CiD pop-up blandt mange andre..

[simen_lang]

jeg har masse for å få vekk at det kommer pop-up av for eksempel CiD og alt annet boss. bruker google toolbar men pop-up blocker men det funker ikke. kan noen hjelpe meg med å få vekk dette problemet?

på forhånd takk.

Uten_navn.bmp

[norbat]

Hent NoLop.exe, legg det på skrivebordet.

 

Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen.

 

 

Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan.

 

 

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

[simen_lang]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:15:08, on 06.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

E:\ProgramFiler\ad-aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Programfiler\Symantec AntiVirus\SavRoam.exe

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\PROGRA~1\FELLES~1\Stardock\SDMCP.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\Launch Manager\PowerKey.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

E:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\Programfiler\Atheros\ACU.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\Launch Manager\OSDCtrl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programfiler\Symantec AntiVirus\DoScan.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\DOCUME~1\simlan1\LOKALE~1\Temp\RtkBtMnt.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ped-01isa:8080/array.dll?Get.Routing.Script

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [PowerKey] "C:\Programfiler\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [LaunchAp] "C:\Programfiler\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ACU] C:\Programfiler\Atheros\ACU.exe -nogui

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [acecool] C:\DOCUME~1\simlan1\PROGRA~1\BITSLO~1\DOGSTOP.exe

O4 - HKCU\..\Run: [swg] C:\WINDOWS\system32\regsvr32.exe

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O14 - IERESET.INF: START_PAGE_URL=http://www.skoleportalen.no

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hfk.vgs.no

O17 - HKLM\Software\..\Telephony: DomainName = hfk.vgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hfk.vgs.no

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hfk.vgs.no

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = hfk.vgs.no

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\ProgramFiler\ad-aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 8399 bytes

[norbat]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked:

O4 - HKCU\..\Run: [acecool] C:\DOCUME~1\simlan1\PROGRA~1\BITSLO~1\DOGSTOP.exe

 

Bruk utforsker til å slette mappa (i fet):

C:\DOCUME~1\simlan1\PROGRA~1\BITSLO~1 (~1 = forkortelse)

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

 

Post loggfilen fra combofix (c:\combofix.txt), så ser vi om det ligger noe mer igjen som bør fjernes.

[simen_lang]

ComboFix 08-02.05.3 - simlan1 2008-02-06 17:25:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.180 [GMT 1:00]

Running from: C:\Documents and Settings\simlan1\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\Packet.dll

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\wpcap.dll

 

----- BITS: Possible infected sites -----

 

hxxp://h-asv-sr-01

hxxp://www.download.windowsupdate.com

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_NPF

-------\NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))

.

 

2008-02-06 16:03 . 2008-02-06 16:03 147 --a------ C:\desktop.ini

2008-02-06 15:29 . 2008-02-06 15:29 <DIR> d-------- C:\Programfiler\TuneXP

2008-02-06 14:28 . 2008-02-06 14:49 <DIR> d-------- C:\Documents and Settings\simlan1\Programdata\SUPERAntiSpyware.com

2008-02-06 14:28 . 2008-02-06 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-02-06 14:21 . 2008-02-06 14:21 106 --a------ C:\delete.bat

2008-02-05 00:11 . 2008-02-05 00:11 <DIR> d-------- C:\Documents and Settings\simlan1\Programdata\Media Player Classic

2008-02-05 00:11 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-02-05 00:11 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm

2008-02-05 00:11 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-02-05 00:11 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-02-05 00:11 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-02-05 00:11 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-02-05 00:11 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-02-05 00:11 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-02-05 00:11 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-02-04 23:43 . 2008-02-06 17:25 <DIR> dr-h----- C:\Documents and Settings\simlan1\Siste

2008-02-04 22:53 . 2008-02-04 22:53 <DIR> d-------- C:\Programfiler\Stardock

2008-02-04 22:52 . 2008-02-04 22:53 <DIR> d-------- C:\Programfiler\Fellesfiler\stardock

2008-02-04 13:45 . 2008-02-04 13:45 <DIR> d-------- C:\Programfiler\Trend Micro

2008-02-04 12:47 . 2008-02-04 13:41 <DIR> d-------- C:\NoLopBackups

2008-02-03 23:05 . 2008-02-03 23:09 <DIR> d-------- C:\Programfiler\Autodesk Impression

2008-02-03 23:01 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2008-02-03 23:01 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2008-02-03 23:00 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-02-03 22:09 . 2008-02-03 22:14 <DIR> d-------- C:\Programfiler\AutoCAD 2008

2008-02-03 22:07 . 2008-02-03 23:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Autodesk Shared

2008-02-03 22:07 . 2008-02-03 22:07 <DIR> d-------- C:\Programfiler\Autodesk

2008-02-03 22:02 . 2008-02-04 10:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-02-03 21:29 . 2008-02-03 23:05 <DIR> d-------- C:\Documents and Settings\simlan1\Programdata\Autodesk

2008-02-03 21:29 . 2008-02-03 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Autodesk

2008-02-02 15:09 . 2008-02-06 15:29 720,896 --a------ C:\WINDOWS\iun6002.exe

2008-02-02 14:46 . 2008-02-06 14:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-01 21:47 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2008-01-31 23:44 . 2008-01-31 23:44 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared

2008-01-31 23:44 . 2008-01-31 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Adobe Systems

2008-01-29 20:32 . 2008-01-29 20:32 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-01-28 00:16 . 2008-01-28 00:16 806 --a------ C:\CTMeasureTiming.ini

2008-01-27 23:23 . 1999-12-13 09:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE

2008-01-27 23:23 . 1999-11-18 09:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE

2008-01-27 22:49 . 2007-10-04 12:40 144,728 --a------ C:\WINDOWS\system32\DSKernel2.dll

2008-01-27 02:31 . 2008-01-28 00:12 <DIR> d-------- C:\Documents and Settings\simlan1\Programdata\Creative

2008-01-27 02:25 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd

2008-01-27 02:24 . 2006-10-05 23:17 53,248 --------- C:\WINDOWS\Ctregrun.exe

2008-01-27 02:23 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll

2008-01-27 02:20 . 2008-01-28 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Creative

2008-01-27 02:18 . 2008-01-27 02:18 <DIR> d-------- C:\Programfiler\Fellesfiler\Creative

2008-01-27 02:18 . 2008-01-28 00:05 <DIR> d--h----- C:\Programfiler\Creative Installation Information

2008-01-27 02:18 . 2008-01-28 16:11 <DIR> d-------- C:\Programfiler\Creative

2008-01-25 12:13 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-01-25 11:33 . 2008-01-25 11:33 <DIR> d-------- C:\Programfiler\MSBuild

2008-01-25 11:29 . 2008-01-25 12:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-01-25 11:28 . 2008-01-25 11:28 <DIR> d-------- C:\Programfiler\Reference Assemblies

2008-01-25 11:27 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-01-21 23:22 . 2008-01-21 23:22 <DIR> d-------- C:\Documents and Settings\simlan1\Programdata\GetRightToGo

2008-01-21 13:59 . 2008-01-21 13:59 <DIR> d-------- C:\WINDOWS\Sun

2008-01-20 20:01 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-20 20:00 . 2008-01-20 20:01 <DIR> d-------- C:\Programfiler\Java

2008-01-20 19:59 . 2008-01-20 19:59 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-01-19 20:15 . 2008-01-19 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-01-18 12:17 . 2000-05-22 01:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2008-01-17 18:18 . 2008-01-31 23:48 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-01-17 09:28 . 2004-02-05 20:53 389,120 --------- C:\WINDOWS\system32\actskn43.ocx

2008-01-17 09:28 . 2004-11-01 12:38 57,344 --------- C:\WINDOWS\system32\XButton.ocx

2008-01-17 09:27 . 2008-01-29 20:09 <DIR> d-------- C:\Documents and Settings\simlan1\Programdata\DivX

2008-01-17 00:20 . 2008-01-31 23:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-01-16 18:03 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-01-16 16:41 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-01-16 16:41 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-01-16 16:41 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-01-16 16:41 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-01-16 15:52 . 2008-01-16 15:52 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-01-16 15:50 . 2008-01-16 15:50 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-01-16 15:50 . 2008-01-25 17:58 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-01-16 15:31 . 2008-01-16 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Messenger Plus!

2008-01-16 15:29 . 2008-02-06 17:31 17,362,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-01-16 15:29 . 2008-02-06 17:31 206,564 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-01-16 15:19 . 2008-01-16 15:19 <DIR> d-------- C:\Programfiler\ZoneAlarmSB

2008-01-16 15:17 . 2008-01-16 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\MailFrontier

2008-01-16 15:16 . 2008-02-06 17:21 <DIR> d-------- C:\WINDOWS\Internet Logs

2008-01-16 14:54 . 2008-01-16 14:54 <DIR> d-------- C:\Programfiler\uTorrent

2008-01-16 14:54 . 2008-01-29 21:28 <DIR> d-------- C:\Documents and Settings\simlan1\Programdata\uTorrent

2008-01-16 14:48 . 2008-02-06 15:10 <DIR> d-------- C:\Programfiler\Google

2008-01-16 14:39 . 2008-01-16 14:39 <DIR> d-------- C:\Programfiler\Circle Developement

2008-01-16 14:39 . 2008-01-16 14:39 <DIR> d-------- C:\Programfiler\Bits load long

2008-01-16 14:39 . 2008-01-16 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Cast ping base frag

2008-01-16 14:34 . 2008-02-06 16:52 <DIR> d-------- C:\Documents and Settings\simlan1\Tracing

2008-01-16 14:25 . 2008-01-25 12:15 <DIR> d-------- C:\WINDOWS\system32\nb-no

2008-01-16 14:24 . 2008-01-16 14:24 <DIR> d-------- C:\Programfiler\Windows Live

2008-01-16 14:21 . 2008-01-16 14:21 0 --a------ C:\WINDOWS\vpc32.INI

2008-01-16 14:09 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-01-16 14:09 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-01-16 14:09 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-01-16 14:09 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-01-16 12:56 . 2008-01-25 08:12 <DIR> dr------- C:\Documents and Settings\simlan1\Start-meny

2008-01-16 12:56 . 2008-01-16 10:42 <DIR> d--h----- C:\Documents and Settings\simlan1\Skrivere

2008-01-16 12:56 . 2008-02-06 17:22 <DIR> d---s---- C:\Documents and Settings\simlan1\Skrivebord

2008-01-16 12:56 . 2008-01-16 12:56 <DIR> d-------- C:\Documents and Settings\simlan1\Programdata\ATI

2008-01-16 12:56 . 2008-02-06 17:20 <DIR> dr-h----- C:\Documents and Settings\simlan1\Programdata

2008-01-16 12:56 . 2008-01-16 14:58 <DIR> d-------- C:\Documents and Settings\simlan1\Mine dokumenter

2008-01-16 12:56 . 2008-01-16 09:50 <DIR> d--h----- C:\Documents and Settings\simlan1\Maler

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-06 16:32 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-02-06 11:17 1,805,824 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2008-01-30 11:45 1,697,792 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2008-01-30 07:08 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-01-25 17:58 861,696 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

2008-01-18 13:16 1,450,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-01-16 11:19 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-01-16 09:48 --------- d-----w C:\Programfiler\Microsoft.NET

2008-01-16 09:44 --------- d-----w C:\Documents and Settings\chrsaa\Programdata\ATI

2008-01-16 09:43 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines

2008-01-16 09:43 --------- d-----w C:\Programfiler\Fellesfiler\ODBC

2008-01-16 09:40 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-01-16 09:40 --------- d-----w C:\Programfiler\ATI Technologies

2008-01-16 09:37 929 ----a-w C:\WINDOWS\system32\drivers\ativcaxx.vp

2008-01-16 09:37 58,560 ----a-w C:\WINDOWS\system32\drivers\ativckxx.vp

2008-01-16 09:37 40,960 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-01-16 09:37 25,536 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp

2008-01-16 09:37 1,419,264 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-01-16 09:37 1,114,674 ----a-w C:\WINDOWS\system32\drivers\ativcaxx.cpa

2008-01-16 09:25 --------- d-----w C:\Programfiler\Synaptics

2008-01-16 09:24 185,824 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys

2008-01-16 09:23 997,376 ----a-w C:\WINDOWS\system32\drivers\HSF_DPV.sys

2008-01-16 09:23 723,712 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys

2008-01-16 09:23 202,240 ----a-w C:\WINDOWS\system32\drivers\HSFHWAZL.sys

2008-01-16 09:23 141,392 ----a-w C:\WINDOWS\system32\drivers\HSFProf.cty

2008-01-16 09:23 12,544 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys

2008-01-16 09:23 --------- d-----w C:\Programfiler\CONEXANT

2008-01-16 09:19 --------- d-----w C:\Programfiler\Realtek

2008-01-16 09:18 9,710,592 ----a-w C:\WINDOWS\RTLCPL.exe

2008-01-16 09:18 86,016 ----a-w C:\WINDOWS\SoundMan.exe

2008-01-16 09:18 69,632 ----a-w C:\WINDOWS\Alcmtr.exe

2008-01-16 09:18 487,424 ----a-w C:\WINDOWS\RtlExUpd.dll

2008-01-16 09:18 4,137,984 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.Sys

2008-01-16 09:18 356,352 ----a-w C:\WINDOWS\RtlUpd.exe

2008-01-16 09:18 2,809,856 ----a-w C:\WINDOWS\alcwzrd.exe

2008-01-16 09:18 2,158,592 ----a-w C:\WINDOWS\MicCal.exe

2008-01-16 09:18 15,961,088 ----a-w C:\WINDOWS\RTHDCPL.exe

2008-01-16 09:11 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-01-16 09:10 --------- d-----w C:\Programfiler\Symantec

2008-01-16 09:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-01-16 08:55 --------- d-----w C:\Programfiler\microsoft frontpage

2008-01-16 08:53 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-01-16 08:52 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-01-16 08:52 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap

2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

2008-01-16 15:19 262144 --a------ C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

 

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-16 15:19 262144]

 

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

"swg"="C:\WINDOWS\system32\regsvr32.exe" [2006-03-02 13:00 11776]

"MSMSGS"="C:\Programfiler\Messenger\MSMSGS.exe" [2003-04-14 20:07 1498032]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-28 15:51 29744]

"PowerKey"="C:\Programfiler\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2008-01-16 10:24 98394]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-01-16 10:24 688218]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]

"LManager"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]

"ZoneAlarm Client"="E:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

"ACU"="C:\Programfiler\Atheros\ACU.exe" [2005-01-31 08:05 253952]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 10:18 15961088 C:\WINDOWS\RTHDCPL.exe]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"LogonType"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\FELLES~1\stardock\MCPStub.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-209746\Scripts\Logon\0\0]

"Script"=\\h-asv-sr-01\logonscript\elev.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acecool]

C:\DOCUME~1\simlan1\PROGRA~1\BITSLO~1\DOGSTOP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 E:\ProgramFiler\adobe reader\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Base frag grid bows]

--a------ 2008-02-06 17:30 1086976 C:\Documents and Settings\All Users\Programdata\Cast ping base frag\stop team.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]

--------- 2007-11-06 11:08 397312 E:\ProgramFiler\creative zen\ZEN Media Explorer\CTCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2006-03-02 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]

--------- 2007-07-17 11:03 868352 C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-09-18 15:16 171464 E:\ProgramFiler\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

 

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]

R3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29]

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-28 15:51]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-06 17:33:54

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

E:\ProgramFiler\ad-aware 2007\aawservice.exe

C:\WINDOWS\system32\acs.exe

C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Programfiler\Symantec AntiVirus\SavRoam.exe

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\PROGRA~1\FELLES~1\Stardock\SDMCP.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Symantec AntiVirus\DoScan.exe

C:\DOCUME~1\simlan1\LOKALE~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Completion time: 2008-02-06 17:37:10 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-06 16:37:03

.

2008-01-22 08:27:59 --- E O F ---

[norbat]

Hvis du har MSN Messenger Plus innstaller, så kan du avinstallere det fra legg til/fjern programmer. Dette prog. er skyld i dine plager

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Folder::

C:\Documents and Settings\All Users\Programdata\Cast ping base frag

C:\Programfiler\Bits load long

C:\Documents and Settings\All Users\Programdata\Messenger Plus!

C:\NoLopBackups

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acecool]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Base frag grid bows]

 

Trenger ikke å se noen ny logg.

 

Fortell hvordan det går med probl.