|
|
|
My problems
|
|
|
ReZeftY
Newbie
|
2. July 2006 @ 11:05 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 19:40:37, on 2006-07-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\Program\World of Warcraft\WoW.exe
C:\Program\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\WinRAR\WinRAR.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Johan\Mina dokument\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgSE2405.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
and avast said i got:
Win32.Delf-AQC
Win32:Fake-Alert
i hope i did not miss anything on my post. if so, just tell me.
Thanks in advance =)
Additional info:
the delf-aqc makes "g[random-numbers].dll" in my C:/Windows folder btw, and its there the virus is executed, i think. I tried to delete the file, but a program used it. it creates a new "g[random-numbers].dll" everytime i boot, i should add.
This message has been edited since posting. Last time this message was edited on 2. July 2006 @ 11:06
|
|
Advertisement
|
 |
|
|
Senior Member
|
3. July 2006 @ 06:25 |
Link to this message
|
Hi ReZeftY.
Ok, you got some infections on your computer....
Cleaning instructions:
Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/
-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.
Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.
Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgSE2405.exe
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml
Run ATF Cleaner -> Check select all -> Press Empty selected
-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.
-> When the scan has completed:
-> If infections were found you'll be prompted about what to do.
-> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
-> Then press Apply all actions and answer yes to all if it asks about something
-> Click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post
Restart your computer normally.
Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
ReZeftY
Newbie
|
3. July 2006 @ 16:12 |
Link to this message
|
Thanks for the quick reply, here is my logs.
Logfile of HijackThis v1.99.1
Scan saved at 02:07:03, on 2006-07-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\ewido anti-spyware 4.0\guard.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Johan\Mina dokument\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 02:02:19 2006-07-04
+ Scan result:
D:\Program\Virtual Maid\Virtual Maid.dll -> Adware.MaidBar : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Lokala inställningar\Temporary Internet Files\Content.IE5\5D0TB683\remote_load[1].htm -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Program\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wvuvvut.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc10.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc11.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc12.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc13.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc14.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc15.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc16.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc17.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc18.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc19.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc20.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc21.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc22.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc23.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc24.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc25.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc26.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc27.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc28.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc29.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc3.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc30.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc31.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc32.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc33.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc34.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc35.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc36.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc37.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc38.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc39.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc4.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc40.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc41.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc42.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc43.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc44.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc45.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc46.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc47.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc48.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc49.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc5.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc50.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc51.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc52.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc53.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc54.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc55.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc56.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc57.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc58.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc59.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc6.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc60.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc61.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc62.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc63.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc64.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc65.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc66.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc67.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc68.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc69.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc7.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc70.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc71.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc72.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc73.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc74.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc75.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc76.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc77.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc78.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc79.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc8.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc80.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc81.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc82.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc83.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc84.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc85.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc86.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc87.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc88.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1644491937-1844237615-725345543-1003\Dc9.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g25831953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[280] C:\WINDOWS\g25831953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[848] C:\WINDOWS\g25831953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Lokala inställningar\Temporary Internet Files\Content.IE5\KPQNKXMB\popup[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Lokala inställningar\Temporary Internet Files\Content.IE5\KPQNKXMB\popup[2].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.22:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.31:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.25:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@crbanner.casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.16:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.17:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.250:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.41:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.40:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.332:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.333:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.334:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.10:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@www.goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.249:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.15:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@ppms.popularix[2].txt -> TrackingCookie.Popularix : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.11:D:\Documents and Settings\ReZeftY\Application Data\Mozilla\Firefox\Profiles\q9bwzg8i.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Johan\Application Data\Mozilla\Firefox\Profiles\cjppjts9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
D:\Documents and Settings\ReZeftY\Cookies\rezefty@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Lokala inställningar\Temporary Internet Files\Content.IE5\MKPDFRJ7\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
::Report end
note that i still get Win32.Delf-AQC but not sure about Win32:Fake-Alert.
|
Senior Member
|
4. July 2006 @ 08:07 |
Link to this message
|
Ok lets continue.
Download win32delfkil -> http://users.telenet.be/marcvn/tools/win32delfkil.exe
Save it to your desktop.
Download VundoFix.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=4
* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once the scan is ready, rightclick list box (white box that lists the found files) and choose Add more files
* Copy/Paste the following two lines to the upper field:
C:\WINDOWS\SYSTEM32\wvuvvut.dll
C:\WINDOWS\system32\tuvvuvw.*
* Click Add Files and click Close Window
* Click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on
Doubleclick win32delfkil.exe and it extracts itself to win32delfkil-directory.
Close all other windows and open the win32delfkil-directory. Doubleclick fix.bat. If the computer doesn't restart after the fix, restart it by yourself.
Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Delete this folder if found:
D:\Program\Virtual Maid
Then follow the Ewido instructions on my last message and run a new Comlete system scan.
Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\win32delfkill.txt
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
ReZeftY
Newbie
|
4. July 2006 @ 15:07 |
Link to this message
|
Just so you know, when i runned the win32delfkill program and it was about to shutdown, it had some problems with "winlogon.exe" so i had to restart manually by the powerbutton on my computer.
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 01:05:30 2006-07-05
+ Scan result:
C:\WINDOWS\g28630687.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g29957984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g31282343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g32608125.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g33819000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g35137640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g36463140.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g37784000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g39108218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g40313781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g41634468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g42958734.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g44280796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g45601968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g46923906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g48126062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g49446453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g504500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g50770312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g52095125.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g53418640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[1772] C:\WINDOWS\g53418640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[740] C:\WINDOWS\g53418640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Lokala inställningar\Temporary Internet Files\Content.IE5\4PAR8LQF\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Lokala inställningar\Temp\winE6.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 01:07:08, on 2006-07-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\ewido anti-spyware 4.0\guard.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Internet Explorer\iexplore.exe
C:\Program\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program\Notepad++\notepad++.exe
C:\Dev-Cpp\devcpp.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Documents and Settings\Johan\Mina dokument\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
|
Senior Member
|
4. July 2006 @ 20:08 |
Link to this message
|
Ok, we'll need to do something before we can continue...
Download F-Secure Blacklight and save it to your desktop -> http://www.f-secure.com/blacklight/try.shtml
Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next
You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).
DON'T choose Rename if something was found!
Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
ReZeftY
Newbie
|
5. July 2006 @ 03:16 |
Link to this message
|
|
It did not find anything :/
07/05/06 13:14:30 [Info]: BlackLight Engine 1.0.42 initialized
07/05/06 13:14:30 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/05/06 13:14:30 [Note]: 7019 4
07/05/06 13:14:30 [Note]: 7005 0
07/05/06 13:14:35 [Note]: 7006 0
07/05/06 13:14:35 [Note]: 7011 3520
07/05/06 13:14:35 [Note]: 7026 0
07/05/06 13:14:35 [Note]: 7026 0
07/05/06 13:14:37 [Note]: FSRAW library version 1.7.1019
07/05/06 13:15:39 [Note]: 7007 0
|
Senior Member
|
5. July 2006 @ 06:15 |
Link to this message
|
Hi again, it is a good thing that nothing was found :)
Run ATF Cleaner -> Check select all -> Press Empty selected
Please run a one more scan with Ewido (follow the intructions on my old message)
Then post Ewido's log and a fresh HijackThis log to here.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 5. July 2006 @ 06:15
|
|
ReZeftY
Newbie
|
5. July 2006 @ 16:51 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 02:50:22, on 2006-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\ewido anti-spyware 4.0\guard.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program\VideoLAN\VLC\vlc.exe
C:\Program\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Johan\Mina dokument\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 03:30:19 2006-07-06
+ Scan result:
C:\WINDOWS\g11759421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g13097000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g14351859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g1474859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g15554546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g157640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g16878312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g20006328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g21328671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g22534921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g25656343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g26977968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g2805562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g28300640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g31187203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g32507593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g33830312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g35150406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g36355015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g37555046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g38878687.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g40198218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g41524921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g4239562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g42844468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g44168359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g45375046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g46572171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g47893906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g49213812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g5676906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g7035859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g8357078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g9821484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[1008] C:\WINDOWS\g2805562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[1204] C:\WINDOWS\g157640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[1776] C:\WINDOWS\g41524921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[3100] C:\WINDOWS\g46572171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[332] C:\WINDOWS\g20006328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[3756] C:\WINDOWS\g35150406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[3768] C:\WINDOWS\g21328671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[384] C:\WINDOWS\g22534921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[3896] C:\WINDOWS\g1474859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[3908] C:\WINDOWS\g42844468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4212] C:\WINDOWS\g8357078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4428] C:\WINDOWS\g13097000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4456] C:\WINDOWS\g47893906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4480] C:\WINDOWS\g7035859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4552] C:\WINDOWS\g9821484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4652] C:\WINDOWS\g38878687.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4704] C:\WINDOWS\g11759421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4732] C:\WINDOWS\g36355015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4736] C:\WINDOWS\g14351859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4780] C:\WINDOWS\g26977968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4784] C:\WINDOWS\g31187203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[4788] C:\WINDOWS\g32507593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[488] C:\WINDOWS\g33830312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5000] C:\WINDOWS\g25656343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5128] C:\WINDOWS\g37555046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5308] C:\WINDOWS\g4239562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5348] C:\WINDOWS\g5676906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5392] C:\WINDOWS\g15554546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5408] C:\WINDOWS\g45375046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5672] C:\WINDOWS\g16878312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5740] C:\WINDOWS\g40198218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5788] C:\WINDOWS\g44168359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[584] C:\WINDOWS\g22534921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[5860] C:\WINDOWS\g49213812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[884] C:\WINDOWS\g28300640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Lokala inställningar\Temporary Internet Files\Content.IE5\Y0NIW5TF\bgates[2].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
::Report end
This message has been edited since posting. Last time this message was edited on 5. July 2006 @ 17:30
|
Senior Member
|
5. July 2006 @ 20:12 |
Link to this message
|
|
Ok lets try running win32delfkil again, but this time, do it from the safe mode.
When you're ready, please post the log from C:\win32delfkil.txt to here.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
ReZeftY
Newbie
|
6. July 2006 @ 15:18 |
Link to this message
|
|
It did not work. i think we have to fix my "winlogon.exe"-problem before we can continue with the virus to be honest.
|
Senior Member
|
7. July 2006 @ 10:50 |
Link to this message
|
Ok, lets try this scanner instead...
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
-> Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml
-> Doubleclick the drweb-cureit.exe file and Allow to run the express scan
-> This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
-> Once the short scan has finished, you should now mark the drives that you want to scan.
-> Select all drives. A red dot shows which drives have been chosen.
-> Click the green arrow at the right, and the scan will start.
-> Click 'Yes to all' if it asks if you want to cure/move the file.
-> When the scan has finished, look if you can click next icon next to the files found 
-> If so, click it and then click the next icon right below and select Move incurable
-> After the scan, in the menu, click file and choose save report list
-> Save the report to your desktop. The report will be called DrWeb.csv
-> Close Dr.Web Cureit.
-> Reboot the computer in Normal Mode,
-> Post the Cure-it report and a fresh HijackThis log
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 7. July 2006 @ 11:05
|
|
ReZeftY
Newbie
|
8. July 2006 @ 17:40 |
Link to this message
|
It found some infections (or rather, quite alot):
Logfile of HijackThis v1.99.1
Scan saved at 03:39:10, on 2006-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\ewido anti-spyware 4.0\guard.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Johan\Mina dokument\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
DrWeb:
ssqpn.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
A0004609.exe;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP27;Adware.MediaTicket;Incurable.Moved.;
A0006665.exe;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP28;Adware.MediaTicket;Incurable.Moved.;
A0011855.exe;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP31;Adware.SaveNow;Incurable.Moved.;
A0019000.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019001.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019002.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019003.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019004.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019005.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019006.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019007.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019008.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019009.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019010.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019011.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019012.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019013.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019014.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019015.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019016.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019017.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019018.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019019.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019020.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019021.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019022.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019023.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019024.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019025.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019026.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019027.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019028.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019029.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019030.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019031.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019032.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019033.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019034.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019035.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019036.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019037.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019038.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019039.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019040.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019041.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019042.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019043.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019044.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019045.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019046.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019047.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019048.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019049.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019050.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019051.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019052.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019053.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019054.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019055.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019056.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019057.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019058.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019059.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.DownLoader.10744;Deleted.;
A0019991.dll;C:\System Volume Information\_restore{D2099151-01A2-45D2-890A-B05B11A86662}\RP37;Trojan.Mezzia;Deleted.;
ssqpn.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
|
Senior Member
|
8. July 2006 @ 21:55 |
Link to this message
|
Ok looks quite good now :)
Your HijackThis log looks clean, you could run a new scan with Ewido so we can see if you're still infected with Delf...
Please post a fresh HijackThis log and the latest Ewido report when you're ready.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
ReZeftY
Newbie
|
9. July 2006 @ 02:32 |
Link to this message
|
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:31:38 2006-07-09
+ Scan result:
C:\Documents and Settings\Johan\DoctorWeb\Quarantine\A0011857.dll -> Adware.MaidBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\DoctorWeb\Quarantine\A0004609.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\DoctorWeb\Quarantine\A0006665.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\DoctorWeb\Quarantine\A0011855.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Johan\Cookies\johan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 12:32:21, on 2006-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\ewido anti-spyware 4.0\guard.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\Program\ewido anti-spyware 4.0\ewido.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\VideoLAN\VLC\vlc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Johan\Mina dokument\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
|
|
Advertisement
|
|
|
Senior Member
|
9. July 2006 @ 05:35 |
Link to this message
|
Ok good, you're clean now =)
You should update your Java (old version has all kinds of vulnerabilities)
1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart.
3. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
4. After updating, uninstall the old Java (if found) from Add/Remove Programs, named as
J2SE Runtime Environment 5.0 Update 6
Now that you're clean, here are some tips how to stay clean.
-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.
-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.
-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.
-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.
-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.
-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.
-> Change your browser to Firefox -> http://www.mozilla.org
FireFox is faster, safer and quicker browser than Internet Explorer.
-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.
-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?
Stay clean ;)
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
