Poster utskilt fra veiledertråden-2

[2ball_]

har hatt litt problemer med blant annet windows installer.

 

mbam:

 

Malwarebytes' Anti-Malware 1.30

Database version: 1402

Windows 5.2.3790 Service Pack 2

 

22.11.2008 19:42:45

mbam-log-2008-11-22 (19-42-45).txt

 

Scan type: Quick Scan

Objects scanned: 43966

Time elapsed: 2 minute(s), 43 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:50:29, on 22.11.2008

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\SysWOW64\CTsvcCDA.exe

C:\WINDOWS\RTHDCPL.EXE

E:\div progz\Powersuite\SpyEraser\SpyEraser.exe

E:\div progz\Powersuite\Registry Booster\RegistryBooster.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

E:\div progz\Powersuite\SpeedUpMyPC\SpeedUpMyPC.exe

E:\DIV PROGZ\FRAPS\FRAPS.EXE

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Jensen\Common\JensenUI.exe

C:\PROGRA~2\AVG\AVG8\avgemc.exe

C:\PROGRA~2\AVG\AVG8\avgtray.exe

C:\Program Files (x86)\RivaTuner v2.04\RivaTuner.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 2.4\program\soffice.BIN

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SysWOW64\CTXFISPI.EXE

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

G:\spill\css\Steam.exe

E:\div progz\FireFox\firefox.exe

E:\div progz\HJT\hjt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\SysWOW64\JMRaidTool.exe boot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files (x86)\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKCU\..\Run: [uniblue SpyEraser] "E:\div progz\Powersuite\SpyEraser\SpyEraser.exe" -m

O4 - HKCU\..\Run: [uniblue Registry Booster] E:\div progz\Powersuite\Registry Booster\RegistryBooster.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uniblue SpeedUpMyPC] E:\div progz\Powersuite\SpeedUpMyPC\SpeedUpMyPC.exe -s

O4 - HKCU\..\Run: [Fraps] E:\DIV PROGZ\FRAPS\FRAPS.EXE

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: AVG Free 8.0.lnk = C:\Program Files (x86)\AVG\AVG8\avgui.exe

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe

O4 - Startup: RivaTuner.lnk = C:\Program Files (x86)\RivaTuner v2.04\RivaTuner.exe

O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Program Files (x86)\Jensen\Common\JensenUI.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - ESC Trusted Zone: http://runonce.msn.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167758800109

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

 

--

End of file - 9401 bytes

 

 

edit: kan ikke legge ut combofix fordi jeg kjører xp 64-bit

Endret 22. november 2008 av 2ball(s)

[raWrz]

oppdater Mbam og kjør ny skann

[2ball_]

 

Malwarebytes' Anti-Malware 1.30

Database version: 1416

Windows 5.2.3790 Service Pack 2

 

23.11.2008 02:12:02

mbam-log-2008-11-23 (02-12-02).txt

 

Scan type: Quick Scan

Objects scanned: 40470

Time elapsed: 1 minute(s), 38 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

[Steamed]

Hei.

Har lastet ned Malware og Combofix og hijack, eller hva det heter, men slettet hijack.

 

Jeg har ikke merket noe virus.

Men like vell når jeg logger på er bakgrunnen svart (?) normalt hvit...

 

Bilde av problem.

 

Dette står helt nederst i høyre hjørne.

Hva skal jeg gjøre ?

Plagsomt med at bakgrunnen hele tiden skifter fra det jeg vil ha..

[Tosha0007]

korleis vil du høyre det

Det der er microsoft sitt program som sjekker om du har ein piratkopiert windows. Programmet meiner at du har ein piratkopiert windows, og har etter mine erfaringar ofte rett med det.

 

Så du har vell tilfeldigvis ikkje ein ugyldig cd-key til windows?

 

Løysing på problemet:

 

Kjøp ein lovleg cd-key til windows

 

Endret 23. november 2008 av tosha0007

[hernil]

Har du piratkopiert Windows?

[raWrz]

ser ut som om han har piratkopier windows og den eneste utveien er og betale en lisens

[HLSolbjorg]

MBAM

 

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1417

Windows 5.1.2600 Service Pack 3

 

23.11.2008 15:11:24

mbam-log-2008-11-23 (15-11-23).txt

 

Skanntype: Rask Skann

Objekter skannet: 47396

Tid tilbakelagt: 4 minute(s), 33 second(s)

 

Minneprosesser infisert: 3

Minnemoduler infisert: 4

Registernøkler infisert: 31

Registerverdier infisert: 7

Registerfiler infisert: 6

Mapper infisert: 1

Filer infisert: 79

 

Minneprosesser infisert:

C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Unloaded process successfully.

C:\WINDOWS\system32\cftmon.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\updater.com (Backdoor.Bot) -> Unloaded process successfully.

 

Minnemoduler infisert:

C:\WINDOWS\system32\iifdbApm.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\wbvdrvdt.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\mryzbx.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\tuvUNgGv.dll (Trojan.Vundo.H) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09268bf8-2816-4716-91ca-0b6b72460ab7} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvunggv (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{09268bf8-2816-4716-91ca-0b6b72460ab7} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25307310-b4ad-4fbc-ae40-c3d10d24eaaf} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{25307310-b4ad-4fbc-ae40-c3d10d24eaaf} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8487b2e6-be10-466b-8641-5db4fd61917e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8487b2e6-be10-466b-8641-5db4fd61917e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06438fb4-d00e-47dc-999e-2b904cea3e38} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{06438fb4-d00e-47dc-999e-2b904cea3e38} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6438fb40-d00e-47dc-999e-2b904cea3e38} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6438fb40-d00e-47dc-999e-2b904cea3e38} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1503f360-368b-4200-907c-507ac949e58d} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1503f360-368b-4200-907c-507ac949e58d} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25307310-b4ad-4fbc-ae40-c3d10d24eaaf} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{38c1e533-6512-4da5-912f-36db5585d017} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{38c1e533-6512-4da5-912f-36db5585d017} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b53bdfe6-5cd8-43d9-b4f6-d9016d131fa1} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b53bdfe6-5cd8-43d9-b4f6-d9016d131fa1} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8487b2e6-be10-466b-8641-5db4fd61917e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09268bf8-2816-4716-91ca-0b6b72460ab7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06438fb4-d00e-47dc-999e-2b904cea3e38} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6438fb40-d00e-47dc-999e-2b904cea3e38} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0226bea0-48e6-4a08-a735-79a376e413b2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0000d182-81af-440b-a50a-7ea2d45b348c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Helper (Spyware.Banker) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f0737e53 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{09268bf8-2816-4716-91ca-0b6b72460ab7} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows msn update r (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows msn update r (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winsock2 driver (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Winsock2 driver (Worm.Sdbot) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifdbapm -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifdbapm -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.free2article.info) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.

 

Filer infisert:

C:\WINDOWS\system32\tuvUNgGv.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\iifdbApm.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\mpAbdfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mpAbdfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mryzbx.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\bycymajj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jjamycyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dpcjcglu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ulgcjcpd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iwwvdiru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uridvwwi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jptdkkox.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xokkdtpj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJBRHaX.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\XaHRBJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\XaHRBJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJyYOff.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ffOYyJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ffOYyJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vcbmxftl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ltfxmbcv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\warrhmfe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efmhrraw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wbvdrvdt.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\tdvrdvbw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ytqtmpww.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wwpmtqty.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cltytgep.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\aqjzqb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gqkkbwdm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGabArq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGwVNhG.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGyyyyV.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hhfsxpwi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMgfDwT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rvbwbk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tqgdklvw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bftvpr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bgbwnt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ddcCUkll.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efcCuVmL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\emkbixys.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fvltcqrv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ncnisyhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pqtbwg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qystqbqe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uhktdyfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vtUnnoon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wazeze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqOGYRl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqOihhI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssqNDTmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnkLbya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nqrpjvbt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cbXpqRHa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yetowk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iiffGXnK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kgwfuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\dosjs.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\dossd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\osjds.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\osjs.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\ossgjds.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\IXP000.TMP\test.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Daglig_bruk\Local Settings\Temporary Internet Files\Content.IE5\GPMRKH67\wxp[1].jpg (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Daglig_bruk\Local Settings\Temporary Internet Files\Content.IE5\GPMRKH67\cna[1].jpg (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5LSF45W5\cna[2].jpg (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\md32.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winsy.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\updater.com (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\wino.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMggdCU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efcCuSLc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ps.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cookie.dat (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

HiJackThis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:27:44, on 23.11.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\MDM32.exe

C:\WINDOWS\wswc.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Trend Micro\HijackThis\olepetter.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [Microsoft Debug Manager] MDM32.exe

O4 - HKLM\..\Run: [Windows UDP's Control Service] wswc.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: mryzbx.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

 

--

End of file - 3986 bytes

 

 

 

 

Noen som orker se igjennom?

Endret 23. november 2008 av HLSolbjorg

[Tosha0007]

combofix logg og eller? var berre Malwarebyte's og HijackThis logg her

[raWrz]

den øverset er Mbam og ikke combofix

 

oppdater AVGen din til AVG8 : http://www.download.com/AVG-Anti-Virus-Fre...&tag=button

[HLSolbjorg]

Mente MBAM ja; skrev litt feil lol

 

Skal opgradere... Hva skal jeg etter det?

[Tosha0007]

post ein combofix logg

Endret 23. november 2008 av tosha0007

[raWrz]

ta et søk med AVG også gi meg Combofix logg

 

edit: tosha007 ligger et hakk foran meg ja

Endret 23. november 2008 av Submit

[2ball_]

ser ut som om han har piratkopier windows og den eneste utveien er og betale en lisens

feil. det er ganske lett og sno seg rundt det problemet.

 

edit: på en gammel PC som nå er kasert.

Endret 23. november 2008 av 2ball(s)

[Tosha0007]

2ball: ja, det er fint mogleg å sno seg rundt det problemet. Men, no skal me ikkje diskutera nedlasta opphavsbeskytta material og korleis ein kan unngå kopisperrer m.m. her på diskusjon.no derfor oppmodar me Steamed til å kjøpe ein lovleg lisens.

 

edit: tosha007 ligger et hakk foran meg ja

Takker, sjølv om eg ikkje veit om eg bør ta det som ein kompliment. Kanskje eg bør gjera anna enn å sitta på diskusjon.no heile søndagen

 

edit: HLSolbjorg: snart klar med Combofix loggen eller? Eg saknar noko å gjera

Endret 23. november 2008 av tosha0007

[HLSolbjorg]

Combofix

 

 

ComboFix 08-11-22.02 - Administrator 2008-11-23 16:09:27.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.194 [GMT 1:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrator\blazer233.txt

 

.

((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))

.

 

2008-11-23 16:10 . 2008-11-23 16:10 <DIR> d--h----- C:\$AVG8.VAULT$

2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\windows\system32\xircom

2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\windows\system32\oobe

2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\windows\srchasst

2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\program files\microsoft frontpage

2008-11-23 16:02 . 2008-11-23 16:02 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys

2008-11-23 16:02 . 2008-11-23 16:02 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys

2008-11-23 16:02 . 2008-11-23 16:02 10,520 --a------ c:\windows\system32\avgrsstx.dll

2008-11-23 16:01 . 2008-11-23 16:08 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-11-23 16:01 . 2008-11-23 16:01 <DIR> d-------- c:\program files\AVG

2008-11-23 16:01 . 2008-11-23 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2008-11-23 15:27 . 2008-11-23 15:27 <DIR> d-------- c:\program files\Trend Micro

2008-11-23 15:19 . 2008-11-23 15:19 1,025 --a------ C:\ossgjds.exe

2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2008-11-23 15:04 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-23 15:04 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-23 01:08 . 2008-11-23 01:08 358,504 --a------ c:\windows\85it.exe

2008-11-23 00:18 . 2008-11-23 00:18 109,618 --a------ C:\ytex.exe

2008-11-22 23:27 . 2008-11-22 23:26 109,812 --a------ c:\windows\tomanders94Picture25675480163.JPG-imageshack.scr.zip

2008-11-22 23:27 . 2008-11-22 23:27 109,810 --a------ c:\windows\vikke_1994Picture86516684388.JPG-imageshack.scr.zip

2008-11-22 23:27 . 2008-11-22 23:27 109,810 --a------ c:\windows\renate.144Picture11486233133.JPG-imageshack.scr.zip

2008-11-22 23:27 . 2008-11-22 23:27 109,810 --a------ c:\windows\martine.tnPicture86860316168.JPG-imageshack.scr.zip

2008-11-22 23:27 . 2008-11-22 23:27 109,810 --a------ c:\windows\kristin_94Picture82130148248.JPG-imageshack.scr.zip

2008-11-22 23:27 . 2008-11-22 23:27 109,808 --a------ c:\windows\iselin496Picture20682140412.JPG-imageshack.scr.zip

2008-11-22 23:27 . 2008-11-22 23:27 109,806 --a------ c:\windows\helgasonPicture51162053824.JPG-imageshack.scr.zip

2008-11-22 23:27 . 2008-11-22 23:27 109,806 --a------ c:\windows\c_fugloePicture62404454568.JPG-imageshack.scr.zip

2008-11-22 23:27 . 2008-11-22 23:27 109,806 --a------ c:\windows\alex-b94Picture37365051676.JPG-imageshack.scr.zip

2008-11-22 23:26 . 2008-11-22 23:26 109,818 --a------ c:\windows\solfrid_pus_94Picture35005412663.JPG-imageshack.scr.zip

2008-11-22 23:26 . 2008-11-22 23:26 109,816 --a------ c:\windows\marthegogstadPicture77281870885.JPG-imageshack.scr.zip

2008-11-22 23:26 . 2008-11-22 23:26 109,814 --a------ c:\windows\siriogsandraPicture66110014781.JPG-imageshack.scr.zip

2008-11-22 23:26 . 2008-11-22 23:26 109,812 --a------ c:\windows\lineline_93Picture61255678865.JPG-imageshack.scr.zip

2008-11-22 23:26 . 2008-11-22 23:26 109,800 --a------ c:\windows\lauraPicture00416408478.JPG-imageshack.scr.zip

2008-11-22 23:11 . 2008-11-22 23:19 358,504 --a------ C:\gavens.exe

2008-11-22 22:58 . 2008-11-22 23:00 <DIR> d-------- c:\program files\LimeWire

2008-11-22 21:23 . 2008-11-22 21:23 109,810 --a------ c:\windows\kristin_94Picture73823430437.JPG-imageshack.scr.zip

2008-11-22 21:23 . 2008-11-22 21:23 109,808 --a------ c:\windows\frieda-94Picture42713372273.JPG-imageshack.scr.zip

2008-11-22 21:23 . 2008-11-22 21:23 109,806 --a------ c:\windows\tutta.94Picture38547300858.JPG-imageshack.scr.zip

2008-11-22 21:23 . 2008-11-22 21:22 109,806 --a------ c:\windows\c_fugloePicture65310315223.JPG-imageshack.scr.zip

2008-11-22 21:23 . 2008-11-22 21:23 50,226 --a------ C:\blaowz.exe

2008-11-22 21:22 . 2008-11-22 21:22 109,824 --a------ c:\windows\hlsolbjorg_crysisPicture85061702308.JPG-imageshack.scr.zip

2008-11-22 21:22 . 2008-11-22 21:22 109,820 --a------ c:\windows\brudevold_rogerPicture32386622513.JPG-imageshack.scr.zip

2008-11-22 21:22 . 2008-11-22 21:22 109,818 --a------ c:\windows\alpin_jenta123Picture67388782135.JPG-imageshack.scr.zip

2008-11-22 21:22 . 2008-11-22 21:22 109,816 --a------ c:\windows\marthegogstadPicture80853733542.JPG-imageshack.scr.zip

2008-11-22 21:22 . 2008-11-22 21:22 109,814 --a------ c:\windows\siriogsandraPicture05480345407.JPG-imageshack.scr.zip

2008-11-22 21:22 . 2008-11-22 21:22 109,812 --a------ c:\windows\tomanders94Picture60407158800.JPG-imageshack.scr.zip

2008-11-22 21:22 . 2008-11-22 21:22 109,812 --a------ c:\windows\lineline_93Picture48361240337.JPG-imageshack.scr.zip

2008-11-22 21:22 . 2008-11-22 21:22 109,806 --a------ c:\windows\k.h.s_94Picture04082236534.JPG-imageshack.scr.zip

2008-11-22 21:22 . 2008-11-22 21:22 109,806 --a------ c:\windows\helgasonPicture30685464611.JPG-imageshack.scr.zip

2008-11-22 20:56 . 2008-11-22 20:56 109,810 --a------ c:\windows\kristin_94Picture18764180401.JPG-imageshack.scr.zip

2008-11-22 20:56 . 2008-11-22 20:56 109,808 --a------ c:\windows\frieda-94Picture66663043146.JPG-imageshack.scr.zip

2008-11-22 20:56 . 2008-11-22 20:56 109,806 --a------ c:\windows\tutta.94Picture23610445353.JPG-imageshack.scr.zip

2008-11-22 20:56 . 2008-11-22 20:55 109,806 --a------ c:\windows\helgasonPicture61718027345.JPG-imageshack.scr.zip

2008-11-22 20:56 . 2008-11-22 20:56 109,806 --a------ c:\windows\c_fugloePicture62330278162.JPG-imageshack.scr.zip

2008-11-22 20:55 . 2008-11-22 20:55 109,824 --a------ c:\windows\hlsolbjorg_crysisPicture50405385530.JPG-imageshack.scr.zip

2008-11-22 20:55 . 2008-11-22 20:55 109,816 --a------ c:\windows\marthegogstadPicture37406685562.JPG-imageshack.scr.zip

2008-11-22 20:55 . 2008-11-22 20:55 109,814 --a------ c:\windows\siriogsandraPicture31561760652.JPG-imageshack.scr.zip

2008-11-22 20:55 . 2008-11-22 20:55 109,812 --a------ c:\windows\tomanders94Picture48738327277.JPG-imageshack.scr.zip

2008-11-22 20:55 . 2008-11-22 20:55 109,812 --a------ c:\windows\lineline_93Picture25732741030.JPG-imageshack.scr.zip

2008-11-22 20:46 . 2008-11-23 15:19 52,786 --a------ C:\burimi.exe

2008-11-22 20:27 . 2008-11-22 20:27 109,824 --a------ c:\windows\hlsolbjorg_crysisPicture41003718824.JPG-imageshack.scr.zip

2008-11-22 20:27 . 2008-11-22 20:27 109,820 --a------ c:\windows\veronicajenta96Picture15378147512.JPG-imageshack.scr.zip

2008-11-22 20:27 . 2008-11-22 20:27 109,814 --a------ c:\windows\heidithg_94_Picture17031311132.JPG-imageshack.scr.zip

2008-11-22 20:27 . 2008-11-22 20:26 109,812 --a------ c:\windows\tomanders94Picture60664386002.JPG-imageshack.scr.zip

2008-11-22 20:27 . 2008-11-22 20:27 109,810 --a------ c:\windows\kristin_94Picture25357602113.JPG-imageshack.scr.zip

2008-11-22 20:27 . 2008-11-22 20:27 109,808 --a------ c:\windows\frieda-94Picture70643051601.JPG-imageshack.scr.zip

2008-11-22 20:27 . 2008-11-22 20:27 109,806 --a------ c:\windows\tutta.94Picture05882047270.JPG-imageshack.scr.zip

2008-11-22 20:27 . 2008-11-22 20:27 109,806 --a------ c:\windows\helgasonPicture62326440631.JPG-imageshack.scr.zip

2008-11-22 20:27 . 2008-11-22 20:27 109,806 --a------ c:\windows\c_fugloePicture48533703346.JPG-imageshack.scr.zip

2008-11-22 20:26 . 2008-11-22 20:26 109,816 --a------ c:\windows\marthegogstadPicture52882485837.JPG-imageshack.scr.zip

2008-11-22 20:26 . 2008-11-22 20:26 109,814 --a------ c:\windows\hanna_smil94Picture67812672704.JPG-imageshack.scr.zip

2008-11-22 20:26 . 2008-11-22 20:26 109,812 --a------ c:\windows\lineline_93Picture70187206115.JPG-imageshack.scr.zip

2008-11-22 20:26 . 2008-11-22 20:26 109,806 --a------ c:\windows\juliermaPicture76580328066.JPG-imageshack.scr.zip

2008-11-22 19:38 . 2008-11-22 19:37 50,424 --a------ c:\windows\hlsolbjorg_crysisPicture7525435.JPG-imageshack.com.zip

2008-11-22 19:38 . 2008-11-22 19:38 50,410 --a------ c:\windows\renate.144Picture7525435.JPG-imageshack.com.zip

2008-11-22 19:38 . 2008-11-22 19:38 50,406 --a------ c:\windows\c_fugloePicture7525435.JPG-imageshack.com.zip

2008-11-22 19:37 . 2008-11-22 19:37 50,418 --a------ c:\windows\balder-love-94Picture7525435.JPG-imageshack.com.zip

2008-11-22 19:37 . 2008-11-22 19:37 50,412 --a------ c:\windows\maddesnuppaPicture7525435.JPG-imageshack.com.zip

2008-11-22 19:37 . 2008-11-22 19:37 50,406 --a------ c:\windows\juliermaPicture7525435.JPG-imageshack.com.zip

2008-11-22 19:00 . 2008-11-22 19:00 31,744 ---h----- c:\windows\system32\usykln.exe

2008-11-22 19:00 . 2008-11-22 19:00 31,744 ---h----- c:\windows\system32\fygtsi.exe

2008-11-22 18:34 . 2008-11-22 18:34 31,744 ---h----- c:\windows\system32\cgjkgh.exe

2008-11-22 18:32 . 2008-11-22 18:32 31,744 ---h----- c:\windows\system32\snxvib.exe

2008-11-22 18:32 . 2008-11-22 18:32 31,744 ---h----- c:\windows\system32\nmksgp.exe

2008-11-22 18:32 . 2008-11-22 18:32 31,744 ---h----- c:\windows\system32\dzzqcc.exe

2008-11-22 18:22 . 2008-11-22 18:22 109,810 --a------ c:\windows\kristin_94Picture07243347623.JPG-imageshack.scr.zip

2008-11-22 18:22 . 2008-11-22 18:22 109,806 --a------ c:\windows\tutta.94Picture15440885311.JPG-imageshack.scr.zip

2008-11-22 18:22 . 2008-11-22 18:21 109,806 --a------ c:\windows\c_fugloePicture35660762703.JPG-imageshack.scr.zip

2008-11-22 18:21 . 2008-11-22 18:21 109,824 --a------ c:\windows\hlsolbjorg_crysisPicture67547444025.JPG-imageshack.scr.zip

2008-11-22 18:21 . 2008-11-22 18:21 109,820 --a------ c:\windows\veronicajenta96Picture31774543851.JPG-imageshack.scr.zip

2008-11-22 18:21 . 2008-11-22 18:21 109,818 --a------ c:\windows\sofiemyklebostPicture35188314800.JPG-imageshack.scr.zip

2008-11-22 18:21 . 2008-11-22 18:21 109,812 --a------ c:\windows\tomanders94Picture47503641483.JPG-imageshack.scr.zip

2008-11-22 18:21 . 2008-11-22 18:21 109,812 --a------ c:\windows\maddesnuppaPicture40237434837.JPG-imageshack.scr.zip

2008-11-22 18:21 . 2008-11-22 18:21 109,812 --a------ c:\windows\lineline_93Picture73405838070.JPG-imageshack.scr.zip

2008-11-22 18:21 . 2008-11-22 18:21 109,810 --a------ c:\windows\frk.dammenPicture75303665282.JPG-imageshack.scr.zip

2008-11-22 18:21 . 2008-11-22 18:21 109,806 --a------ c:\windows\juliermaPicture63751225064.JPG-imageshack.scr.zip

2008-11-22 18:21 . 2008-11-22 18:21 109,806 --a------ c:\windows\helgasonPicture17087751648.JPG-imageshack.scr.zip

2008-11-22 18:14 . 2008-11-22 18:14 31,744 ---h----- c:\windows\system32\genzpq.exe

2008-11-22 16:40 . 2008-11-22 16:40 31,744 ---h----- c:\windows\system32\wimjtm.exe

2008-11-22 16:40 . 2008-11-22 16:40 31,744 ---h----- c:\windows\system32\bzdnsc.exe

2008-11-22 16:38 . 2008-11-22 16:38 31,744 ---h----- c:\windows\system32\wkeprn.exe

2008-11-22 16:37 . 2008-11-22 16:36 31,744 ---h----- c:\windows\system32\cxsmdo.exe

2008-11-22 16:36 . 2008-11-22 16:36 31,744 ---h----- c:\windows\system32\qwxdht.exe

2008-11-22 16:36 . 2008-11-22 16:36 31,744 ---h----- c:\windows\system32\ljnqyi.exe

2008-11-21 21:28 . 2008-11-21 21:28 19,512 --a------ c:\windows\system32\helper.xml

2008-11-21 21:14 . 2008-11-22 00:12 109,618 --a------ C:\rawbotzz.exe

2008-11-21 01:19 . 2008-11-21 01:19 39,667 -r-hs---- c:\windows\wswc.exe

2008-11-21 01:19 . 2008-11-21 01:19 39,667 --a------ C:\ojd.exe

2008-11-20 18:10 . 2008-11-20 22:33 109,618 --a------ C:\newver.exe

2008-11-19 16:02 . 2008-11-19 16:02 114,688 --a------ C:\nigggggz.exe

2008-11-18 21:51 . 2008-11-18 21:51 50,426 --a------ c:\windows\cathrineliiciousx3Picture7525435.JPG-imageshack.com.zip

2008-11-18 21:51 . 2008-11-18 21:51 50,420 --a------ c:\windows\heltsykt_henrikPicture7525435.JPG-imageshack.com.zip

2008-11-18 21:51 . 2008-11-18 21:51 50,420 --a------ c:\windows\brudevold_rogerPicture7525435.JPG-imageshack.com.zip

2008-11-18 21:51 . 2008-11-18 21:51 50,418 --a------ c:\windows\alpin_jenta123Picture7525435.JPG-imageshack.com.zip

2008-11-18 21:51 . 2008-11-18 21:51 50,412 --a------ c:\windows\hanne94_rbkPicture7525435.JPG-imageshack.com.zip

2008-11-18 21:51 . 2008-11-18 21:51 50,408 --a------ c:\windows\elinor94-Picture7525435.JPG-imageshack.com.zip

2008-11-18 17:25 . 2008-11-18 17:25 50,420 --a------ c:\windows\veronicajenta96Picture7525435.JPG-imageshack.com.zip

2008-11-18 17:25 . 2008-11-18 21:51 50,412 --a------ c:\windows\trinelise94Picture7525435.JPG-imageshack.com.zip

2008-11-18 17:25 . 2008-11-18 17:25 50,412 --a------ c:\windows\sissi_dansePicture7525435.JPG-imageshack.com.zip

2008-11-18 17:25 . 2008-11-18 17:25 50,406 --a------ c:\windows\reber127Picture7525435.JPG-imageshack.com.zip

2008-11-18 16:15 . 2008-11-18 17:18 50,226 --a------ C:\blazzzzzer.exe

2008-11-17 21:50 . 2008-11-17 21:50 1,025 --a------ C:\odfhss.exe

2008-11-17 17:02 . 2008-11-17 17:02 4,139 --a------ C:\rrrr.exe

2008-11-17 16:57 . 2008-11-17 16:57 28,160 --a------ C:\ddd.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-23 15:07 --------- d-----w c:\program files\Steam

2008-11-23 15:07 --------- d-----w c:\documents and settings\Administrator\Application Data\OpenOffice.org2

2008-11-23 14:00 --------- d-----w c:\program files\Windows Live

2008-11-22 22:37 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent

2008-11-22 22:03 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire

2008-11-19 20:47 --------- d-----w c:\documents and settings\Daglig_bruk\Application Data\OpenOffice.org2

2008-11-14 22:28 --------- d-----w c:\documents and settings\Administrator\Application Data\dvdcss

2008-10-19 21:25 --------- d-----w c:\documents and settings\Admin\Application Data\Talkback

2008-10-13 18:31 --------- d-----w c:\documents and settings\Daglig_bruk\Application Data\dvdcss

2008-09-25 05:39 --------- d-----w c:\program files\Real

2008-09-25 05:39 --------- d-----w c:\program files\Common Files\Real

2008-09-24 21:31 --------- d-----w c:\documents and settings\Administrator\Application Data\vlc

2008-09-24 21:25 --------- d-----w c:\program files\Java

2008-09-24 21:24 --------- d-----w c:\program files\Common Files\Java

2008-09-15 20:37 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-09-15 20:37 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-05-05 20:14 34,048 ----a-w c:\program files\opera\program\plugins\upd62i9x.dll

2008-05-05 20:14 45,056 ----a-w c:\program files\opera\program\plugins\upd62int.dll

2008-05-06 12:00 358,504 --sh--r c:\windows\system32\bsnotz.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-23_15.24.25,48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-11-23 15:02:01 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2006-12-01 21:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-01 23:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-01 23:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-01 23:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-01 23:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-01 23:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-01 23:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2008-10-26 1410296]

"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-29 258048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-23 1234712]

"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 c:\windows\system32\P0620Pin.dll]

"Microsoft Debug Manager"="MDM32.exe" [2008-11-15 c:\windows\MDM32.exe]

"Windows UDP's Control Service"="wswc.exe" [2008-11-21 c:\windows\wswc.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-05-06 c:\windows\system32\advpack.dll]

 

c:\documents and settings\Daglig_bruk\Start Menu\Programs\Startup\

OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [12/1/2006 11:32:46 PM 393216]

 

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [12/1/2006 11:32:46 PM 393216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

"DisableStatusMessages"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"StartMenuFavorites"= 0 (0x0)

"Start_ShowMyComputer"= 1 (0x1)

"Start_ShowMyDocs"= 1 (0x1)

"Start_ShowMyMusic"= 0 (0x0)

"Start_ShowRun"= 1 (0x1)

"Start_ShowSearch"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=mryzbx.dll,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Steam\\steamapps\\csk10\\counter-strike\\hl.exe"=

"c:\\Program Files\\Counter-Strike\\hlds.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Steam\\steamapps\\magsko540\\counter-strike\\hl.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Counter-Strike\\hl.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Opera\\Opera.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\bsnotz.exe"=

"c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [11/23/2008 4:02:01 PM 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/23/2008 4:01:52 PM 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/23/2008 4:01:51 PM 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [11/23/2008 4:02:01 PM 76040]

 

*Newly Created Service* - AVG8EMC

*Newly Created Service* - AVG8WD

*Newly Created Service* - AVGLDX86

*Newly Created Service* - AVGMFX86

*Newly Created Service* - AVGTDIX

*Newly Created Service* - HELPSVC

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]

c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{577DAE08-3B78-540C-DB3A-040FFCAB45FE}]

c:\windows\Wind.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4cxnxle2.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://nb-no.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nb-NO:official

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-23 16:11:09

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(828)

c:\windows\system32\avgrsstx.dll

 

- - - - - - - > 'lsass.exe'(892)

c:\windows\system32\avgrsstx.dll

.

Completion time: 2008-11-23 16:12:21

ComboFix-quarantined-files.txt 2008-11-23 15:11:57

ComboFix2.txt 2008-11-23 14:25:22

 

Pre-Run: 36 196 151 296 bytes free

Post-Run: 36,187,885,568 bytes free

 

299

 

 

[raWrz]

kjenner du til vikke_1994Picture86516684388.JPG-imageshack.scr.zip?

 

hvis ikke gjør dette: Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

c:\windows\vikke_1994Picture86516684388.JPG-imageshack.scr.zip

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

Endret 23. november 2008 av Submit

[HLSolbjorg]

 

 

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:

Service

Service load: 0% 100%

 

File: vikke_1994Picture86516684388.JPG-imageshack.scr.zip

Status: INFECTED/MALWARE

MD5: e3f4db6f56e96adac572250387c68e14

Packers detected: -

 

Scanner results

Scan taken on 23 Nov 2008 15:55:17 (GMT)

A-Squared Found VirTool.Win32.CeeInject!IK

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found Trojan.PWS.Banker.9441

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found Trojan.Win32.AntiAV.tq

G DATA Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found Trojan.Win32.AntiAV.tq

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found Troj/Inject-DF

VirusBuster Found nothing

VBA32 Found nothing

 

 

 

 

Statistics

Last file scanned at least one scanner reported something about: head-10.exe (MD5: 7698dab46bd36f2833c5f20d987dbff4, size: 51352 bytes), detected by:

Scanner Malware name

A-Squared Trojan-Downloader.Win32.Pakernat.A!IK

AntiVir W32/Virut.BO

ArcaVir Trojan.Agent.Aqo

Avast Win32:Agent-LMG

AVG Antivirus X

BitDefender Win32.Virut.U

ClamAV Trojan.Small-4180

CPsecure X

Dr.Web Win32.Virut.50

F-Prot Antivirus W32/Trojan.BXFW

F-Secure Anti-Virus Virus.Win32.Virut.bu

G DATA Win32:Agent-LMG

Ikarus Trojan-Downloader.Win32.Pakernat.A

Kaspersky Anti-Virus Virus.Win32.Virut.bu

NOD32 Win32/Virut.NBH

Norman Virus Control W32/Virut.BQ

Panda Antivirus W32/Virutas.FG

Sophos Antivirus Mal/Generic-A

VirusBuster X

VBA32 Embedded.Trojan.Win32.Agent.aqo

 

 

Endret 23. november 2008 av HLSolbjorg

[raWrz]

takk nå kommer jeg til og få en fin strekk i fingerene

 

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

c:\windows\system32\helper.xml

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post,

Endret 23. november 2008 av Submit

[HLSolbjorg]

 

 

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:

Service

Service load: 0% 100%

 

File: helper.xml

Status: INFECTED/MALWARE

MD5: 5ffabc6ef272d7211d4dbefffdd304e2

Packers detected: -

 

Scanner results

Scan taken on 23 Nov 2008 16:08:46 (GMT)

A-Squared Found Trojan-Spy.Banker.NR!IK

AntiVir Found TR/Drop.Banke.cnx.2

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found Trojan.Spy.Finanz.J

ClamAV Found nothing

CPsecure Found Troj.Spy.W32.Banker.cji

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

G DATA Found Trojan.Spy.Finanz.J

Ikarus Found Trojan-Spy.Banker.NR

Kaspersky Anti-Virus Found nothing

NOD32 Found probably a variant of Win32/Spy.Agent (probable variant)

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found Troj/BankKL-A

VirusBuster Found nothing

VBA32 Found nothing

 

 

 

Statistics

Last file scanned at least one scanner reported something about: SavagePrawnBot_1.3.rar (MD5: 7baee1e10287bbc39c295d616a242794, size: 183570 bytes), detected by:

Scanner Malware name

A-Squared Trojan.Win32.Stration!IK

AntiVir TR/Dldr.Delf.psm

ArcaVir Trojan.Downloader.Delf.Psm

Avast Win32:Neptunia-AFZ

AVG Antivirus X

BitDefender Trojan.Generic.738017

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus W32/Injector.A.gen!Eldorado

F-Secure Anti-Virus Trojan-Downloader.Win32.Delf.psm

G DATA Win32:Neptunia-AFZ

Ikarus Trojan.Win32.Stration.A

Kaspersky Anti-Virus Trojan-Downloader.Win32.Delf.psm

NOD32 X

Norman Virus Control X

Panda Antivirus Trj/Agent.GPP

Sophos Antivirus X

VirusBuster X

VBA32 Trojan-Downloader.Win32.Delf.psm

 

 

Endret 23. november 2008 av HLSolbjorg