e:\program files\Opera

2008-10-05 17:18 --------- d-----w e:\program files\DAEMON Tools Lite

2008-10-05 17:13 717,296 ----a-w e:\windows\system32\drivers\sptd.sys

2008-10-05 17:13 --------- d-----w e:\documents and settings\All Users\Application Data\ESET

2008-10-05 17:13 --------- d-----w e:\documents and settings\Administrator\Application Data\ESET

2008-10-05 17:13 --------- d-----w e:\documents and settings\Administrator\Application Data\DAEMON Tools

2008-10-05 17:01 --------- d-----w e:\program files\GameSpy

2008-10-05 17:01 --------- d-----w e:\documents and settings\Administrator\Application Data\Thunderbird

2008-10-05 16:59 --------- d-----w e:\program files\Logitech

2008-10-05 16:59 --------- d-----w e:\documents and settings\All Users\Application Data\Logitech

2008-05-05 20:14 34,048 ----a-w e:\program files\opera\program\plugins\upd62i9x.dll

2008-05-05 20:14 45,056 ----a-w e:\program files\opera\program\plugins\upd62int.dll

.

 

------- Sigcheck -------

 

2008-05-06 13:00 361344 accf5a9a1ffaa490f33dba1c632b95e1 e:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 --a------ e:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 --a------ e:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 --a------ e:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 --a------ e:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 --a------ e:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 --a------ e:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 --a------ e:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 --a------ e:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 16:52 80384 --a------ e:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-11-29 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"Launch LCDMon"="e:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]

"Launch LGDCore"="e:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]

"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]

"RivaTuner"="c:\program files (x86)\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]

"WinampAgent"="e:\program files\Winamp\winampa.exe" [2008-08-04 36352]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-12 e:\windows\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2008-10-07 e:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-08-22 e:\windows\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"StartMenuFavorites"= 0 (0x0)

"Start_ShowMyComputer"= 1 (0x1)

"Start_ShowMyDocs"= 1 (0x1)

"Start_ShowMyMusic"= 0 (0x0)

"Start_ShowRun"= 1 (0x1)

"Start_ShowSearch"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKLM\~\startupfolder\E:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Alienware Dock.lnk]

path=e:\documents and settings\Administrator\Start Menu\Programs\Startup\Alienware Dock.lnk

backup=e:\windows\pss\Alienware Dock.lnkStartup

 

[HKLM\~\startupfolder\E:^Documents and Settings^Administrator^Start Menu^Programs^Startup^hamachi.lnk]

path=e:\documents and settings\Administrator\Start Menu\Programs\Startup\hamachi.lnk

backup=e:\windows\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\E:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Teamspeak 2 RC2.lnk]

path=e:\documents and settings\Administrator\Start Menu\Programs\Startup\Teamspeak 2 RC2.lnk

backup=e:\windows\pss\Teamspeak 2 RC2.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

e:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2008-03-20 17:46 217544 e:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 9 interface]

--a------ 2008-09-21 22:21 2748928 e:\program files\Cobian Backup 9\cbInterface.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]

--a------ 2007-06-29 14:03 36864 e:\program files\GameSpy\Comrade\Comrade.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

--a------ 2008-07-22 11:34 2772992 e:\program files\Electronic Arts\EADM\Core.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Echovoice Gamer Statistics]

--a------ 2006-11-28 22:52 53248 e:\program files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2008-11-29 15:55 5724184 e:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-11-18 14:33 1410296 e:\program files\Steam\steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-01 22:40 136600 e:\program files\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-04 00:02 36352 e:\program files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"CobianBackupAmanita"=2 (0x2)

"Themes"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"e:\\WINDOWS\\system32\\PnkBstrA.exe"=

"e:\\WINDOWS\\system32\\PnkBstrB.exe"=

"e:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"e:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"e:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"e:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=

"e:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=

"e:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=

"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"e:\\Program Files\\Steam\\steamapps\\hlsolbjorg\\counter-strike source\\hl2.exe"=

 

R0 mv61xx;mv61xx;e:\windows\system32\drivers\mv61xx.sys [5/6/2008 1:00:00 PM 143360]

R1 KS0108;KS0108;\??\e:\program files\LcdStudio\ks0108.sys [3/10/2008 5:40:08 PM 3712]

R1 LC7981;LC7981;\??\e:\program files\LcdStudio\LC7981.sys [3/10/2008 5:40:10 PM 5120]

R1 n3900;n3900;\??\e:\program files\LcdStudio\n3900.sys [3/10/2008 5:40:10 PM 3968]

R1 SED133x;SED133x;\??\e:\program files\LcdStudio\SED133x.sys [3/10/2008 5:40:10 PM 7424]

R1 T6963C;T6963C;\??\e:\program files\LcdStudio\T6963c.sys [3/10/2008 5:40:10 PM 6400]

R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;e:\windows\system32\drivers\CM108.sys [10/5/2008 7:54:06 PM 1294336]

S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\e:\windows\system32\drivers\Ndisprot.sys [11/30/2008 1:58:21 PM 27904]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys []

S4 CobianBackupAmanita;Cobian Backup 9 service;e:\program files\Cobian Backup 9\cbService.exe [10/5/2008 6:40:37 PM 583168]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759cb4fd-9301-11dd-b574-0019dbf8cb8e}]

\Shell\AutoRun\command - K:\Autorun.exe

 

*Newly Created Service* - HELPSVC

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-30 e:\windows\Tasks\User_Feed_Synchronization-{EF81F190-BD71-4C59-B09C-CF7F9BE377C3}.job

- e:\windows\system32\msfeedssync.exe [2008-08-22 02:05]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-CM108Sound - CM108.cpl

Notify-LBTWlgn - e:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\99474ymk.default\

FF -: plugin - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\99474ymk.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll

FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - e:\program files\mozilla firefox\plugins\np_gp.dll

FF -: plugin - e:\program files\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-30 14:54:32

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"e:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

------------------------ Other Running Processes ------------------------

.

e:\program files\Java\jre6\bin\jqs.exe

e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

e:\windows\system32\nvsvc32.exe

e:\windows\system32\PnkBstrA.exe

e:\windows\system32\PnkBstrB.exe

e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

e:\windows\system32\wdfmgr.exe

e:\program files\TortoiseSVN\bin\TSVNCache.exe

e:\windows\system32\rundll32.exe

e:\windows\system32\rundll32.exe

e:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

e:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

e:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

.

**************************************************************************

.

Completion time: 2008-11-30 14:56:59 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-30 13:56:57

 

Pre-Run: 75 927 044 096 bytes free

Post-Run: 76,840,857,600 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(1)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="Windows XP"

 

392

 

 

 

 

HiJackThis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:58:21, on 30.11.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Java\jre6\bin\jqs.exe

E:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\PnkBstrA.exe

E:\WINDOWS\system32\PnkBstrB.exe

E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

E:\WINDOWS\system32\svchost.exe

E:\Program Files\TortoiseSVN\bin\TSVNCache.exe

E:\WINDOWS\RTHDCPL.EXE

E:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

E:\WINDOWS\system32\RunDll32.exe

E:\WINDOWS\system32\RUNDLL32.EXE

E:\Program Files\Winamp\winampa.exe

E:\Program Files\DAEMON Tools Lite\daemon.exe

E:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

E:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

E:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

E:\Program Files\Windows Live\Messenger\msnmsgr.exe

E:\WINDOWS\system32\wuauclt.exe

E:\WINDOWS\explorer.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Launch LCDMon] "E:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.11\RivaTuner.exe" /S

O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files (x86)\RivaTuner v2.11\RivaTuner.exe" /T

O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - E:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - E:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (file missing)

O23 - Service: MySQL - Unknown owner - E:\Program.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 5507 bytes

 

 

 

 

 

Vista

 

MBAM

 

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1428

Windows 6.0.6001 Service Pack 1

 

30.11.2008 14:30:37

mbam-log-2008-11-30 (14-30-37).txt

 

Skanntype: Rask Skann

Objekter skannet: 40271

Tid tilbakelagt: 2 minute(s), 2 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

 

 

 

HiJackThis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:30:58, on 30.11.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Safe mode

 

Running processes:

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 7751 bytes

 

 

 

 

Takker!

 

EDIT:

Nettet er enooormt treiiigt -.-

 

bilde av c:/, mange unormale filer der :S :S (det var der avg fant virus)

 

Endret 30. november 2008 av HLSolbjorg

[raWrz]

får du kjør combofix på vista dataen

[HLSolbjorg]

nei, får ikke kjørt combofix på vista

 

Husker du dette, submit?

Endret 30. november 2008 av HLSolbjorg

[raWrz]

combofix virker på vista hvis du ikke har 64 bit og vi kjørte combofix da

[HLSolbjorg]

Nope, vista x64 her vettu

 

btw, fjerde/femte bs i dag -.- blir temmelig lei, noen som har løsning?

 

her er windows tingen..

 

 

Problemsignatur:

Navn på problemhendelse: BlueScreen

OS-versjon: 6.0.6001.2.1.0.768.3

ID for nasjonal innstilling: 1044

 

Tilleggsinformasjon om problemet:

BCCode: 7f

BCP1: 0000000000000008

BCP2: 0000000080050031

BCP3: 00000000000006F8

BCP4: FFFFF80001E7EED6

OS Version: 6_0_6001

Service Pack: 1_0

Product: 768_1

 

Filer som bidrar til å beskrive problemet:

C:\Windows\Minidump\Mini113008-02.dmp

C:\Users\HLSolbjorg\AppData\Local\Temp\WER-80906-0.sysdata.xml

C:\Users\HLSolbjorg\AppData\Local\Temp\WER5D9C.tmp.version.txt

 

Les vår personvernerklæring:

http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0414

 

 

 

EDIT:

Combofixen var på pcn til en jeg kjenner det, så ... :p Det var XP

Endret 30. november 2008 av HLSolbjorg

[raWrz]

skal se på XPen noen andre får ta vista'n siden jeg ikke er flink til og finne virus med HJT

[HLSolbjorg]

yess da, enda en bs....

 

Btw, pcn har dualboot!!

 

Combofix funker ikke i vista x64!!!!

 

 

 

 

Endret 30. november 2008 av HLSolbjorg

[norbat]

Vista:

Finner AVG fortsatt noe malware når du skanner?

Ordne filene etter dato - med de nyeste filene øverst. Post nytt bilde av 'C'. Gå også til windows/system32, ordne etter dato og post bilde.

Endret 30. november 2008 av norbat

[HLSolbjorg]

Vista:

 

c:/

 

 

 

windows/system32

 

 

 

HAr ikke scannet med AVG; men det var AVG som plutselig poppa opp med "Threat Detected!"

 

EDIT:

 

Tror det kan ha vært LCD Studio/Everest som har gitt meg BS.. Har avinstalert dem nå, så skal se hva som har skjedd når jeg kommer tilbake fra middag :)

 

har fulgt denne, har brukt samme før, uten problemer.. Så var litt rart.. På vistax64 da og..

Endret 30. november 2008 av HLSolbjorg

[norbat]

Det ligger malwarefiler der, så du kan kjøre en skann med AVG og se hvilke av dem programmet tar.

(filer opprettet 30.11 kl. 13.58/13.54)

[HLSolbjorg]

Har ikke fått noe mer bluescreen..

AVG har scannet seg gjennom den 180GB store C disken (som egentlig er 250gb, HVOR ER RESTEN??!?!), 380GB av partisjon 1 av D disken, og kommet til Progfiles/ea games på E disken (XP)

 

har ikke fått opp noen threats, men mange trackers (Cookies)

Statcounter, Yieldmanager, 247realmedia, 2on7, euroclick er noen av dem..

 

 

Skal jeg bare slette de filene fra c:/ mellom 1358-1354?

 

EDIT: Har du satt opp klokkeslettene feil elns? :S

 

1358->1354 er nesten et døgn..

 

EDIT:

AVG Scan Completed:

AVG:

 

 

"Scan ""Scan whole computer"" was finished."

"Infections found:";"2"

"Infected objects removed or healed:";"2"

"Not removed or healed:";"0"

"Spyware found:";"0"

"Spyware removed:";"0"

"Not removed:";"0"

"Warnings count:";"95"

"Information count:";"0"

"Scan started:";"30. november 2008, 18:38:22"

"Scan finished:";"30. november 2008, 19:45:48 (1 hour(s) 7 minute(s) 25 second(s))"

"Total object scanned:";"2147174"

"User who launched the scan:";"HLSolbjorg"

 

"Infections"

"File";"Infection";"Result"

"E:\Qoobox\Quarantine\E\WINDOWS\system32\drivers\_ati8rhxx_.sys.zip";"Trojan horse Rootkit-Agent.AV";"Moved to Virus Vault"

"E:\Qoobox\Quarantine\E\WINDOWS\system32\drivers\_ati8rhxx_.sys.zip:\ati8rhxx.sys";"Trojan horse Rootkit-Agent.AV";"Moved to Virus Vault"

 

"Warnings"

"File";"Infection";"Result"

"C:\Users\HLSolbjorg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"C:\Users\HLSolbjorg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"C:\Users\HLSolbjorg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"C:\Users\HLSolbjorg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"C:\Users\HLSolbjorg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"C:\Users\HLSolbjorg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"C:\Users\HLSolbjorg\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"C:\Users\HLSolbjorg\AppData\Roaming\Microsoft\Windows\Cookies\hlsolbjorg@statcounter[1].txt";"Found Tracking cookie.Statcounter";"Potentially dangerous object"

"C:\Users\HLSolbjorg\AppData\Roaming\Microsoft\Windows\Cookies\hlsolbjorg@statcounter[1].txt:\statcounter.com.aa378886";"Found Tracking cookie.Statcounter";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt";"Found Tracking cookie.247realmedia";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt:\2o7.net.706680ba";"Found Tracking cookie.2o7";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt:\2o7.net.92b4d8ae";"Found Tracking cookie.2o7";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][1].txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt";"Found Tracking cookie.Burstnet";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt:\burstnet.com.a3218a37";"Found Tracking cookie.Burstnet";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt";"Found Tracking cookie.Fastclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt:\fastclick.net.8dd1284a";"Found Tracking cookie.Fastclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt:\fastclick.net.9b41aa53";"Found Tracking cookie.Fastclick";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt";"Found Tracking cookie.Realmedia";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt:\realmedia.com.125a868c";"Found Tracking cookie.Realmedia";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt:\realmedia.com.68087763";"Found Tracking cookie.Realmedia";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt:\realmedia.com.e14be39e";"Found Tracking cookie.Realmedia";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt";"Found Tracking cookie.Statcounter";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt:\statcounter.com.aa378886";"Found Tracking cookie.Statcounter";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\[email protected][2].txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt";"Found Tracking cookie.Tacoda";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt:\tradedoubler.com.a0d950bb";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt:\tradedoubler.com.dc3c9994";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"

"E:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt:\zedo.com.ff8ec9c0";"Found Tracking cookie.Zedo";"Potentially dangerous object"

"E:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[2].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"

"E:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[2].txt:\2o7.net.92b4d8ae";"Found Tracking cookie.2o7";"Potentially dangerous object"

"E:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"

"E:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"

 

 

 

 

EDIT2:

Haha, ser trojaneren som kaller seg for Ati Haxx elns xD Har ikke ATI engang ._.

 

Filene ligger i Vault'et, skal jeg gjøre noe med dem? Slette dem? Eller ligger de fint der de er?

 

EDIT3:

 

Bare lurer litt, hva skjer når AVG license expires? Kan/bør jeg laste ned AVG på nytt? Eller bør jeg kjøpe ESET Smart Security (Hadde Nod32 før, men license gikk ut, og pappa betalte ikke ny, så.... Eller bør ejg kjøpe Nod 32?)

Endret 30. november 2008 av HLSolbjorg

[norbat]

Neida, i C: er det noen filer som er opprettet 30.11 kl. 13.58 + en fil kl. 13.54 samme dato. Disse sletter du (mulig du må ut i sikker modus for å klare det).

 

Alternativt, så kjører du en skann med DrWeb

Den vil først kjøre en expresskann

Deretter velger du å kjøre en full skann.

Endret 30. november 2008 av norbat

[HLSolbjorg]

Funket fint å slette filene fra c:/

 

Takker for hjelpa

 

Har du noen ide om hva det kan ha vært?

 

Har hosta lan her hjemme, men har da brukt XP hele tiden.. (E:/)... Så.. xD

[norbat]

Noen av filene var en såkalt Trojan.DownLoader.

For å være sikker på at det ikke ligger flere på lur, så ville jeg ha kjør DrWeb.

[HLSolbjorg]

Den er grei

 

Kjører en DrWeb jeg

 

EDIT:

Ferdig - Ingen virus funnet..

 

Phuu

Endret 30. november 2008 av HLSolbjorg

[HLSolbjorg]

@Submit; Fant du ut noe i WinXP?

[raWrz]

ser greit ut det

[HLSolbjorg]

Ahrg..

 

Fikk nå to bluescreens fra vista'n. Fikk ikke noen feilrapport, men trykekt på restart knappen før den var ferdig med minnedump tingen.... :/ :/

 

I går:

Lastet ned og instalerte Everest + LCD Studio + Speedfan til en G15 Plugin. Tror det var det som ga meg BS.

 

I dag:

Lastet ned + instalerte Comodo Firewall Free, men avinstalerte den pga noe sykt med popups.

Instalerte LCD Studio igjen, men denne ganger med Rivatuner+Speedfan. Har funket helt greit i ca 3-4timer..

 

Det siste som skjedde før BS:

Lukekt igjen Winamp, pga jeg tok bort en plugin.

Startet opp igjen winamp igjen, men den feilmeldinga som pluginene hadde, var der fortsatt.

Trykket på spill av knappen, så kom sangen på, før den skrudde seg av, og jeg fikk "Winamp har sluttet å virke". Prøvde å starte winamp på nytt, samma skjedde. Prøvde en tredje gang, men når jeg trykket på playknappen da, gikk pc'n til bluescreen.

 

Sitter nå på XP'n, har LCD Studio, Speedfan og Rivatuner instalert her og.

 

Add:

Har merket at etter de første bluescreenene, får jeg "No drives detected" under boot. Det er der HDD'sa har kommet opp før. Why? :S

 

EDIT:

Får også en feilmelding (I XP) fra Windows File Protection:

Files that are required for windows to run properly are replaced with unrecognized versions. To maintain system stability, windows must restore the original versions of these files.

Insert your Windows XP Proffesional Service Pack 3 CD Now.

 

Retry - More - Information Cancel

 

Uansett hvilken knapp jeg trykker, får jeg samma feilmelding igjen ._.

 

Kan det være at Malwarebytes har slettet noen infiserte systemfiler?

Endret 1. desember 2008 av HLSolbjorg

[norbat]

Vista har en pålitelighetsovervåking som muligens kan fortelle hvorfor vista er/var ustabil. Du kunne ha sjekket om du finner ut hva som var grunnen til bsod.

[HLSolbjorg]

Starter opp igjen vista da, og venter på en bs til ^^