Hjelp sannsynligvis Virtumonde Infection. Har lagt ved logger som beskrevet i guide.

[ihandela]

Hei! Jeg trenger sårt hjelp for å bli kvitt Virtumonde eller hva det er. Se vedlagte logger. Setter enormt pris på om noen kan ta seg tid til å gi meg litt hjelp. Takk så mye på forhånd!

 

Combofix logg:

 

Klikk for å se/fjerne spoilerteksten nedenfor

ComboFix 08-05-27.4 - Ivar 2008-05-29 14:08:43.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1279 [GMT 2:00]

Running from: C:\Documents and Settings\Ivar\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))

.

 

2008-05-29 13:47 . 2008-05-29 13:53 <DIR> d-------- C:\Programfiler\File Commander

2008-05-28 22:20 . 2008-05-28 22:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-05-28 22:20 . 2008-05-28 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab

2008-05-28 21:27 . 2008-05-28 21:27 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-28 21:27 . 2008-05-28 21:27 <DIR> d-------- C:\Documents and Settings\Ivar\Programdata\SUPERAntiSpyware.com

2008-05-28 21:27 . 2008-05-28 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-28 19:02 . 2008-05-28 19:02 <DIR> d-------- C:\VundoFix Backups

2008-05-28 18:53 . 2008-05-28 18:53 <DIR> d-------- C:\Programfiler\Opera

2008-05-27 23:00 . 2008-05-27 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-05-27 22:59 . 2008-05-28 21:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-18 10:29 . 2006-03-21 15:19 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-05-18 10:29 . 2006-03-21 15:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-05-18 10:29 . 2006-03-21 15:19 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-05-18 10:29 . 2006-03-21 15:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste

2008-05-18 10:29 . 2006-03-21 15:19 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-05-18 10:29 . 2006-03-21 15:19 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-05-18 10:29 . 2006-03-21 14:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-05-18 10:29 . 2006-03-21 15:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-05-18 10:29 . 2006-03-21 15:19 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter

2008-05-18 10:29 . 2006-03-21 15:19 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-05-18 10:29 . 2008-05-18 10:29 <DIR> d-------- C:\Documents and Settings\Administrator

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

2008-05-10 19:26 . 2008-05-10 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TrackMania

2008-05-08 21:37 . 2008-05-08 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PIXELA

2008-05-08 20:03 . 2008-05-08 20:03 <DIR> d-------- C:\Programfiler\PIXELA

2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-29 12:07 --------- d-----w C:\Documents and Settings\Ivar\Programdata\Skype

2008-05-29 06:18 --------- d-----w C:\Documents and Settings\Ivar\Programdata\AVG7

2008-05-29 06:12 --------- d-----w C:\Programfiler\Steam

2008-05-29 06:12 --------- d-----w C:\Documents and Settings\Ivar\Programdata\skypePM

2008-05-29 06:00 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7

2008-05-27 21:01 --------- d-----w C:\Programfiler\Lavasoft

2008-05-27 21:01 --------- d-----w C:\Documents and Settings\Ivar\Programdata\Lavasoft

2008-05-26 21:46 --------- d-----w C:\Documents and Settings\Ivar\Programdata\uTorrent

2008-05-26 16:35 --------- d-----w C:\Programfiler\cam2pc

2008-05-26 13:25 --------- d-----w C:\Programfiler\uTorrent

2008-05-18 15:30 --------- d-----w C:\Documents and Settings\Linn\Programdata\skypePM

2008-05-18 15:30 --------- d-----w C:\Documents and Settings\Linn\Programdata\Skype

2008-05-17 17:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7

2008-05-08 18:03 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-04-20 15:20 --------- d-----w C:\Programfiler\Mozilla Thunderbird

2008-04-19 20:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-19 20:30 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-04-13 20:54 --------- d-----w C:\Programfiler\SpeedFan

2008-03-28 18:48 --------- d-----w C:\Programfiler\MSN Messenger

2008-03-28 18:47 --------- d-----w C:\Programfiler\Windows Live

2008-03-28 18:46 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-03-28 18:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-01-17 19:56 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat

2007-09-10 20:21 22,328 ----a-w C:\Documents and Settings\Ivar\Programdata\PnkBstrK.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-28_20.34.42.42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-02-26 11:50:13 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll

+ 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll

+ 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe

+ 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll

+ 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe

+ 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll

- 2008-05-28 18:27:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-29 01:12:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-28 19:27:48 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-05-28 19:27:48 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll

+ 2008-02-26 12:01:53 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll

+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll

+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

- 2004-08-04 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll

+ 2008-02-26 12:01:53 294,912 ----a-w C:\WINDOWS\system32\msctf.dll

+ 2008-05-29 01:13:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_570.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"Steam"="c:\programfiler\steam\steam.exe" [2008-03-28 20:44 1271032]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 19:01 36864 C:\WINDOWS\system32\P0630Pin.dll]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-05 16:00 219136]

"Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

WD Backup Monitor.lnk - C:\Programfiler\My Book\WD Backup\uBBMonitor.exe [2006-10-02 16:01:43 98304]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\AutorunsDisabled

RAID Manager.lnk - C:\Programfiler\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2006-03-21 15:22:16 724992]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= Pvmjpg21.dll

"VIDC.PIM1"= pclepim1.dll

"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Grisoft\\AVG Free\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG Free\\avgemc.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\eMule\\emule.exe"=

"E:\\Games\\GRAW.exe"=

"E:\\Download\\DL_file35.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Programfiler\\uTorrent\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"E:\\Games\\Battlefield 2142\\BF2142.exe"=

"C:\\Programfiler\\Grisoft\\AVG Free\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG Free\\avgcc.exe"=

"E:\\Games\\Battlefield 2\\BF2.exe"=

"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\nsl_host_process.exe"=

"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Games\\WIC\\wic.exe"=

"E:\\Games\\WIC\\wic_online.exe"=

"E:\\Games\\WIC\\wic_ds.exe"=

"E:\\Games\\crysis\\Bin32\\Crysis.exe"=

"C:\\Programfiler\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=

"C:\\Programfiler\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"C:\\Programfiler\\TVersity\\Media Server\\TVersity.exe"=

"C:\\Programfiler\\TVersity\\Media Server\\MediaServer.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"E:\\Games\\TmNationsForever\\TmForever.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4662:TCP"= 4662:TCP:TCP 1

"4672:UDP"= 4672:UDP:UDP 1

"41952:TCP"= 41952:TCP:Tversity

 

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-06-01 11:19]

R2 WFBB;WinFast PVR2000 WDM Video Capture;C:\WINDOWS\system32\drivers\wfbbvcap.sys [2004-10-30 06:19]

R2 WFBBENC;WinFast PVR2000 MPEG Encoder;C:\WINDOWS\system32\drivers\wfbbenc.sys [2004-10-30 06:19]

R2 WFBBXBAR;WinFast PVR2000 WDM Crossbar;C:\WINDOWS\system32\drivers\wfbbxbar.sys [2004-10-30 06:19]

R2 WFTUNE;WinFast PVR2000 WDM Tuner;C:\WINDOWS\system32\drivers\wfbbtune.sys [2004-10-30 06:19]

R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2005-06-06 03:44]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]

S3 WFIOCTL;WFIOCTL;C:\Programfiler\WinFast\WFTVFM\WFIOCTL.SYS [2003-09-10 09:53]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96cb9fab-e113-11da-8c80-000a48186a8d}]

\Shell\AutoRun\command - M:\CruzerProfile.exe /autorun

 

*Newly Created Service* - APPMGMT

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-29 14:10:39

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-29 14:11:23

ComboFix-quarantined-files.txt 2008-05-29 12:11:16

ComboFix2.txt 2008-05-28 19:14:02

ComboFix3.txt 2008-05-28 18:35:32

 

Pre-Run: 225,582,288,896 byte ledig

Post-Run: 225,581,723,648 byte ledig

 

188 --- E O F --- 2008-05-29 01:06:03

 

Hijackthis logg:

Klikk for å se/fjerne spoilerteksten nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:14:24, on 29.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\programfiler\steam\steam.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\My Book\WD Backup\uBBMonitor.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\Grisoft\AVG Free\avgcc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Ivar\Skrivebord\ivar123.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: WD Backup Monitor.lnk = C:\Programfiler\My Book\WD Backup\uBBMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: ImageUploader - http://www.direktefoto.no/df/Aurigma/ImageUploader.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.eversoft.co.kr/vmpinstaller/ins...e_lns4096d.html

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/FotolaboUploader.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/15.12/uploader2.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - http://www.euchannels.net/update/KooPlayer.ocx

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.no/ImageUploader4.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.navigram.com/engine/v812/PageDive5.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe

 

--

End of file - 8592 bytes

 

SAS logg:

Klikk for å se/fjerne spoilerteksten nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/28/2008 at 09:55 PM

 

Application Version : 4.1.1046

 

Core Rules Database Version : 3469

Trace Rules Database Version: 1460

 

Scan type : Complete Scan

Total Scan Time : 00:25:41

 

Memory items scanned : 437

Memory threats detected : 1

Registry items scanned : 5447

Registry threats detected : 6

File items scanned : 23335

File threats detected : 110

 

Trojan.Vundo-Variant/Small-GEN

C:\WINDOWS\SYSTEM32\URQOHXPN.DLL

C:\WINDOWS\SYSTEM32\URQOHXPN.DLL

 

Trojan.Vundo-Variant/Small

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54018E98-10E3-46C6-9673-2999253F9C65}

HKCR\CLSID\{54018E98-10E3-46C6-9673-2999253F9C65}

HKCR\CLSID\{54018E98-10E3-46C6-9673-2999253F9C65}\InprocServer32

HKCR\CLSID\{54018E98-10E3-46C6-9673-2999253F9C65}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{54018E98-10E3-46C6-9673-2999253F9C65}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\urqOHXpn

 

Adware.Tracking Cookie

C:\Documents and Settings\Ivar\Cookies\[email protected][1].txt

C:\Documents and Settings\Ivar\Cookies\ivar@windowsmedia[1].txt

C:\Documents and Settings\Ivar\Cookies\ivar@xiti[1].txt

C:\Documents and Settings\Ivar\Cookies\ivar@clickaider[2].txt

C:\Documents and Settings\Ivar\Cookies\ivar@imrworldwide[1].txt

C:\Documents and Settings\Ivar\Cookies\[email protected][1].txt

C:\Documents and Settings\Ivar\Cookies\ivar@atdmt[2].txt

C:\Documents and Settings\Ivar\Cookies\ivar@doubleclick[1].txt

C:\Documents and Settings\Ivar\Cookies\[email protected][1].txt

C:\Documents and Settings\Ivar\Cookies\[email protected][1].txt

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

secure.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

secure.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

secure.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

secure.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

secure.systemerrorfixer.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.adnetserver.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.stat.katalysatormedia.no [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.imrworldwide.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

ad.zanox.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

sale.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

sale.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

sale.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

sale.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

sale.antispywaresuite.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

clicktorrent.info [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.wildpornreview.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.wildpornreview.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.fuckthebabysitter.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.fuckthebabysitter.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.xiti.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.fuckspy.com [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.adsby.webtraffic.se [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

webcount.finn.no [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

.banner.finn.no [ C:\Documents and Settings\Ivar\Programdata\Mozilla\Firefox\Profiles\ptua4r1m.default\cookies.txt ]

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@bizrate[1].txt

C:\Documents and Settings\Linn\Cookies\linn@specificclick[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@casalemedia[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@atdmt[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@adrevolver[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@adtech[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@elitefoto[2].txt

C:\Documents and Settings\Linn\Cookies\linn@keywordmax[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@tribalfusion[2].txt

C:\Documents and Settings\Linn\Cookies\linn@dealtime[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@adviva[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@coolsavings[1].txt

C:\Documents and Settings\Linn\Cookies\linn@superstats[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@postclicktracking[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@drivecleaner[2].txt

C:\Documents and Settings\Linn\Cookies\linn@tradedoubler[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@indexstats[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@advertising[1].txt

C:\Documents and Settings\Linn\Cookies\linn@chokertraffic[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@overture[1].txt

C:\Documents and Settings\Linn\Cookies\linn@kontera[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@netmediagroup[1].txt

C:\Documents and Settings\Linn\Cookies\linn@stats24[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@bluestreak[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@mediaplex[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@easy-hit-counters[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][4].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][5].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@tacoda[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@burstnet[2].txt

C:\Documents and Settings\Linn\Cookies\linn@revsci[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@fastclick[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@kanoodle[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][2].txt

C:\Documents and Settings\Linn\Cookies\linn@hitbox[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@adbrite[2].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@country_select[1].txt

C:\Documents and Settings\Linn\Cookies\linn@2o7[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@banneradministration[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@hotbar[1].txt

C:\Documents and Settings\Linn\Cookies\linn@indextools[1].txt

C:\Documents and Settings\Linn\Cookies\linn@linksynergy[1].txt

C:\Documents and Settings\Linn\Cookies\[email protected][1].txt

C:\Documents and Settings\Linn\Cookies\linn@xiti[1].txt

 

Kaspersky online scan logg:

Klikk for å se/fjerne spoilerteksten nedenfor

KASPERSKY ONLINE SCANNER REPORT

Thursday, May 29, 2008 1:33:08 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 29/05/2008

Kaspersky Anti-Virus database records: 811007

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

K:\

L:\

 

Scan Statistics

Total number of scanned objects 147402

Number of viruses found 5

Number of infected objects 100

Number of suspicious objects 0

Duration of the scan process 04:43:15

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\avg7\Log\emc.log Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys

[r2d290]

Slette oppføringer med hijackthis:

Klikk for å se/fjerne innholdet nedenfor

Kjør hijackthis.exe. Velg "Do a system scan only"

 

 

1. Kryss av for de oppførningene du blir bedt om nedenfor.

 

2. Trykk på knappen "Fix checked"

 

3. Trykk Ja/yes for å fjerne oppførningene.

 

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

 

 

Utover dette, ser jeg ikke noe galt. SAS og kaspersky ser ut til å ha tatt knekken på trojaneren. Merker du noe mer til problemet?

[ihandela]

Hei og takk for raskt svar. Ser at jeg ikke hadde fått med hele loggen til Kaspersky. Legger ved den her:

 

Kaspersky logg:

 

Klikk for å se/fjerne spoilerteksten nedenfor

KASPERSKY ONLINE SCANNER REPORT

Thursday, May 29, 2008 1:33:08 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 29/05/2008

Kaspersky Anti-Virus database records: 811007

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

K:\

L:\

 

Scan Statistics

Total number of scanned objects 147402

Number of viruses found 5

Number of infected objects 100

Number of suspicious objects 0

Duration of the scan process 04:43:15

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\avg7\Log\emc.log Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys

[r2d290]

De to loggene så da skremmende like ut... Du kan bruke www.pastebin.no for å legge inn loggene, hvis du har problemer

 

 

Edit: men hvordan går det med problemet?

Endret 29. mai 2008 av r2d290

[ihandela]

Jo det virker litt bedre. Har ikke fått noen popups eller at IE er blitt treg, men jeg er litt bekymret for den filen som Kaspersky finner. Jeg vet ikke hvorfor jeg ikke får med alt. Filen er ganske lang, kanksje det har noe med saken å gjøre. Jeg legger ved filen som vedlegg og håper det er ok.

 

Prøver igjen med spoiler også:

 

Klikk for å se/fjerne spoilerteksten nedenfor

KASPERSKY ONLINE SCANNER REPORT

Thursday, May 29, 2008 1:33:08 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 29/05/2008

Kaspersky Anti-Virus database records: 811007

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

K:\

L:\

 

Scan Statistics

Total number of scanned objects 147402

Number of viruses found 5

Number of infected objects 100

Number of suspicious objects 0

Duration of the scan process 04:43:15

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\avg7\Log\emc.log Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

 

C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys

kaspersky_log.txt

[ihandela]

Har litt problemer med å laste opp loggen til Kaspersky. Prøver igjen... Laster den altså opp som et vedlegg nå (.txt fil)

kaspersky_log.txt

[ihandela]

Her er et kort utdrag fra Kaspersky loggen med den filen jeg mener:

 

E:\Download\Nokia N73 SymbianS60 3rd_TomTom6+GBMaps_Phoenix_Diego_Apps+Games+Themes.rar/Nokia N73 SymbianS60 3rd_TomTom6+GBMaps_Phoenix_Diego_Apps+Games+Themes/PC Apps/BB5 Reaper 2006 1.0.exe Infected: Trojan.Win32.Agent.mwy skipped

 

Hva er denne Trojan.Win32.Agent.mwy og hvordan kan jeg få slettet den?

 

Det er eller noe annet grums også i loggen , men det kan du se i loggen over.

 

Håper du finner tid til å svare på denne. PC-en ser ut til å være bedre nå ja, men jeg er nervøs for at det ligger noe igjen som gjør at det kommer tilbake.

[snippsat]

Sett over loggene ser greit ut.

 

Trojan.Win32.Agent.mwy og hvordan kan jeg få slettet den?

Det er denne.

 

E:\Download\Nokia N73 SymbianS60 3rd_TomTom6+GBMaps_Phoenix_Diego_Apps+Games+Themes.rar/Nokia N73 SymbianS60 3rd_TomTom6+GBMaps_Phoenix_Diego_Apps+Games+Themes/PC Apps/BB5 Reaper 2006 1.0.exe

 

Den er gjør ingen skade nå,før du prøver og innstalere den.

Du sletter den filen.

Problemer bruker du denne.

http://ccollomb.free.fr/unlocker/

 

Husk du kan scanne filer du er i tvil om her.

http://www.virustotal.com/

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf trygt.

Endret 29. mai 2008 av SNIPPSAT