IExplorer popper opp hele tiden med reklame++

[CFM]

Har scannet med diverse antivirusprogrammer, AdAware, men ingen finner noe..

 

Legger ut resultatet av HijackThis:

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 8:44:12 PM, on 1/25/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navw32.exe

C:\Documents and Settings\Bjørn\Skrivebord\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.halden.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Programfiler\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programfiler\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Programfiler\ASUS\AASP\1.00.17\AsRunHelp.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195933121500

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programfiler\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

 

 

Noen som gidder å se om det er noe rart på Hijac...?

 

(Kjørte Symantec søk mens samtidig med Hijac..)

Endret 25. januar 2008 av gilera

[Programvare]

Er det forskjellige reklamer, eller samme hele tiden?

 

Du kan merke og trykke fix checked på følgende:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

 

Last ned og kjør programmet Ccleaner

 

Du bør også bytte nettleser fra IE som du bruker til f.eks. Opera, eller Firefox.

 

 

Jeg så egentlig ingenting mer. Hvis problemet vedvarer, foreslår jeg at du kjører gjennom langversjonen av denne.

Endret 25. januar 2008 av Vintermåne

[CFM]

Er det forskjellige reklamer, eller samme hele tiden?

Det kommer alt fra reklame om "antivirusprogrammer" som vil installere seg på PC-en til PokerParty e.l....

 

Kommer i sånn et halvt-2 min mellomrom..

Endret 25. januar 2008 av gilera

[norbat]

Fikk du dette etter at du 'installerte' Burn4free toolbar?

 

Uansett, Burn4free er 'adware' som bør fjernes. Kjør gjennom langversjonen i følgnede post: https://www.diskusjon.no/index.php?showtopic=691246

 

Loggene poster du her i din egen tråd.

[Programvare]

Jeg trodde at Burn4free var adware, så jeg googla litt, men 3-4 sider sa at det var helt greit.

[norbat]

Programmet i seg selv er ikke adware, men det installerer adware. Derfor, fjern det.

[CFM]

Er det forskjellige reklamer, eller samme hele tiden?

 

Du kan merke og trykke fix checked på følgende:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

 

Last ned og kjør programmet Ccleaner

 

Du bør også bytte nettleser fra IE som du bruker til f.eks. Opera, eller Firefox.

 

 

Jeg så egentlig ingenting mer. Hvis problemet vedvarer, foreslår jeg at du kjører gjennom langversjonen av denne.

Ok takker skal gjøre det

 

Bruker Firefox til vanlig Men den greia kjører opp IE

 

Fikk du dette etter at du 'installerte' Burn4free toolbar?

 

Uansett, Burn4free er 'adware' som bør fjernes. Kjør gjennom langversjonen i følgnede post: https://www.diskusjon.no/index.php?showtopic=691246

 

Loggene poster du her i din egen tråd.

Skal gjøre det

 

Nei kom ikke etter "Burn4free toolbar".. Mener jeg valgte bort den i installasjonen..

 

Kan vel si at det er min egen feil da jeg trykka på en .exe jeg vet jeg ikke skulle trykke på.. Hater å være nyskjerrig å se om keygenen funka eller ikke

Endret 25. januar 2008 av gilera

[CFM]

SAS logg:

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/25/2008 at 10:12 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3388

Trace Rules Database Version: 1382

 

Scan type : Complete Scan

Total Scan Time : 00:53:45

 

Memory items scanned : 572

Memory threats detected : 0

Registry items scanned : 5171

Registry threats detected : 0

File items scanned : 55556

File threats detected : 3

 

Adware.Tracking Cookie

C:\Documents and Settings\Bjørn\Cookies\bjørn@cpvfeed[1].txt

C:\Documents and Settings\Bjørn\Cookies\bjø[email protected][1].txt

 

RootKit.TnCore/Trace

C:\WINDOWS\system32\drivers\core.cache.dsk

 

 

 

ComboFix logg:

 

 

ComboFix 08-01-23.1C - Bj›rn 2008-01-25 22:25:24.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1464 [GMT 1:00]

Running from: C:\Documents and Settings\Bj›rn\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\temp\tn3

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

 

.

((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))

.

 

2008-01-25 22:33 . 2008-01-25 22:33 <DIR> d-------- C:\temp\tn3

2008-01-25 22:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-25 21:16 . 2008-01-25 22:23 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-25 21:11 . 2008-01-25 21:11 <DIR> d-------- C:\Programfiler\CCleaner

2008-01-25 18:48 . 2008-01-25 18:48 <DIR> d-------- C:\Programfiler\Windows Sidebar

2008-01-25 18:47 . 2008-01-25 19:03 <DIR> d-------- C:\Programfiler\Norton Internet Security

2008-01-25 18:46 . 2008-01-25 18:56 <DIR> d-------- C:\Programfiler\Symantec

2008-01-25 18:46 . 2008-01-25 18:56 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-25 18:46 . 2008-01-25 18:56 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-01-25 18:46 . 2008-01-25 18:56 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-01-25 18:46 . 2008-01-25 18:56 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-01-25 18:45 . 2008-01-25 22:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-01-25 18:33 . 2008-01-25 18:33 <DIR> d-------- C:\Programfiler\Lavasoft

2008-01-25 17:58 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-01-25 17:51 . 2008-01-25 17:51 86,144 --a------ C:\WINDOWS\system32\drivers\tcpipp.sys

2008-01-25 17:51 . 2008-01-25 22:33 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk

2008-01-24 20:46 . 2008-01-24 20:46 592 --a------ C:\WINDOWS\chgkey.vbs

2008-01-24 17:52 . 2008-01-24 17:52 <DIR> d-------- C:\ZHLT

2008-01-24 17:51 . 2008-01-24 17:57 <DIR> d-------- C:\Programfiler\Valve Hammer Editor

2008-01-23 21:58 . 2008-01-23 21:58 <DIR> d-------- C:\Programfiler\UltraISO

2008-01-23 21:58 . 2008-01-23 21:58 <DIR> d-------- C:\Programfiler\Fellesfiler\EZB Systems

2008-01-23 21:47 . 2008-01-23 21:48 <DIR> d-------- C:\Programfiler\MagicISO

2008-01-20 16:34 . 2008-01-20 16:34 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-01-20 16:23 . 2008-01-24 22:23 <DIR> d-------- C:\Program Files

2008-01-19 12:58 . 2008-01-19 12:58 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-01-19 12:57 . 2008-01-19 12:57 <DIR> d-------- C:\Flight One Software

2008-01-19 12:57 . 2008-01-19 12:57 2,048 --a------ C:\WINDOWS\uasp80.lic

2008-01-18 21:03 . 2008-01-18 21:03 <DIR> d-------- C:\Programfiler\LSoft Technologies

2008-01-18 18:41 . 2008-01-18 21:11 <DIR> d-------- C:\Programfiler\FS Panel Studio

2008-01-17 22:53 . 2008-01-17 23:20 <DIR> d-------- C:\Programfiler\Uniblue

2008-01-17 22:49 . 2008-01-17 22:49 <DIR> d-------- C:\Programfiler\Smart Projects

2008-01-17 22:45 . 2008-01-17 22:45 <DIR> d-------- C:\Programfiler\PROnetworks

2008-01-17 20:31 . 2008-01-17 20:31 <DIR> d-------- C:\Programfiler\FS2004SDK

2008-01-17 20:30 . 2008-01-17 20:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-01-17 16:03 . 2008-01-17 16:03 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-01-17 16:03 . 2008-01-17 16:03 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-01-14 23:12 . 2008-01-14 23:12 <DIR> d-------- C:\Programfiler\RivaTuner v2.06

2008-01-14 21:30 . 2008-01-14 21:30 <DIR> d-------- C:\Programfiler\DivX

2008-01-13 16:12 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-01-13 16:12 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-01-13 16:12 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-01-13 16:12 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-01-11 18:15 . 2008-01-11 23:42 <DIR> d-------- C:\WINDOWS\NV39963752.TMP

2008-01-11 18:12 . 2008-01-11 18:12 <DIR> d-------- C:\Programfiler\SystemRequirementsLab

2008-01-08 22:52 . 2008-01-21 21:47 <DIR> d-------- C:\Programfiler\Nokia

2008-01-08 22:52 . 2008-01-08 22:52 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

2008-01-08 22:52 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-01-08 22:52 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-01-08 22:52 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-01-08 22:52 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-01-08 22:52 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-01-08 22:52 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-01-08 16:18 . 2008-01-08 16:18 <DIR> d-------- C:\Programfiler\Fellesfiler\PocketSoft

2008-01-08 16:18 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll

2008-01-08 16:17 . 2008-01-08 16:17 <DIR> d-------- C:\Programfiler\Atari

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-25 20:16 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-23 20:38 --------- d-----w C:\Programfiler\PowerISO

2008-01-21 21:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-01-21 21:39 --------- d-----w C:\Programfiler\Futuremark

2008-01-20 12:35 --------- d-----w C:\Programfiler\Steam

2008-01-17 22:26 --------- d-----w C:\Programfiler\CS Source

2008-01-12 18:11 --------- d-----w C:\Programfiler\Java

2008-01-10 19:43 --------- d-----w C:\Programfiler\WinPcap

2007-12-20 01:19 --------- d-----w C:\Programfiler\SBuilderX

2007-12-20 01:03 --------- d-----w C:\Programfiler\TerraBuilder

2007-12-20 01:02 --------- d-----w C:\Programfiler\Photo Scenery Maker

2007-12-18 18:26 --------- d-----w C:\Programfiler\RealVNC

2007-12-16 00:54 --------- d-----w C:\Programfiler\Rockstar Games

2007-12-14 22:19 --------- d-----w C:\Programfiler\AviSynth 2.5

2007-12-14 22:18 --------- d-----w C:\Programfiler\eRightSoft

2007-12-14 21:32 --------- d-----w C:\Programfiler\Pinnacle

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-12 16:06 --------- d-----w C:\Programfiler\Electronic Arts

2007-12-09 17:24 --------- d-----w C:\Programfiler\Burn4Free

2007-12-09 17:17 229,726 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_2218.exe

2007-12-09 17:17 --------- d-----w C:\Programfiler\Burn4Free Toolbar

2007-12-09 03:08 --------- d-----w C:\Programfiler\Sytexis Software

2007-12-09 01:51 --------- d-----w C:\Programfiler\Guitar Pro 5

2007-12-09 00:53 --------- d-----w C:\Programfiler\Act-3D

2007-12-08 23:58 --------- d-----w C:\Programfiler\VideoLAN

2007-12-08 23:47 --------- d-----w C:\Programfiler\LimeWire

2007-12-08 23:47 --------- d-----w C:\Programfiler\Fellesfiler\Java

2007-12-08 19:59 --------- d-----w C:\Programfiler\Teamspeak2_RC2

2007-12-06 23:33 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-12-06 23:33 --------- d-----w C:\Programfiler\Bonjour

2007-12-06 23:07 --------- d-----w C:\Programfiler\Hakkie

2007-12-06 23:07 --------- d-----w C:\Programfiler\Fellesfiler\Hakkie

2007-12-06 16:47 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared

2007-12-05 18:16 --------- d-----w C:\Programfiler\TDU

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll

2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll

2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll

2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll

2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll

2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll

2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll

2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll

2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll

2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll

2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll

2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll

2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll

2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll

2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll

2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll

2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll

2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll

2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll

2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll

2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll

2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll

2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll

2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll

2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll

2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll

2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll

2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll

2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll

2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll

2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll

2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll

2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll

2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll

2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll

2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll

2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll

2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll

2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll

2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll

2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll

2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll

2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 04:51 316784 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-01-25 18:48 116088 --a------ C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]

2007-12-09 18:17 827392 --a------ C:\Programfiler\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93}

{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

 

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= C:\Programfiler\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll [2007-12-09 18:17 827392]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

"NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe]

"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44 1953792]

"AsusStartupHelp"="C:\Programfiler\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 07:25 363008]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

"Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-08-25 06:07 51048]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bjørn^Start-meny^Programmer^Oppstart^YouTube Uploader.lnk]

backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\Bjørn\Lokale innstillinger\Programdata\Google\Update\1.0.97.0\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

--a------ 2007-03-21 15:41 145496 C:\Programfiler\Pinnacle\Studio 11\LaunchList2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

 

 

R1 tcpipp;tcpipp;C:\WINDOWS\system32\drivers\tcpipp.sys [2008-01-25 17:51]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" [2007-08-25 06:07]

R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

R3 vncmirror;vncmirror;C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-09 22:02]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 21:55]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 21:22]

S3 PciCon;PciCon;H:\PciCon.sys []

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Programfiler\Ufasoft\Sniffer\usft_sn4.sys [2007-11-13 05:10]

S3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 10:44]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\Race07Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\stub.exe

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-01-25 17:51:43 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Bjørn.job"

 

 

 

Ny HTJ logg:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:44, on 2008-01-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\RTHDCPL.EXE

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Bjørn\Skrivebord\hijackthis\testingbj.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.halden.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Programfiler\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programfiler\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Programfiler\ASUS\AASP\1.00.17\AsRunHelp.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195933121500

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programfiler\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

 

 

Rootchk logg:

 

 

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh

2008-01-25 22:51:00.59

 

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.

Last update was made 28-12-07

 

The rootkits that are detected by this tool were not found.

 

********************************* ROOTCHK-LOG-end

 

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-25 22:51:00

Windows 5.1.2600 Service Pack 2

scanning hidden processes ...

IPC error: 2 Systemet finner ikke angitt fil.

 

scanning hidden services & system hive ...

IPC error: 2 Systemet finner ikke angitt fil.

 

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CC50E42BFF647874BB8BC55D61FA1B81\Usage]

"Complete"=dword:38390075

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:000003f1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E1BD4F8-A767-EB47-1F06-38ACD95363B2}]

"iaieakikdblkocckhf"=hex:6a,61,68,62,6f,69,66,70,6d,70,6a,6c,63,6f,6d,70,68,6c,6a,70,00,..

"haoeipjokebkiffi"=hex:6a,61,68,62,6f,69,66,70,6d,70,6a,6c,63,6f,6d,70,68,6c,6a,70,00,..

 

scanning hidden files ...

IPC error: 2 Systemet finner ikke angitt fil.

 

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

 

Kan ta med at problemet er her fortsatt

Endret 25. januar 2008 av gilera

[norbat]

Du har noe rootkit-greier liggende, så vi kan prøve en liten sak før vi evt. kjøre litt manuelt:

 

Last ned og kjør Blacklight (et F-secure prog). Se om det finner noe.

[CFM]

Du har noe rootkit-greier liggende, så vi kan prøve en liten sak før vi evt. kjøre litt manuelt:

 

Last ned og kjør Blacklight (et F-secure prog). Se om det finner noe.

Nope.. Funka ikke..

 

Jævelskapen er her fortsatt..

[norbat]

Har du fjernet Burn4Free?

 

Sjekk følgende fil (i fet) på Jotti

C:\WINDOWS\system32\drivers\tcpipp.sys

(Du laster opp fila, øverst på siden. Mulig du på sette på "Vis skjulte filer og mapper" samt "beskyttede operativsystemfiler" for å se den - Kontrollpanel-Mappealt.-Vis)

 

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\WINDOWS\system32\drivers\core.cache.dsk

 

Folder::

C:\temp\tn3

 

Du har et program? fra Ufasoft som er en keylogger e.l. Kjenner du noe til dette?

 

C:\Programfiler\Ufasoft\Sniffer\usft_sn4.sys

[CFM]

 

 

Har du fjernet Burn4Free?

 

Sjekk følgende fil (i fet) på Jotti

C:\WINDOWS\system32\drivers\tcpipp.sys

(Du laster opp fila, øverst på siden. Mulig du på sette på "Vis skjulte filer og mapper" samt "beskyttede operativsystemfiler" for å se den - Kontrollpanel-Mappealt.-Vis)

 

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\WINDOWS\system32\drivers\core.cache.dsk

 

Folder::

C:\temp\tn3

 

Du har et program? fra Ufasoft som er en keylogger e.l. Kjenner du noe til dette?

 

C:\Programfiler\Ufasoft\Sniffer\usft_sn4.sys

 

 

 

"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

 

 

Finner ingen logg fra ComboFix'n..

 

Ja kjenner igjen ufasoft..

 

 

Problemet startet i da da jeg var uheldig(/naiv) og åpna en exe fil, noe jeg ikke skulle gjort..

 

Men kan si at så lenge jeg ikke har firefox eller noe internett program oppe så kommer ikke disse popupene opp...

[norbat]

Kjørte combofix da du dro CFScript-fila over iconet?

Sjekk om det ligger en oppdatert logg på c:\combofix.txt

[CFM]

Kjørte combofix da du dro CFScript-fila over iconet?

Sjekk om det ligger en oppdatert logg på c:\combofix.txt

Tror jeg fant den nå.. Lå i en mappe som heter ComboFix..:

 

 

ComboFix 08-01-23.1C - Bj›rn 2008-01-26 0:37:59.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1443 [GMT 1:00]

Running from: C:\Documents and Settings\Bj›rn\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bj›rn\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\WINDOWS\system32\drivers\core.cache.dsk

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\temp\tn3

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.

---- Previous Run -------

.

C:\temp\tn3

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

 

.

((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))

.

 

2008-01-26 00:46 . 2008-01-26 00:46 <DIR> d-------- C:\temp\tn3

2008-01-25 22:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-25 21:16 . 2008-01-25 23:45 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-25 21:11 . 2008-01-25 21:11 <DIR> d-------- C:\Programfiler\CCleaner

2008-01-25 18:48 . 2008-01-25 18:48 <DIR> d-------- C:\Programfiler\Windows Sidebar

2008-01-25 18:47 . 2008-01-25 19:03 <DIR> d-------- C:\Programfiler\Norton Internet Security

2008-01-25 18:46 . 2008-01-25 18:56 <DIR> d-------- C:\Programfiler\Symantec

2008-01-25 18:46 . 2008-01-25 18:56 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-25 18:46 . 2008-01-25 18:56 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-01-25 18:46 . 2008-01-25 18:56 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-01-25 18:46 . 2008-01-25 18:56 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-01-25 18:45 . 2008-01-25 23:54 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-01-25 18:33 . 2008-01-25 18:33 <DIR> d-------- C:\Programfiler\Lavasoft

2008-01-25 17:58 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-01-25 17:51 . 2008-01-25 17:51 86,144 --a------ C:\WINDOWS\system32\drivers\tcpipp.sys

2008-01-25 17:51 . 2008-01-26 00:45 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk

2008-01-24 20:46 . 2008-01-24 20:46 592 --a------ C:\WINDOWS\chgkey.vbs

2008-01-24 17:52 . 2008-01-24 17:52 <DIR> d-------- C:\ZHLT

2008-01-24 17:51 . 2008-01-24 17:57 <DIR> d-------- C:\Programfiler\Valve Hammer Editor

2008-01-23 21:58 . 2008-01-23 21:58 <DIR> d-------- C:\Programfiler\UltraISO

2008-01-23 21:58 . 2008-01-23 21:58 <DIR> d-------- C:\Programfiler\Fellesfiler\EZB Systems

2008-01-23 21:47 . 2008-01-23 21:48 <DIR> d-------- C:\Programfiler\MagicISO

2008-01-20 16:34 . 2008-01-20 16:34 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-01-20 16:23 . 2008-01-24 22:23 <DIR> d-------- C:\Program Files

2008-01-19 12:58 . 2008-01-19 12:58 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-01-19 12:57 . 2008-01-19 12:57 <DIR> d-------- C:\Flight One Software

2008-01-19 12:57 . 2008-01-19 12:57 2,048 --a------ C:\WINDOWS\uasp80.lic

2008-01-18 21:03 . 2008-01-18 21:03 <DIR> d-------- C:\Programfiler\LSoft Technologies

2008-01-18 18:41 . 2008-01-18 21:11 <DIR> d-------- C:\Programfiler\FS Panel Studio

2008-01-17 22:53 . 2008-01-17 23:20 <DIR> d-------- C:\Programfiler\Uniblue

2008-01-17 22:49 . 2008-01-17 22:49 <DIR> d-------- C:\Programfiler\Smart Projects

2008-01-17 22:45 . 2008-01-17 22:45 <DIR> d-------- C:\Programfiler\PROnetworks

2008-01-17 20:31 . 2008-01-17 20:31 <DIR> d-------- C:\Programfiler\FS2004SDK

2008-01-17 20:30 . 2008-01-17 20:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-01-17 16:03 . 2008-01-17 16:03 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-01-17 16:03 . 2008-01-17 16:03 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-01-14 23:12 . 2008-01-14 23:12 <DIR> d-------- C:\Programfiler\RivaTuner v2.06

2008-01-14 21:30 . 2008-01-14 21:30 <DIR> d-------- C:\Programfiler\DivX

2008-01-13 16:12 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-01-13 16:12 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-01-13 16:12 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-01-13 16:12 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-01-11 18:15 . 2008-01-11 23:42 <DIR> d-------- C:\WINDOWS\NV39963752.TMP

2008-01-11 18:12 . 2008-01-11 18:12 <DIR> d-------- C:\Programfiler\SystemRequirementsLab

2008-01-08 22:52 . 2008-01-21 21:47 <DIR> d-------- C:\Programfiler\Nokia

2008-01-08 22:52 . 2008-01-08 22:52 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

2008-01-08 22:52 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-01-08 22:52 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-01-08 22:52 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-01-08 22:52 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-01-08 22:52 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-01-08 22:52 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-01-08 16:18 . 2008-01-08 16:18 <DIR> d-------- C:\Programfiler\Fellesfiler\PocketSoft

2008-01-08 16:18 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll

2008-01-08 16:17 . 2008-01-08 16:17 <DIR> d-------- C:\Programfiler\Atari

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-25 20:16 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-23 20:38 --------- d-----w C:\Programfiler\PowerISO

2008-01-21 21:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-01-21 21:39 --------- d-----w C:\Programfiler\Futuremark

2008-01-20 12:35 --------- d-----w C:\Programfiler\Steam

2008-01-17 22:26 --------- d-----w C:\Programfiler\CS Source

2008-01-12 18:11 --------- d-----w C:\Programfiler\Java

2008-01-10 19:43 --------- d-----w C:\Programfiler\WinPcap

2007-12-20 01:19 --------- d-----w C:\Programfiler\SBuilderX

2007-12-20 01:03 --------- d-----w C:\Programfiler\TerraBuilder

2007-12-20 01:02 --------- d-----w C:\Programfiler\Photo Scenery Maker

2007-12-18 18:26 --------- d-----w C:\Programfiler\RealVNC

2007-12-16 00:54 --------- d-----w C:\Programfiler\Rockstar Games

2007-12-14 22:19 --------- d-----w C:\Programfiler\AviSynth 2.5

2007-12-14 22:18 --------- d-----w C:\Programfiler\eRightSoft

2007-12-14 21:32 --------- d-----w C:\Programfiler\Pinnacle

2007-12-12 16:06 --------- d-----w C:\Programfiler\Electronic Arts

2007-12-09 17:24 --------- d-----w C:\Programfiler\Burn4Free

2007-12-09 17:17 229,726 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_2218.exe

2007-12-09 17:17 --------- d-----w C:\Programfiler\Burn4Free Toolbar

2007-12-09 03:08 --------- d-----w C:\Programfiler\Sytexis Software

2007-12-09 01:51 --------- d-----w C:\Programfiler\Guitar Pro 5

2007-12-09 00:53 --------- d-----w C:\Programfiler\Act-3D

2007-12-08 23:58 --------- d-----w C:\Programfiler\VideoLAN

2007-12-08 23:47 --------- d-----w C:\Programfiler\LimeWire

2007-12-08 23:47 --------- d-----w C:\Programfiler\Fellesfiler\Java

2007-12-08 19:59 --------- d-----w C:\Programfiler\Teamspeak2_RC2

2007-12-06 23:33 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-12-06 23:33 --------- d-----w C:\Programfiler\Bonjour

2007-12-06 23:07 --------- d-----w C:\Programfiler\Hakkie

2007-12-06 23:07 --------- d-----w C:\Programfiler\Fellesfiler\Hakkie

2007-12-06 16:47 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared

2007-12-05 18:16 --------- d-----w C:\Programfiler\TDU

2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-12-04 14:02 --------- d-----w C:\Programfiler\18 Wheels of Steel American Long Haul

2007-12-02 14:34 --------- d-----w C:\Programfiler\FastStone Capture

2007-12-01 17:00 --------- d-----w C:\Programfiler\Microsoft Games

2007-12-01 11:28 --------- d-----w C:\Programfiler\MXvsATV

2007-12-01 11:03 --------- d-----w C:\Programfiler\MSXML 6.0

2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-30 19:00 --------- d-----w C:\Programfiler\Acoustica Mixcraft 3

2007-11-30 18:59 --------- d-----w C:\Programfiler\VST

2007-11-30 18:59 --------- d-----w C:\Programfiler\Acoustica Shared Effects

2007-11-30 10:48 --------- d-----w C:\Programfiler\AGEIA Technologies

2007-11-28 21:11 --------- d-----w C:\Programfiler\MSBuild

2007-11-28 21:07 --------- d-----w C:\Programfiler\Reference Assemblies

2007-11-27 21:36 --------- d-----w C:\Programfiler\MSXML 4.0

2007-11-27 18:28 --------- d-----w C:\Programfiler\Counter-Strike 1.6

2007-11-26 19:49 --------- d-----w C:\Programfiler\Vstep

2007-11-25 13:48 --------- d-----w C:\Programfiler\Activision

2007-11-25 01:23 --------- d-----w C:\Programfiler\Game Cam v1.4

2007-11-25 00:20 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application

2007-11-25 00:20 --------- d-----w C:\Programfiler\NVIDIA Corporation

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-25_22.39.33.12 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-25 21:25:04 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000001\NTUSER.DAT

+ 2008-01-25 23:37:46 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000001\NTUSER.DAT

- 2008-01-25 21:25:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000002\UsrClass.dat

+ 2008-01-25 23:37:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000002\UsrClass.dat

- 2008-01-25 21:25:04 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000003\NTUSER.DAT

+ 2008-01-25 23:37:46 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000003\NTUSER.DAT

- 2008-01-25 21:25:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000004\UsrClass.dat

+ 2008-01-25 23:37:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000004\UsrClass.dat

- 2008-01-25 21:25:04 5,844,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000005\NTUSER.DAT

+ 2008-01-25 23:37:46 5,861,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000005\NTUSER.DAT

- 2008-01-25 21:25:04 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000006\UsrClass.dat

+ 2008-01-25 23:37:46 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000006\UsrClass.dat

- 2008-01-25 21:22:57 70,124 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-01-25 23:02:05 70,124 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-01-25 21:22:57 78,496 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2008-01-25 23:02:05 78,496 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2008-01-25 21:22:57 436,360 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-01-25 23:02:05 436,360 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-01-25 21:22:57 439,292 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2008-01-25 23:02:05 439,292 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2008-01-25 23:46:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_17c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 04:51 316784 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-01-25 18:48 116088 --a------ C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]

2007-12-09 18:17 827392 --a------ C:\Programfiler\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93}

{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

 

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= C:\Programfiler\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll [2007-12-09 18:17 827392]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

"NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe]

"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 13:44 1953792]

"AsusStartupHelp"="C:\Programfiler\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 07:25 363008]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

"Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-08-25 06:07 51048]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bjørn^Start-meny^Programmer^Oppstart^YouTube Uploader.lnk]

backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\Bjørn\Lokale innstillinger\Programdata\Google\Update\1.0.97.0\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

--a------ 2007-03-21 15:41 145496 C:\Programfiler\Pinnacle\Studio 11\LaunchList2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

 

 

R1 tcpipp;tcpipp;C:\WINDOWS\system32\drivers\tcpipp.sys [2008-01-25 17:51]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" [2007-08-25 06:07]

R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

R3 vncmirror;vncmirror;C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-09 22:02]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 21:55]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 21:22]

S3 PciCon;PciCon;H:\PciCon.sys []

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Programfiler\Ufasoft\Sniffer\usft_sn4.sys [2007-11-13 05:10]

S3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 10:44]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\Race07Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\stub.exe

 

*Newly Created Service* - COMHOST

*Newly Created Service* - NVR0DEV

.

Contents of the 'Scheduled Tasks' folder

"2008-01-25 17:51:43 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Bjørn.job"

 

 

[norbat]

Ok, lå oss gjøre følgende:

 

Restart PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus)

 

Bruk utforsker evt. søkefunksjonen til å finne fila core.cache.dsk og evt. fila core.sys. Filene skal ligge i c:\windows\system32\drivers-mappa. Slett dem

 

Fila tcipp.sys vil jeg at du forandrer navn på, til: tcipp.sys.vir. (Opplever du noe probl. etterpå, så forandrer du tilbake riktig navn Grunnen til dette er at det 'vanlige navnet' på denne fila er tcpip.sys. At denne fila har et annet navn, kan tyde på at den ikke har rent mel i posten)

 

Deretter sjekker du om det finnes en oppføring i registeret. Hvis, så skal den slettes:

Klikk Start->Kjør

Skriv: regedit

 

NB! Dobbeltsjekk stien som er oppgitt under slik at du ikke sletter oppføringer du ikke skal

 

Gå til:

HKEY_LOCAL_MACHINE

->SYSTEM

->CurrentControlSet

->Services

->Finn mappa CORE, høyreklikk på den og velg slett

[CFM]

Hmm.. Det der var en luing ja..

 

Når jeg er i sikkermodus finner jeg ikke core.cache.dsk, men når jeg er vanlig innlogget finner jeg den..

 

Når jeg søker etter den ligger den i "catchme.zip" på skrivebordet..

 

 

 

Registeroppføringen core finnes heller ikke..

[norbat]

Sørg bare for at du kan se skjulte filer og mapper/bekyttede operativsystemfiler.

At catchme har lagt den i zip kan tyder på at den nå ikke burde være noe problem

Hva med tcipp.sys? Mulig det er den som holder på disse filene

 

Forandre navnet på tcipp.sys ->tcipp.sys.vir

 

Fra normal modus:

Opprett ny CFScript-fil med følgende innhold:

File::

C:\WINDOWS\system32\drivers\core.cache.dsk

 

Folder::

C:\temp\tn3

 

Post loggen

 

Edit: Jeg er nesten overbevist om at tcipp.sys er problemet, men før vi gjør noe dramatisk med den, så prøver du å forandre navnet på den og se om du da ikke får slette de nevnte filene.

Endret 26. januar 2008 av norbat

[CFM]

"core.cache.dsk" forsvant når jeg endra navnet på "tcipp.sys" til "tcipp.sys.vir"..

 

Har ikke kommet opp noen popuper enda.. Kanskje det er vekk?

 

Tusen takk for all hjelp Hvis det skal komme opp igjn så bare poster jeg her igjen

[norbat]

Beklager at du måtte kjøre noen ekstra runder ang. dette. Burde vært opplagt at det var denne fila.

 

Slett fila tcipp.sys.virfra systemet ditt + Temp/tn3-mappe og problemet ditt er borte for godt

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Får du spywareproblemer igjen, er det bare å opprette en ny tråd.

Endret 26. januar 2008 av norbat