popup problemer. HJT-logg

[r2d290]

hallo.

 

Kan dere hjelpe meg med å se over disse loggene? (skal kjøre combofix og ccleaner senere idag.)

 

sas

 

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/02/2008 at 08:51 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3412

Trace Rules Database Version: 1404

 

Scan type : Complete Scan

Total Scan Time : 01:21:43

 

Memory items scanned : 407

Memory threats detected : 0

Registry items scanned : 5602

Registry threats detected : 0

File items scanned : 38009

File threats detected : 376

 

Adware.Tracking Cookie

 

Trojan.VXGame-Variant/D

D:\DC++\DIV.PROG\HAIKERENS.GUIDE.TIL.DVDR.V2.2\1.INSTALL.CINEMA.CRAFT.ENCODER.SP.V2.70.02.10\CINEMA.CRAFT.ENCODER.SP.V2.70.02.10.WINALL.CRACKED-BLIZZARD\CRACKS\B-CCESP2700210AP-PATCH.EXE

D:\DC++\DIV.PROG\HAIKERENS.GUIDE.TIL.DVDR.V2.2\1.INSTALL.CINEMA.CRAFT.ENCODER.SP.V2.70.02.10\CINEMA.CRAFT.ENCODER.SP.V2.70.02.10.WINALL.CRACKED-BLIZZARD\CRACKS\B-CCESP2700210SA-PATCH.EXE

 

Trojan.Unclassifed/Loader-Suspicious

D:\DC++\DIV.PROG\SPYKILLER 2003 AND SPYHUNTER 2003 AND CRACK\SPYKILLER.2003.1.0.LOADER CRACK\LOADER.EXE

 

Adware.HotBar/ShopperReports (Low Risk)

F:\SYSTEM VOLUME INFORMATION\_RESTORE{781CF76D-E01C-43A2-895F-B2962D0AD5FA}\RP70\A0009617.DLL

 

Adware.HotBar (Low Risk)

F:\SYSTEM VOLUME INFORMATION\_RESTORE{781CF76D-E01C-43A2-895F-B2962D0AD5FA}\RP70\A0009749.DLL

 

Trace.Known Threat Sources

C:\Documents and Settings\Administrator\Lokale innstillinger\Temporary Internet Files\Content.IE5\4HU3G9YZ\zangomessenger_med[1].gif

C:\Documents and Settings\Administrator\Lokale innstillinger\Temporary Internet Files\Content.IE5\WDE3CP2R\Spacer[6].gif

 

 

 

hjt

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:15:51, on 03.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Eset\nod32kui.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\MYSECR~1\MSFMON.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Registry Clean Expert\RCHelper.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\devldr32.exe

C:\Programfiler\Billionton\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\No-IP\DUC20.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Java\jre1.6.0_01\bin\jucheck.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [internetCalls] "C:\Programfiler\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized

O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Programfiler\Registry Clean Expert\RCHelper.exe" /startup

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: No-IP DUC.lnk = C:\Programfiler\No-IP\DUC20.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\System32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\System32\mscoree.DLL

O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)

O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programfiler\EmpirePoker\EmpirePoker.exe (file missing)

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programfiler\UltimateBet\UltimateBet.exe

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programfiler\UltimateBet\UltimateBet.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programfiler\ICQLite\ICQLite.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Billionton\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Billionton\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/...tgameloader.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://www.arcadetown.com/swf/cosmicbugs/r64loader.cab

O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://rabenordberg.spaces.live.com//Photo...ad/MsnPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140890031967

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195980987796

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab

O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik...gwebinstall.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.64/MZPlayer.CAB

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exe

O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedingfrenz...outLauncher.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Billionton\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 11623 bytes

 

 

 

Endret 3. mars 2008 av r2d290

[norbat]

Crack-filer er ikke særlig lurt å laste ned

Post gjerne combofix-loggen når du har fått kjørt den.

[r2d290]

(Er ikke min pc, så ikke gi meg et dårlig rykte. Hjelper bare en venn)

 

 

 

ComboFix 08-03-03.12 - Kjell Li 2008-03-03 18:50:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.139 [GMT 1:00]

Running from: C:\Documents and Settings\Kjell Li\Skrivebord\ComboFix\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrator\Programdata\install.dat

C:\Documents and Settings\Kjell Li\Lokale innstillinger\Programdata\tnytrfdx.dat

c:\documents and settings\kjell li\lokale innstillinger\programdata\tnytrfdx.exe

c:\Documents and Settings\Kjell Li\Lokale innstillinger\Programdata\tnytrfdx_nav.dat

c:\Documents and Settings\Kjell Li\Lokale innstillinger\Programdata\tnytrfdx_navps.dat

C:\Documents and Settings\Kjell Li\Programdata\inst.exe

C:\Documents and Settings\Kjell Li\Start-meny\Programmer\InternetGameBox

C:\Documents and Settings\Kjell Li\Start-meny\Programmer\InternetGameBox\Conditions générales.lnk

C:\Documents and Settings\Kjell Li\Start-meny\Programmer\InternetGameBox\Confidentialité.lnk

C:\Documents and Settings\Kjell Li\Start-meny\Programmer\InternetGameBox\Website.lnk

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))

.

 

2008-03-03 18:42 . 2008-03-03 18:42 <DIR> dr-h----- C:\Documents and Settings\Kjell Li\Siste

2008-03-03 18:41 . 2008-03-03 18:41 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-02 19:15 . 2008-03-02 19:15 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-02 19:15 . 2008-03-02 19:15 <DIR> d-------- C:\Documents and Settings\Kjell Li\Programdata\SUPERAntiSpyware.com

2008-03-02 19:15 . 2008-03-02 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\SUPERAntiSpyware.com

2008-03-01 19:32 . 2008-03-01 19:32 <DIR> d-------- C:\Programfiler\Trend Micro

2008-02-16 10:51 . 2006-02-25 17:35 <DIR> dr------- C:\Documents and Settings\Marius\Start-meny

2008-02-16 10:51 . 2006-02-25 17:35 <DIR> d--h----- C:\Documents and Settings\Marius\Skrivere

2008-02-16 10:51 . 2006-02-25 17:35 <DIR> d-------- C:\Documents and Settings\Marius\Skrivebord

2008-02-16 10:51 . 2008-02-16 10:52 <DIR> dr-h----- C:\Documents and Settings\Marius\Siste

2008-02-16 10:51 . 2008-02-16 10:52 <DIR> dr-h----- C:\Documents and Settings\Marius\Programdata

2008-02-16 10:51 . 2008-02-16 10:52 <DIR> dr------- C:\Documents and Settings\Marius\Mine dokumenter

2008-02-16 10:51 . 2006-02-25 17:44 <DIR> d--h----- C:\Documents and Settings\Marius\Maler

2008-02-16 10:51 . 2006-02-25 17:35 <DIR> d--h----- C:\Documents and Settings\Marius\Lokale innstillinger

2008-02-16 10:51 . 2008-02-16 10:52 <DIR> dr------- C:\Documents and Settings\Marius\Favoritter

2008-02-16 10:51 . 2006-02-25 17:35 <DIR> d--h----- C:\Documents and Settings\Marius\AndrMask

2008-02-15 22:57 . 2008-02-25 19:49 <DIR> d-------- C:\Programfiler\XoftSpySE

2008-02-14 19:31 . 2008-02-14 19:31 1,766,824 --a------ C:\WINDOWS\system32\Star Wars Battlefront SS.scr

2008-02-09 17:19 . 2008-02-09 17:19 <DIR> d-------- C:\Programfiler\ConvertXtoDVD

2008-02-09 17:19 . 2008-02-09 17:19 <DIR> d-------- C:\Programfiler\common

2008-02-09 17:19 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll

2008-02-09 17:19 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll

2008-02-09 17:19 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

2008-02-09 17:19 . 2008-02-09 17:19 47,360 --a------ C:\Documents and Settings\Kjell Li\Programdata\pcouffin.sys

2008-02-04 22:55 . 2008-02-04 22:55 66 --a------ C:\WINDOWS\#1 Video Converter.INI

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-02 18:14 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-15 21:56 --------- d-----w C:\Documents and Settings\Kjell Li\Programdata\uTorrent

2008-02-15 21:23 --------- d-----w C:\Programfiler\WonderlandAdventures_at

2008-02-15 21:22 --------- d-----w C:\Programfiler\Cartoon Network

2008-02-10 11:58 --------- d-----w C:\Documents and Settings\Kjell Li\Programdata\Vso

2008-02-09 16:19 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-02-07 22:39 --------- d-----w C:\Programfiler\ESET

2008-02-04 21:51 --------- d-----w C:\Programfiler\VSO

2008-01-15 14:46 --------- d-----w C:\Programfiler\Registry Clean Expert

2008-01-15 11:53 --------- d-----w C:\DOCUME~1\ALLUSE~1.WIN\PROGRA~1\Spybot - Search & Destroy

2008-01-15 10:24 --------- d-----w C:\Programfiler\Spybot - Search & Destroy

2008-01-11 16:28 --------- d-----w C:\Programfiler\Google

2006-08-29 12:43 32 ----a-r C:\Documents and Settings\All Users\hash.dat

2006-03-24 21:23 774,144 ----a-w C:\Programfiler\RngInterstitial.dll

2005-03-21 18:02 892 ----a-w C:\Programfiler\pcsetup.log

2004-01-08 23:00 58,368 ----a-w C:\Documents and Settings\[bruker]\detect.exe

2003-12-09 19:03 49,152 ----a-w C:\Documents and Settings\[bruker]\update.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"InternetCalls"="C:\Programfiler\InternetCalls.com\InternetCalls\InternetCalls.exe" [2007-04-19 11:35 7116352]

"RegClean Expert Scheduler"="C:\Programfiler\Registry Clean Expert\RCHelper.exe" [2007-10-15 21:39 601336]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2003-04-27 11:54 77824]

"Resume copy"="copyfstq.exe" [2002-03-24 12:54 46080 C:\WINDOWS\COPYFSTQ.EXE]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

"nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2005-05-18 13:54 917504]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-05-03 00:05 77824]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2006-03-10 15:56 180269]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]

"MSF_Monitor"="C:\PROGRA~1\MYSECR~1\MSFMON.exe" [2007-01-24 23:00 99920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

 

C:\Documents and Settings\[bruker]\Start-meny\Programmer\Oppstart\

PowerReg Scheduler V3.exe [2004-04-06 15:09:58 225280]

 

C:\Documents and Settings\Kjell Li\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2004-08-11 13:43:41 113664]

No-IP DUC.lnk - C:\Programfiler\No-IP\DUC20.exe [2005-03-05 13:20:53 1148416]

 

C:\DOCUME~1\ALLUSE~1.WIN\START-~1\PROGRA~1\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

"NoLogoff"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

--a------ 2006-05-07 17:49 3139164 C:\Programfiler\ICQLite\ICQLite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

"nwiz"=nwiz.exe /install

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Programfiler\\ICQLite\\ICQLite.exe"=

"C:\\Programfiler\\B2BPOKER\\Unibet Poker\\jre\\bin\\javaw.exe"=

"C:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\Freaky Freezeday\\Freezeday.exe"=

"C:\\Programfiler\\MerOmPoker\\jre\\bin\\javaw.exe"=

"C:\\Programfiler\\FlashFXP\\flashfxp.exe"=

"D:\\DC++\\Div.Prog\\mirc\\mirc32.exe"=

"C:\\Programfiler\\uTorrent\\utorrent.exe"=

"C:\\Documents and Settings\\Kjell Li\\Skrivebord\\tronds rot\\TvKoo\\TvNoo.exe"=

"C:\\Documents and Settings\\Kjell Li\\Skrivebord\\tronds rot\\TvKoo\\viviplay.exe"=

"D:\\Trond\\Parabol\\dream\\DB controlCenter\\DCC.exe"=

"C:\\Programfiler\\Windows Media Player\\wmplayer.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Documents and Settings\\Kjell Li\\Skrivebord\\utorrent.exe"=

"D:\\Trond\\Parabol\\dream\\DremUp\\dreamUp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 12:39]

R2 MSF32;MSF32;C:\Programfiler\MySecretFolder XP\MSF32.SYS [2007-01-24 23:00]

R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 11:43]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-03 19:21:13

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Billionton\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\devldr32.exe

C:\Programfiler\Java\jre1.6.0_01\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2008-03-03 19:29:27 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-03 18:29:23

.

2008-02-13 17:38:01 --- E O F ---

 

Endret 3. mars 2008 av r2d290

[norbat]

Du kunne ha sjekket følgende to filer på http://virusscan.jotti.org/

 

C:\Documents and Settings\[bruker]\detect.exe

C:\Documents and Settings\[bruker]\update.exe

 

Ut over dette er det ikke så mye å se.

[r2d290]

ok, takk

 

Tror problemene har begynt å rette seg opp. Han har ikke fått noe etter at han kjørte sas og combofix. Skal få sjekket de linjene, og kommer tilbake dersom det skulle komme igjen.