ed9 Skrevet 3. september 2008 Del Skrevet 3. september 2008 (endret) Hei. Fikk spørsmål fra en kompis om å se på maskina hans. Masse popup om at han hadde spyware osv. De hadde visst også kjøpt et virusprogram som det ble reklamert med på en av popupene. Det ble kjørt falsk blåskjerm og falsk windows oppstartsskjerm blant annet. Fikk avsluttet dette med ctrl+alt+del. Kjørte igjennom ccleaner, installerte sas, avira samt kjørte igjennom med combofix og hijackthis. Her kommer loggene: Avira Klikk for å se/fjerne innholdet nedenfor Avira AntiVir Personal Report file date: 2. september 2008 22:56 Scanning for 1594576 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: FIRMANAV-92822B Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12.08.2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26.06.2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26.05.2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26.05.2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24.06.2008 13:54:15 ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31.08.2008 20:50:05 ANTIVIR3.VDF : 7.0.6.106 129024 Bytes 02.09.2008 20:50:07 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 09:58:21 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 02.09.2008 20:50:22 AESCN.DLL : 8.1.0.23 119156 Bytes 10.07.2008 12:44:49 AERDL.DLL : 8.1.0.20 418165 Bytes 24.04.2008 12:37:48 AEPACK.DLL : 8.1.2.1 364917 Bytes 15.07.2008 12:58:35 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 02.09.2008 20:50:20 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 02.09.2008 20:50:15 AEHELP.DLL : 8.1.0.15 115063 Bytes 10.07.2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 02.09.2008 20:50:10 AEEMU.DLL : 8.1.0.7 430452 Bytes 31.07.2008 08:33:21 AECORE.DLL : 8.1.1.8 172406 Bytes 31.07.2008 08:33:21 AEBB.DLL : 8.1.0.1 53617 Bytes 10.07.2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 02.09.2008 20:50:08 AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12.06.2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27.06.2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\programfiler\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2. september 2008 22:56 Starting search for hidden objects. '75276' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'monitor.exe' - '1' Module(s) have been scanned Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'PM.exe' - '1' Module(s) have been scanned Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '65' files ). Starting the file scan: Begin scan in 'C:\' <N01081> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Incomplete\Preview-T-2038763-04 Track 4.wma [DETECTION] Is the TR/Wimad.A.Gen Trojan [NOTE] The file was deleted! C:\Musikk4 Track 4.wma [DETECTION] Is the TR/Wimad.A.Gen Trojan [NOTE] The file was deleted! C:\Musikk\Top of Charts - 2004.wma [DETECTION] Is the TR/Dldr.WMA.Wimad.L.1 Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{EDCC2B71-1922-4089-B789-83C8490540E6}\RP547\A0098847.dll [DETECTION] Is the TR/Dldr.FraudLoad.317952 Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{EDCC2B71-1922-4089-B789-83C8490540E6}\RP547\A0098849.exe [DETECTION] Is the TR/Agent.aaqk Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\__c00C9F79.dat [DETECTION] Is the TR/Agent.aaqk.4 Trojan [NOTE] The file was deleted! End of the scan: 3. september 2008 08:35 Used time: 9:40:01 Hour(s) The scan has been done completely. 6939 Scanning directories 390413 Files were scanned 6 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 6 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 390405 Files not concerned 13728 Archives were scanned 2 Warnings 6 Notes 75276 Objects were scanned with rootkit scan 0 Hidden objects were found SAS Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 09/02/2008 at 10:18 PM Application Version : 4.20.1046 Core Rules Database Version : 3554 Trace Rules Database Version: 1542 Scan type : Complete Scan Total Scan Time : 01:27:40 Memory items scanned : 381 Memory threats detected : 3 Registry items scanned : 5182 Registry threats detected : 22 File items scanned : 25549 File threats detected : 370 Trojan.Unclassified/C00-WL/A C:\WINDOWS\SYSTEM32\__C00A4FF8.DAT C:\WINDOWS\SYSTEM32\__C00A4FF8.DAT Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c00A4FF8 Rogue.XP AntiVirus/Resident C:\PROGRAMFILER\ANTIVIRUS 2009\AV2009.EXE C:\PROGRAMFILER\ANTIVIRUS 2009\AV2009.EXE C:\WINDOWS\Prefetch\AV2009.EXE-17D0C045.pf Trojan.Downloader-Gen C:\WINDOWS\SYSTEM32\IEUPDATES.EXE C:\WINDOWS\SYSTEM32\IEUPDATES.EXE C:\WINDOWS\Prefetch\IEUPDATES.EXE-04E09A91.pf Rogue.AntiVirus 2009 [88108041665276026961036619361435] C:\PROGRAMFILER\ANTIVIRUS 2009\AV2009.EXE C:\Programfiler\Antivirus 2009 C:\Documents and Settings\Even\Start-meny\Antivirus 2009\Antivirus 2009.lnk C:\Documents and Settings\Even\Start-meny\Antivirus 2009 C:\Documents and Settings\Even\Skrivebord\Antivirus 2009.lnk C:\Documents and Settings\Even\Programdata\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk C:\Programfiler\AV9 C:\PROGRAMFILER\AV9\AV2009.EXE C:\WINDOWS\Prefetch\AV2009.EXE-2FDB8E7D.pf Rogue.IEUpdates-Installer [ieupdate] C:\WINDOWS\SYSTEM32\IEUPDATES.EXE Adware.WinSrc HKLM\Software\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} HKCR\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} HKCR\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328} HKCR\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}\InprocServer32 HKCR\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\WINSRC.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328} Adware.MyWebSearch HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA} Trojan.Unclassified/C00-WL HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#Asynchronous HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#DllName HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#Impersonate HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#Startup HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#Logon HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#Asynchronous HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#DllName HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#Impersonate HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#Startup HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#Logon Adware.Tracking Cookie C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt C:\Documents and Settings\Gjest\Cookies\gjest@imrworldwide[2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@questionmarket[3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@winantivirus[1].txt C:\Documents and Settings\kake\Cookies\kake@casalemedia[2].txt C:\Documents and Settings\kake\Cookies\kake@casalemedia[1].txt C:\Documents and Settings\kake\Cookies\kake@insightexpressai[2].txt C:\Documents and Settings\kake\Cookies\kake@youpornmate[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@questionmarket[2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@specificclick[2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@adcentriconline[1].txt C:\Documents and Settings\kake\Cookies\kake@specificclick[3].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@specificclick[5].txt C:\Documents and Settings\kake\Cookies\kake@specificclick[4].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][5].txt C:\Documents and Settings\kake\Cookies\[email protected][6].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@winantispyware[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@serving-sys[1].txt C:\Documents and Settings\kake\Cookies\kake@serving-sys[2].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@bravenet[2].txt C:\Documents and Settings\kake\Cookies\kake@serving-sys[7].txt C:\Documents and Settings\kake\Cookies\kake@serving-sys[5].txt C:\Documents and Settings\kake\Cookies\kake@serving-sys[4].txt C:\Documents and Settings\kake\Cookies\kake@serving-sys[3].txt C:\Documents and Settings\kake\Cookies\kake@overture[1].txt C:\Documents and Settings\kake\Cookies\kake@revsci[2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@overture[2].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@overture[3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@revsci[1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@tradedoubler[2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@smileycentral[1].txt C:\Documents and Settings\kake\Cookies\kake@roiservice[1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@indexstats[1].txt C:\Documents and Settings\kake\Cookies\kake@2o7[4].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@tradedoubler[3].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@precisionclick[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@tradedoubler[4].txt C:\Documents and Settings\kake\Cookies\kake@admarketplace[1].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\kake@precisionclick[2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@indexstats[3].txt C:\Documents and Settings\kake\Cookies\kake@tradedoubler[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@drivecleaner[2].txt C:\Documents and Settings\kake\Cookies\[email protected][5].txt C:\Documents and Settings\kake\Cookies\kake@youporn[2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@advertising[1].txt C:\Documents and Settings\kake\Cookies\kake@clicktorrent[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@partner2profit[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][7].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@mediaplex[2].txt C:\Documents and Settings\kake\Cookies\kake@mywebsearch[1].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\[email protected][8].txt C:\Documents and Settings\kake\Cookies\kake@advertising[8].txt C:\Documents and Settings\kake\Cookies\kake@advertising[7].txt C:\Documents and Settings\kake\Cookies\kake@advertising[6].txt C:\Documents and Settings\kake\Cookies\kake@advertising[5].txt C:\Documents and Settings\kake\Cookies\kake@advertising[4].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][5].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@bluestreak[1].txt C:\Documents and Settings\kake\Cookies\kake@imrworldwide[2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][6].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\kake@mediaplex[5].txt C:\Documents and Settings\kake\Cookies\kake@mediaplex[4].txt C:\Documents and Settings\kake\Cookies\kake@mediaplex[3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\kake@mywebsearch[6].txt C:\Documents and Settings\kake\Cookies\kake@mywebsearch[5].txt C:\Documents and Settings\kake\Cookies\kake@mywebsearch[4].txt C:\Documents and Settings\kake\Cookies\kake@mywebsearch[3].txt C:\Documents and Settings\kake\Cookies\kake@mywebsearch[2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][5].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@doubleclick[7].txt C:\Documents and Settings\kake\Cookies\kake@doubleclick[6].txt C:\Documents and Settings\kake\Cookies\kake@doubleclick[5].txt C:\Documents and Settings\kake\Cookies\kake@doubleclick[4].txt C:\Documents and Settings\kake\Cookies\kake@doubleclick[3].txt C:\Documents and Settings\kake\Cookies\kake@doubleclick[2].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@kanoodle[2].txt C:\Documents and Settings\kake\Cookies\kake@adbrite[3].txt C:\Documents and Settings\kake\Cookies\kake@adbrite[2].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\[email protected][5].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@adecn[1].txt C:\Documents and Settings\kake\Cookies\kake@socialmedia[1].txt C:\Documents and Settings\kake\Cookies\kake@atdmt[3].txt C:\Documents and Settings\kake\Cookies\kake@statcounter[2].txt C:\Documents and Settings\kake\Cookies\kake@statcounter[1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@azjmp[3].txt C:\Documents and Settings\kake\Cookies\kake@azjmp[1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][6].txt C:\Documents and Settings\kake\Cookies\[email protected][7].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@maxserving[1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@atdmt[6].txt C:\Documents and Settings\kake\Cookies\kake@atdmt[5].txt C:\Documents and Settings\kake\Cookies\kake@atdmt[4].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@fastclick[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@realmedia[2].txt C:\Documents and Settings\kake\Cookies\kake@realmedia[1].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\[email protected][8].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][5].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][7].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@apmebf[1].txt C:\Documents and Settings\kake\Cookies\kake@fastclick[3].txt C:\Documents and Settings\kake\Cookies\kake@fastclick[2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@atwola[1].txt C:\Documents and Settings\kake\Cookies\kake@adtech[2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@atwola[2].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\kake@indextools[1].txt C:\Documents and Settings\kake\Cookies\kake@adtech[3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@indextools[2].txt C:\Documents and Settings\kake\Cookies\kake@adtech[4].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@indextools[3].txt C:\Documents and Settings\kake\Cookies\kake@adtech[1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@pro-market[2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][4].txt C:\Documents and Settings\kake\Cookies\kake@zedo[3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@sextracker[2].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][3].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@2o7[1].txt C:\Documents and Settings\kake\Cookies\kake@2o7[2].txt C:\Documents and Settings\kake\Cookies\kake@advertising[2].txt C:\Documents and Settings\kake\Cookies\kake@atdmt[2].txt C:\Documents and Settings\kake\Cookies\kake@doubleclick[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@indexstats[2].txt C:\Documents and Settings\kake\Cookies\kake@mediaplex[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\[email protected][2].txt C:\Documents and Settings\kake\Cookies\kake@neuroticmedia[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@postclicktracking[1].txt C:\Documents and Settings\kake\Cookies\[email protected][1].txt C:\Documents and Settings\kake\Cookies\kake@xiti[1].txt C:\Documents and Settings\kake\Cookies\kake@yourmedia[1].txt C:\Documents and Settings\kake\Cookies\kake@zedo[1].txt .www.mediakey.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .www.macromedia.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .yourmedia.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .www.3dstats.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .try.starware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .winantispyware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .winantispyware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .webcount.finn.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .socialmedia.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .smileycentral.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .smileycentral.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .smileycentral.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .server.cpmstar.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .stat.superkul.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .stat.superkul.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .stat.superkul.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .stats.mamut.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .stat.katalysatormedia.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .neuroticmedia.net [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .kanoodle.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .h.starware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .h.starware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .media.hotels.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .s3.shinystat.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .engine.letsstat.nl [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .eas.apm.emediate.eu [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .eas.apm.emediate.eu [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .advertpro2.babymedia.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .e2.emediate.se [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .clicks.hmcampaign.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .audit.median.hu [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .e2.emediate.se [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .e2.emediate.se [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .banner.finn.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .click.cashengines.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .cookie.neuroticmedia.net [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .azjmp.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .clicktracks.konsepthuset.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .clicktracks.konsepthuset.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .clicktracks.konsepthuset.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] .e2.emediate.se [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ] Trojan.Unclassified/C00-Installer/B C:\DOCUMENTS AND SETTINGS\KAKE\LOKALE INNSTILLINGER\TEMP\_A00F1986053A.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{EDCC2B71-1922-4089-B789-83C8490540E6}\RP542\A0095949.EXE Rogue.AntiVirus 2009/Installer C:\DOCUMENTS AND SETTINGS\KAKE\LOKALE INNSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\OFN03S3A\AV2009INSTALL_77052104[1].EXE C:\DOCUMENTS AND SETTINGS\KAKE\LOKALE INNSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\OFN03S3A\AV2009INSTALL_77052104[2].EXE Trojan.Downloader-Gen/Suspicious C:\RECOVER\SYSPREP\SFTRUN.EXE Trojan.Unclassified/C00-Installer C:\WINDOWS\SYSTEM32\~.EXE Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-30.03 - Even 2008-09-03 16:45:00.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.584 [GMT 2:00] Running from: C:\Documents and Settings\Even\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\kake\Cookies\kake@metacafe[2].txt C:\Documents and Settings\kake\Programdata\macromedia\Flash Player\#SharedObjects\KSNMJFXY\bin.clearspring.com C:\Documents and Settings\kake\Programdata\macromedia\Flash Player\#SharedObjects\KSNMJFXY\bin.clearspring.com\clearspring.sol C:\Documents and Settings\kake\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\kake\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\WINDOWS\system32\_000005_.tmp.dll C:\WINDOWS\system32\scui.cpl C:\WINDOWS\system32\winsrc.dll.tmp . ((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))) . 2008-09-02 22:46 . 2008-09-02 22:46 <DIR> d-------- C:\Programfiler\Avira 2008-09-02 22:46 . 2008-09-02 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira 2008-09-02 20:46 . 2008-09-02 20:46 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-09-02 20:46 . 2008-09-02 20:46 <DIR> d-------- C:\Documents and Settings\Even\Programdata\SUPERAntiSpyware.com 2008-09-02 20:46 . 2008-09-02 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-09-02 20:42 . 2008-09-03 16:28 <DIR> dr-h----- C:\Documents and Settings\Even\Siste 2008-09-02 20:40 . 2008-09-02 20:40 <DIR> d-------- C:\Programfiler\CCleaner 2008-09-02 12:17 . 2008-09-02 22:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-22 22:04 . 2008-08-23 08:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-03 14:29 --------- d-----w C:\Programfiler\Symantec 2008-09-02 20:41 --------- d-----w C:\Programfiler\Lavasoft 2008-09-02 20:39 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-09-02 20:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-09-02 10:32 --------- d-----w C:\Programfiler\MSN Messenger 2008-09-02 10:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-08-25 14:30 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLdu.DAT 2008-08-16 07:09 --------- d-----w C:\Programfiler\Microsoft Works 2008-08-15 06:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-07-30 09:17 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLdw.DAT 2008-07-30 09:17 --------- d-----w C:\Documents and Settings\kake\Programdata\Nikon 2008-07-30 09:10 --------- d-----w C:\Programfiler\Fellesfiler\Nikon 2008-07-30 09:03 --------- d-----w C:\Programfiler\Nikon 2008-07-30 09:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Ultima_T15 2008-07-30 09:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\EnterNHelp 2008-07-30 08:52 --------- d-----w C:\Programfiler\Fellesfiler\muvee Technologies 2008-07-30 08:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nikon 2008-07-30 08:44 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL 2008-07-30 08:43 --------- d-----w C:\Programfiler\QuickTime 2008-07-30 08:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-03-11 07:13 514 ----a-w C:\Documents and Settings\kake\Programdata\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-14 22:31 67128] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-22 22:15 344064] "PowerManager"="C:\Programfiler\Power Manager\PM.exe" [2005-12-14 12:08 159744] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280] "LogitechCameraAssistant"="C:\Programfiler\Logitech\Video\CameraAssistant.exe" [2006-01-05 07:58 489472] "LogitechVideo[inspector]"="C:\Programfiler\Logitech\Video\InstallHelper.exe" [2006-01-05 08:15 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144] "Ulead AutoDetector"="C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 17:20 45056] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "SMSERIAL"="sm56hlpr.exe" [2005-07-06 04:47 544768 C:\WINDOWS\sm56hlpr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\kake\Start-meny\Programmer\Oppstart\ Nikon Monitor.lnk - C:\Programfiler\Fellesfiler\Nikon\Monitor\NkMonitor.exe [2007-10-18 20:10:42 479232] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-14 22:31:44 67128] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-08-01 08:29] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-09-03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20] . - - - - ORPHANS REMOVED - - - - Notify-a31fc2382 - C:\WINDOWS\system32\__c00D89A4.dat . ------- Supplementary Scan ------- . O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk133YYNO O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-03 16:57:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechCameraAssistant"="C:\\Programfiler\\Logitech\\Video\\CameraAssistant.exe" . Completion time: 2008-09-03 16:59:34 ComboFix-quarantined-files.txt 2008-09-03 14:59:30 Pre-Run: 78,290,448,384 byte ledig Post-Run: 78,751,232,000 byte ledig 147 --- E O F --- 2008-08-16 07:09:35 HiJackThis Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:22:43, on 03.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\sm56hlpr.exe C:\Programfiler\Power Manager\PM.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Even\Skrivebord\Testing\Testing.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [PowerManager] C:\Programfiler\Power Manager\PM.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [ulead AutoDetector] C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk133YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://linenatalie.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe -- End of file - 7348 bytes Flott om noen kunne ha sett over loggene for meg! Tenkte å oppdatere flash, installere service pack 3 osv etter å ha fått fjernet alt som ikke skal være der. På forhånd takk! Mvh ed9 Endret 3. september 2008 av ed9 Lenke til kommentar
norbat Skrevet 3. september 2008 Del Skrevet 3. september 2008 Gratulerer, pc er ren Du kan fixe følgende linjer med hjt: (sett merke framfor linjene og klikk Fix checked) O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk133YYNO Avinstaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Fortsett deretter med din plan om å oppdatere. Surf trygt. Lenke til kommentar
ed9 Skrevet 3. september 2008 Forfatter Del Skrevet 3. september 2008 Det var kjapt Takk for hjelpen, utrolig flott at dere orker å gjøre dette ! Mvh ed9 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå