får opp popups

[matseeey]

Får plutselig opp popups i IE.. den åpner av seg selv og det kommer reklamer opp..

 

 

combofix logg

 

ComboFix 08-07-13.14 - Mats 2008-07-14 20:08:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.394 [GMT 2:00]

Running from: C:\Documents and Settings\bruker\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))

.

 

2008-07-14 19:53 . 2008-07-14 19:53 <DIR> dr-h----- C:\Documents and Settings\bruker\Siste

2008-07-14 17:00 . 2008-07-14 17:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritter

2008-07-14 03:03 . 2008-07-14 03:03 0 --a------ C:\WINDOWS\system32\Is6l38sq.exe.a_a

2008-07-14 01:03 . 2008-07-14 15:34 35,842 --a------ C:\WINDOWS\system32\Is6l38sq.exe_

2008-07-14 01:03 . 2008-07-14 19:44 35,842 --a------ C:\WINDOWS\system32\Is6l38sq.exe

2008-07-07 23:25 . 2008-07-07 23:25 <DIR> d--h----- C:\WINDOWS\PIF

2008-07-06 17:14 . 2008-07-14 01:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Messenger Plus!

2008-07-01 01:45 . 2008-07-01 01:45 <DIR> d-------- C:\Programfiler\Messenger Plus! Live

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> dr------- C:\Documents and Settings\martine\Start-meny

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> d--h----- C:\Documents and Settings\martine\Skrivere

2008-06-20 18:19 . 2008-06-20 18:21 <DIR> d-------- C:\Documents and Settings\martine\Skrivebord

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> d--h----- C:\Documents and Settings\martine\Siste

2008-06-20 18:19 . 2007-09-20 14:32 <DIR> dr-h----- C:\Documents and Settings\martine\Programdata

2008-06-20 18:19 . 2008-06-20 18:19 <DIR> dr------- C:\Documents and Settings\martine\Mine dokumenter

2008-06-20 18:19 . 2007-09-20 14:28 <DIR> d--h----- C:\Documents and Settings\martine\Maler

2008-06-20 18:19 . 2008-07-14 20:09 <DIR> d--h----- C:\Documents and Settings\martine\Lokale innstillinger

2008-06-20 18:19 . 2008-06-20 18:19 <DIR> d-------- C:\Documents and Settings\martine\Favoritter

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> d--h----- C:\Documents and Settings\martine\AndrMask

2008-06-20 18:19 . 2008-06-20 18:19 <DIR> d-------- C:\Documents and Settings\martine

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-13 22:59 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-07-13 20:33 --------- d-----w C:\Documents and Settings\bruker\Programdata\uTorrent

2008-07-10 01:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-07-09 21:16 --------- d-----w C:\Documents and Settings\bruker\Programdata\LimeWire

2008-07-03 11:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\TrackMania

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-02-28 10:01 5724184]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-01 10:57 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-01 10:56 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-01 10:56 118784]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 16:16 761946]

"GrooveMonitor"="D:\Programmer\office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]

"Adobe Reader Speed Launcher"="D:\Programfiler\Adobe\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 20:49 36352]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 16261632 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"SENTINEL"= snti386.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Programmer\\office\\Office12\\OUTLOOK.EXE"=

"D:\\Programmer\\office\\Office12\\GROOVE.EXE"=

"D:\\Programmer\\office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"D:\\Spill\\Track Mania\\TmNationsESWC.exe"=

"D:\\Spill\\TmNationsForever\\TmForever.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

 

R2 SSIPDDP;SSIPDDP Parallel port device driver;C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS [2006-08-30 15:05]

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 07:00:10 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 08:00:10 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 09:00:10 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 10:00:10 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 11:00:10 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 12:00:10 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 13:00:10 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 14:00:10 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 15:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 16:00:10 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 17:00:10 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 18:00:10 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 00:00:11 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 01:00:11 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 02:00:10 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 03:00:10 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 04:00:10 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 05:00:10 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 06:00:10 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\Is6l38sq.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 20:09:47

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-07-14 20:11:10

ComboFix-quarantined-files.txt 2008-07-14 18:10:57

 

Pre-Run: 1,343,651,840 byte ledig

Post-Run: 1,358,901,248 byte ledig

 

152 --- E O F --- 2008-07-10 01:02:05

 

 

 

Logg for hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:40:29, on 14.07.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Java\jr

e1.6.0_05\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

D:\Programmer\office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Is6l38sq.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

D:\Programfiler\Ny mappe\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\office\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmer\office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\office\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sjsbs.samisk.vgs.no

O17 - HKLM\Software\..\Telephony: DomainName = sjsbs.samisk.vgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sjsbs.samisk.vgs.no

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sjsbs.samisk.vgs.no

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\office\Office12\GR99D3~1.DLL

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 8077 bytes

 

 

[norbat]

Problemet ditt er knyttet til denne fila: C:\WINDOWS\system32\Is6l38sq.exe, men før vi gjør noe manuelt, så kjører du en scan med SAS (som det henvises til i veiledningen). Når du har kjørt ferdig scanningen, så poster du loggen den lager sammen med ny combofix-logg (kjør combofix på nytt)

Endret 14. juli 2008 av norbat

[matseeey]

combofix logg

 

 

ComboFix 08-07-13.14 - Mats 2008-07-14 20:50:52.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.366 [GMT 2:00]

Running from: C:\Documents and Settings\bruker\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))

.

 

2008-07-14 20:23 . 2008-07-14 20:23 <DIR> d-------- C:\Documents and Settings\bruker\Programdata\SUPERAntiSpyware.com

2008-07-14 20:23 . 2008-07-14 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-07-14 20:22 . 2008-07-14 20:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-14 19:53 . 2008-07-14 20:14 <DIR> dr-h----- C:\Documents and Settings\bruker\Siste

2008-07-14 17:00 . 2008-07-14 17:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritter

2008-07-14 03:03 . 2008-07-14 03:03 0 --a------ C:\WINDOWS\system32\Is6l38sq.exe.a_a

2008-07-14 01:03 . 2008-07-14 15:34 35,842 --a------ C:\WINDOWS\system32\Is6l38sq.exe_

2008-07-14 01:03 . 2008-07-14 19:44 35,842 --a------ C:\WINDOWS\system32\Is6l38sq.exe

2008-07-07 23:25 . 2008-07-07 23:25 <DIR> d--h----- C:\WINDOWS\PIF

2008-07-06 17:14 . 2008-07-14 01:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Messenger Plus!

2008-07-01 01:45 . 2008-07-01 01:45 <DIR> d-------- C:\Programfiler\Messenger Plus! Live

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> dr------- C:\Documents and Settings\martine\Start-meny

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> d--h----- C:\Documents and Settings\martine\Skrivere

2008-06-20 18:19 . 2008-06-20 18:21 <DIR> d-------- C:\Documents and Settings\martine\Skrivebord

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> d--h----- C:\Documents and Settings\martine\Siste

2008-06-20 18:19 . 2007-09-20 14:32 <DIR> dr-h----- C:\Documents and Settings\martine\Programdata

2008-06-20 18:19 . 2008-06-20 18:19 <DIR> dr------- C:\Documents and Settings\martine\Mine dokumenter

2008-06-20 18:19 . 2007-09-20 14:28 <DIR> d--h----- C:\Documents and Settings\martine\Maler

2008-06-20 18:19 . 2008-07-14 20:52 <DIR> d--h----- C:\Documents and Settings\martine\Lokale innstillinger

2008-06-20 18:19 . 2008-06-20 18:19 <DIR> d-------- C:\Documents and Settings\martine\Favoritter

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> d--h----- C:\Documents and Settings\martine\AndrMask

2008-06-20 18:19 . 2008-06-20 18:19 <DIR> d-------- C:\Documents and Settings\martine

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-13 22:59 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-07-13 20:33 --------- d-----w C:\Documents and Settings\bruker\Programdata\uTorrent

2008-07-10 01:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-07-09 21:16 --------- d-----w C:\Documents and Settings\bruker\Programdata\LimeWire

2008-07-03 11:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\TrackMania

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-14_20.10.47.63 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-14 18:23:09 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-07-14 18:23:09 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-02-28 10:01 5724184]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"SUPERAntiSpyware"="D:\Programfiler\Ny mappe\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-01 10:57 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-01 10:56 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-01 10:56 118784]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 16:16 761946]

"GrooveMonitor"="D:\Programmer\office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]

"Adobe Reader Speed Launcher"="D:\Programfiler\Adobe\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 20:49 36352]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 16261632 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Programfiler\Ny mappe\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 D:\Programfiler\Ny mappe\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"SENTINEL"= snti386.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Programmer\\office\\Office12\\OUTLOOK.EXE"=

"D:\\Programmer\\office\\Office12\\GROOVE.EXE"=

"D:\\Programmer\\office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"D:\\Spill\\Track Mania\\TmNationsESWC.exe"=

"D:\\Spill\\TmNationsForever\\TmForever.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

 

R2 SSIPDDP;SSIPDDP Parallel port device driver;C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS [2006-08-30 15:05]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

Contents of the 'Scheduled Tasks' folder

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 07:00:10 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 08:00:10 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 09:00:10 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 10:00:10 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 11:00:10 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 12:00:10 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 13:00:10 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 14:00:10 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 15:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 16:00:10 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 17:00:10 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 18:00:10 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-13 23:03:08 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 00:00:11 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 01:00:11 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 02:00:10 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 03:00:10 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 04:00:10 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 05:00:10 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\Is6l38sq.exe

"2008-07-14 06:00:10 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\Is6l38sq.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 20:52:30

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-07-14 20:53:36

ComboFix-quarantined-files.txt 2008-07-14 18:53:12

ComboFix2.txt 2008-07-14 18:11:10

 

Pre-Run: 1,290,752,000 byte ledig

Post-Run: 1,286,156,288 byte ledig

 

168 --- E O F --- 2008-07-10 01:02:05

 

 

SAS logg

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 07/14/2008 at 08:45 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3503

Trace Rules Database Version: 1494

 

Scan type : Complete Scan

Total Scan Time : 00:20:03

 

Memory items scanned : 403

Memory threats detected : 0

Registry items scanned : 6011

Registry threats detected : 0

File items scanned : 14000

File threats detected : 14

 

Adware.Tracking Cookie

C:\Documents and Settings\Administrator.SJSBS\Cookies\administrator@2o7[1].txt

C:\Documents and Settings\Administrator.SJSBS\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator.SJSBS\Cookies\administrator@serving-sys[2].txt

C:\Documents and Settings\Administrator.SJSBS\Cookies\[email protected][1].txt

.adtech.de [ C:\Documents and Settings\bruker\Programdata\Mozilla\Firefox\Profiles\f2z4el32.default\cookies.txt ]

C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt

C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt

C:\Documents and Settings\NetworkService\Cookies\system@adtech[1].txt

C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt

C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt

C:\Documents and Settings\NetworkService\Cookies\system@zanox[1].txt

C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt

C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt

C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt

C:\Documents and Settings\NetworkService\Cookies\system@smileycentral[2].txt

 

 

[norbat]

Vurder om du trenger Messenger Plus!

Hvis ikke, avinstaller det fra legg til / fjern programmer.

 

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

 

File::

C:\WINDOWS\system32\Is6l38sq.exe.a_a

C:\WINDOWS\system32\Is6l38sq.exe_

C:\WINDOWS\system32\Is6l38sq.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

 

Du trenger ikke å poste loggen. Fortell hvordan det går med popups

[matseeey]

Har gjort det.. men får opp popups uansett! :s

[norbat]

Da poster du combofix-loggen. Ting kan tyde på at cfscript-fila ikke fungerte.

[matseeey]

fikk dette.. :

 

ComboFix 08-07-13.14 - Mats 2008-07-15 0:44:31.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.338 [GMT 2:00]

Running from: C:\Documents and Settings\bruker\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))

.

 

2008-07-14 20:23 . 2008-07-14 20:23 <DIR> d-------- C:\Documents and Settings\bruker\Programdata\SUPERAntiSpyware.com

2008-07-14 20:23 . 2008-07-14 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-07-14 20:22 . 2008-07-14 20:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-14 19:53 . 2008-07-15 00:42 <DIR> dr-h----- C:\Documents and Settings\bruker\Siste

2008-07-14 17:00 . 2008-07-14 17:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritter

2008-07-14 03:03 . 2008-07-14 03:03 0 --a------ C:\WINDOWS\system32\Is6l38sq.exe.a_a

2008-07-14 01:03 . 2008-07-14 15:34 35,842 --a------ C:\WINDOWS\system32\Is6l38sq.exe_

2008-07-14 01:03 . 2008-07-14 21:50 35,842 --a------ C:\WINDOWS\system32\Is6l38sq.exe

2008-07-07 23:25 . 2008-07-07 23:25 <DIR> d--h----- C:\WINDOWS\PIF

2008-07-06 17:14 . 2008-07-14 01:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Messenger Plus!

2008-07-01 01:45 . 2008-07-01 01:45 <DIR> d-------- C:\Programfiler\Messenger Plus! Live

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> dr------- C:\Documents and Settings\martine\Start-meny

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> d--h----- C:\Documents and Settings\martine\Skrivere

2008-06-20 18:19 . 2008-06-20 18:21 <DIR> d-------- C:\Documents and Settings\martine\Skrivebord

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> d--h----- C:\Documents and Settings\martine\Siste

2008-06-20 18:19 . 2007-09-20 14:32 <DIR> dr-h----- C:\Documents and Settings\martine\Programdata

2008-06-20 18:19 . 2008-06-20 18:19 <DIR> dr------- C:\Documents and Settings\martine\Mine dokumenter

2008-06-20 18:19 . 2007-09-20 14:28 <DIR> d--h----- C:\Documents and Settings\martine\Maler

2008-06-20 18:19 . 2008-07-15 00:46 <DIR> d--h----- C:\Documents and Settings\martine\Lokale innstillinger

2008-06-20 18:19 . 2008-06-20 18:19 <DIR> d-------- C:\Documents and Settings\martine\Favoritter

2008-06-20 18:19 . 2007-09-20 16:15 <DIR> d--h----- C:\Documents and Settings\martine\AndrMask

2008-06-20 18:19 . 2008-06-20 18:19 <DIR> d-------- C:\Documents and Settings\martine

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-14 20:22 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-07-10 01:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-07-03 11:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\TrackMania

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-14_20.10.47.63 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-14 18:23:09 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-07-14 18:23:09 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-02-28 10:01 5724184]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"SUPERAntiSpyware"="D:\Programfiler\Ny mappe\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-01 10:57 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-01 10:56 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-01 10:56 118784]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 16:16 761946]

"GrooveMonitor"="D:\Programmer\office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]

"Adobe Reader Speed Launcher"="D:\Programfiler\Adobe\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 20:49 36352]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 16261632 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Programfiler\Ny mappe\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 D:\Programfiler\Ny mappe\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"SENTINEL"= snti386.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Programmer\\office\\Office12\\OUTLOOK.EXE"=

"D:\\Programmer\\office\\Office12\\GROOVE.EXE"=

"D:\\Programmer\\office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"D:\\Spill\\Track Mania\\TmNationsESWC.exe"=

"D:\\Spill\\TmNationsForever\\TmForever.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

 

R2 SSIPDDP;SSIPDDP Parallel port device driver;C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS [2006-08-30 15:05]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-15 00:46:26

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-07-15 0:47:43

ComboFix-quarantined-files.txt 2008-07-14 22:47:12

ComboFix2.txt 2008-07-14 20:19:27

ComboFix3.txt 2008-07-14 18:53:37

ComboFix4.txt 2008-07-14 18:11:10

 

Pre-Run: 1,229,934,592 byte ledig

Post-Run: 1,223,864,320 byte ledig

 

116 --- E O F --- 2008-07-10 01:02:05

 

 

[norbat]

Hent Avenger og pakk det ut.

 

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

 

Files to delete:

C:\WINDOWS\system32\Is6l38sq.exe.a_a

C:\WINDOWS\system32\Is6l38sq.exe_

C:\WINDOWS\system32\Is6l38sq.exe

 

Klikk på Trafikklyset. Restart pc'n.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Post den sammen med ny combofix-logg.