Just nu i M3-nätverket
Jump to content
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

DDCYYVW.DLL Spya (trojan backdoor)

Plaincollar

By Plaincollar,
in Virus, skadliga program & botemedel

Recommended Posts

Plaincollar

Plaincollar

Posted
Posted

Så var det dags igen. Har drabbats av en spya som inte syns i utforskaren. Den har tydligen en tendens att att byta skepnad, så vitt jag vet går den under ett 50-tal namn, bl a URQQQRS.DLL.

 

Vondofix hittade den här ddcyyvw av en slump i %wimdir%sys32 men den finns inte där?! När Vondofix ska reboota går datorn ner i viloläge fast jag "förbjudit" den (tror jag). (By some reason kan jag inte köra felsäkert för då blandar hårddiskarna ihop sig = Erd C + ominstall (en annan historia)).

 

"We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards." SB s&d.

 

Hur ska jag ta bort eländet när jag inte ser den?????

 

Mvh Pc

 

 

[log]URQQQRS.DLL may use 46 or more path and file names, these are the most common:

1 :%DESKTOP%\BACKUPS\BACKUP-20070323-164337-673.DLL

2 :%WINDIR%\SYSTEM32\AWTQPQP.DLL

3 :%WINDIR%\SYSTEM32\DDCBYYW.DLL

4 :%WINDIR%\SYSTEM32\DDCYYVW.DLL

5 :%WINDIR%\SYSTEM32\EFCCAAB.DLL

6 :%WINDIR%\SYSTEM32\FCCCYAB.DLL

7 :%WINDIR%\SYSTEM32\HGGEEBX.DLL

8 :%WINDIR%\SYSTEM32\JKKIJII.DLL

9 :%WINDIR%\SYSTEM32\JKKJIHI.DLL

10:%WINDIR%\SYSTEM32\KHFDAWV.DLL

11:%WINDIR%\SYSTEM32\KHFECDD.DLL

12:%WINDIR%\SYSTEM32\KHFFFFE.DLL

13:%WINDIR%\SYSTEM32\LJJIFDE.DLL

14:%WINDIR%\SYSTEM32\LJJIGEB.DLL

15:%WINDIR%\SYSTEM32\LJJIIFC.DLL[/log]

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted
"We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards." SB s&d.

Varifrån kommer det?

 

Börja med en HijackThis-logg.

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Den här sidan? http://forums.spybot.info/showthread.php?t=14922

Den datorn har ju flera infektioner, bara för att någon där är mycket allvarlig så behöver ju inte det betyda att din dator har just den infektionen.

 

Det finns alternativ till VundoFix, men först en HijackThis-logg.

 

Hur ser du att datorn går ner i viloläge? Och hur långt har omstarten kommit då?

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Nej, när Vundofix skall reboota går datorn ner i vänteläge istället. Rebooten blir ett viloläge. "Entering sleep mode" istället för "loggas ut" eller vad det nu står vid omstart.

 

Skickar med HJT-loggen. Finns ett och annat jack verkar det som!?

 

MVH pc

 

ädet:

Jag kanske har sovit för lite på sistone men nu verkar datorn/Vundofix jobba på trots allt....Avvaktar en stund och ser om den startar eller somnar. // Pc

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 14:28:04, on 2007-07-06

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

E:\Windows\system32\Dwm.exe

E:\Windows\Explorer.EXE

E:\Program Files\Windows Defender\MSASCui.exe

C:\Program\DAEMON Tools\daemon.exe

E:\Program Files\ESET\nod32kui.exe

E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

E:\Windows\WindowsMobile\wmdc.exe

E:\Windows\System32\rundll32.exe

E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

E:\Windows\System32\rundll32.exe

E:\Windows\system32\wbem\unsecapp.exe

E:\Windows\System32\mobsync.exe

E:\Program Files\Windows Media Player\wmpnscfg.exe

E:\Windows\system32\taskeng.exe

E:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/webhp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [DAEMON Tools] "c:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE E:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: @E:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @E:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: e:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{25F39F6C-5DBB-45C3-9014-CFAC0A446CA5}: NameServer = 195.54.122.200,195.54.122.204,81.26.227.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBA0C952-B989-454D-B925-5076745A4CE4}: NameServer = 195.54.122.204,195.54.122.200,81.26.227.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: ddcyyvw - ddcyyvw.dll (file missing)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - E:\Windows\system32\agrsmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe

O23 - Service: O&O Defrag - O&O Software GmbH - E:\Windows\system32\oodag.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program\alcohol\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - E:\Windows\SYSTEM32\VundoFixSVC.exe[/log]

 

[inlägget ändrat 2007-07-06 15:03:53 av Plaincollar]

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Det är inte så att datorn bara stänger av sig eller kraschar, för skärmar visar ofta något sådant om sleep mode när de inte längre får någon signal från datorn.

 

Enligt HijackThis-loggen så ser Vundo-infektionen ut att vara oskadliggjord i alla fall. Men VundoFix väntar på att gå klart.

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg.

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Hej Cecilia

 

Problemet är på min stationära dator som tyvärr!! kör Vista vilket Combofix precis som jag inte gillar........ Finns det något alternativ till Combo? // Pc

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Hur har det gått med VundoFix? Har du fått någon logg C:\vundofix.txt? I så fall vill jag se den.

 

Se om det här fungerar då. Ladda ner Deckard's System Scanner till Skrivbordet.

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

Avsluta alla program.

Kör programmet och följ anvisningarna som visas.

När det är klart så skapas två loggfiler, main.txt och extra.txt i samma mapp som skannern ligger i. Klistra in dem här.

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Nä, Vundo gick ner för reboot men den stannade där. Burken gick för fullt men processorn verkade stå still. Efter ett par timmar! startade jag om. Skall köra Deckard nu direkt. Återkommer. // Pc

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Hej

Försökte köra Deckards men mitt i så dök det upp "dss.exe has stoped working" "Do you..send information...Microsoft...."

Kan det precis som Combo ha problem med Vista eller..? Vad göra???

Häsn Pc

 

 

Ädet:

Vet inte om det här säger något...?

 

[log]- System

 

- Provider

 

[ Name] Windows Error Reporting

 

- EventID 1001

 

[ Qualifiers] 0

 

Level 4

 

Task 0

 

Keywords 0x80000000000000

 

- TimeCreated

 

[ SystemTime] 2007-07-07T02:38:11.000Z

 

EventRecordID 15054

 

Channel Application

 

Computer nok-PC

 

Security

 

 

- EventData

 

431750777

1

APPCRASH

None

0

dss.exe

3.2.2.0

458d07e2

ntdll.dll

6.0.6000.16386

4549bdc9

c0000005

00062086

 

 

E:\Users\Administrator.nok-PC\AppData\Local\Temp\WER2DBE.tmp.version.txt E:\Users\Administrator.nok-PC\AppData\Local\Temp\WER489A.tmp.appcompat.txt E:\Users\Administrator.nok-PC\AppData\Local\Temp\WER5CDF.tmp.mdmp

E:\Users\Administrator.nok-PC\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report05872548

- System

 

- Provider

 

[ Name] Microsoft-Windows-DistributedCOM

[ Guid] {1B562E86-B7AA-4131-BADC-B6F3A001407E}

[ EventSourceName] DCOM

 

- EventID 10029

 

[ Qualifiers] 49152

 

Version 0

 

Level 4

 

Task 0

 

Opcode 0

 

Keywords 0x80000000000000

 

- TimeCreated

 

[ SystemTime] 2007-07-07T02:16:48.000Z

 

EventRecordID 31881

 

Correlation

 

- Execution

 

[ ProcessID] 0

[ ThreadID] 0

 

Channel System

 

Computer nok-PC

 

Security

 

 

- EventData

 

param1 VSS

param2

param3 {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} [/log]

[inlägget ändrat 2007-07-07 16:34:13 av Plaincollar]

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Kan ju vara otrevligheten som orsakar det också. Skapades det någon logg?

 

Försök köra skannern i felsäkert läge.

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Cecilia

Ja men det är väl inte riktigt en log...

Ja det där med safe mode...; När jag startar safe mode så kraschar allting. Har hänt två gånger (de enda gångerna jag använt safe mode) första gången fick ett fullblodsproffs det att fungera efter x antal timmar, andra gången fick jag ominstallera rubbet. Så har burken varit från först början......

 

Visserligen har jag 500 GB i burken men 95% är skräp så jag kan nog gambla en del. Så vad kan man göra i unsafe mode? Vill ju inte ha något elände i burken som ingen riktigt vet vad det är.

 

Häls Pc

 

 

[log]Administrator\Documents\dss_stopper.txt

 

E:\Users\Administrator.nok-PC\AppData\Local\Temp\WER2DBE.tmp.version.txt

E:\Users\Administrator.nok-PC\AppData\Local\Temp\WER489A.tmp.appcompat.txt

E:\Users\Administrator.nok-PC\AppData\Local\Temp\WER5CDF.tmp.mdmp

 

Read our privacy statement:

http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409[/log]

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Jag har inte sett din ändring av ditt inlägg igår förrän nu.

 

APPCRASH

None

0

dss.exe

 

dss.exe är Deckards skanner, APPCRASH är väl en förkortning för Application (Program) krasch.

 

Vet för lite hur felmeddelendena i Vista är uppbyggda för att våga mig på en tolkning.

 

Både ComboFix och Deckards skanner går igenom mappar som är vanliga att otrevligheter lägger sig i och listar upp filer som har tillkommit eller ändrats där sista månaden. Man kan sedan slå upp dessa filer så att man vet om det är något otrevligt kvar i dessa mappar.

 

SUPERAntiSpyware Free Edition ska fungera i Vista i alla fall. Ladda hem och installera gratisversionen av SUPERAntiSpyware Free Edition:

http://www.superantispyware.com/download.html

Starta programmet, klicka på Check for updates.

Klicka på Scan your Computer.

Bocka för alla hårddiskar (fixed drive/disk).

Välj Perform complete scan

Nästa/Next

 

När skanningen är klar som kommer det upp en sammanfattning, tryck på OK

Nästa/Next

Utför eller liknande

Ett fönster med Quarantine and removal Complete kommer upp

OK

Utför eller liknande

Avsluta programmet.

 

Starta om.

 

Starta SUPERAntiSpyware, tryck på Preferences, välj fliken Statistics/Logs.

Dubbelklicka på den nyaste SUPERAntiSpyware Scan Log så att loggen kommer upp i Anteckningar.

Klistra in loggen i ditt svar samt en ny HijackThis-logg.

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Hej Cecilia

Ursäkta att jag inte återkommit förrän nu men här har allt som kan förkniippas med IT har satt sit på tvären. Alla musar t ex har levt sitt eget liv, tyvärr på fler datorer än denna.

 

Jag körde Superspy 2 ggr. 1:a svepet gav 186 virusvarningar, 2:a gav 8. Jag hittade en lustig process, URLMon.exe. Jag´chansade och körde safe mode (vilket fungerade?) och deletade den. Den är inte jätteomskriven på Google. Bifogar loggarna från Superspy. Får se om du ser något?

 

MVH Pc

 

 

[log]SUPERAntiSpyware Scan Log

http://www.superantispyware.com'>http://www.superantispyware.com

 

Generated 07/10/2007 at 08:59 AM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3267

Trace Rules Database Version: 1278

 

Scan type : Complete Scan

Total Scan Time : 01:57:06

 

Memory items scanned : 653

Memory threats detected : 0

Registry items scanned : 7230

Registry threats detected : 6

File items scanned : 179222

File threats detected : 187

 

Adware.Vundo Variant

HKLM\Software\Classes\CLSID\{7AC06F58-F80C-4940-A14C-E09FE77F9DD2}

HKCR\CLSID\{7AC06F58-F80C-4940-A14C-E09FE77F9DD2}

HKCR\CLSID\{7AC06F58-F80C-4940-A14C-E09FE77F9DD2}\InprocServer32

HKCR\CLSID\{7AC06F58-F80C-4940-A14C-E09FE77F9DD2}\InprocServer32#ThreadingModel

E:\WINDOWS\SYSTEM32\DDCYYVW.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{7AC06F58-F80C-4940-A14C-E09FE77F9DD2}

HKCR\CLSID\{7AC06F58-F80C-4940-A14C-E09FE77F9DD2}

 

Adware.Tracking Cookie

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@atdmt[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adtech[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adbrite[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@specificclick[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@revsci[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tribalfusion[1].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@zango[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www.zango[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.adbrite[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www.zango[3].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@imrworldwide[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.adtoma[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@livenation.122.2o7[1].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adserver.banneradministration[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@questionmarket[1].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@thoughtsmedia.us.intellitxt[1].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tripod[1].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.yieldmanager[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@track.adform[2].txt

C:\Documents and Settings\admin\Cookies\admin@imrworldwide[1].txt

C:\Documents and Settings\Administratör\Cookies\administratör@ads.revsci[1].txt

C:\Documents and Settings\Gäst\Cookies\gäst@ad.zanox[2].txt

C:\Documents and Settings\Gäst\Cookies\gäst@imrworldwide[1].txt

C:\Documents and Settings\KR\Cookies\kr@3.adbrite[2].txt

C:\Documents and Settings\KR\Cookies\kr@acvs.mediaonenetwork[1].txt

C:\Documents and Settings\KR\Cookies\kr@ad-server.gulasidorna[2].txt

C:\Documents and Settings\KR\Cookies\kr@ad.bb[2].txt

C:\Documents and Settings\KR\Cookies\kr@ad.zanox[2].txt

C:\Documents and Settings\KR\Cookies\kr@ad1.bb[2].txt

C:\Documents and Settings\KR\Cookies\kr@adrevenue[1].txt

C:\Documents and Settings\KR\Cookies\kr@ads.adbrite[1].txt

C:\Documents and Settings\KR\Cookies\kr@ads.blizzard[1].txt

C:\Documents and Settings\KR\Cookies\kr@ads.cdfreaks[2].txt

C:\Documents and Settings\KR\Cookies\kr@ads.isupport[2].txt

C:\Documents and Settings\KR\Cookies\kr@ads.nordichardware[2].txt

C:\Documents and Settings\KR\Cookies\kr@atwola[1].txt

C:\Documents and Settings\KR\Cookies\kr@chappel.pro-gmedia[2].txt

C:\Documents and Settings\KR\Cookies\kr@clicksor[1].txt

C:\Documents and Settings\KR\Cookies\kr@clicktorrent[1].txt

C:\Documents and Settings\KR\Cookies\kr@itxt.vibrantmedia[1].txt

C:\Documents and Settings\KR\Cookies\kr@media.sensis.com[2].txt

C:\Documents and Settings\KR\Cookies\kr@mediaonenetwork[1].txt

C:\Documents and Settings\KR\Cookies\kr@mywebsearch[1].txt

C:\Documents and Settings\KR\Cookies\kr@pamedia.com[1].txt

C:\Documents and Settings\KR\Cookies\kr@precisionclick[2].txt

C:\Documents and Settings\KR\Cookies\kr@sensismediasmart.com[1].txt

C:\Documents and Settings\KR\Cookies\kr@serving.rpowermedia[1].txt

C:\Documents and Settings\KR\Cookies\kr@timmson20.tripod[1].txt

C:\Documents and Settings\KR\Cookies\kr@toplist[1].txt

C:\Documents and Settings\KR\Cookies\kr@tracking.notabenestats[1].txt

C:\Documents and Settings\KR\Cookies\kr@tracking.webdiversity.co[1].txt

C:\Documents and Settings\KR\Cookies\kr@usenext[1].txt

C:\Documents and Settings\KR\Cookies\kr@www.clickgamer[1].txt

C:\Documents and Settings\KR\Cookies\kr@www.e-bannerx[1].txt

C:\Documents and Settings\KR\Cookies\kr@www.googleadservices[1].txt

C:\Documents and Settings\KR\Cookies\kr@www.googleadservices[2].txt

C:\Documents and Settings\KR\Cookies\kr@www.googleadservices[3].txt

C:\Documents and Settings\KR\Cookies\kr@www.searchenginetracking[1].txt

C:\Documents and Settings\KR\Cookies\kr@www1.addfreestats[1].txt

C:\Documents and Settings\KR\Cookies\kr@www6.addfreestats[1].txt

C:\Documents and Settings\KR\Cookies\kr@xiti[1].txt

C:\dokument and settings\KR\Cookies\kr@1.adbrite[1].txt

C:\dokument and settings\KR\Cookies\kr@3.adbrite[1].txt

C:\dokument and settings\KR\Cookies\kr@3.adbrite[2].txt

C:\dokument and settings\KR\Cookies\kr@ad.zanox[1].txt

C:\dokument and settings\KR\Cookies\kr@ad.zanox[3].txt

C:\dokument and settings\KR\Cookies\kr@ad1.targetgraph[1].txt

C:\dokument and settings\KR\Cookies\kr@adecn[1].txt

C:\dokument and settings\KR\Cookies\kr@adopt.hbmediapro[1].txt

C:\dokument and settings\KR\Cookies\kr@ads.advancedpcmedia[1].txt

C:\dokument and settings\KR\Cookies\kr@ads.digitalmedianet[1].txt

C:\dokument and settings\KR\Cookies\kr@ads.mediaturf[2].txt

C:\dokument and settings\KR\Cookies\kr@atwola[1].txt

C:\dokument and settings\KR\Cookies\kr@azjmp[1].txt

C:\dokument and settings\KR\Cookies\kr@clicksor[1].txt

C:\dokument and settings\KR\Cookies\kr@clicktorrent[2].txt

C:\dokument and settings\KR\Cookies\kr@euros4click[2].txt

C:\dokument and settings\KR\Cookies\kr@forums.hardwarezone[2].txt

C:\dokument and settings\KR\Cookies\kr@gtb1.acecounter[2].txt

C:\dokument and settings\KR\Cookies\kr@hardwarezone[2].txt

C:\dokument and settings\KR\Cookies\kr@itxt.vibrantmedia[1].txt

C:\dokument and settings\KR\Cookies\kr@kanoodle[2].txt

C:\dokument and settings\KR\Cookies\kr@keygencrack[2].txt

C:\dokument and settings\KR\Cookies\kr@m1.webstats4u[2].txt

C:\dokument and settings\KR\Cookies\kr@media.sensis.com[2].txt

C:\dokument and settings\KR\Cookies\kr@mywebsearch[1].txt

C:\dokument and settings\KR\Cookies\kr@mywebsearch[2].txt

C:\dokument and settings\KR\Cookies\kr@netmediagroup[2].txt

C:\dokument and settings\KR\Cookies\kr@postclicktracking[2].txt

C:\dokument and settings\KR\Cookies\kr@sales.liveperson[2].txt

C:\dokument and settings\KR\Cookies\kr@serialz[2].txt

C:\dokument and settings\KR\Cookies\kr@serving.rpowermedia[1].txt

C:\dokument and settings\KR\Cookies\kr@smileycentral[1].txt

C:\dokument and settings\KR\Cookies\kr@streamit.hardwarezone[2].txt

C:\dokument and settings\KR\Cookies\kr@toplist[1].txt

C:\dokument and settings\KR\Cookies\kr@warezarmy[2].txt

C:\dokument and settings\KR\Cookies\kr@warezrecon[1].txt

C:\dokument and settings\KR\Cookies\kr@www.3dstats[1].txt

C:\dokument and settings\KR\Cookies\kr@www.clickgamer[1].txt

C:\dokument and settings\KR\Cookies\kr@www.googleadservices[1].txt

C:\dokument and settings\KR\Cookies\kr@www.googleadservices[2].txt

C:\dokument and settings\KR\Cookies\kr@www.precisioncounter[1].txt

C:\dokument and settings\KR\Cookies\kr@www.short-media[2].txt

C:\dokument and settings\KR\Cookies\kr@www.warezrecon[1].txt

C:\dokument and settings\KR\Cookies\kr@www.windowsmedia[2].txt

C:\dokument and settings\KR\Cookies\kr@www3.addfreestats[2].txt

C:\dokument and settings\KR\Cookies\kr@xiti[1].txt

C:\dokument and settings\KR\Cookies\kr@xtendmedia[1].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@ad.adtoma[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@ad.yieldmanager[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@adbrite[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@ads.adbrite[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@adserver.banneradministration[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@adtech[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@atdmt[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@imrworldwide[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@livenation.122.2o7[1].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@questionmarket[1].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@revsci[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@specificclick[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@thoughtsmedia.us.intellitxt[1].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@track.adform[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@tribalfusion[1].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@tripod[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@imrworldwide[2].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@milliitah.tripod[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@tripod.lycos[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ad.adtoma[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ad.zanox[2].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.hbmediapro[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ads.aol.co[2].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ads.heias[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@bonnier.banneradministration[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@clicktorrent[2].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@imrworldwide[2].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m1.webstats.motigo[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m1.webstats4u[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@mtg.banneradministration[2].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tracking.notabenestats[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@www.googleadservices[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@www1.addfreestats[1].txt

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@xiti[1].txt

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@ads.adbrite[2].txt

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@imrworldwide[2].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@3.adbrite[1].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@ad.zanox[1].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@clicktorrent[1].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@clomedia[1].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@imrworldwide[2].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@3.adbrite[1].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@ad.zanox[2].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@atwola[1].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@clicktorrent[2].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@imrworldwide[2].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@postclicktracking[1].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@toplist[1].txt

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@usenext[2].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ad.zanox[1].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ads.isupport[2].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ads.realtechnetwork[1].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@clicksor[1].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@clicktorrent[2].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@downloads.serialz[1].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@serialdevil[2].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@serialz[2].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@theteenxxx[2].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@toplist[1].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@www.fullreleases[1].txt

E:\Windows.old\Documents and Settings\kr\Cookies\kr@www.serialdevil[1].txt

 

Browser Hijacker.Favorites

C:\DOKUMENT AND SETTINGS\KR\FAVORITER\ONLINE SECURITY TEST.URL

 

Trojan.Media-Codec

D:\MINA DOKUMENT\WM_KR MINA DOKUMENT\PPMANAGER.1056.EXE

 

Adware.WhenU

D:\PROGRAM\DAEMON TOOLS\SETUPDTSB.EXE

 

Trace.Known Threat Sources

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\YTC365A1\red_btn[1].gif

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\BU4JV9KD\chantavid03.wmv[1].jpg

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\sativarosebgvid005.wmv[1].jpg

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\YTC365A1\lainoibgvid005.wmv[1].jpg

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\BU4JV9KD\brookehavenbgvid008.wmv[1].jpg

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\BU4JV9KD\natashavidall.wmv[1].jpg

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\terriweigelbgvid010.wmv[1].jpg

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\DetectEnvironment[1].js

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\KXG7ORGV\kianavid08.wmv[1].jpg

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\YTC365A1\lc[2].js

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\gecv2[1].js

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\courtneyvid07.wmv[1].jpg

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\KXG7ORGV\janamackenzieggvid010.wmv[1].jpg

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\Layout[1].js[/log]

 

 

 

[log]SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 07/10/2007 at 06:55 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3267

Trace Rules Database Version: 1278

 

Scan type : Complete Scan

Total Scan Time : 02:02:17

 

Memory items scanned : 612

Memory threats detected : 0

Registry items scanned : 7235

Registry threats detected : 0

File items scanned : 179782

File threats detected : 8

 

Adware.Tracking Cookie

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@atdmt[1].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adtech[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adbrite[2].txt

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.adbrite[1].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@adbrite[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@ads.adbrite[1].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@adtech[2].txt

E:\Users\Administrator.nok-PC\Application Data\Microsoft\Windows\Cookies\administrator@atdmt[1].txt[/log]

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Inget att be om ursäkt för.

 

Det var ju tur att det mesta som SUPERAntiSpyware hittade var cookies som ju inte är farliga för datorn. Den hittade lite Vundo-grejor också.

 

Jag´chansade och körde safe mode
:thumbsup:

 

En ny HijackThis-logg så får vi se om allt ser bra ut där.

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Hej, översänder hjt-loggen!

Mvh Pc

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:33:14, on 2007-07-11

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

E:\Windows\system32\Dwm.exe

E:\Windows\Explorer.EXE

E:\Program Files\Windows Defender\MSASCui.exe

C:\Program\DAEMON Tools\daemon.exe

E:\Program Files\ESET\nod32kui.exe

E:\Windows\WindowsMobile\wmdc.exe

E:\Windows\System32\rundll32.exe

E:\Windows\System32\rundll32.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

E:\Program Files\Microsoft IntelliPoint\ipoint.exe

E:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\drivers\setup\manager.exe

E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

E:\Windows\System32\mobsync.exe

E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

E:\Windows\system32\wbem\unsecapp.exe

E:\Program Files\Windows Media Player\wmpnscfg.exe

E:\Windows\system32\taskeng.exe

C:\WINDOWS\system32\drivers\setup\irc\irc.exe

E:\Windows\system32\taskmgr.exe

E:\Windows\system32\conime.exe

E:\Windows\system32\wuauclt.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Windows NT\Accessories\WORDPAD.EXE

E:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/webhp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [DAEMON Tools] "c:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE E:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"

O4 - HKLM\..\Run: [intelliPoint] "E:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "E:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster2] e:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: @E:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @E:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: e:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{25F39F6C-5DBB-45C3-9014-CFAC0A446CA5}: NameServer = 195.54.122.200,195.54.122.204,81.26.227.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBA0C952-B989-454D-B925-5076745A4CE4}: NameServer = 195.54.122.204,195.54.122.200,81.26.227.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: ddcyyvw - ddcyyvw.dll (file missing)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - E:\Windows\system32\agrsmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program\alcohol\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - E:\Windows\SYSTEM32\VundoFixSVC.exe[/log]

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\Windows\System32\drivers\setup\manager.exe

C:\WINDOWS\system32\drivers\setup\irc\irc.exe

%SystemRoot%\system32\qwave.dll

 

Jag ser att du har AVG Anti-Spyware nu också. Har den hittat något och finns det i så fall en logg du kan klistra in?

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp VundoFix Service i listan, dubbelklicka och välj Startmetod Inaktiverad.

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Hej Cecilia

Här kommer 2 loggar från AVG, första hade 186 fula filer......

Mvh Pc

 

 

[log]AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:33:26 2007-07-08

 

+ Scan result:

 

 

 

D:\Program\BitLord\Downloads\Nyttiga program.zip/Nyttiga program/idman504f with kg and patch.zip/IDM_kg.rar/Patch.exe -> Backdoor.Pcclient.gv : No action taken.

D:\Program\BitLord\Downloads\Nyttiga program\Nyttiga program\idman504f with kg and patch.zip/IDM_kg.rar/Patch.exe -> Backdoor.Pcclient.gv : No action taken.

D:\Program\BitLord\Downloads\TuneUp Utilities 2007 Windows Vista Ready\TuneUp Utilities 2007.exe/sinnerz.EXE/SiN1.exe -> Backdoor.Rbot.bll : No action taken.

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : No action taken.

D:\Program\BitLord\Downloads\PPC.Apps.Games.July.2004\Sensiva.Symbol.Commander.1.2.cracked.regged.PPC.ALL.by.incognito\Sensiva.Symbol.Commander.1.2.cracked.regged.PPC.ALL.by.incognito.zip/symbolcommanderR1.2patch.exe -> Not-A-Virus.HackTool.Win32.Patcher.b : No action taken.

D:\Program\BitLord\Downloads\Kaspersky.Antivirus.2006.v6.0.0.303.Incl Key [11-oct-2006]\Install.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@3.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.135:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Adobe : No action taken.

:mozilla.67:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Adobe : No action taken.

C:\Documents and Settings\Administratör\Cookies\administratör@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.

C:\dokument and settings\KR\Cookies\kr@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.

:mozilla.13:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

:mozilla.14:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adtech[2].txt -> TrackingCookie.Adtech : No action taken.

:mozilla.17:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.

:mozilla.18:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.

:mozilla.19:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.

:mozilla.27:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.

:mozilla.18:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Com : No action taken.

C:\Documents and Settings\KR\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : No action taken.

C:\dokument and settings\KR\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@connextra[1].txt -> TrackingCookie.Connextra : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.

:mozilla.25:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

:mozilla.26:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

:mozilla.36:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

:mozilla.37:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

C:\dokument and settings\KR\Cookies\kr@search.live[2].txt -> TrackingCookie.Live : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@search.live[2].txt -> TrackingCookie.Live : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@search.live[1].txt -> TrackingCookie.Live : No action taken.

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@search.live[1].txt -> TrackingCookie.Live : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@search.live[1].txt -> TrackingCookie.Live : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@search.live[2].txt -> TrackingCookie.Live : No action taken.

C:\Documents and Settings\Gäst\Cookies\gäst@search.msn[1].txt -> TrackingCookie.Msn : No action taken.

C:\Documents and Settings\KR\Cookies\kr@search.msn[1].txt -> TrackingCookie.Msn : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ie.search.msn[2].txt -> TrackingCookie.Msn : No action taken.

:mozilla.90:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Netflame : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.

:mozilla.148:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Paypal : No action taken.

C:\Documents and Settings\KR\Cookies\kr@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.

:mozilla.78:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Real : No action taken.

C:\Documents and Settings\KR\Cookies\kr@realguide.real[1].txt -> TrackingCookie.Real : No action taken.

:mozilla.128:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.129:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.23:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.24:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.25:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.26:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.81:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.82:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.

:mozilla.120:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.

:mozilla.8:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.

:mozilla.99:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.

C:\Documents and Settings\Administratör\Cookies\administratör@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

C:\Documents and Settings\Gäst\Cookies\gäst@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.

C:\Documents and Settings\KR\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

C:\dokument and settings\KR\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

E:\ATT SPARA 070221\vista crack\Files\Crack\Vista RTM Crack.exe -> Trojan.Activcrk.a : No action taken.

E:\ATT SPARA 070221\vista crack\Files\Crack\timerstop.sys -> Trojan.ActivCrk.b : No action taken.

E:\Windows\System32\timerstop.sys -> Trojan.ActivCrk.b : No action taken.

C:\Documents and Settings\Administratör\graphics32.exe -> Trojan.Agent : No action taken.

C:\Documents and Settings\Gäst\graphics32.exe -> Trojan.Agent : No action taken.

C:\Documents and Settings\KR\graphics32.exe -> Trojan.Agent : No action taken.

C:\Documents and Settings\admin\graphics32.exe -> Trojan.Agent : No action taken.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050519.exe -> Trojan.Agent : No action taken.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050956.exe -> Trojan.Agent : No action taken.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050970.exe -> Trojan.Agent : No action taken.

C:\dokument and settings\KR\graphics32.exe -> Trojan.Agent : No action taken.

D:\Program\BitLord\Downloads\Resco Pocket Radio v1.31\Resco Pocket Radio v1.31\graphics32.exe -> Trojan.Agent : No action taken.

D:\Program\BitLord\Downloads\TuneUp Utilities 2007 Windows Vista Ready\TuneUp Utilities 2007.exe/sinnerz.EXE/SiN2.exe -> Trojan.Agent : No action taken.

E:\Windows\System32\svcmon.exe -> Trojan.Agent : No action taken.

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1003\Dc10\Alcohol 120\star_syn_client.dll -> Trojan.Agent.abd : No action taken.

D:\Program\Tom Clancy's Splinter Cell Double Agent\SR7ÆÁ±Î¹¤¾ß.exe -> Trojan.Small : No action taken.[/log]

 

 

_____________________________________________________________

 

 

[log]AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 16:34:56 2007-07-08

 

+ Scan result:

 

 

 

D:\Program\BitLord\Downloads\Nyttiga program.zip/Nyttiga program/idman504f with kg and patch.zip/IDM_kg.rar/Patch.exe -> Backdoor.Pcclient.gv : Cleaned.

D:\Program\BitLord\Downloads\Nyttiga program\Nyttiga program\idman504f with kg and patch.zip/IDM_kg.rar/Patch.exe -> Backdoor.Pcclient.gv : Cleaned.

D:\Program\BitLord\Downloads\TuneUp Utilities 2007 Windows Vista Ready\TuneUp Utilities 2007.exe/sinnerz.EXE/SiN1.exe -> Backdoor.Rbot.bll : Cleaned.

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Cleaned.

D:\Program\BitLord\Downloads\PPC.Apps.Games.July.2004\Sensiva.Symbol.Commander.1.2.cracked.regged.PPC.ALL.by.incognito\Sensiva.Symbol.Commander.1.2.cracked.regged.PPC.ALL.by.incognito.zip/symbolcommanderR1.2patch.exe -> Not-A-Virus.HackTool.Win32.Patcher.b : Cleaned.

D:\Program\BitLord\Downloads\Kaspersky.Antivirus.2006.v6.0.0.303.Incl Key [11-oct-2006]\Install.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.135:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.

:mozilla.67:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.

C:\Documents and Settings\Administratör\Cookies\administratör@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.

C:\dokument and settings\KR\Cookies\kr@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.

:mozilla.13:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.14:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.17:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.18:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.19:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.27:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.

:mozilla.18:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

C:\dokument and settings\KR\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.25:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.26:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.36:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.37:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

C:\dokument and settings\KR\Cookies\kr@search.live[2].txt -> TrackingCookie.Live : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@search.live[2].txt -> TrackingCookie.Live : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@search.live[1].txt -> TrackingCookie.Live : Cleaned.

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@search.live[1].txt -> TrackingCookie.Live : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@search.live[1].txt -> TrackingCookie.Live : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@search.live[2].txt -> TrackingCookie.Live : Cleaned.

C:\Documents and Settings\Gäst\Cookies\gäst@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ie.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

:mozilla.90:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.

:mozilla.148:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.78:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.

:mozilla.128:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.129:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.23:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.24:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.25:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.26:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.81:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.82:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.120:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

:mozilla.8:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

:mozilla.99:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Administratör\Cookies\administratör@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Gäst\Cookies\gäst@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

C:\dokument and settings\KR\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

E:\ATT SPARA 070221\vista crack\Files\Crack\Vista RTM Crack.exe -> Trojan.Activcrk.a : Cleaned.

E:\ATT SPARA 070221\vista crack\Files\Crack\timerstop.sys -> Trojan.ActivCrk.b : Cleaned.

E:\Windows\System32\timerstop.sys -> Trojan.ActivCrk.b : Cleaned.

C:\Documents and Settings\Administratör\graphics32.exe -> Trojan.Agent : Cleaned.

C:\Documents and Settings\Gäst\graphics32.exe -> Trojan.Agent : Cleaned.

C:\Documents and Settings\KR\graphics32.exe -> Trojan.Agent : Cleaned.

C:\Documents and Settings\admin\graphics32.exe -> Trojan.Agent : Cleaned.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050519.exe -> Trojan.Agent : Cleaned.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050956.exe -> Trojan.Agent : Cleaned.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050970.exe -> Trojan.Agent : Cleaned.

C:\dokument and settings\KR\graphics32.exe -> Trojan.Agent : Cleaned.

D:\Program\BitLord\Downloads\Resco Pocket Radio v1.31\Resco Pocket Radio v1.31\graphics32.exe -> Trojan.Agent : Cleaned.

D:\Program\BitLord\Downloads\TuneUp Utilities 2007 Windows Vista Ready\TuneUp Utilities 2007.exe/sinnerz.EXE/SiN2.exe -> Trojan.Agent : Cleaned.

E:\Windows\System32\svcmon.exe -> Trojan.Agent : Cleaned.

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1003\Dc10\Alcohol 120\star_syn_client.dll -> Trojan.Agent.abd : Cleaned.

D:\Program\Tom Clancy's Splinter Cell Double Agent\SR7ÆÁ±Î¹¤¾ß.exe -> Trojan.Small : Cleaned.

 

 

::Report end[/log]

 

 

 

 

::Report end

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Du verkar behöva ta det lie lugnare med vad du laddar ner.

 

Som tur var så är ju de flesta av de 186 listade sakerna cookies, vilka inte är farliga för datorn.

 

Det är bättre att du ställer in AVG Anti-Spyware på att sätta det den hittar i karantän än att ta bort. Det kan ju hända att den tar fel.

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\Windows\System32\drivers\setup\manager.exe

C:\WINDOWS\system32\drivers\setup\irc\irc.exe

%SystemRoot%\system32\qwave.dll

 

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Hallå!

Körde de tre filerna i VT, -irc var infekterad. Manager och qwave var rena. Hittade även några qwave-filer i Winsys men dem var jag inte behörig till? Har också inaktiverat Vundofix i tjänster samt satt AVG till karantän.

 

Bifogar loggen från VT samt de två från AVG. Hubba.

Häls Pc

 

 

 

 

[log]Antivirus Version Last Update Result

AhnLab-V3 2007.7.13.0 2007.07.12 no virus found

AntiVir 7.4.0.39 2007.07.12 no virus found

Authentium 4.93.8 2007.07.12 no virus found

Avast 4.7.997.0 2007.07.12 no virus found

AVG 7.5.0.476 2007.07.12 BackDoor.Ircbot.BB

BitDefender 7.2 2007.07.12 Backdoor.IrcBot.ABDZ

CAT-QuickHeal 9.00 2007.07.12 no virus found

ClamAV devel-20070416 2007.07.12 no virus found

DrWeb 4.33 2007.07.12 no virus found

eSafe 7.0.15.0 2007.07.10 no virus found

eTrust-Vet 30.8.3781 2007.07.12 no virus found

Ewido 4.0 2007.07.12 Trojan.Small

FileAdvisor 1 2007.07.12 no virus found

Fortinet 2.91.0.0 2007.07.12 no virus found

F-Prot 4.3.2.48 2007.07.11 no virus found

Ikarus T3.1.1.8 2007.07.12 no virus found

Kaspersky 4.0.2.24 2007.07.12 no virus found

McAfee 5073 2007.07.12 no virus found

Microsoft 1.2704 2007.07.12 no virus found

NOD32v2 2395 2007.07.12 no virus found

Norman 5.80.02 2007.07.12 no virus found

Panda 9.0.0.4 2007.07.12 no virus found

Sophos 4.19.0 2007.07.06 no virus found

Sunbelt 2.2.907.0 2007.07.12 no virus found

Symantec 10 2007.07.12 no virus found

TheHacker 6.1.6.145 2007.07.12 no virus found

VBA32 3.12.0.2 2007.07.12 no virus found

VirusBuster 4.3.23:9 2007.07.12 no virus found

Webwasher-Gateway 6.0.1 2007.07.12 no virus found

Aditional information

File size: 24576 bytes

MD5: c311d7b82857b52972480ac930848cb0

SHA1: 7003c13a437dcfcdb3960c8fb2d647c1ccc3f379 [/log]

 

 

[log]AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:33:26 2007-07-08

 

+ Scan result:

 

 

 

D:\Program\BitLord\Downloads\Nyttiga program.zip/Nyttiga program/idman504f with kg and patch.zip/IDM_kg.rar/Patch.exe -> Backdoor.Pcclient.gv : No action taken.

D:\Program\BitLord\Downloads\Nyttiga program\Nyttiga program\idman504f with kg and patch.zip/IDM_kg.rar/Patch.exe -> Backdoor.Pcclient.gv : No action taken.

D:\Program\BitLord\Downloads\TuneUp Utilities 2007 Windows Vista Ready\TuneUp Utilities 2007.exe/sinnerz.EXE/SiN1.exe -> Backdoor.Rbot.bll : No action taken.

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : No action taken.

D:\Program\BitLord\Downloads\PPC.Apps.Games.July.2004\Sensiva.Symbol.Commander.1.2.cracked.regged.PPC.ALL.by.incognito\Sensiva.Symbol.Commander.1.2.cracked.regged.PPC.ALL.by.incognito.zip/symbolcommanderR1.2patch.exe -> Not-A-Virus.HackTool.Win32.Patcher.b : No action taken.

D:\Program\BitLord\Downloads\Kaspersky.Antivirus.2006.v6.0.0.303.Incl Key [11-oct-2006]\Install.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@3.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.135:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Adobe : No action taken.

:mozilla.67:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Adobe : No action taken.

C:\Documents and Settings\Administratör\Cookies\administratör@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.

C:\dokument and settings\KR\Cookies\kr@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.

:mozilla.13:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

:mozilla.14:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adtech[2].txt -> TrackingCookie.Adtech : No action taken.

:mozilla.17:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.

:mozilla.18:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.

:mozilla.19:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : No action taken.

:mozilla.27:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.

:mozilla.18:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Com : No action taken.

C:\Documents and Settings\KR\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : No action taken.

C:\dokument and settings\KR\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@connextra[1].txt -> TrackingCookie.Connextra : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.

:mozilla.25:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

:mozilla.26:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

:mozilla.36:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

:mozilla.37:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.

C:\dokument and settings\KR\Cookies\kr@search.live[2].txt -> TrackingCookie.Live : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@search.live[2].txt -> TrackingCookie.Live : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@search.live[1].txt -> TrackingCookie.Live : No action taken.

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@search.live[1].txt -> TrackingCookie.Live : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@search.live[1].txt -> TrackingCookie.Live : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@search.live[2].txt -> TrackingCookie.Live : No action taken.

C:\Documents and Settings\Gäst\Cookies\gäst@search.msn[1].txt -> TrackingCookie.Msn : No action taken.

C:\Documents and Settings\KR\Cookies\kr@search.msn[1].txt -> TrackingCookie.Msn : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ie.search.msn[2].txt -> TrackingCookie.Msn : No action taken.

:mozilla.90:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Netflame : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.

:mozilla.148:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Paypal : No action taken.

C:\Documents and Settings\KR\Cookies\kr@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.

:mozilla.78:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Real : No action taken.

C:\Documents and Settings\KR\Cookies\kr@realguide.real[1].txt -> TrackingCookie.Real : No action taken.

:mozilla.128:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.129:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.23:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.24:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.25:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.26:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.81:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

:mozilla.82:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.

:mozilla.120:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.

:mozilla.8:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.

:mozilla.99:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.

C:\Documents and Settings\Administratör\Cookies\administratör@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

C:\Documents and Settings\Gäst\Cookies\gäst@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.

C:\Documents and Settings\KR\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

C:\dokument and settings\KR\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.

E:\ATT SPARA 070221\vista crack\Files\Crack\Vista RTM Crack.exe -> Trojan.Activcrk.a : No action taken.

E:\ATT SPARA 070221\vista crack\Files\Crack\timerstop.sys -> Trojan.ActivCrk.b : No action taken.

E:\Windows\System32\timerstop.sys -> Trojan.ActivCrk.b : No action taken.

C:\Documents and Settings\Administratör\graphics32.exe -> Trojan.Agent : No action taken.

C:\Documents and Settings\Gäst\graphics32.exe -> Trojan.Agent : No action taken.

C:\Documents and Settings\KR\graphics32.exe -> Trojan.Agent : No action taken.

C:\Documents and Settings\admin\graphics32.exe -> Trojan.Agent : No action taken.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050519.exe -> Trojan.Agent : No action taken.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050956.exe -> Trojan.Agent : No action taken.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050970.exe -> Trojan.Agent : No action taken.

C:\dokument and settings\KR\graphics32.exe -> Trojan.Agent : No action taken.

D:\Program\BitLord\Downloads\Resco Pocket Radio v1.31\Resco Pocket Radio v1.31\graphics32.exe -> Trojan.Agent : No action taken.

D:\Program\BitLord\Downloads\TuneUp Utilities 2007 Windows Vista Ready\TuneUp Utilities 2007.exe/sinnerz.EXE/SiN2.exe -> Trojan.Agent : No action taken.

E:\Windows\System32\svcmon.exe -> Trojan.Agent : No action taken.

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1003\Dc10\Alcohol 120\star_syn_client.dll -> Trojan.Agent.abd : No action taken.

D:\Program\Tom Clancy's Splinter Cell Double Agent\SR7ÆÁ±Î¹¤¾ß.exe -> Trojan.Small : No action taken.

 

 

::Report end[/log]

 

 

[log]AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 16:34:56 2007-07-08

 

+ Scan result:

 

 

 

D:\Program\BitLord\Downloads\Nyttiga program.zip/Nyttiga program/idman504f with kg and patch.zip/IDM_kg.rar/Patch.exe -> Backdoor.Pcclient.gv : Cleaned.

D:\Program\BitLord\Downloads\Nyttiga program\Nyttiga program\idman504f with kg and patch.zip/IDM_kg.rar/Patch.exe -> Backdoor.Pcclient.gv : Cleaned.

D:\Program\BitLord\Downloads\TuneUp Utilities 2007 Windows Vista Ready\TuneUp Utilities 2007.exe/sinnerz.EXE/SiN1.exe -> Backdoor.Rbot.bll : Cleaned.

E:\Windows.old\Documents and Settings\kr\Lokala inställningar\Temporary Internet Files\Content.IE5\699YJEPW\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Cleaned.

D:\Program\BitLord\Downloads\PPC.Apps.Games.July.2004\Sensiva.Symbol.Commander.1.2.cracked.regged.PPC.ALL.by.incognito\Sensiva.Symbol.Commander.1.2.cracked.regged.PPC.ALL.by.incognito.zip/symbolcommanderR1.2patch.exe -> Not-A-Virus.HackTool.Win32.Patcher.b : Cleaned.

D:\Program\BitLord\Downloads\Kaspersky.Antivirus.2006.v6.0.0.303.Incl Key [11-oct-2006]\Install.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.135:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.

:mozilla.67:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.

C:\Documents and Settings\Administratör\Cookies\administratör@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.

C:\dokument and settings\KR\Cookies\kr@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.

:mozilla.13:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.14:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.17:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.18:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.19:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.27:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.

:mozilla.18:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

C:\dokument and settings\KR\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.25:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.26:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.36:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.37:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

C:\dokument and settings\KR\Cookies\kr@search.live[2].txt -> TrackingCookie.Live : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@search.live[2].txt -> TrackingCookie.Live : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@search.live[1].txt -> TrackingCookie.Live : Cleaned.

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@search.live[1].txt -> TrackingCookie.Live : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@search.live[1].txt -> TrackingCookie.Live : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@search.live[2].txt -> TrackingCookie.Live : Cleaned.

C:\Documents and Settings\Gäst\Cookies\gäst@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ie.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

:mozilla.90:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.

:mozilla.148:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.78:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.

:mozilla.128:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.129:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.23:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.24:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.25:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.26:E:\Users\Administrator.nok-PC\AppData\Roaming\Mozilla\Firefox\Profiles\fsb6emb2.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.81:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.82:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.

E:\Users\Administrator.nok-PC\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.120:C:\Documents and Settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

:mozilla.8:E:\Windows.old\Documents and Settings\kr\Application Data\Mozilla\Firefox\Profiles\typ0ae1j.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

:mozilla.99:C:\dokument and settings\KR\Application Data\Mozilla\Firefox\Profiles\cu8xodql.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Administratör\Cookies\administratör@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Gäst\Cookies\gäst@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\KR\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

C:\dokument and settings\KR\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Users\Kriller\AppData\Roaming\Microsoft\Windows\Cookies\Low\kriller@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\Low\nok@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Users\nok\AppData\Roaming\Microsoft\Windows\Cookies\nok@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

E:\Windows.old\Documents and Settings\kr\Cookies\kr@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

E:\ATT SPARA 070221\vista crack\Files\Crack\Vista RTM Crack.exe -> Trojan.Activcrk.a : Cleaned.

E:\ATT SPARA 070221\vista crack\Files\Crack\timerstop.sys -> Trojan.ActivCrk.b : Cleaned.

E:\Windows\System32\timerstop.sys -> Trojan.ActivCrk.b : Cleaned.

C:\Documents and Settings\Administratör\graphics32.exe -> Trojan.Agent : Cleaned.

C:\Documents and Settings\Gäst\graphics32.exe -> Trojan.Agent : Cleaned.

C:\Documents and Settings\KR\graphics32.exe -> Trojan.Agent : Cleaned.

C:\Documents and Settings\admin\graphics32.exe -> Trojan.Agent : Cleaned.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050519.exe -> Trojan.Agent : Cleaned.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050956.exe -> Trojan.Agent : Cleaned.

C:\System Volume Information\_restore{935490F7-7EA4-4F44-9759-7C372D97D697}\RP315\A0050970.exe -> Trojan.Agent : Cleaned.

C:\dokument and settings\KR\graphics32.exe -> Trojan.Agent : Cleaned.

D:\Program\BitLord\Downloads\Resco Pocket Radio v1.31\Resco Pocket Radio v1.31\graphics32.exe -> Trojan.Agent : Cleaned.

D:\Program\BitLord\Downloads\TuneUp Utilities 2007 Windows Vista Ready\TuneUp Utilities 2007.exe/sinnerz.EXE/SiN2.exe -> Trojan.Agent : Cleaned.

E:\Windows\System32\svcmon.exe -> Trojan.Agent : Cleaned.

C:\RECYCLER\S-1-5-21-682003330-484763869-725345543-1003\Dc10\Alcohol 120\star_syn_client.dll -> Trojan.Agent.abd : Cleaned.

D:\Program\Tom Clancy's Splinter Cell Double Agent\SR7ÆÁ±Î¹¤¾ß.exe -> Trojan.Small : Cleaned.

 

 

::Report end[/log]

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Eftersom manager.exe ligger i samma mapp som irc.exe så är det nog värt att titta lite mer på den. Gå till mappen C:\Windows\System32\drivers\setup. Vad finns det mer i den mappen? Går det att knyta till något du har installerat eller uppdaterat, t ex någon drivrutin? Du kan också titta på Egenskaper för manager.exe och se om det går att knyta filen till något företag eller produkt.

 

Loggarna från AVG Anti-Spyware är väl samma som du klistrade in förut?

 

Link to comment
Share on other sites
Plaincollar

Plaincollar

Posted
  • Author
Posted

Hej Cecilia

Jag tror inte jag ska ta mer av din tid i anspråk på den här datorn (HP Pav.) just nu. Den är alldeles för tilltuffsad. Det är nog lika bra att jag blåser ut rubbet (inkl Vista) och installerar XP på en ny formatering. Vet du något bra program som rensar datorn totalt (eller det kanske XP-installationen sköter om själv)?

Tack så mycket ändå så här långt.

 

Häls Pc

 

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Du ska kunna ta bort alla partitioner och formatera om med hjälp av XP-skivan, men du kan också tömma hårddisken helt med Killdisk:

http://www.killdisk.com/

 

Ta det lite lugnare med vad du laddar ner så går det nog bättre framöver.;)

 

[log]Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware Free Edition och/eller Spybot S&D regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

 

Använd en brandvägg (bättre än den inbyggda i XP), det finns gratis t ex Comodo och ZoneAlarm.

http://www.personalfirewall.comodo.com/

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

Länken "I only want basic ZoneAlarm protection" eller på

http://www.majorgeeks.com/ZoneAlarm_Free_d388.html

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmet SpywareBlaster, vilket hindrar en hel del otrevliga program från att laddas ner resp. köras http://www.javacoolsoftware.com , samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn http://www.spywarewarrior.com/uiuc/resource.htm

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips på:

http://surfthenetsafely.com/surfsafely6.htm

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Om man använder webbläsaren Firefox så är det lämpligt att ha tillägget NoScript.

http://www.mozilla.com

https://addons.mozilla.org/firefox/722/

 

Se vilka webbplatser som är säkra/osäkra med hjälp av SiteAdvisor http://www.siteadvisor.com

 

Allt gratis för hemanvändare/personligt bruk.

[/log]

 

Link to comment
Share on other sites
  • 3 weeks later...
Plaincollar

Plaincollar

Posted
  • Author
Posted

forts.... :-

Cecilia

Känner du till någon "pedagogisk" guide som beskriver hur man partitionerar dubbla hårddiskar med 2 partitioner på vardera? Har bara kört enkel partitionering på singeldisk tidigare. Stött på så mycket vid påläsning såsom Primär/logisk, enkel/dynamisk, Fdisk/format, dos/diskhanteraren, partition Magic, startdiskett/XP-skivan utsträckt/speglad, mm mm. Allt talar emot varandra. Var t ex börjar man utifrån en ny installation av XP med skivan etc. Har sökt med ljus och lykta men.....

 

Tacksam för tips

 

Mvh Pc

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing


×
×
  • Create New...