Gå til innhold

[Løst]Trenger hjelp til å hjelpe. Langversjon er fulgt![/Løst]

ed9

Av ed9
i IKT-drift og sikkerhet

Anbefalte innlegg

ed9

ed9

Skrevet
Skrevet (endret)

Hei.

Fikk spørsmål fra en kompis om å se på maskina hans. Masse popup om at han hadde spyware osv. De hadde visst også kjøpt et virusprogram som det ble reklamert med på en av popupene. Det ble kjørt falsk blåskjerm og falsk windows oppstartsskjerm blant annet. Fikk avsluttet dette med ctrl+alt+del. Kjørte igjennom ccleaner, installerte sas, avira samt kjørte igjennom med combofix og hijackthis.

Her kommer loggene:

Avira

Klikk for å se/fjerne innholdet nedenfor

 

Avira AntiVir Personal

Report file date: 2. september 2008 22:56

 

Scanning for 1594576 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: FIRMANAV-92822B

 

Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 12.08.2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26.06.2008 08:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26.05.2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26.05.2008 07:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24.06.2008 13:54:15

ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31.08.2008 20:50:05

ANTIVIR3.VDF : 7.0.6.106 129024 Bytes 02.09.2008 20:50:07

Engineversion : 8.1.1.23

AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 09:58:21

AESCRIPT.DLL : 8.1.0.68 315770 Bytes 02.09.2008 20:50:22

AESCN.DLL : 8.1.0.23 119156 Bytes 10.07.2008 12:44:49

AERDL.DLL : 8.1.0.20 418165 Bytes 24.04.2008 12:37:48

AEPACK.DLL : 8.1.2.1 364917 Bytes 15.07.2008 12:58:35

AEOFFICE.DLL : 8.1.0.22 192890 Bytes 02.09.2008 20:50:20

AEHEUR.DLL : 8.1.0.50 1388918 Bytes 02.09.2008 20:50:15

AEHELP.DLL : 8.1.0.15 115063 Bytes 10.07.2008 12:44:48

AEGEN.DLL : 8.1.0.36 315764 Bytes 02.09.2008 20:50:10

AEEMU.DLL : 8.1.0.7 430452 Bytes 31.07.2008 08:33:21

AECORE.DLL : 8.1.1.8 172406 Bytes 31.07.2008 08:33:21

AEBB.DLL : 8.1.0.1 53617 Bytes 10.07.2008 12:44:48

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 02.09.2008 20:50:08

AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12.06.2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27.06.2008 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\programfiler\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: 2. september 2008 22:56

 

Starting search for hidden objects.

'75276' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'monitor.exe' - '1' Module(s) have been scanned

Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned

Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned

Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned

Scan process 'PM.exe' - '1' Module(s) have been scanned

Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

33 processes with 33 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '65' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <N01081>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Incomplete\Preview-T-2038763-04 Track 4.wma

[DETECTION] Is the TR/Wimad.A.Gen Trojan

[NOTE] The file was deleted!

C:\Musikk4 Track 4.wma

[DETECTION] Is the TR/Wimad.A.Gen Trojan

[NOTE] The file was deleted!

C:\Musikk\Top of Charts - 2004.wma

[DETECTION] Is the TR/Dldr.WMA.Wimad.L.1 Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{EDCC2B71-1922-4089-B789-83C8490540E6}\RP547\A0098847.dll

[DETECTION] Is the TR/Dldr.FraudLoad.317952 Trojan

[NOTE] The file was deleted!

C:\System Volume Information\_restore{EDCC2B71-1922-4089-B789-83C8490540E6}\RP547\A0098849.exe

[DETECTION] Is the TR/Agent.aaqk Trojan

[NOTE] The file was deleted!

C:\WINDOWS\system32\__c00C9F79.dat

[DETECTION] Is the TR/Agent.aaqk.4 Trojan

[NOTE] The file was deleted!

 

 

End of the scan: 3. september 2008 08:35

Used time: 9:40:01 Hour(s)

 

The scan has been done completely.

 

6939 Scanning directories

390413 Files were scanned

6 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

6 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

390405 Files not concerned

13728 Archives were scanned

2 Warnings

6 Notes

75276 Objects were scanned with rootkit scan

0 Hidden objects were found

 

SAS

Klikk for å se/fjerne innholdet nedenfor
SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 09/02/2008 at 10:18 PM

 

Application Version : 4.20.1046

 

Core Rules Database Version : 3554

Trace Rules Database Version: 1542

 

Scan type : Complete Scan

Total Scan Time : 01:27:40

 

Memory items scanned : 381

Memory threats detected : 3

Registry items scanned : 5182

Registry threats detected : 22

File items scanned : 25549

File threats detected : 370

 

Trojan.Unclassified/C00-WL/A

C:\WINDOWS\SYSTEM32\__C00A4FF8.DAT

C:\WINDOWS\SYSTEM32\__C00A4FF8.DAT

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c00A4FF8

 

Rogue.XP AntiVirus/Resident

C:\PROGRAMFILER\ANTIVIRUS 2009\AV2009.EXE

C:\PROGRAMFILER\ANTIVIRUS 2009\AV2009.EXE

C:\WINDOWS\Prefetch\AV2009.EXE-17D0C045.pf

 

Trojan.Downloader-Gen

C:\WINDOWS\SYSTEM32\IEUPDATES.EXE

C:\WINDOWS\SYSTEM32\IEUPDATES.EXE

C:\WINDOWS\Prefetch\IEUPDATES.EXE-04E09A91.pf

 

Rogue.AntiVirus 2009

[88108041665276026961036619361435] C:\PROGRAMFILER\ANTIVIRUS 2009\AV2009.EXE

C:\Programfiler\Antivirus 2009

C:\Documents and Settings\Even\Start-meny\Antivirus 2009\Antivirus 2009.lnk

C:\Documents and Settings\Even\Start-meny\Antivirus 2009

C:\Documents and Settings\Even\Skrivebord\Antivirus 2009.lnk

C:\Documents and Settings\Even\Programdata\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk

C:\Programfiler\AV9

C:\PROGRAMFILER\AV9\AV2009.EXE

C:\WINDOWS\Prefetch\AV2009.EXE-2FDB8E7D.pf

 

Rogue.IEUpdates-Installer

[ieupdate] C:\WINDOWS\SYSTEM32\IEUPDATES.EXE

 

Adware.WinSrc

HKLM\Software\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}

HKCR\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}

HKCR\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}

HKCR\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}\InprocServer32

HKCR\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\WINSRC.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}

 

Adware.MyWebSearch

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}

 

Trojan.Unclassified/C00-WL

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0092176#Logon

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00A4FF8#Logon

 

Adware.Tracking Cookie

C:\Documents and Settings\Gjest\Cookies\[email protected][1].txt

C:\Documents and Settings\Gjest\Cookies\gjest@imrworldwide[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@questionmarket[3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@winantivirus[1].txt

C:\Documents and Settings\kake\Cookies\kake@casalemedia[2].txt

C:\Documents and Settings\kake\Cookies\kake@casalemedia[1].txt

C:\Documents and Settings\kake\Cookies\kake@insightexpressai[2].txt

C:\Documents and Settings\kake\Cookies\kake@youpornmate[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@questionmarket[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@specificclick[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@adcentriconline[1].txt

C:\Documents and Settings\kake\Cookies\kake@specificclick[3].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@specificclick[5].txt

C:\Documents and Settings\kake\Cookies\kake@specificclick[4].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][5].txt

C:\Documents and Settings\kake\Cookies\[email protected][6].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@winantispyware[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@serving-sys[1].txt

C:\Documents and Settings\kake\Cookies\kake@serving-sys[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@bravenet[2].txt

C:\Documents and Settings\kake\Cookies\kake@serving-sys[7].txt

C:\Documents and Settings\kake\Cookies\kake@serving-sys[5].txt

C:\Documents and Settings\kake\Cookies\kake@serving-sys[4].txt

C:\Documents and Settings\kake\Cookies\kake@serving-sys[3].txt

C:\Documents and Settings\kake\Cookies\kake@overture[1].txt

C:\Documents and Settings\kake\Cookies\kake@revsci[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@overture[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@overture[3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@revsci[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@tradedoubler[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@smileycentral[1].txt

C:\Documents and Settings\kake\Cookies\kake@roiservice[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@indexstats[1].txt

C:\Documents and Settings\kake\Cookies\kake@2o7[4].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@tradedoubler[3].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@precisionclick[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@tradedoubler[4].txt

C:\Documents and Settings\kake\Cookies\kake@admarketplace[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\kake@precisionclick[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@indexstats[3].txt

C:\Documents and Settings\kake\Cookies\kake@tradedoubler[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@drivecleaner[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][5].txt

C:\Documents and Settings\kake\Cookies\kake@youporn[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@advertising[1].txt

C:\Documents and Settings\kake\Cookies\kake@clicktorrent[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@partner2profit[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][7].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@mediaplex[2].txt

C:\Documents and Settings\kake\Cookies\kake@mywebsearch[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\[email protected][8].txt

C:\Documents and Settings\kake\Cookies\kake@advertising[8].txt

C:\Documents and Settings\kake\Cookies\kake@advertising[7].txt

C:\Documents and Settings\kake\Cookies\kake@advertising[6].txt

C:\Documents and Settings\kake\Cookies\kake@advertising[5].txt

C:\Documents and Settings\kake\Cookies\kake@advertising[4].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][5].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@bluestreak[1].txt

C:\Documents and Settings\kake\Cookies\kake@imrworldwide[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][6].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\kake@mediaplex[5].txt

C:\Documents and Settings\kake\Cookies\kake@mediaplex[4].txt

C:\Documents and Settings\kake\Cookies\kake@mediaplex[3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\kake@mywebsearch[6].txt

C:\Documents and Settings\kake\Cookies\kake@mywebsearch[5].txt

C:\Documents and Settings\kake\Cookies\kake@mywebsearch[4].txt

C:\Documents and Settings\kake\Cookies\kake@mywebsearch[3].txt

C:\Documents and Settings\kake\Cookies\kake@mywebsearch[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][5].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@doubleclick[7].txt

C:\Documents and Settings\kake\Cookies\kake@doubleclick[6].txt

C:\Documents and Settings\kake\Cookies\kake@doubleclick[5].txt

C:\Documents and Settings\kake\Cookies\kake@doubleclick[4].txt

C:\Documents and Settings\kake\Cookies\kake@doubleclick[3].txt

C:\Documents and Settings\kake\Cookies\kake@doubleclick[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@kanoodle[2].txt

C:\Documents and Settings\kake\Cookies\kake@adbrite[3].txt

C:\Documents and Settings\kake\Cookies\kake@adbrite[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\[email protected][5].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@adecn[1].txt

C:\Documents and Settings\kake\Cookies\kake@socialmedia[1].txt

C:\Documents and Settings\kake\Cookies\kake@atdmt[3].txt

C:\Documents and Settings\kake\Cookies\kake@statcounter[2].txt

C:\Documents and Settings\kake\Cookies\kake@statcounter[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@azjmp[3].txt

C:\Documents and Settings\kake\Cookies\kake@azjmp[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][6].txt

C:\Documents and Settings\kake\Cookies\[email protected][7].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@maxserving[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@atdmt[6].txt

C:\Documents and Settings\kake\Cookies\kake@atdmt[5].txt

C:\Documents and Settings\kake\Cookies\kake@atdmt[4].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@fastclick[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@realmedia[2].txt

C:\Documents and Settings\kake\Cookies\kake@realmedia[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\[email protected][8].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][5].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][7].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@apmebf[1].txt

C:\Documents and Settings\kake\Cookies\kake@fastclick[3].txt

C:\Documents and Settings\kake\Cookies\kake@fastclick[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@atwola[1].txt

C:\Documents and Settings\kake\Cookies\kake@adtech[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@atwola[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\kake@indextools[1].txt

C:\Documents and Settings\kake\Cookies\kake@adtech[3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@indextools[2].txt

C:\Documents and Settings\kake\Cookies\kake@adtech[4].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@indextools[3].txt

C:\Documents and Settings\kake\Cookies\kake@adtech[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@pro-market[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][4].txt

C:\Documents and Settings\kake\Cookies\kake@zedo[3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@sextracker[2].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][3].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@2o7[1].txt

C:\Documents and Settings\kake\Cookies\kake@2o7[2].txt

C:\Documents and Settings\kake\Cookies\kake@advertising[2].txt

C:\Documents and Settings\kake\Cookies\kake@atdmt[2].txt

C:\Documents and Settings\kake\Cookies\kake@doubleclick[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@indexstats[2].txt

C:\Documents and Settings\kake\Cookies\kake@mediaplex[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\[email protected][2].txt

C:\Documents and Settings\kake\Cookies\kake@neuroticmedia[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@postclicktracking[1].txt

C:\Documents and Settings\kake\Cookies\[email protected][1].txt

C:\Documents and Settings\kake\Cookies\kake@xiti[1].txt

C:\Documents and Settings\kake\Cookies\kake@yourmedia[1].txt

C:\Documents and Settings\kake\Cookies\kake@zedo[1].txt

.www.mediakey.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.www.macromedia.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.yourmedia.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.www.3dstats.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.try.starware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.winantispyware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.winantispyware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.webcount.finn.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.socialmedia.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.smileycentral.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.smileycentral.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.smileycentral.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.server.cpmstar.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.stat.superkul.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.stat.superkul.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.stat.superkul.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.stats.mamut.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.stat.katalysatormedia.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.mywebsearch.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.neuroticmedia.net [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.partner2profit.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.kanoodle.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.h.starware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.h.starware.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.media.hotels.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.s3.shinystat.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.engine.letsstat.nl [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.eas.apm.emediate.eu [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.eas.apm.emediate.eu [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.advertpro2.babymedia.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.e2.emediate.se [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.clicks.hmcampaign.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.audit.median.hu [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.e2.emediate.se [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.e2.emediate.se [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.banner.finn.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.click.cashengines.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.cookie.neuroticmedia.net [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.azjmp.com [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.clicktracks.konsepthuset.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.clicktracks.konsepthuset.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.clicktracks.konsepthuset.no [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

.e2.emediate.se [ C:\Documents and Settings\kake\Programdata\Mozilla\Firefox\Profiles\e88fpuyf.default\cookies.txt ]

 

Trojan.Unclassified/C00-Installer/B

C:\DOCUMENTS AND SETTINGS\KAKE\LOKALE INNSTILLINGER\TEMP\_A00F1986053A.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{EDCC2B71-1922-4089-B789-83C8490540E6}\RP542\A0095949.EXE

 

Rogue.AntiVirus 2009/Installer

C:\DOCUMENTS AND SETTINGS\KAKE\LOKALE INNSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\OFN03S3A\AV2009INSTALL_77052104[1].EXE

C:\DOCUMENTS AND SETTINGS\KAKE\LOKALE INNSTILLINGER\TEMPORARY INTERNET FILES\CONTENT.IE5\OFN03S3A\AV2009INSTALL_77052104[2].EXE

 

Trojan.Downloader-Gen/Suspicious

C:\RECOVER\SYSPREP\SFTRUN.EXE

 

Trojan.Unclassified/C00-Installer

C:\WINDOWS\SYSTEM32\~.EXE

 

Combofix

Klikk for å se/fjerne innholdet nedenfor
ComboFix 08-08-30.03 - Even 2008-09-03 16:45:00.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.584 [GMT 2:00]

Running from: C:\Documents and Settings\Even\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\kake\Cookies\kake@metacafe[2].txt

C:\Documents and Settings\kake\Programdata\macromedia\Flash Player\#SharedObjects\KSNMJFXY\bin.clearspring.com

C:\Documents and Settings\kake\Programdata\macromedia\Flash Player\#SharedObjects\KSNMJFXY\bin.clearspring.com\clearspring.sol

C:\Documents and Settings\kake\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com

C:\Documents and Settings\kake\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\scui.cpl

C:\WINDOWS\system32\winsrc.dll.tmp

 

.

((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))

.

 

2008-09-02 22:46 . 2008-09-02 22:46 <DIR> d-------- C:\Programfiler\Avira

2008-09-02 22:46 . 2008-09-02 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira

2008-09-02 20:46 . 2008-09-02 20:46 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-09-02 20:46 . 2008-09-02 20:46 <DIR> d-------- C:\Documents and Settings\Even\Programdata\SUPERAntiSpyware.com

2008-09-02 20:46 . 2008-09-02 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-09-02 20:42 . 2008-09-03 16:28 <DIR> dr-h----- C:\Documents and Settings\Even\Siste

2008-09-02 20:40 . 2008-09-02 20:40 <DIR> d-------- C:\Programfiler\CCleaner

2008-09-02 12:17 . 2008-09-02 22:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-22 22:04 . 2008-08-23 08:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-03 14:29 --------- d-----w C:\Programfiler\Symantec

2008-09-02 20:41 --------- d-----w C:\Programfiler\Lavasoft

2008-09-02 20:39 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-09-02 20:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-09-02 10:32 --------- d-----w C:\Programfiler\MSN Messenger

2008-09-02 10:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-08-25 14:30 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLdu.DAT

2008-08-16 07:09 --------- d-----w C:\Programfiler\Microsoft Works

2008-08-15 06:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-07-30 09:17 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLdw.DAT

2008-07-30 09:17 --------- d-----w C:\Documents and Settings\kake\Programdata\Nikon

2008-07-30 09:10 --------- d-----w C:\Programfiler\Fellesfiler\Nikon

2008-07-30 09:03 --------- d-----w C:\Programfiler\Nikon

2008-07-30 09:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Ultima_T15

2008-07-30 09:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\EnterNHelp

2008-07-30 08:52 --------- d-----w C:\Programfiler\Fellesfiler\muvee Technologies

2008-07-30 08:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nikon

2008-07-30 08:44 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL

2008-07-30 08:43 --------- d-----w C:\Programfiler\QuickTime

2008-07-30 08:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-03-11 07:13 514 ----a-w C:\Documents and Settings\kake\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-14 22:31 67128]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-22 22:15 344064]

"PowerManager"="C:\Programfiler\Power Manager\PM.exe" [2005-12-14 12:08 159744]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]

"LogitechCameraAssistant"="C:\Programfiler\Logitech\Video\CameraAssistant.exe" [2006-01-05 07:58 489472]

"LogitechVideo[inspector]"="C:\Programfiler\Logitech\Video\InstallHelper.exe" [2006-01-05 08:15 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]

"Ulead AutoDetector"="C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 17:20 45056]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

"SMSERIAL"="sm56hlpr.exe" [2005-07-06 04:47 544768 C:\WINDOWS\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

C:\Documents and Settings\kake\Start-meny\Programmer\Oppstart\

Nikon Monitor.lnk - C:\Programfiler\Fellesfiler\Nikon\Monitor\NkMonitor.exe [2007-10-18 20:10:42 479232]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-14 22:31:44 67128]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-08-01 08:29]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-09-03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

.

- - - - ORPHANS REMOVED - - - -

 

Notify-a31fc2382 - C:\WINDOWS\system32\__c00D89A4.dat

 

 

.

------- Supplementary Scan -------

.

O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk133YYNO

O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-03 16:57:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechCameraAssistant"="C:\\Programfiler\\Logitech\\Video\\CameraAssistant.exe"

.

Completion time: 2008-09-03 16:59:34

ComboFix-quarantined-files.txt 2008-09-03 14:59:30

 

Pre-Run: 78,290,448,384 byte ledig

Post-Run: 78,751,232,000 byte ledig

 

147 --- E O F --- 2008-08-16 07:09:35

 

HiJackThis

Klikk for å se/fjerne innholdet nedenfor
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:22:43, on 03.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\sm56hlpr.exe

C:\Programfiler\Power Manager\PM.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programfiler\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Even\Skrivebord\Testing\Testing.exe.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [PowerManager] C:\Programfiler\Power Manager\PM.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk133YYNO

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://linenatalie.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

 

--

End of file - 7348 bytes

 

Flott om noen kunne ha sett over loggene for meg!

Tenkte å oppdatere flash, installere service pack 3 osv etter å ha fått fjernet alt som ikke skal være der.

 

På forhånd takk!

 

Mvh

ed9

Endret av ed9
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Gratulerer, pc er ren :thumbup:

 

Du kan fixe følgende linjer med hjt:

(sett merke framfor linjene og klikk Fix checked)

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk133YYNO

 

Avinstaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør)

 

Fortsett deretter med din plan om å oppdatere.

 

Surf trygt.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...