(løst) Kan noe se gjennom loggene mine?

bjoet · 9. desember 2007

Hei,

Har nå gått gjennom langversjonen i 1. post og poster loggene her, håper noen kan gå gjennom de for å se om jeg trenger å gjøre noe mer.

mvh.

Trond

Logfile of HijackThis v1.99.1

Scan saved at 00:07:21, on 10.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\Explorer.EXE

G:\Medal Of Honor\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Messenger\MSMSGS.EXE

D:\Programfiler\DAEMON Tools\daemon.exe

D:\Programfiler\SUPERAntiSpyware.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

D:\PROGRA~1\INCRED~1\bin\ImApp.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\notepad.exe

D:\Programfiler\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: (no name) - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [incrediMail] D:\Programfiler\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Programfiler\SUPERAntiSpyware.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197142159546

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - G:\Medal Of Honor\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

ComboFix 07-12-09.1 - Bjørkeli 2007-12-09 23:00:06.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1600 [GMT 1:00]

Running from: C:\Documents and Settings\Bjørkeli\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

C:\WINDOWS\mrofinu922.exe

C:\WINDOWS\system32\aqpheiqt.ini

C:\WINDOWS\system32\iifggde.dll

C:\WINDOWS\system32\prutv.ini

C:\WINDOWS\system32\prutv.ini2

C:\WINDOWS\system32\tqiehpqa.dll

C:\WINDOWS\system32\vturp.dll

C:\WINDOWS\system32\weuxdeaf.dll

.

((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))

.

2007-12-09 22:43 . 2007-12-09 22:43 <DIR> dr-h----- C:\Documents and Settings\Bjørkeli\Siste

2007-12-09 22:41 . 2007-12-09 22:41 <DIR> d-------- C:\Programfiler\Yahoo!

2007-12-09 22:41 . 2007-12-09 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion

2007-12-09 21:25 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll

2007-12-09 21:14 . 2007-12-09 21:14 <DIR> d-------- C:\Documents and Settings\Bjørkeli\Programdata\TuneUp Software

2007-12-09 21:12 . 2007-12-09 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TuneUp Software

2007-12-09 20:57 . 2007-12-09 20:57 <DIR> d-------- C:\Documents and Settings\Bjørkeli\WINDOWS

2007-12-09 12:01 . 2007-12-09 12:01 <DIR> dr-h----- C:\Documents and Settings\Bjørkeli\Programdata\SecuROM

2007-12-09 12:01 . 2007-12-09 12:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-12-09 11:40 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2007-12-09 11:40 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-12-09 11:38 . 2007-12-09 11:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-12-09 11:38 . 2007-12-09 11:38 <DIR> d-------- C:\WINDOWS\system32\AGEIA

2007-12-09 11:38 . 2007-12-09 11:38 <DIR> d-------- C:\Programfiler\AGEIA Technologies

2007-12-09 11:37 . 2007-12-09 21:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-12-09 10:11 . 2007-12-09 10:11 <DIR> d-------- C:\Programfiler\SystemRequirementsLab

2007-12-09 05:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-12-09 05:37 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2007-12-08 22:57 . 2007-12-08 22:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2007-12-08 22:54 . 2007-12-08 22:54 <DIR> d-------- C:\Programfiler\Windows Installer Clean Up

2007-12-08 22:53 . 2007-12-08 22:53 <DIR> d-------- C:\Programfiler\MSECACHE

2007-12-08 22:01 . 2007-12-08 22:01 <DIR> d-------- C:\Documents and Settings\Bjørkeli\Programdata\Image Zone Express

2007-12-08 22:01 . 2007-12-08 22:01 <DIR> d-------- C:\Documents and Settings\Bjørkeli\Programdata\Creative

2007-12-08 21:18 . 2007-08-20 11:03 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-12-08 21:18 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-12-08 21:18 . 2007-03-08 06:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-12-08 21:18 . 2007-08-20 11:03 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-12-08 21:18 . 2007-08-20 11:03 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-12-08 21:18 . 2007-08-20 11:03 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-12-08 21:18 . 2007-08-20 11:03 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-12-08 21:18 . 2007-08-20 11:03 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-12-08 21:18 . 2007-08-17 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-08 21:17 . 2007-12-08 21:19 <DIR> d-------- C:\WINDOWS\system32\nb-no

2007-12-08 21:05 . 2007-12-08 21:05 <DIR> d-------- C:\Programfiler\MSXML 4.0

2007-12-08 21:03 . 2007-12-08 21:03 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2007-12-08 20:59 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys

2007-12-08 20:59 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe

2007-12-08 20:59 . 2006-08-21 13:28 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll

2007-12-08 20:55 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-12-08 20:39 . 2007-12-08 20:39 382 --a------ C:\WINDOWS\ODBC.INI

2007-12-08 20:34 . 2007-12-08 20:35 <DIR> d-------- C:\WINDOWS\ShellNew

2007-12-08 20:27 . 2007-12-08 20:27 <DIR> d---s---- C:\Documents and Settings\Bjørkeli\UserData

2007-12-08 17:38 . 2007-12-08 17:38 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-12-08 17:24 . 2007-12-08 17:24 <DIR> d-------- C:\Programfiler\Canon

2007-12-08 17:23 . 2007-12-08 17:23 0 --a------ C:\WINDOWS\OpPrintServer.INI

2007-12-08 17:16 . 2004-08-04 09:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2007-12-08 17:16 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2007-12-08 17:13 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2007-12-08 17:13 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2007-12-08 17:04 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE

2007-12-08 17:04 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE

2007-12-08 17:03 . 2007-12-08 17:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Creative

2007-12-08 17:03 . 2007-12-08 17:08 <DIR> d--h----- C:\Programfiler\Creative Installation Information

2007-12-08 16:53 . 2007-12-08 17:13 <DIR> d-------- C:\Programfiler\Creative

2007-12-08 16:40 . 2007-12-08 16:40 <DIR> d-------- C:\Documents and Settings\Bjørkeli\Programdata\HP

2007-12-08 16:39 . 2007-12-08 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP

2007-12-08 16:37 . 2007-12-08 16:38 <DIR> d-------- C:\Programfiler\Fellesfiler\HP

2007-12-08 16:31 . 2007-12-08 16:32 <DIR> d-------- C:\Programfiler\Hewlett-Packard

2007-12-08 16:29 . 2007-12-08 16:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard

2007-12-08 16:23 . 2006-02-01 01:48 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2007-12-08 16:23 . 2006-02-01 01:48 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2007-12-08 16:22 . 2004-08-04 06:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-12-08 16:22 . 2004-08-04 06:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-12-08 16:21 . 2005-03-15 01:33 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2007-12-08 16:21 . 2005-03-15 01:35 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2007-12-08 16:21 . 2005-03-09 01:25 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2007-12-08 16:21 . 2005-11-22 21:58 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2007-12-08 16:21 . 2005-03-15 03:09 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe

2007-12-08 16:21 . 2005-03-09 01:25 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2007-12-08 16:20 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-12-08 16:18 . 2007-12-08 16:38 <DIR> d-------- C:\Programfiler\HP

2007-12-08 16:12 . 2007-12-08 16:40 119,311 --a------ C:\WINDOWS\hpoins09.dat

2007-12-08 16:11 . 2006-01-04 09:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll

2007-12-08 16:11 . 2006-02-09 15:45 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll

2007-12-08 14:32 . 2007-12-08 21:58 <DIR> d-------- C:\Documents and Settings\Bjørkeli\Programdata\UseNeXT

2007-12-08 14:14 . 2007-12-09 11:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-12-08 13:42 . 2007-12-08 13:42 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny

2007-12-08 13:13 . 2007-12-08 17:10 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2007-12-08 13:12 . 2007-12-08 13:12 <DIR> d-------- C:\WINDOWS\provisioning

2007-12-08 13:12 . 2007-12-08 13:12 <DIR> d-------- C:\WINDOWS\peernet

2007-12-08 13:11 . 2007-12-08 13:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2007-12-08 13:07 . 2007-12-08 13:07 <DIR> d-------- C:\WINDOWS\EHome

2007-12-08 12:51 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img

2007-12-08 12:51 . 2004-08-04 01:03 11,776 --------- C:\WINDOWS\system32\spnpinst.exe

2007-12-08 12:51 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig

2007-12-08 12:51 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat

2007-12-08 12:45 . 2007-12-08 12:45 13,646 --a------ C:\WINDOWS\system32\wpa.bak

2007-12-08 12:32 . 2004-08-04 09:03 614,912 --a------ C:\WINDOWS\system32\h323msp.dll

2007-12-08 12:32 . 2004-08-04 09:03 330,240 --a------ C:\WINDOWS\system32\ipnathlp.dll

2007-12-08 12:32 . 2004-08-04 09:03 265,728 --a------ C:\WINDOWS\system32\h323.tsp

2007-12-08 12:32 . 2004-03-30 02:52 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll

2007-12-08 12:32 . 2004-01-10 06:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe

2007-12-08 12:16 . 2007-12-08 12:16 <DIR> d-------- C:\WINDOWS\vnDrvBas

2007-12-08 12:16 . 2005-11-17 08:46 337,320 --a------ C:\WINDOWS\system32\difxapi.dll

2007-12-08 12:16 . 2006-10-27 09:26 69,632 --a------ C:\WINDOWS\system32\vuins32.dll

2007-12-08 12:16 . 2007-02-27 09:14 42,496 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys

2007-12-08 12:16 . 2003-07-01 21:42 27,904 -ra------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-09 22:01 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-12-09 21:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2007-12-08 16:28 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-08 15:52 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2007-12-08 11:11 --------- d-----w C:\Programfiler\Telenor

2007-12-08 10:04 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-08 10:04 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-12-08 10:04 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-08 10:04 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-08 10:04 --------- d-----w C:\Programfiler\Symantec

2007-12-08 10:00 --------- d-----w C:\Programfiler\Norton Internet Security

2007-12-08 09:48 --------- d-----w C:\Programfiler\ATI Technologies

2007-12-08 09:42 --------- d-----w C:\Programfiler\microsoft frontpage

2007-12-08 09:41 558,142 ----a-w C:\WINDOWS\java\Packages\VRXR7JJN.ZIP

2007-12-08 09:41 155,995 ----a-w C:\WINDOWS\java\Packages\E8DZV7N9.ZIP

2007-12-08 09:40 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2007-12-08 09:40 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap

2007-12-08 09:39 --------- d-----w C:\Programfiler\Elektroniske tjenester

2007-12-08 09:34 --------- d-----w C:\Programfiler\Fellesfiler\ODBC

2007-12-08 09:33 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines

2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-11-01 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AF37311-77FA-4E22-8ACA-93B1FFDB2490}]

C:\WINDOWS\system32\vturp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de6bcfdb-7ebd-43a8-bdc2-97382a945840}]

C:\WINDOWS\system32\weuxdeaf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]

"MSMSGS"="C:\Programfiler\Messenger\MSMSGS.exe" [2004-10-13 17:24]

"IncrediMail"="D:\Programfiler\IncrediMail\bin\IncMail.exe" [2007-11-26 10:13]

"DAEMON Tools"="D:\Programfiler\DAEMON Tools\daemon.exe" [2007-12-06 13:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 13:17]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 13:16]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"fc19f623"="C:\WINDOWS\system32\tqiehpqa.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde]

iifggde.dll

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-12-09 20:26:06 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- D:\Programfiler\SystemOptimizer.exe

"2007-12-08 10:02:31 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Bjørkeli.job"

- C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK:

.

**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-09 23:01:33

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-09 23:02:07

.

--- E O F ---

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/09/2007 at 11:39 PM

Application Version : 3.9.1008

Core Rules Database Version : 3358

Trace Rules Database Version: 1357

Scan type : Quick Scan

Total Scan Time : 00:32:03

Memory items scanned : 516

Memory threats detected : 0

Registry items scanned : 706

Registry threats detected : 0

File items scanned : 64086

File threats detected : 3

Adware.Tracking Cookie

C:\Documents and Settings\Bjørkeli\Cookies\bjø[email protected][1].txt

********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh

09.12.2007 23:55:32,15

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-09 23:55:34

Windows 5.1.2600 Service Pack 2

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Programfiler\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:01,f4,91,bb,c9,e4,40,e1,8e,a9,6f,ea,06,99,17,c4,a9,4d,f4,47,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001]

"a0"=hex:20,01,00,00,19,48,92,ac,36,16,62,67,79,47,ba,ad,67,a1,e1,1d,2f,..

"khjeh"=hex:05,6a,c9,09,2d,11,a1,cf,a4,ab,97,f7,81,f0,6d,47,e0,f5,6f,6d,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40]

"khjeh"=hex:0f,1a,58,b2,7d,51,d2,ec,b6,47,cd,b3,5c,cd,63,b9,97,54,31,1d,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Programfiler\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:01,f4,91,bb,c9,e4,40,e1,8e,a9,6f,ea,06,99,17,c4,a9,4d,f4,47,59,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001]

"a0"=hex:20,01,00,00,19,48,92,ac,36,16,62,67,79,47,ba,ad,67,a1,e1,1d,2f,..

"khjeh"=hex:05,6a,c9,09,2d,11,a1,cf,a4,ab,97,f7,81,f0,6d,47,e0,f5,6f,6d,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40]

"khjeh"=hex:8c,50,57,69,d3,4b,b6,5d,eb,47,67,0b,d8,28,c0,97,b8,18,b8,5f,00,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0

hidden services: 0

hidden files: 0

Endret 10. desember 2007 av bjoet

norbat · 9. desember 2007

Hent Avenger og pakk det ut.

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

Registry values to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"fc19f623"

Registry keys to delete:

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AF37311-77FA-4E22-8ACA-93B1FFDB2490}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de6bcfdb-7ebd-43a8-bdc2-97382a945840}

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde

Klikk på Trafikklyset. Restart PC-en.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den.

Ut over dette ser ting og tang greit ut. Hvordan kjører PC-en? (plages du fortsatt med popups...)

Endret 9. desember 2007 av norbat

bjoet · 10. desember 2007

Hent Avenger og pakk det ut.

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

Registry values to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"fc19f623"

Registry keys to delete:

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AF37311-77FA-4E22-8ACA-93B1FFDB2490}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de6bcfdb-7ebd-43a8-bdc2-97382a945840}

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde

Klikk på Trafikklyset. Restart PC-en.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den.

Ut over dette ser ting og tang greit ut. Hvordan kjører PC-en? (plages du fortsatt med popups...)

Hei og takk for rask respons,

Jeg legger ved loggen av Avenger da det ser ut til at den ikke greide å gjøre jobben.

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\veliwlce

*******************

Script file located at: \??\C:\stdbklxj.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fc19f623

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fc19f623 failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AF37311-77FA-4E22-8ACA-93B1FFDB2490} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AF37311-77FA-4E22-8ACA-93B1FFDB2490} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de6bcfdb-7ebd-43a8-bdc2-97382a945840} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de6bcfdb-7ebd-43a8-bdc2-97382a945840} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde not found!

Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde failed!

Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Trond

norbat · 10. desember 2007

Da tar vi en ekstra titt på en ny combofix-logg (kjør combofix på nytt og post loggen)

bjoet · 10. desember 2007

Da tar vi en ekstra titt på en ny combofix-logg (kjør combofix på nytt og post loggen)

Hei igjen,

Først må jeg bare takke så mye for at du tar deg tid til dette :thumbup:

Ok, her er loggen fra i dag

ComboFix 07-12-09.1 - Bjørkeli 2007-12-10 9:58:51.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1431 [GMT 1:00]

Running from: C:\Documents and Settings\Bjørkeli\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))

.

2007-12-09 23:05 . 2007-12-09 23:05 <DIR> d-------- C:\Documents and Settings\Bjørkeli\Programdata\SUPERAntiSpyware.com

2007-12-09 23:05 . 2007-12-09 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-12-09 22:43 . 2007-12-10 09:42 <DIR> dr-h----- C:\Documents and Settings\Bjørkeli\Siste

2007-12-09 22:41 . 2007-12-10 08:00 <DIR> d-------- C:\Programfiler\Yahoo!