Gå til innhold

Hijackthis logg til proffene ;)

KingCamel

Av KingCamel
i IKT-drift og sikkerhet

Anbefalte innlegg

KingCamel

KingCamel

Skrevet
Skrevet

Hei!

 

jeg har en laptop med iallefall ett virus. Msn sender ut ei fil som heter z058_jpg.zip, så hvis noen av dere veit hvordan jeg fjerner det så bli jeg takknemlig :)

 

Har en hijackthislogg som dere kan få kose dere med :)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:01:36, on 05.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe

C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe

C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe

C:\Programfiler\TOSHIBA\Tvs\TvsTray.exe

C:\Programfiler\TOSHIBA\ConfigFree\NDSTray.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\wdfmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Creative\Shared Files\CamTray.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Programfiler\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\Programfiler\Nikon\PictureProject\NkbMonitor.exe

C:\Programfiler\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

c:\5g9p7x1h4a3.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Documents and Settings\Kristin Dørum\Lokale innstillinger\Temporary Internet Files\Content.IE5\ZY3EKXX3\HiJackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PadTouch] C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [HWSetup] C:\Programfiler\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Programfiler\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [TPNF] C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe

O4 - HKLM\..\Run: [Tvs] C:\Programfiler\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Programfiler\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [wdfmgr.exe] C:\WINDOWS\wdfmgr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programfiler\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programfiler\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Programfiler\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programfiler\Nikon\PictureProject\NkbMonitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

 

--

End of file - 8837 bytes

 

Mvh

KingCamel

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Hei,

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Last deretter ned SAS, installer, oppdater og kjør en full (Complete) scan.

 

Etter en restart poster du følgende logger:

SAS (preferences->statistics/logs)

Combofix (c:\combofix.txt)

Ny HJT-logg

Lenke til kommentar
KingCamel

KingCamel

Skrevet
  • Forfatter
Skrevet

Scanet zipfilen på http://virusscan.jotti.org og fikk beskjed om

 

Scan taken on 07 Sep 2007 18:08:08 (GMT)

A-Squared Found nothing

AntiVir Found WORM/Sdbot.541696.1

ArcaVir Found Trojan.Sdbot.Bti

Avast Found nothing

AVG Antivirus Found SHeur.KYL

BitDefender Found Backdoor.Sdbot.DEWR

ClamAV Found Trojan.SdBot-6978

CPsecure Found nothing

Dr.Web Found BackDoor.IRC.Sdbot.1831

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found Backdoor.Win32.SdBot.bti

Fortinet Found W32/SDBot.BTI!tr.bdr

Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.bti

NOD32 Found IRC/SdBot

Norman Virus Control Found W32/SDBot.AXDQ

Panda Antivirus Found W32/IrcBot.BDY.worm

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found Worm.SdBot.GCD

VBA32 Found nothing

Lenke til kommentar
KingCamel

KingCamel

Skrevet
  • Forfatter
Skrevet
Ja, zip-fila er infisert.

Får du kjørt combofix og sas?

9448353[/snapback]

Har kjørt begge de ja, men klarte ikke å lese meg frem til om de fant noe..

9449496[/snapback]

 

ComboFix 07-09-08 - "Kristin D›rum" 2007-09-07 19:39:21.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.114 [GMT 2:00]

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))

.

 

2007-09-07 19:38 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-05 22:35 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-09-03 20:43 52,224 --a------ C:\u5g9p7x1h4a3.exe

2007-09-03 20:32 52,224 --a------ C:\5g9p7x1h4a3.exe

2007-09-03 20:32 <DIR> d--h----- C:\Programfiler\Fellesfiler\delsim

2007-09-03 20:30 541,696 -r-hs---- C:\WINDOWS\wdfmgr.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-05 22:41 44032 --a------ C:\WINDOWS\system32\ftp.exe

2007-09-05 22:41 16896 --a------ C:\WINDOWS\system32\tftp.exe

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 15:24 1033216 --a------ C:\WINDOWS\explorer.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-17 15:37]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-18 06:34 C:\WINDOWS\RTHDCPL.exe]

"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2004-03-23 22:40]

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 08:22 C:\WINDOWS\agrsmmsg.exe]

"PadTouch"="C:\Programfiler\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 15:05]

"CeEKEY"="C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe" [2006-03-16 13:27]

"HWSetup"="C:\Programfiler\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45]

"SVPWUTIL"="C:\Programfiler\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]

"TPNF"="C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 14:57]

"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]

"TPSMain"="TPSMain.exe" [2005-08-12 12:13 C:\WINDOWS\system32\TPSMain.exe]

"SmoothView"="C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe" [2005-05-12 13:39]

"Tvs"="C:\Programfiler\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11]

"NDSTray.exe"="NDSTray.exe" []

"DDWMon"="C:\Programfiler\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 11:47]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 C:\WINDOWS\system32\bthprops.cpl]

"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 19:03 C:\WINDOWS\system32\P0620Pin.dll]

"CFSServ.exe"="CFSServ.exe" []

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 19:28]

"wdfmgr.exe"="C:\WINDOWS\wdfmgr.exe" [2007-09-03 18:26]

"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-09-05 22:37]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]

"TOSCDSPD"="C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:57]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-03-29 08:13]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2006-10-13 18:20]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 20:14]

 

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\

Kodak EasyShare software.lnk - C:\Programfiler\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 06:25:38]

KODAK Software Updater.lnk - C:\Programfiler\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 17:48:18]

NkbMonitor.exe.lnk - C:\Programfiler\Nikon\PictureProject\NkbMonitor.exe [2007-05-25 16:38:36]

 

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys

R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys

S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys

S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys

S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys

S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys

 

*Newly Created Service* - AVGASCLN

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-08 19:41:43

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4]

 

.

Completion time: 2007-09-08 19:42:51

C:\ComboFix-quarantined-files.txt ... 2007-09-08 19:42

.

--- E O F ---

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 09/08/2007 at 08:20 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3301

Trace Rules Database Version: 1307

 

Scan type : Complete Scan

Total Scan Time : 00:29:51

 

Memory items scanned : 558

Memory threats detected : 0

Registry items scanned : 4988

Registry threats detected : 0

File items scanned : 31222

File threats detected : 139

 

Adware.Tracking Cookie

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@burstnet[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@2o7[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@74613876[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@overture[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@realmedia[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@casalemedia[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@a[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@list[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@cgi-bin[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@clicktorrent[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@revenue[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@superstats[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@axroi[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@serving-sys[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@focalex[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@xiti[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@mediaplex[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@kanoodle[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@bluestreak[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@adbrite[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@cgi-bin[4].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@adtech[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@partypoker[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@fastclick[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@statcounter[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@atwola[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@maxserving[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@doubleclick[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@rambler[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@weborama[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@cgi-bin[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@bizrate[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@targetnet[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@tradedoubler[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@atdmt[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@zedo[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@hitbox[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@tribalfusion[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@belnk[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@advertising[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@ad[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@mb[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@web-stat[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@cgi-bin[3].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@drivecleaner[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@1071218382[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@azjmp[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@tacoda[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@pro-market[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@valueclick[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@revsci[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@tgp[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@adlegend[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@1067753363[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@estat[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@specificclick[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@questionmarket[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@mb[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@adrevolver[3].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@optimost[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@adinterax[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@indextools[2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@toplist[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@adrevolver[1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][2].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dø[email protected][1].txt

C:\Documents and Settings\Kristin Dørum\Cookies\kristin dørum@dcsyq0sypnlv6i2o761w4gmq3_3k8u[1].txt

 

BearShare File Sharing Client

C:\PROGRAMFILER\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

C:\WINDOWS\Prefetch\BEARSHARE.EXE-194E0F13.pf

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet (endret)

Gå til nettstedet: http://virusscan.jotti.org/ og last opp fila: C:\WINDOWS\wdfmgr.exe. Hvis rapporten gir positivt utslag, legger du til det som er i rødt under (avenger)

 

Hent Avenger og pakk det ut.

 

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

 

Files to delete:

C:\u5g9p7x1h4a3.exe

C:\5g9p7x1h4a3.exe

C:\WINDOWS\wdfmgr.exe

 

Klikk på Trafikklyset. Restart pc'n.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Post den sammen med ny hjt-logg + tekstfilen som du finner på C:\ComboFix-quarantined-files.txt

Endret av norbat
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...