Poppup fra ie..

[1915]

Som sagt, jeg får poppup fra ie. men bruker bare firefox. har skannet med SAS, nolop og hijhackthis og fjernet alt jeg har funnet. men det kommer fortsatt opp poppup fra ie ;S

 

hva gjør jeg nå ?

[norbat]

Hva med å poste en hjt-logg?

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

[1915]

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:18:07, on 29.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\LogMeIn\x86\RaMaint.exe

C:\Programfiler\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Eset\nod32kui.exe

C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\programfiler\valve\steam\steam.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\uTorrent\utorrent.exe

C:\Programfiler\Winamp\winamp.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [DeskSpace] C:\Programfiler\DeskSpace\deskspace.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [01for] C:\DOCUME~1\DMINIS~1\PROGRA~1\flag16\bind default size.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5877 bytes

Endret 29. desember 2007 av Danielsm

[norbat]

Fix følgende linje vha. hjt:

O4 - HKCU\..\Run: [01for] C:\DOCUME~1\DMINIS~1\PROGRA~1\flag16\bind default size.exe

 

Bruk utforsker til å slette mappa:

C:\DOCUME~1\DMINIS~1\PROGRA~1\flag16

(Mulig du må ta den fra sikker modus)

 

Kjør en rens med CCleaner og fortell så hvordan det går med popup.

 

(Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.)

[1915]

har jort det.

 

foreløpig har det ikke komment noe poppup. men skal si ifra hvis det kommer

[1915]

neeh. det kommer opp poppup igjen ;O

[norbat]

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt)

[1915]

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-12-21.4 - ædministrator 2007-12-30 13:46:25.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.527 [GMT 1:00]

Running from: C:\Documents and Settings\ædministrator\Mine dokumenter\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))

.

 

2007-12-29 23:25 . 2007-12-29 23:47 <DIR> dr-h----- C:\Documents and Settings\ædministrator\Siste

2007-12-29 23:25 . 2007-12-29 23:47 <DIR> dr-h----- C:\Documents and Settings\ædministrator\Siste

2007-12-28 20:15 . 2007-12-28 20:30 <DIR> d-------- C:\Documents and Settings\ædministrator\Mercury

2007-12-28 20:15 . 2007-12-28 20:30 <DIR> d-------- C:\Documents and Settings\ædministrator\Mercury

2007-12-28 18:04 . 2007-12-28 18:04 <DIR> d-------- C:\Programfiler\Trend Micro

2007-12-28 17:09 . 2007-12-28 17:09 <DIR> d-------- C:\Programfiler\Mercury

2007-12-28 17:05 . 2007-12-28 17:05 <DIR> d-------- C:\Programfiler\flag16

2007-12-24 16:46 . 2007-12-30 00:02 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-12-24 16:46 . 2007-12-24 16:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-12-24 16:46 . 2007-12-24 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-12-24 16:46 . 2007-12-24 16:46 <DIR> d-------- C:\Documents and Settings\ædministrator\Programdata\SUPERAntiSpyware.com

2007-12-22 13:39 . 2007-12-22 13:39 <DIR> d-------- C:\Documents and Settings\ædministrator\Programdata\OtakuSoftware

2007-12-22 13:37 . 2007-12-22 13:37 <DIR> d-------- C:\Programfiler\DeskSpace

2007-12-22 02:34 . 2007-12-22 02:34 244 --ah----- C:\sqmnoopt05.sqm

2007-12-22 02:34 . 2007-12-22 02:34 232 --ah----- C:\sqmdata05.sqm

2007-12-22 00:48 . 2007-12-22 00:48 244 --ah----- C:\sqmnoopt04.sqm

2007-12-22 00:48 . 2007-12-22 00:48 232 --ah----- C:\sqmdata04.sqm

2007-12-20 12:04 . 2007-12-28 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log

2007-12-20 12:04 . 2007-12-28 17:06 <DIR> d-------- C:\Documents and Settings\ædministrator\Programdata\flag16

2007-12-20 12:03 . 2007-12-20 12:03 <DIR> d-------- C:\Programfiler\Circle Developement

2007-12-20 12:03 . 2007-12-20 12:03 244 --ah----- C:\sqmnoopt03.sqm

2007-12-20 12:03 . 2007-12-20 12:03 232 --ah----- C:\sqmdata03.sqm

2007-12-16 00:52 . 2007-12-24 16:47 <DIR> d-------- C:\Documents and Settings\ædministrator\amsn

2007-12-16 00:52 . 2007-12-24 16:47 <DIR> d-------- C:\Documents and Settings\ædministrator\amsn

2007-12-11 20:41 . 2005-06-21 09:50 142,768 -ra------ C:\WINDOWS\system32\drivers\ar5523.bin

2007-12-11 20:41 . 2005-06-21 09:50 43,392 -ra------ C:\WINDOWS\system32\drivers\Athfmwdl.sys

2007-12-09 00:56 . 2007-12-29 22:00 <DIR> d-------- C:\Ny mappe

2007-12-07 22:13 . 2007-12-07 22:13 <DIR> d-------- C:\Programfiler\aMSN

2007-12-07 11:51 . 2007-12-30 00:00 <DIR> d-------- C:\Programfiler\LogMeIn

2007-12-07 08:49 . 2007-12-07 08:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2007-11-30 17:49 . 2007-11-30 17:49 <DIR> d-------- C:\WINDOWS\system32\nb-no

2007-11-30 17:48 . 2007-11-30 17:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-11-28 11:09 . 2006-03-01 05:21 1,263,616 --a------ C:\WINDOWS\system32\aurora.scr

2007-11-28 11:09 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\system32\bubbles.scr

2007-11-28 11:09 . 2006-03-01 05:21 117,248 --a------ C:\WINDOWS\system32\ribbons.scr

2007-11-28 11:09 . 2006-03-03 14:42 117,248 --a------ C:\WINDOWS\system32\Mystify.scr

2007-11-28 08:57 . 2007-12-18 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVD Shrink

2007-11-27 12:40 . 2007-12-29 18:21 <DIR> d-------- C:\Documents and Settings\ædministrator\Programdata\dvdcss

2007-11-26 13:58 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-11-26 12:34 . 2007-12-24 16:39 69 --a------ C:\WINDOWS\NeroDigital.ini

2007-11-23 07:25 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll.000.bak

2007-11-23 07:25 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll

2007-11-23 07:25 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak

2007-11-23 07:25 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2007-11-23 07:25 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2007-11-23 07:25 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll

2007-11-23 07:25 . 2007-12-07 11:51 1,024 --a------ C:\.rnd

2007-11-23 07:22 . 2007-11-23 07:22 <DIR> d-------- C:\WINDOWS\Sun

2007-11-21 22:28 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-11-21 22:28 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2007-11-21 22:28 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-11-21 22:28 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-11-21 21:01 . 2007-11-21 21:01 <DIR> d-------- C:\Programfiler\Valve

2007-11-21 20:55 . 2007-11-21 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Messenger Plus!

2007-11-21 20:53 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2007-11-21 20:52 . 2007-11-21 20:52 <DIR> d-------- C:\Programfiler\MSBuild

2007-11-21 20:52 . 2007-11-21 20:52 <DIR> d-------- C:\Programfiler\Microsoft Works

2007-11-21 20:50 . 2007-11-21 20:50 <DIR> d-------- C:\Programfiler\Windows Live

2007-11-21 20:50 . 2007-12-20 12:03 <DIR> d-------- C:\Programfiler\Messenger Plus! Live

2007-11-21 20:50 . 2007-11-30 19:36 <DIR> d-------- C:\Documents and Settings\ædministrator\Contacts

2007-11-21 20:50 . 2007-11-30 19:36 <DIR> d-------- C:\Documents and Settings\ædministrator\Contacts

2007-11-21 20:50 . 2007-11-21 20:50 268 --ah----- C:\sqmdata02.sqm

2007-11-21 20:50 . 2007-11-21 20:50 244 --ah----- C:\sqmnoopt02.sqm

2007-11-21 20:48 . 2007-11-21 20:51 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-11-21 20:48 . 2007-11-21 20:48 <DIR> dr-h----- C:\MSOCache

2007-11-21 20:48 . 2007-12-05 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2007-11-21 20:48 . 2007-11-21 20:48 1,078 --a------ C:\WINDOWS\mozver.dat

2007-11-21 20:45 . 2007-11-21 20:45 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.3

2007-11-21 20:44 . 2007-11-21 20:44 <DIR> d-------- C:\Programfiler\DAEMON Tools

2007-11-21 20:44 . 2007-11-21 20:44 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-11-21 20:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-11-21 20:42 . 2007-11-21 20:42 268 --ah----- C:\sqmdata01.sqm

2007-11-21 20:42 . 2007-11-21 20:42 244 --ah----- C:\sqmnoopt01.sqm

2007-11-21 20:41 . 2007-11-21 20:41 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-11-21 20:41 . 2007-11-21 20:41 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6109.sys

2007-11-21 17:08 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-11-21 17:07 . 2004-08-04 02:03 74,240 --a------ C:\WINDOWS\system32\usbui.dll

2007-11-21 17:07 . 2004-08-04 01:54 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-11-21 17:07 . 2004-08-04 01:53 22,912 --a------ C:\WINDOWS\system32\drivers\mouclass.sys

2007-11-21 17:07 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2007-11-21 17:06 . 2007-12-24 16:46 <DIR> d--hs---- C:\WINDOWS\Installer

2007-11-21 17:06 . 2007-11-21 17:06 <DIR> d-------- C:\Programfiler\Fellesfiler\ODBC

2007-11-21 17:06 . 2007-12-30 13:45 731,526 --a------ C:\WINDOWS\system32\PerfStringBackup.INI

2007-11-21 17:06 . 2004-08-04 00:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys

2007-11-21 17:06 . 2001-08-17 22:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys

2007-11-21 17:06 . 2001-08-17 22:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys

2007-11-21 17:06 . 2004-08-04 00:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys

2007-11-21 17:06 . 2007-11-21 16:14 4,249 --a------ C:\WINDOWS\ODBCINST.INI

2007-11-21 17:06 . 2007-11-30 17:49 1,393 --a------ C:\WINDOWS\imsins.BAK

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d-------- C:\Programfiler\Fellesfiler\SpeechEngines

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> dr------- C:\Documents and Settings\Default User\Start-meny

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d--h----- C:\Documents and Settings\Default User\Skrivere

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d-------- C:\Documents and Settings\Default User\Skrivebord

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d--h----- C:\Documents and Settings\Default User\Siste

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> dr-h----- C:\Documents and Settings\Default User\Programdata

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d-------- C:\Documents and Settings\Default User\Mine dokumenter

2007-11-21 17:05 . 2007-11-21 16:11 <DIR> d--h----- C:\Documents and Settings\Default User\Maler

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> dr-h----- C:\Documents and Settings\Default User\Lokale innstillinger

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d-------- C:\Documents and Settings\Default User\Favoritter

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d--h----- C:\Documents and Settings\Default User\AndrMask

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-30 12:47 --------- d-----w C:\Documents and Settings\ædministrator\Programdata\uTorrent

2007-12-20 11:03 --------- d-----w C:\Programfiler\MSN Messenger

2007-12-11 19:48 --------- d-----w C:\Programfiler\Yahoo!

2007-12-11 19:42 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2007-12-05 13:52 --------- d-----w C:\Documents and Settings\ædministrator\Programdata\Ahead

2007-11-21 19:42 --------- d-----w C:\Programfiler\Java

2007-11-21 15:57 --------- d-----w C:\Programfiler\Guitar Pro 4

2007-11-21 15:53 --------- d-----w C:\Programfiler\Fellesfiler\Ahead

2007-11-21 15:52 --------- d-----w C:\Programfiler\Nero

2007-11-21 15:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero

2007-11-21 15:48 --------- d-----w C:\Programfiler\Windows Media Connect 2

2007-11-21 15:47 --------- d-----w C:\Programfiler\Winamp

2007-11-21 15:47 --------- d-----w C:\Documents and Settings\ædministrator\Programdata\Winamp

2007-11-21 15:44 --------- d-----w C:\Programfiler\Audacity

2007-11-21 15:43 --------- d-----w C:\Programfiler\DVDFab Decrypter 3

2007-11-21 15:43 --------- d-----w C:\Programfiler\DAMN NFO Viewer

2007-11-21 15:43 --------- d-----w C:\Programfiler\CCleaner

2007-11-21 15:43 --------- d-----w C:\Documents and Settings\ædministrator\Programdata\Apple Computer

2007-11-21 15:42 --------- d-----w C:\Programfiler\QuickTime

2007-11-21 15:42 --------- d-----w C:\Programfiler\iTunes

2007-11-21 15:42 --------- d-----w C:\Programfiler\iPod

2007-11-21 15:42 --------- d-----w C:\Programfiler\Fellesfiler\Apple

2007-11-21 15:42 --------- d-----w C:\Programfiler\Apple Software Update

2007-11-21 15:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2007-11-21 15:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2007-11-21 15:41 --------- d-----w C:\Programfiler\Fellesfiler\Java

2007-11-21 15:40 --------- d-----w C:\Programfiler\PowerISO

2007-11-21 15:39 --------- d-----w C:\Programfiler\uTorrent

2007-11-21 15:39 --------- d-----w C:\Programfiler\ImgBurn

2007-11-21 15:39 --------- d-----w C:\Documents and Settings\ædministrator\Programdata\ImgBurn

2007-11-21 15:38 --------- d-----w C:\Programfiler\VideoLAN

2007-11-21 15:38 --------- d-----w C:\Documents and Settings\ædministrator\Programdata\vlc

2007-11-21 15:36 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2007-11-21 15:36 299,392 ----a-w C:\WINDOWS\system32\imon.dll

2007-11-21 15:36 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys

2007-11-21 15:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\nView_Profiles

2007-11-21 15:30 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-11-21 15:30 --------- d-----w C:\Programfiler\NetWaiting

2007-11-21 15:30 --------- d-----w C:\Programfiler\CONEXANT

2007-11-21 15:28 --------- d-----w C:\Programfiler\Hewlett-Packard

2007-11-21 15:26 --------- d-----w C:\Programfiler\Broadcom

2007-11-21 15:15 --------- d-----w C:\Programfiler\microsoft frontpage

2007-11-21 15:13 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2007-11-21 15:13 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap

2007-11-21 15:13 --------- d-----w C:\Programfiler\Elektroniske tjenester

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]

"Steam"="c:\programfiler\valve\steam\steam.exe" [2007-11-30 13:53]

"DeskSpace"="C:\Programfiler\DeskSpace\deskspace.exe" [2007-10-24 11:22]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2006-07-20 20:58 C:\WINDOWS\system32\nwiz.exe]

"nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-11-21 16:36]

"LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ædministrator^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk]

path=C:\Documents and Settings\ædministrator\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk

backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\01for]

2007-12-28 17:05 378880 --a------ C:\DOCUME~1\DMINIS~1\PROGRA~1\flag16\bind default size.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-03-12 13:49 153136 --a------ C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 00:47 31016 --a------ C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

CHDAudPropShortcut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-07-31 18:44 271672 --a------ C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-09 18:53 153136 --a------ C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Programfiler\QuickTime\QTTask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 01:11 132496 --a------ C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2007-06-21 14:06 1318912 --a------ C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater]

C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2007-10-10 06:28 36352 --a------ C:\Programfiler\Winamp\winampa.exe

 

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 15:04]

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 23:49]

S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-06-21 09:50]

S3 CPWUA6D;Philips USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\CPWUA6D1.sys []

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2007-11-21 15:42:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-30 13:47:41

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-30 13:48:00

[norbat]

Avinstaller, om mulig, MSN Messenger Plus! fra legg til / fjern programmer

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

Folder::

C:\Programfiler\flag16

C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log

C:\Documents and Settings\ædministrator\Programdata\flag16

C:\Documents and Settings\All Users\Programdata\Messenger Plus!

C:\Programfiler\Messenger Plus! Live

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg1for]

[1915]

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-12-21.4 - ædministrator 2007-12-30 16:31:45.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.564 [GMT 1:00]

Running from: C:\Documents and Settings\ædministrator\Mine dokumenter\ComboFix.exe

Command switches used :: C:\Documents and Settings\ædministrator\Skrivebord\CFScript.txt

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\ædministrator\Programdata\flag16

C:\Documents and Settings\ædministrator\Programdata\flag16\0

C:\Documents and Settings\ædministrator\Programdata\flag16\aehrpzzk.exe

C:\Documents and Settings\ædministrator\Programdata\flag16\bind default size.exe

C:\Documents and Settings\ædministrator\Programdata\flag16\birdviewpopsurf.exe

C:\Documents and Settings\ædministrator\Programdata\flag16\gbmujtjc.exe

C:\Documents and Settings\ædministrator\Programdata\flag16\rdrlogocash.exe

C:\Documents and Settings\ædministrator\Programdata\flag16\sncsewch.exe

C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log

C:\Documents and Settings\All Users\Programdata\Memo Drive Vc Log\eggs grey.exe

C:\Documents and Settings\All Users\Programdata\Messenger Plus!

C:\Programfiler\flag16

C:\Programfiler\Messenger Plus! Live\Detoured.dll

C:\Programfiler\Messenger Plus! Live\Events Style Sheet.xsl

C:\Programfiler\Messenger Plus! Live\lame_enc.dll

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Arabic.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Catalan.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_ChineseSimplified.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_ChineseTraditional.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Danish.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Default.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Dutch.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Estonian.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Finnish.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_French.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_German.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Hebrew.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Hungarian.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Italian.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Japanese.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Korean.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Norwegian.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Portuguese.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Spanish.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Swedish.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Thai.ini

C:\Programfiler\Messenger Plus! Live\Languages\Lng_Turkish.ini

C:\Programfiler\Messenger Plus! Live\libsndfile.dll

C:\Programfiler\Messenger Plus! Live\Log Viewer.exe

C:\Programfiler\Messenger Plus! Live\MPScripts.dll

C:\Programfiler\Messenger Plus! Live\MPSkins.dll

C:\Programfiler\Messenger Plus! Live\MPTools.exe

C:\Programfiler\Messenger Plus! Live\MsgPlusLive.dll

C:\Programfiler\Messenger Plus! Live\MsgPlusLiveRes.dll

C:\Programfiler\Messenger Plus! Live\MsgPlusLoader.dll

C:\Programfiler\Messenger Plus! Live\Uninstall.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))

.

 

2007-12-28 18:04 . 2007-12-28 18:04 <DIR> d-------- C:\Programfiler\Trend Micro

2007-12-28 17:09 . 2007-12-28 17:09 <DIR> d-------- C:\Programfiler\Mercury

2007-12-24 16:46 . 2007-12-30 00:02 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-12-24 16:46 . 2007-12-24 16:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-12-24 16:46 . 2007-12-24 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-12-22 13:37 . 2007-12-22 13:37 <DIR> d-------- C:\Programfiler\DeskSpace

2007-12-22 02:34 . 2007-12-22 02:34 244 --ah----- C:\sqmnoopt05.sqm

2007-12-22 02:34 . 2007-12-22 02:34 232 --ah----- C:\sqmdata05.sqm

2007-12-22 00:48 . 2007-12-22 00:48 244 --ah----- C:\sqmnoopt04.sqm

2007-12-22 00:48 . 2007-12-22 00:48 232 --ah----- C:\sqmdata04.sqm

2007-12-20 12:03 . 2007-12-20 12:03 <DIR> d-------- C:\Programfiler\Circle Developement

2007-12-20 12:03 . 2007-12-20 12:03 244 --ah----- C:\sqmnoopt03.sqm

2007-12-20 12:03 . 2007-12-20 12:03 232 --ah----- C:\sqmdata03.sqm

2007-12-11 20:41 . 2005-06-21 09:50 142,768 -ra------ C:\WINDOWS\system32\drivers\ar5523.bin

2007-12-11 20:41 . 2005-06-21 09:50 43,392 -ra------ C:\WINDOWS\system32\drivers\Athfmwdl.sys

2007-12-09 00:56 . 2007-12-30 14:04 <DIR> d-------- C:\Ny mappe

2007-12-07 22:13 . 2007-12-07 22:13 <DIR> d-------- C:\Programfiler\aMSN

2007-12-07 11:51 . 2007-12-30 00:00 <DIR> d-------- C:\Programfiler\LogMeIn

2007-12-07 08:49 . 2007-12-07 08:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2007-11-30 17:49 . 2007-11-30 17:49 <DIR> d-------- C:\WINDOWS\system32\nb-no

2007-11-30 17:48 . 2007-11-30 17:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-11-28 11:09 . 2006-03-01 05:21 1,263,616 --a------ C:\WINDOWS\system32\aurora.scr

2007-11-28 11:09 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\system32\bubbles.scr

2007-11-28 11:09 . 2006-03-01 05:21 117,248 --a------ C:\WINDOWS\system32\ribbons.scr

2007-11-28 11:09 . 2006-03-03 14:42 117,248 --a------ C:\WINDOWS\system32\Mystify.scr

2007-11-28 08:57 . 2007-12-18 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVD Shrink

2007-11-26 13:58 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-11-26 12:34 . 2007-12-30 14:06 69 --a------ C:\WINDOWS\NeroDigital.ini

2007-11-23 07:25 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll.000.bak

2007-11-23 07:25 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll

2007-11-23 07:25 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak

2007-11-23 07:25 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2007-11-23 07:25 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2007-11-23 07:25 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll

2007-11-23 07:25 . 2007-12-07 11:51 1,024 --a------ C:\.rnd

2007-11-23 07:22 . 2007-11-23 07:22 <DIR> d-------- C:\WINDOWS\Sun

2007-11-21 22:28 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-11-21 22:28 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2007-11-21 22:28 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-11-21 22:28 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-11-21 21:01 . 2007-11-21 21:01 <DIR> d-------- C:\Programfiler\Valve

2007-11-21 20:53 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2007-11-21 20:52 . 2007-11-21 20:52 <DIR> d-------- C:\Programfiler\MSBuild

2007-11-21 20:52 . 2007-11-21 20:52 <DIR> d-------- C:\Programfiler\Microsoft Works

2007-11-21 20:50 . 2007-11-21 20:50 <DIR> d-------- C:\Programfiler\Windows Live

2007-11-21 20:50 . 2007-11-21 20:50 268 --ah----- C:\sqmdata02.sqm

2007-11-21 20:50 . 2007-11-21 20:50 244 --ah----- C:\sqmnoopt02.sqm

2007-11-21 20:48 . 2007-11-21 20:51 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-11-21 20:48 . 2007-11-21 20:48 <DIR> dr-h----- C:\MSOCache

2007-11-21 20:48 . 2007-12-05 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2007-11-21 20:48 . 2007-11-21 20:48 1,078 --a------ C:\WINDOWS\mozver.dat

2007-11-21 20:45 . 2007-11-21 20:45 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.3

2007-11-21 20:44 . 2007-11-21 20:44 <DIR> d-------- C:\Programfiler\DAEMON Tools

2007-11-21 20:44 . 2007-11-21 20:44 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-11-21 20:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-11-21 20:42 . 2007-11-21 20:42 268 --ah----- C:\sqmdata01.sqm

2007-11-21 20:42 . 2007-11-21 20:42 244 --ah----- C:\sqmnoopt01.sqm

2007-11-21 20:41 . 2007-11-21 20:41 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-11-21 20:41 . 2007-11-21 20:41 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6109.sys

2007-11-21 17:08 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-11-21 17:07 . 2004-08-04 02:03 74,240 --a------ C:\WINDOWS\system32\usbui.dll

2007-11-21 17:07 . 2004-08-04 01:54 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-11-21 17:07 . 2004-08-04 01:53 22,912 --a------ C:\WINDOWS\system32\drivers\mouclass.sys

2007-11-21 17:07 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2007-11-21 17:06 . 2007-12-24 16:46 <DIR> d--hs---- C:\WINDOWS\Installer

2007-11-21 17:06 . 2007-11-21 17:06 <DIR> d-------- C:\Programfiler\Fellesfiler\ODBC

2007-11-21 17:06 . 2007-12-30 13:54 731,526 --a------ C:\WINDOWS\system32\PerfStringBackup.INI

2007-11-21 17:06 . 2004-08-04 00:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys

2007-11-21 17:06 . 2001-08-17 22:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys

2007-11-21 17:06 . 2001-08-17 22:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys

2007-11-21 17:06 . 2004-08-04 00:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys

2007-11-21 17:06 . 2007-11-21 16:14 4,249 --a------ C:\WINDOWS\ODBCINST.INI

2007-11-21 17:06 . 2007-11-30 17:49 1,393 --a------ C:\WINDOWS\imsins.BAK

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d-------- C:\Programfiler\Fellesfiler\SpeechEngines

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> dr------- C:\Documents and Settings\Default User\Start-meny

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d--h----- C:\Documents and Settings\Default User\Skrivere

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d-------- C:\Documents and Settings\Default User\Skrivebord

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d--h----- C:\Documents and Settings\Default User\Siste

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> dr-h----- C:\Documents and Settings\Default User\Programdata

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d-------- C:\Documents and Settings\Default User\Mine dokumenter

2007-11-21 17:05 . 2007-11-21 16:11 <DIR> d--h----- C:\Documents and Settings\Default User\Maler

2007-11-21 17:05 . 2007-12-30 16:33 <DIR> dr-h----- C:\Documents and Settings\Default User\Lokale innstillinger

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d-------- C:\Documents and Settings\Default User\Favoritter

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d--h----- C:\Documents and Settings\Default User\AndrMask

2007-11-21 17:05 . 2007-11-21 16:17 <DIR> dr------- C:\Documents and Settings\All Users\Start-meny

2007-11-21 17:05 . 2007-12-24 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Skrivebord

2007-11-21 17:05 . 2007-12-30 16:33 <DIR> dr-h----- C:\Documents and Settings\All Users\Programdata

2007-11-21 17:05 . 2007-11-21 20:45 <DIR> d--h----- C:\Documents and Settings\All Users\Maler

2007-11-21 17:05 . 2007-11-21 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Favoritter

2007-11-21 17:05 . 2007-11-21 16:12 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenter

2007-11-21 17:04 . 2007-11-21 16:20 <DIR> d-------- C:\Documents and Settings

2007-11-21 17:03 . 2007-11-21 16:17 261 --a------ C:\WINDOWS\system32\$winnt$.inf

2007-11-21 17:03 . 2007-12-24 21:01 211 ---hs---- C:\boot.ini

2007-11-15 18:46 . 2007-11-15 18:46 23,736 --a------ C:\WINDOWS\system32\lmimirr.dll

2007-11-15 18:46 . 2007-11-15 18:46 10,040 --a------ C:\WINDOWS\system32\lmimirr2.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-20 11:03 --------- d-----w C:\Programfiler\MSN Messenger

2007-12-11 19:48 --------- d-----w C:\Programfiler\Yahoo!

2007-12-11 19:42 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2007-11-21 19:42 --------- d-----w C:\Programfiler\Java

2007-11-21 15:57 --------- d-----w C:\Programfiler\Guitar Pro 4

2007-11-21 15:53 --------- d-----w C:\Programfiler\Fellesfiler\Ahead

2007-11-21 15:52 --------- d-----w C:\Programfiler\Nero

2007-11-21 15:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero

2007-11-21 15:48 --------- d-----w C:\Programfiler\Windows Media Connect 2

2007-11-21 15:47 --------- d-----w C:\Programfiler\Winamp

2007-11-21 15:44 --------- d-----w C:\Programfiler\Audacity

2007-11-21 15:43 --------- d-----w C:\Programfiler\DVDFab Decrypter 3

2007-11-21 15:43 --------- d-----w C:\Programfiler\DAMN NFO Viewer

2007-11-21 15:43 --------- d-----w C:\Programfiler\CCleaner

2007-11-21 15:42 --------- d-----w C:\Programfiler\QuickTime

2007-11-21 15:42 --------- d-----w C:\Programfiler\iTunes

2007-11-21 15:42 --------- d-----w C:\Programfiler\iPod

2007-11-21 15:42 --------- d-----w C:\Programfiler\Fellesfiler\Apple

2007-11-21 15:42 --------- d-----w C:\Programfiler\Apple Software Update

2007-11-21 15:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2007-11-21 15:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2007-11-21 15:41 --------- d-----w C:\Programfiler\Fellesfiler\Java

2007-11-21 15:40 --------- d-----w C:\Programfiler\PowerISO

2007-11-21 15:39 --------- d-----w C:\Programfiler\uTorrent

2007-11-21 15:39 --------- d-----w C:\Programfiler\ImgBurn

2007-11-21 15:38 --------- d-----w C:\Programfiler\VideoLAN

2007-11-21 15:36 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2007-11-21 15:36 299,392 ----a-w C:\WINDOWS\system32\imon.dll

2007-11-21 15:36 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys

2007-11-21 15:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\nView_Profiles

2007-11-21 15:30 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-11-21 15:30 --------- d-----w C:\Programfiler\NetWaiting

2007-11-21 15:30 --------- d-----w C:\Programfiler\CONEXANT

2007-11-21 15:28 --------- d-----w C:\Programfiler\Hewlett-Packard

2007-11-21 15:26 --------- d-----w C:\Programfiler\Broadcom

2007-11-21 15:15 --------- d-----w C:\Programfiler\microsoft frontpage

2007-11-21 15:13 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2007-11-21 15:13 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap

2007-11-21 15:13 --------- d-----w C:\Programfiler\Elektroniske tjenester

.

 

((((((((((((((((((((((((((((( snapshot@2007-12-30_13.47.43,96 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-12-30 12:45:44 41,034 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-12-30 12:54:29 41,034 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-12-30 12:45:44 47,316 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2007-12-30 12:54:29 47,316 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2007-12-30 12:45:44 314,706 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-12-30 12:54:29 314,706 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2007-12-30 12:45:44 321,520 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2007-12-30 12:54:29 321,520 ----a-w C:\WINDOWS\system32\perfh014.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]

"Steam"="c:\programfiler\valve\steam\steam.exe" [2007-11-30 13:53]

"DeskSpace"="C:\Programfiler\DeskSpace\deskspace.exe" [2007-10-24 11:22]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2006-07-20 20:58 C:\WINDOWS\system32\nwiz.exe]

"nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-11-21 16:36]

"LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ædministrator^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk]

path=C:\Documents and Settings\ædministrator\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk

backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\01for]

C:\DOCUME~1\DMINIS~1\PROGRA~1\flag16\bind default size.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-03-12 13:49 153136 --a------ C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 00:47 31016 --a------ C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

CHDAudPropShortcut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-07-31 18:44 271672 --a------ C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-09 18:53 153136 --a------ C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Programfiler\QuickTime\QTTask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 01:11 132496 --a------ C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2007-06-21 14:06 1318912 --a------ C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater]

C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2007-10-10 06:28 36352 --a------ C:\Programfiler\Winamp\winampa.exe

 

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 15:04]

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 23:49]

S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-06-21 09:50]

S3 CPWUA6D;Philips USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\CPWUA6D1.sys []

 

.

Contents of the 'Scheduled Tasks' folder

"2007-11-21 15:42:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-30 16:36:32

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]

-> C:\Programfiler\DeskSpace\deskspace152.dll

.

Completion time: 2007-12-30 16:37:01 - machine was rebooted

C:\ComboFix2.txt ... 2007-12-30 13:48

[norbat]

Gå til nettstedet jotti og sjekk følgende fil:

C:\Programfiler\DeskSpace\deskspace152.dll

 

Bruk utforsker til å slette (i fet):

C:\WINDOWS\system32\lmimirr.dll

C:\WINDOWS\system32\lmimirr2.dll

 

Hvordan går det med popups?