Trenger hjelp siden jeg har fått et hardt virus

[Mrfluesikring]

HijackThis log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:27:18, on 03.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

G:\Diverse\Pelleapekatt.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nor.chello.no/ssi/welcome/welcome.php?url=home

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O14 - IERESET.INF: START_PAGE_URL=http://home.nor.chello.no/ssi/welcome/welcome.php?url=home

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.buypass.no/Installasjoner/Buypa...ogram/setup.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\skrivebord\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programfiler\pinnacle\shared files\programs\mediaserver\pmshost.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Secure (Secure Windows NT) - Unknown owner - C:\WINDOWS\system32\secure.exe (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe

 

 

 

[norbat]

Klikk: Start->Kjør

Skriv: services.msc

 

Finn følgende tjeneste, stopp den om den kjører, høyreklikk på tjenesten og velg egenskaper. Under oppstartstype velger du Deaktivert:

 

Secure (Secure Windows NT)

 

 

Åpne Notisblokka og kopier inn det som står under i fet. Lagre fil på skrivebordet som fjernjobb.bat Kjør fila ved å dobbeltklikke på den.

 

%systemdrive%

cd %WinDir%\Tasks

attrib -r -s -h AEE8156C91F38598.job

del AEE8156C91F38598.job

 

Deretter kjører du combofix nok en gang for en 'siste' sjekk. Post loggen sammen med ny hjt-logg.

Endret 3. desember 2007 av norbat

[Mrfluesikring]

ComboFix

 

07-12-02.6 - bert 2007-12-03 17:43:07.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.257 [GMT 1:00]

Running from: C:\Documents and Settings\bert\Skrivebord\Protection shit\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))

.

 

2007-12-03 17:17 . 2007-12-03 17:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-03 17:17 . 2007-12-03 17:17 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-03 00:10 . 2007-12-03 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ATI

2007-12-03 00:08 . 2007-12-03 00:08 0 --a------ C:\WINDOWS\ativpsrm.bin

2007-12-03 00:06 . 2007-12-03 00:42 <DIR> d-------- C:\Programfiler\Steam

2007-12-02 14:28 . 2007-12-03 15:53 156 --a------ C:\WINDOWS\Twunk001.MTX

2007-12-02 14:28 . 2007-12-03 15:53 3 --a------ C:\WINDOWS\Twain001.Mtx

2007-12-02 14:28 . 2007-12-02 14:28 0 --a------ C:\WINDOWS\Twunk002.MTX

2007-12-02 14:27 . 2007-12-02 14:27 <DIR> d-------- C:\Documents and Settings\bert\Programdata\Publish Providers

2007-12-02 14:26 . 2007-12-03 17:17 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2007-12-02 14:02 . 2007-12-02 14:02 <DIR> d-------- C:\Programfiler\Vstplugins

2007-12-02 02:59 . 2007-12-03 01:01 <DIR> d-------- C:\Documents and Settings\Bente og Bj°rn Eriks\Lokale innstillinger

2007-12-02 02:18 . 2004-08-04 07:00 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys

2007-12-02 02:18 . 2004-08-04 07:00 29,056 --a--c--- C:\WINDOWS\system32\dllcache\ip6fw.sys

2007-12-01 16:43 . 2007-12-01 16:43 <DIR> d-------- C:\Programfiler\Alwil Software

2007-12-01 16:43 . 2007-10-25 17:24 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-12-01 16:43 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2007-12-01 16:43 . 2007-10-25 17:14 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-12-01 16:43 . 2007-10-25 18:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-01 16:43 . 2007-10-25 18:05 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-01 16:43 . 2007-10-25 18:01 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-01 16:43 . 2007-10-25 17:58 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-01 16:43 . 2007-10-25 18:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-01 12:38 . 2007-12-03 17:38 <DIR> dr-h----- C:\Documents and Settings\bert\Siste

2007-12-01 12:25 . 2007-12-01 12:25 <DIR> d-------- C:\Programfiler\CCleaner

2007-12-01 12:22 . 2007-12-01 12:22 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter

2007-12-01 12:22 . 2007-12-01 12:22 83,144 --a------ C:\WINDOWS\system32\3608828

2007-12-01 12:21 . 2007-12-01 12:21 291,328 --a------ C:\WINDOWS\system32\libcurl.dll

2007-12-01 12:20 . 2007-12-01 12:20 50 --a------ C:\9A.bat

2007-12-01 12:20 . 2007-12-01 12:20 1 --a------ C:\9D.tmp

2007-12-01 12:10 . 2007-12-01 12:10 0 --a------ C:\Install

2007-12-01 00:00 . 2007-12-01 00:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-11-30 23:59 . 2007-11-30 23:59 <DIR> d-------- C:\Programfiler\Reference Assemblies

2007-11-30 23:58 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-11-30 23:48 . 2007-11-30 23:48 <DIR> d-------- C:\Documents and Settings\bert\Programdata\Sony Setup

2007-11-30 22:03 . 2007-11-30 22:05 <DIR> d-------- C:\Programfiler\EffectsLab DV

2007-11-30 21:53 . 2007-11-30 21:53 <DIR> d-------- C:\Programfiler\MOVAVI

2007-11-30 21:53 . 2007-11-30 21:53 <DIR> d-------- C:\Programfiler\EnhanceMovie 2.2

2007-11-30 21:32 . 2007-11-30 21:32 <DIR> d-------- C:\tape-indices

2007-11-30 21:32 . 2007-11-30 21:32 <DIR> d-------- C:\Programfiler\Sclive

2007-11-30 21:32 . 2007-11-30 21:32 36,864 --a------ C:\WINDOWS\unslive.exe

2007-11-30 20:27 . 2007-12-02 14:01 <DIR> d-------- C:\Programfiler\Sony

2007-11-30 20:27 . 2007-12-02 14:26 <DIR> d-------- C:\Documents and Settings\bert\Programdata\Sony

2007-11-30 20:27 . 2007-12-02 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony

2007-11-30 18:52 . 2007-11-30 18:52 <DIR> d-------- C:\Programfiler\Sony Setup

2007-11-30 16:18 . 2007-11-30 16:18 <DIR> d-------- C:\Documents and Settings\bert\Programdata\InstallShield

2007-11-26 16:33 . 2007-11-26 16:33 122 --a------ C:\WINDOWS\Winchat.ini

2007-11-26 14:06 . 2007-11-26 14:06 <DIR> d--h----- C:\Documents and Settings\All Users\Programdata\CanonBJ

2007-11-25 00:46 . 2007-11-25 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\CanonIJPLM

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-03 16:24 --------- d-----w C:\Documents and Settings\bert\Programdata\Microgaming

2007-12-03 16:19 --------- d-----w C:\Programfiler\Incomplete

2007-12-03 15:57 --------- d-----w C:\Programfiler\LimeWire

2007-12-03 15:14 --------- d-----w C:\Documents and Settings\bert\Programdata\LimeWire

2007-12-03 00:51 --------- d-----w C:\Documents and Settings\bert\Programdata\uTorrent

2007-12-02 23:10 --------- d-----w C:\Documents and Settings\bert\Programdata\ATI

2007-12-02 23:03 --------- d-----w C:\Programfiler\ATI Technologies

2007-12-02 23:00 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-01 11:20 14,336 ----a-w C:\WINDOWS\system32\svchost.exe

2007-11-30 23:05 --------- d-----w C:\Programfiler\MSBuild

2007-11-30 21:04 --------- d-----w C:\Programfiler\Full Tilt Poker

2007-11-30 17:57 --------- d-----w C:\Programfiler\Microsoft.NET

2007-11-30 17:57 --------- d-----w C:\Programfiler\Microsoft SQL Server

2007-11-26 13:01 --------- d-----w C:\Programfiler\Canon

2007-11-14 16:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-25 14:42 --------- d-----w C:\Programfiler\Fellesfiler\Canon

2007-10-13 11:17 --------- d-----w C:\Documents and Settings\bert\Programdata\vlc

2007-10-13 11:16 --------- d-----w C:\Programfiler\VideoLAN

2007-10-13 10:54 --------- d-----w C:\Programfiler\DivX

2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-09-28 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

2005-06-23 09:22 76 -c-ha-w C:\Programfiler\Desktop.ini

2004-06-09 15:03 832,728 -c--a-w C:\Programfiler\NPSWF32.dll

2007-08-17 12:27 17,351,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-08-17 12:27 447,520 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

.

 

((((((((((((((((((((((((((((( snapshot@2007-12-03_ 0.59.38.82 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-12-02 23:46:11 96,582 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-12-03 12:24:42 96,582 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-12-02 23:46:11 105,094 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2007-12-03 12:24:42 105,094 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2007-12-02 23:46:11 504,110 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-12-03 12:24:42 504,110 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2007-12-02 23:46:11 506,780 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2007-12-03 12:24:42 506,780 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2007-12-03 12:20:30 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5e4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"GreyMSIAds"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\skrivebord\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="LogonUI.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\skrivebord\SASWINLO.dll 2007-04-19 12:41 294912 C:\skrivebord\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.exe.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.exe.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk

backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^InterVideo WinCinema Manager.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger Agent.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger Agent.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger Agent.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Pinnacle Scheduler.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Pinnacle Scheduler.lnk

backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bert^Start-meny^Programmer^Oppstart^RollerCoaster Tycoon 3 Registration.lnk]

path=C:\Documents and Settings\bert\Start-meny\Programmer\Oppstart\RollerCoaster Tycoon 3 Registration.lnk

backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 10:09 63712 --a------ C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1\Temp]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1\Temp\a]

C:\DOCUME~1\bert\LOKALE~1\Temp\\a.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1\Temp\limewirepro]

C:\DOCUME~1\bert\LOKALE~1\Temp\\limewirepro.4.14.0.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programfiler]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programfiler\NetMeter]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programfiler\NetMeter\NetMeter.exe]

C:\Programfiler\NetMeter\NetMeter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe /logon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe /logon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 09:03 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Programfiler\DAEMON Tools\daemon.exe -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

C:\Programfiler\D-Tools\daemon.exe -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 00:47 31016 --a------ C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2006-10-30 09:36 256576 --a------ C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

Logi_MwX.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2003-06-30 20:56 188416 --a------ C:\Programfiler\Logitech\Video\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2003-06-30 21:00 65536 --a------ C:\Programfiler\Logitech\Video\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

C:\Programfiler\Eset\nod32kui.exe /WAITSERVICE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onlinemeowdatewipe]

C:\Documents and Settings\All Users\Programdata\Blehdebugonlinemeow\setup draw.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2003-12-04 12:34 406016 --a------ C:\WINDOWS\system32\\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Programfiler\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Programfiler\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

C:\Programfiler\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

???????????????????????

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureClean4RegManager]

C:\Programfiler\WhiteCanyon\SecureClean 4\scregmanager4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureClean4Tray]

C:\Programfiler\WhiteCanyon\SecureClean 4\sctray4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]

C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Programfiler\Steam\Steam.exe -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive]

C:\Programfiler\The Cleaner\tca.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcmonitor]

C:\Programfiler\The Cleaner\tcm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Programfiler\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

C:\Programfiler\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"StyleXPService"=2 (0x2)

"MSSQL$PINNACLESYS"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"

 

R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys

R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE

R2 SQLWriter;SQL Server VSS Writer;"c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe"

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs

S2 WebCamDV;WebCamDV DV to Webcam Converter;C:\WINDOWS\system32\DRIVERS\WebCamDV.sys

S3 ACCSKMD;Canon Camera Storage Device;C:\WINDOWS\system32\DRIVERS\accskmd.sys

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys

S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys

S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2

S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys

S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys

S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys

S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys

S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys

S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys

S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys

S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;C:\WINDOWS\system32\drivers\wcdvaud.sys

S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;\??\H:\ZDBRGSYS.SYS

S4 Secure Windows NT;Secure;C:\WINDOWS\system32\secure.exe

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contents of the 'Scheduled Tasks' folder

"2007-11-30 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Programfiler\TuneUp Utilities 2006\SystemOptimizer.exe

.

**************************************************************************

 

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-03 17:52:11

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-03 17:56:10

C:\ComboFix2.txt ... 2007-12-03 01:01

C:\ComboFix3.txt ... 2007-12-02 23:27

.

--- E O F ---

 

 

 

HiJack This:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:59:03, on 03.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\iTunes\iTunes.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

G:\Diverse\Pelleapekatt.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nor.chello.no/ssi/welcome/welcome.php?url=home

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O14 - IERESET.INF: START_PAGE_URL=http://home.nor.chello.no/ssi/welcome/welcome.php?url=home

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.buypass.no/Installasjoner/Buypa...ogram/setup.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\skrivebord\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programfiler\pinnacle\shared files\programs\mediaserver\pmshost.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe

 

 

 

[norbat]

Da 'avslutter' vi med følgende:

 

Gå til nettstedet: http://virusscan.jotti.org/.

Øverst på siden så skal du laste opp noen file for sjekk. Sjekk disse filene:

(mulig du må slå på "hvis skjulte filer og mapper")

 

C:\WINDOWS\QTFont.qfn

C:\WINDOWS\QTFont.for

C:\WINDOWS\system32\drivers\ip6fw.sys

 

Hvis sjekken finner noe på noen av disse filene, legger du de inn under 'Files to delete' i Avenger (se under)

 

 

Start deretter Avenger og sett inn følgende (i fet):

 

Files to delete:

C:\WINDOWS\system32\secure.exe

C:\9A.bat

C:\9D.tmp

 

Folders to delete:

C:\WINDOWS\system32\3608828

C:\Documents and Settings\bert\Programdata\Microgaming

C:\Programfiler\Full Tilt Poker

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run

 

Fortell så hvordan PC-en kjører.

Endret 3. desember 2007 av norbat

[Mrfluesikring]

sånn ferdig.

 

shit jeg hadde mye rart på pcen eller hva norbat?

 

Kan du si litt om hva det var eller

 

takk!

[norbat]

Ja, du hadde en kraftig infeksjon av div malware (trojanere med bakdørfunksjon, keyloggerfunksjon, DNS-hijacked etc).

Eks. E404D.DLL: http://www.prevx.com/filenames/X1132501048.../E404D.DLL.html

Secure Windows NT-tjenesten: http://www.bleepingcomputer.com/startups/s....exe-19510.html

 

 

De filene du sjekket på Jotti, ga de noe resultat?

Endret 3. desember 2007 av norbat

[Mrfluesikring]

Ja, du hadde en kraftig infeksjon av div malware (trojanere med bakdørfunksjon, keyloggerfunksjon, DNS-hijacked etc).

Eks. E404D.DLL: http://www.prevx.com/filenames/X1132501048.../E404D.DLL.html

Secure Windows NT-tjenesten: http://www.bleepingcomputer.com/startups/s....exe-19510.html

 

 

De filene du sjekket på Jotti, ga de noe resultat?

nope de var snille filer.

 

BTw siste loggen fra AVenger

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\ujbiprum

 

*******************

 

Script file located at: \??\C:\WINDOWS\ctmtkknf.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

File C:\WINDOWS\system32\secure.exe not found!

Deletion of file C:\WINDOWS\system32\secure.exe failed!

 

Could not process line:

C:\WINDOWS\system32\secure.exe

Status: 0xc0000034

 

File C:\9A.bat deleted successfully.

File C:\9D.tmp deleted successfully.

 

 

Error: C:\WINDOWS\system32\3608828 is not a folder! It may instead be a file.

Deletion of folder C:\WINDOWS\system32\3608828 failed!

 

Could not process line:

C:\WINDOWS\system32\3608828

Status: 0xc0000103

 

Folder C:\Documents and Settings\bert\Programdata\Microgaming deleted successfully.

Folder C:\Programfiler\Full Tilt Poker deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

[norbat]

Error: C:\WINDOWS\system32\3608828 is not a folder! It may instead be a file.

Deletion of folder C:\WINDOWS\system32\3608828 failed!

 

Kunne du ha sjekket hva C:\WINDOWS\system32\3608828 er for type 'fil'? (høyreklikk på den og velg egenskaper). Hvis du ikke finner den må du kanskje slå på "hvis skjulte filer og mapper".

[Mrfluesikring]

Error: C:\WINDOWS\system32\3608828 is not a folder! It may instead be a file.

Deletion of folder C:\WINDOWS\system32\3608828 failed!

 

Kunne du ha sjekket hva C:\WINDOWS\system32\3608828 er for type 'fil'? (høyreklikk på den og velg egenskaper). Hvis du ikke finner den må du kanskje slå på "hvis skjulte filer og mapper".

Jeg har ikke system 32 mappen.

 

Har på vis skjulte filer og mapper!

[norbat]

Den ligger i Windows-mappa