M3moreX Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 (endret) Her er loggene du trenger norbat Hijackthis logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:46:09, on 09.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\NetWaiting\netwaiting.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programfiler\BitTorrent\bittorrent.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Trend Micro\HijackThis\test.exe.exe C:\Programfiler\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=no&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [bearFlix] "C:\Programfiler\BearFlix\bearflix.exe" /pause O4 - HKLM\..\Run: [support audio cool poll] C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [locks draw] C:\DOCUME~1\(snorre)\PROGRA~1\TEAMME~1\creative okay.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?d642a7d5f49644e297c46632e564aac3 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?d642a7d5f49644e297c46632e564aac3 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13228 bytes ComboFix logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-02.05.3 - (snorre) 2008-02-09 17:38:42.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.448 [GMT 1:00] Running from: C:\Documents and Settings\(snorre)\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . /wow section not completed ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-08 22:13 . 2008-02-09 10:42 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-08 22:13 . 2008-02-08 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-08 22:13 . 2008-02-08 22:13 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\SUPERAntiSpyware.com 2008-02-08 22:12 . 2008-02-09 17:09 <DIR> dr-h----- C:\Documents and Settings\(snorre)\Siste 2008-02-08 22:10 . 2008-02-08 22:10 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-08 21:15 . 2008-02-08 21:15 <DIR> d-------- C:\Programfiler\Trend Micro 2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Programfiler\Xvid 2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Programfiler\VideoLAN 2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\vlc 2008-02-08 18:50 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-02-08 18:50 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-02-08 18:50 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-01-30 17:46 . 2008-01-04 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-01-30 17:46 . 2008-01-04 22:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-30 17:46 . 2008-01-04 22:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-30 17:25 . 2008-01-30 17:25 <DIR> d-------- C:\Programfiler\Red Kawa 2008-01-30 17:25 . 2008-01-30 17:25 <DIR> d-------- C:\Programfiler\AviSynth 2.5 2008-01-29 17:44 . 2008-02-09 17:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-29 17:44 . 2008-01-29 17:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-29 17:43 . 2008-01-29 17:43 <DIR> d-------- C:\Programfiler\iPod 2008-01-29 17:42 . 2008-01-29 17:42 <DIR> d-------- C:\Programfiler\Bonjour 2008-01-29 17:41 . 2008-01-29 17:42 <DIR> d-------- C:\Programfiler\QuickTime 2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-01-26 18:21 . 2008-01-30 17:40 <DIR> d-------- C:\Programfiler\Incomplete 2008-01-21 15:17 . 2008-01-21 15:17 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Leadertech 2008-01-20 12:51 . 2008-01-20 12:51 <DIR> d-------- C:\Documents and Settings\Gjest\Programdata\NCH Swift Sound 2008-01-12 20:55 . 2008-01-12 20:55 <DIR> d-------- C:\Programfiler\Team Meow Support 2008-01-12 20:47 . 2008-01-12 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO 2008-01-12 20:47 . 2008-01-12 20:55 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Team Meow Support 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-09 21:29 . 2008-01-09 21:29 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Help 2008-01-09 21:17 . 2008-01-09 21:17 <DIR> d-------- C:\Programfiler\NCH Software 2008-01-09 20:54 . 2008-01-21 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NCH Swift Sound 2008-01-09 20:54 . 2008-01-12 20:32 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\NCH Swift Sound 2008-01-09 20:53 . 2008-01-21 15:20 <DIR> d-------- C:\Programfiler\NCH Swift Sound . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-09 16:39 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-02-09 16:38 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\BitTorrent 2008-02-09 16:37 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\DNA 2008-02-09 11:40 3,145,728 ---ha-w C:\Documents and Settings\(snorre)\NTUSER.DAT 2008-02-09 11:17 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-08 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-08 21:13 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\SUPERAntiSpyware.com 2008-02-08 17:50 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\vlc 2008-01-30 20:08 --------- d-----w C:\Programfiler\LimeWire 2008-01-30 16:47 --------- d-----w C:\Programfiler\DivX 2008-01-30 16:40 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\LimeWire 2008-01-29 16:43 --------- d-----w C:\Programfiler\iTunes 2008-01-26 17:26 --------- d-----w C:\Programfiler\Norton Internet Security 2008-01-21 14:21 --------- d-----w C:\Programfiler\MSN Messenger 2008-01-21 14:17 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Leadertech 2008-01-12 19:55 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Team Meow Support 2008-01-12 19:32 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\NCH Swift Sound 2008-01-11 16:33 --------- d-----w C:\Programfiler\Java 2008-01-10 14:10 --------- d-----w C:\Documents and Settings\leffi\Programdata\BitTorrent 2008-01-09 20:29 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Help 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-26 00:23 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\BearShare 2007-12-19 13:26 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\DivX 2007-12-16 17:48 --------- d-----w C:\Programfiler\Windows Media Connect 2 2007-12-16 14:25 --------- d-----w C:\Programfiler\DNA 2007-12-16 14:25 --------- d-----w C:\Programfiler\BitTorrent 2007-12-15 12:08 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Apple Computer . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Programfiler\NetWaiting\netwaiting.exe" [2003-09-10 03:24 20480] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 19:25 68856] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2007-12-16 15:25 290112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "locks draw"="C:\DOCUME~1\(snorre)\PROGRA~1\TEAMME~1\creative okay.exe" [2008-01-12 20:54 443392] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12 94208] "ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940] "D-Link AirPlus Xtreme G"="C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 16:00 2502656] "ANIWZCSService"="C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 15:12 32768] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-04-25 13:15 53408] "Corel Photo Downloader"="C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496] "BearFlix"="C:\Programfiler\BearFlix\bearflix.exe" [ ] "Support audio cool poll"="C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe" [2008-02-09 17:08 1976320] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 08:33 54928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2006-03-06 22:30:57 24576] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08] S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 00:07] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-09 11:00:04 C:\WINDOWS\Tasks\AD724BD29729FD02.job" - c:\docume~1\(snorre)\progra~1\teamme~1\Sect mpeg defy.exe "2008-02-09 08:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-02-09 11:02:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2008-02-08 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - snorre1.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-09 17:39:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" . Completion time: 2008-02-09 17:42:52 . 2008-01-09 20:54:50 --- E O F --- SUPERAntiSpyware logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 02/09/2008 at 11:17 AM Application Version : 3.9.1008 Core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Complete Scan Total Scan Time : 00:34:50 Memory items scanned : 558 Memory threats detected : 0 Registry items scanned : 5238 Registry threats detected : 0 File items scanned : 42244 File threats detected : 14 Adware.Tracking Cookie C:\Documents and Settings\(snorre)\Cookies\(snorre)@imrworldwide[1].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@fastclick[2].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@msnportal.112.2o7[1].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@ad.yieldmanager[1].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@doubleclick[1].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@track.adform[1].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@xiti[1].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@ad1.clickhype[1].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@apmebf[1].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@advertising[2].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@adtech[1].txt C:\Documents and Settings\(snorre)\Cookies\(snorre)@pornfiles[1].txt C:\Documents and Settings\leffi\Cookies\[email protected][1].txt BearShare File Sharing Client C:\PROGRAMFILER\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE Endret 10. februar 2008 av M3moreX Lenke til kommentar
norbat Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\Tasks\AD724BD29729FD02.job Folder:: C:\Programfiler\Team Meow Support C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO C:\Documents and Settings\(snorre)\Programdata\Team Meow Support C:\Documents and Settings\(snorre)\Programdata\BearShare C:\Programfiler\BearFlix Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "locks draw"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BearFlix"=- "Support audio cool poll"=- Post loggen på ny og fortell også hvordan det går med problemet. Lenke til kommentar
M3moreX Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 Pop-up kommer fortsatt opp Ny logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-02.05.3 - (snorre) 2008-02-09 18:14:38.2 - NTFSx86Running from: C:\Documents and Settings\(snorre)\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . /wow section not completed ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-08 22:13 . 2008-02-09 17:46 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-08 22:13 . 2008-02-08 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-08 22:13 . 2008-02-08 22:13 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\SUPERAntiSpyware.com 2008-02-08 22:12 . 2008-02-09 18:13 <DIR> dr-h----- C:\Documents and Settings\(snorre)\Siste 2008-02-08 22:10 . 2008-02-08 22:10 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-08 21:15 . 2008-02-08 21:15 <DIR> d-------- C:\Programfiler\Trend Micro 2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Programfiler\Xvid 2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Programfiler\VideoLAN 2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\vlc 2008-02-08 18:50 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-02-08 18:50 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-02-08 18:50 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-01-30 17:46 . 2008-01-04 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-01-30 17:46 . 2008-01-04 22:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-30 17:46 . 2008-01-04 22:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-30 17:25 . 2008-01-30 17:25 <DIR> d-------- C:\Programfiler\Red Kawa 2008-01-30 17:25 . 2008-01-30 17:25 <DIR> d-------- C:\Programfiler\AviSynth 2.5 2008-01-29 17:44 . 2008-02-09 17:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-29 17:44 . 2008-01-29 17:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-29 17:43 . 2008-01-29 17:43 <DIR> d-------- C:\Programfiler\iPod 2008-01-29 17:42 . 2008-01-29 17:42 <DIR> d-------- C:\Programfiler\Bonjour 2008-01-29 17:41 . 2008-01-29 17:42 <DIR> d-------- C:\Programfiler\QuickTime 2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-01-26 18:21 . 2008-01-30 17:40 <DIR> d-------- C:\Programfiler\Incomplete 2008-01-21 15:17 . 2008-01-21 15:17 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Leadertech 2008-01-20 12:51 . 2008-01-20 12:51 <DIR> d-------- C:\Documents and Settings\Gjest\Programdata\NCH Swift Sound 2008-01-12 20:55 . 2008-01-12 20:55 <DIR> d-------- C:\Programfiler\Team Meow Support 2008-01-12 20:47 . 2008-01-12 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO 2008-01-12 20:47 . 2008-01-12 20:55 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Team Meow Support 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-09 21:29 . 2008-01-09 21:29 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Help 2008-01-09 21:17 . 2008-01-09 21:17 <DIR> d-------- C:\Programfiler\NCH Software 2008-01-09 20:54 . 2008-01-21 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NCH Swift Sound 2008-01-09 20:54 . 2008-01-12 20:32 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\NCH Swift Sound 2008-01-09 20:53 . 2008-01-21 15:20 <DIR> d-------- C:\Programfiler\NCH Swift Sound . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-09 17:15 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-02-09 17:15 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\BitTorrent 2008-02-09 17:07 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\DNA 2008-02-09 11:40 3,145,728 ---ha-w C:\Documents and Settings\(snorre)\NTUSER.DAT 2008-02-09 11:17 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-08 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-08 21:13 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\SUPERAntiSpyware.com 2008-02-08 17:50 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\vlc 2008-01-30 20:08 --------- d-----w C:\Programfiler\LimeWire 2008-01-30 16:47 --------- d-----w C:\Programfiler\DivX 2008-01-30 16:40 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\LimeWire 2008-01-29 16:43 --------- d-----w C:\Programfiler\iTunes 2008-01-26 17:26 --------- d-----w C:\Programfiler\Norton Internet Security 2008-01-21 14:21 --------- d-----w C:\Programfiler\MSN Messenger 2008-01-21 14:17 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Leadertech 2008-01-12 19:55 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Team Meow Support 2008-01-12 19:32 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\NCH Swift Sound 2008-01-11 16:33 --------- d-----w C:\Programfiler\Java 2008-01-10 14:10 --------- d-----w C:\Documents and Settings\leffi\Programdata\BitTorrent 2008-01-09 20:29 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Help 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-26 00:23 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\BearShare 2007-12-19 13:26 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\DivX 2007-12-16 17:48 --------- d-----w C:\Programfiler\Windows Media Connect 2 2007-12-16 14:25 --------- d-----w C:\Programfiler\DNA 2007-12-16 14:25 --------- d-----w C:\Programfiler\BitTorrent 2007-12-15 12:08 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Apple Computer . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Programfiler\NetWaiting\netwaiting.exe" [2003-09-10 03:24 20480] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 19:25 68856] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2007-12-16 15:25 290112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "locks draw"="C:\DOCUME~1\(snorre)\PROGRA~1\TEAMME~1\creative okay.exe" [2008-01-12 20:54 443392] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12 94208] "ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940] "D-Link AirPlus Xtreme G"="C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 16:00 2502656] "ANIWZCSService"="C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 15:12 32768] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-04-25 13:15 53408] "Corel Photo Downloader"="C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496] "BearFlix"="C:\Programfiler\BearFlix\bearflix.exe" [ ] "Support audio cool poll"="C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe" [2008-02-09 17:08 1976320] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 08:33 54928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2006-03-06 22:30:57 24576] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08] S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 00:07] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-09 17:00:00 C:\WINDOWS\Tasks\AD724BD29729FD02.job" - c:\docume~1\(snorre)\progra~1\teamme~1\Sect mpeg defy.exe "2008-02-09 08:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-02-09 17:02:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2008-02-08 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - snorre1.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-09 18:15:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" . Completion time: 2008-02-09 18:16:43 ComboFix2.txt 2008-02-09 16:42:53 . 2008-01-09 20:54:50 --- E O F --- Lenke til kommentar
norbat Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Ting tyder på at du ikke fikk kjørt veiledningen over (opprettet en notisblokk fil med navn: CFScript, som du dro og slapp over Combofix-iconet slik at Combofix startet igjen. Lenke til kommentar
M3moreX Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 fikk gjort dette og Combofix bare avsluttet. Fikk ingen logg men får fortsatt pop-ups. Lenke til kommentar
norbat Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Kunne du ha forsøkt igjen: Kopier og lim inn det som er i fet skrift over i notisblokk, lagre fila på skrivebordet som CFScript, dra fila over combofix-iconet og se om ikke combofix får kjørt. Lenke til kommentar
M3moreX Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 ser ut til at det ikke kommer opp noe mer pop-ups Tusen takk for hjelpen tar å skriver mer vis det kommer noe. Lenke til kommentar
norbat Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Ok, Du kunne ha kjørt Avenger bare for å se om de filene combofix skulle fjerne, er fjernet: Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\Tasks\AD724BD29729FD02.job C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe Folders to delete: C:\Programfiler\Team Meow Support C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO C:\Documents and Settings\(snorre)\Programdata\Team Meow Support C:\Documents and Settings\(snorre)\Programdata\BearShare C:\Programfiler\BearFlix Registry values to delete: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"locks draw" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"BearFlix" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"Support audio cool poll" Registry keys to delete: HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Klikk på Trafikklyset. Restart PC-en. tter restart vil det komme en loggfil som forteller hva som har skjedd. Gi gjerne tilbakemedling Lenke til kommentar
M3moreX Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 Ser ut som at skal funke fint nå. Takker for hjelpen. Ny logg: Klikk for å se/fjerne innholdet nedenfor ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"locks draw ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\jrbodlfg ******************* Script file located at: \??\C:\WINDOWS\system32\adtgtcdt.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\Tasks\AD724BD29729FD02.job deleted successfully. File C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe deleted successfully. Folder C:\Programfiler\Team Meow Support deleted successfully. Folder C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO deleted successfully. Folder C:\Documents and Settings\(snorre)\Programdata\Team Meow Support deleted successfully. Folder C:\Documents and Settings\(snorre)\Programdata\BearShare deleted successfully. Folder C:\Programfiler\BearFlix not found! Deletion of folder C:\Programfiler\BearFlix failed! Could not process line: C:\Programfiler\BearFlix Status: 0xc0000034 Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BearFlix deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Support audio cool poll deleted successfully. Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Lenke til kommentar
norbat Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Ser ut som at Avenger fjernet lop-infeksjonen. Du kan avinstallere combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå