[Fikset]Lop.com infeksjon

[M3moreX]

Her er loggene du trenger norbat

 

 

Hijackthis logg:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:46:09, on 09.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe

C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\NetWaiting\netwaiting.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\DNA\btdna.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Programfiler\BitTorrent\bittorrent.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Trend Micro\HijackThis\test.exe.exe

C:\Programfiler\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=no&s=gen

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe

O4 - HKLM\..\Run: [ANIWZCSService] C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [bearFlix] "C:\Programfiler\BearFlix\bearflix.exe" /pause

O4 - HKLM\..\Run: [support audio cool poll] C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [locks draw] C:\DOCUME~1\(snorre)\PROGRA~1\TEAMME~1\creative okay.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?d642a7d5f49644e297c46632e564aac3

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?d642a7d5f49644e297c46632e564aac3

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe

O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 13228 bytes

ComboFix logg:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-02.05.3 - (snorre) 2008-02-09 17:38:42.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.448 [GMT 1:00]

Running from: C:\Documents and Settings\(snorre)\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

/wow section not completed

 

((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))

.

 

2008-02-08 22:13 . 2008-02-09 10:42 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-02-08 22:13 . 2008-02-08 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-02-08 22:13 . 2008-02-08 22:13 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\SUPERAntiSpyware.com

2008-02-08 22:12 . 2008-02-09 17:09 <DIR> dr-h----- C:\Documents and Settings\(snorre)\Siste

2008-02-08 22:10 . 2008-02-08 22:10 <DIR> d-------- C:\Programfiler\CCleaner

2008-02-08 21:15 . 2008-02-08 21:15 <DIR> d-------- C:\Programfiler\Trend Micro

2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Programfiler\Xvid

2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Programfiler\VideoLAN

2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\vlc

2008-02-08 18:50 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-02-08 18:50 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-02-08 18:50 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-01-30 17:46 . 2008-01-04 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-01-30 17:46 . 2008-01-04 22:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-01-30 17:46 . 2008-01-04 22:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-01-30 17:25 . 2008-01-30 17:25 <DIR> d-------- C:\Programfiler\Red Kawa

2008-01-30 17:25 . 2008-01-30 17:25 <DIR> d-------- C:\Programfiler\AviSynth 2.5

2008-01-29 17:44 . 2008-02-09 17:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-29 17:44 . 2008-01-29 17:44 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-29 17:43 . 2008-01-29 17:43 <DIR> d-------- C:\Programfiler\iPod

2008-01-29 17:42 . 2008-01-29 17:42 <DIR> d-------- C:\Programfiler\Bonjour

2008-01-29 17:41 . 2008-01-29 17:42 <DIR> d-------- C:\Programfiler\QuickTime

2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-01-26 18:21 . 2008-01-30 17:40 <DIR> d-------- C:\Programfiler\Incomplete

2008-01-21 15:17 . 2008-01-21 15:17 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Leadertech

2008-01-20 12:51 . 2008-01-20 12:51 <DIR> d-------- C:\Documents and Settings\Gjest\Programdata\NCH Swift Sound

2008-01-12 20:55 . 2008-01-12 20:55 <DIR> d-------- C:\Programfiler\Team Meow Support

2008-01-12 20:47 . 2008-01-12 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO

2008-01-12 20:47 . 2008-01-12 20:55 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Team Meow Support

2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-01-09 21:29 . 2008-01-09 21:29 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Help

2008-01-09 21:17 . 2008-01-09 21:17 <DIR> d-------- C:\Programfiler\NCH Software

2008-01-09 20:54 . 2008-01-21 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NCH Swift Sound

2008-01-09 20:54 . 2008-01-12 20:32 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\NCH Swift Sound

2008-01-09 20:53 . 2008-01-21 15:20 <DIR> d-------- C:\Programfiler\NCH Swift Sound

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-09 16:39 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-02-09 16:38 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\BitTorrent

2008-02-09 16:37 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\DNA

2008-02-09 11:40 3,145,728 ---ha-w C:\Documents and Settings\(snorre)\NTUSER.DAT

2008-02-09 11:17 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-02-08 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-08 21:13 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\SUPERAntiSpyware.com

2008-02-08 17:50 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\vlc

2008-01-30 20:08 --------- d-----w C:\Programfiler\LimeWire

2008-01-30 16:47 --------- d-----w C:\Programfiler\DivX

2008-01-30 16:40 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\LimeWire

2008-01-29 16:43 --------- d-----w C:\Programfiler\iTunes

2008-01-26 17:26 --------- d-----w C:\Programfiler\Norton Internet Security

2008-01-21 14:21 --------- d-----w C:\Programfiler\MSN Messenger

2008-01-21 14:17 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Leadertech

2008-01-12 19:55 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Team Meow Support

2008-01-12 19:32 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\NCH Swift Sound

2008-01-11 16:33 --------- d-----w C:\Programfiler\Java

2008-01-10 14:10 --------- d-----w C:\Documents and Settings\leffi\Programdata\BitTorrent

2008-01-09 20:29 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Help

2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-26 00:23 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\BearShare

2007-12-19 13:26 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\DivX

2007-12-16 17:48 --------- d-----w C:\Programfiler\Windows Media Connect 2

2007-12-16 14:25 --------- d-----w C:\Programfiler\DNA

2007-12-16 14:25 --------- d-----w C:\Programfiler\BitTorrent

2007-12-15 12:08 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Apple Computer

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="C:\Programfiler\NetWaiting\netwaiting.exe" [2003-09-10 03:24 20480]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 19:25 68856]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2007-12-16 15:25 290112]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"locks draw"="C:\DOCUME~1\(snorre)\PROGRA~1\TEAMME~1\creative okay.exe" [2008-01-12 20:54 443392]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]

"IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]

"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12 94208]

"ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]

"D-Link AirPlus Xtreme G"="C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 16:00 2502656]

"ANIWZCSService"="C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 15:12 32768]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-04-25 13:15 53408]

"Corel Photo Downloader"="C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496]

"BearFlix"="C:\Programfiler\BearFlix\bearflix.exe" [ ]

"Support audio cool poll"="C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe" [2008-02-09 17:08 1976320]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 08:33 54928]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2006-03-06 22:30:57 24576]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

 

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08]

S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 00:07]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-02-09 11:00:04 C:\WINDOWS\Tasks\AD724BD29729FD02.job"

- c:\docume~1\(snorre)\progra~1\teamme~1\Sect mpeg defy.exe

"2008-02-09 08:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-02-09 11:02:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

"2008-02-08 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - snorre1.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/TASK:

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-09 17:39:19

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"

.

Completion time: 2008-02-09 17:42:52

.

2008-01-09 20:54:50 --- E O F ---

SUPERAntiSpyware logg:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/09/2008 at 11:17 AM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3259

Trace Rules Database Version: 1270

 

Scan type : Complete Scan

Total Scan Time : 00:34:50

 

Memory items scanned : 558

Memory threats detected : 0

Registry items scanned : 5238

Registry threats detected : 0

File items scanned : 42244

File threats detected : 14

 

Adware.Tracking Cookie

C:\Documents and Settings\(snorre)\Cookies\(snorre)@imrworldwide[1].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@fastclick[2].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@msnportal.112.2o7[1].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@ad.yieldmanager[1].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@doubleclick[1].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@track.adform[1].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@xiti[1].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@ad1.clickhype[1].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@apmebf[1].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@advertising[2].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@adtech[1].txt

C:\Documents and Settings\(snorre)\Cookies\(snorre)@pornfiles[1].txt

C:\Documents and Settings\leffi\Cookies\[email protected][1].txt

 

BearShare File Sharing Client

C:\PROGRAMFILER\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

Endret 10. februar 2008 av M3moreX

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\Tasks\AD724BD29729FD02.job

 

Folder::

C:\Programfiler\Team Meow Support

C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO

C:\Documents and Settings\(snorre)\Programdata\Team Meow Support

C:\Documents and Settings\(snorre)\Programdata\BearShare

C:\Programfiler\BearFlix

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"locks draw"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BearFlix"=-

"Support audio cool poll"=-

 

Post loggen på ny og fortell også hvordan det går med problemet.

[M3moreX]

Pop-up kommer fortsatt opp

Ny logg:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-02.05.3 - (snorre) 2008-02-09 18:14:38.2 - NTFSx86

Running from: C:\Documents and Settings\(snorre)\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

/wow section not completed

 

((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))

.

 

2008-02-08 22:13 . 2008-02-09 17:46 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-02-08 22:13 . 2008-02-08 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-02-08 22:13 . 2008-02-08 22:13 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\SUPERAntiSpyware.com

2008-02-08 22:12 . 2008-02-09 18:13 <DIR> dr-h----- C:\Documents and Settings\(snorre)\Siste

2008-02-08 22:10 . 2008-02-08 22:10 <DIR> d-------- C:\Programfiler\CCleaner

2008-02-08 21:15 . 2008-02-08 21:15 <DIR> d-------- C:\Programfiler\Trend Micro

2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Programfiler\Xvid

2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Programfiler\VideoLAN

2008-02-08 18:50 . 2008-02-08 18:50 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\vlc

2008-02-08 18:50 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-02-08 18:50 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-02-08 18:50 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-01-30 17:46 . 2008-01-04 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-01-30 17:46 . 2008-01-04 22:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-01-30 17:46 . 2008-01-04 22:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-01-30 17:25 . 2008-01-30 17:25 <DIR> d-------- C:\Programfiler\Red Kawa

2008-01-30 17:25 . 2008-01-30 17:25 <DIR> d-------- C:\Programfiler\AviSynth 2.5

2008-01-29 17:44 . 2008-02-09 17:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-29 17:44 . 2008-01-29 17:44 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-29 17:43 . 2008-01-29 17:43 <DIR> d-------- C:\Programfiler\iPod

2008-01-29 17:42 . 2008-01-29 17:42 <DIR> d-------- C:\Programfiler\Bonjour

2008-01-29 17:41 . 2008-01-29 17:42 <DIR> d-------- C:\Programfiler\QuickTime

2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-01-29 17:40 . 2008-01-29 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-01-26 18:21 . 2008-01-30 17:40 <DIR> d-------- C:\Programfiler\Incomplete

2008-01-21 15:17 . 2008-01-21 15:17 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Leadertech

2008-01-20 12:51 . 2008-01-20 12:51 <DIR> d-------- C:\Documents and Settings\Gjest\Programdata\NCH Swift Sound

2008-01-12 20:55 . 2008-01-12 20:55 <DIR> d-------- C:\Programfiler\Team Meow Support

2008-01-12 20:47 . 2008-01-12 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO

2008-01-12 20:47 . 2008-01-12 20:55 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Team Meow Support

2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-01-09 21:29 . 2008-01-09 21:29 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\Help

2008-01-09 21:17 . 2008-01-09 21:17 <DIR> d-------- C:\Programfiler\NCH Software

2008-01-09 20:54 . 2008-01-21 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NCH Swift Sound

2008-01-09 20:54 . 2008-01-12 20:32 <DIR> d-------- C:\Documents and Settings\(snorre)\Programdata\NCH Swift Sound

2008-01-09 20:53 . 2008-01-21 15:20 <DIR> d-------- C:\Programfiler\NCH Swift Sound

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-09 17:15 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-02-09 17:15 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\BitTorrent

2008-02-09 17:07 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\DNA

2008-02-09 11:40 3,145,728 ---ha-w C:\Documents and Settings\(snorre)\NTUSER.DAT

2008-02-09 11:17 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-02-08 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-08 21:13 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\SUPERAntiSpyware.com

2008-02-08 17:50 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\vlc

2008-01-30 20:08 --------- d-----w C:\Programfiler\LimeWire

2008-01-30 16:47 --------- d-----w C:\Programfiler\DivX

2008-01-30 16:40 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\LimeWire

2008-01-29 16:43 --------- d-----w C:\Programfiler\iTunes

2008-01-26 17:26 --------- d-----w C:\Programfiler\Norton Internet Security

2008-01-21 14:21 --------- d-----w C:\Programfiler\MSN Messenger

2008-01-21 14:17 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Leadertech

2008-01-12 19:55 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Team Meow Support

2008-01-12 19:32 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\NCH Swift Sound

2008-01-11 16:33 --------- d-----w C:\Programfiler\Java

2008-01-10 14:10 --------- d-----w C:\Documents and Settings\leffi\Programdata\BitTorrent

2008-01-09 20:29 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Help

2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-26 00:23 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\BearShare

2007-12-19 13:26 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\DivX

2007-12-16 17:48 --------- d-----w C:\Programfiler\Windows Media Connect 2

2007-12-16 14:25 --------- d-----w C:\Programfiler\DNA

2007-12-16 14:25 --------- d-----w C:\Programfiler\BitTorrent

2007-12-15 12:08 --------- d-----w C:\Documents and Settings\(snorre)\Programdata\Apple Computer

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="C:\Programfiler\NetWaiting\netwaiting.exe" [2003-09-10 03:24 20480]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 19:25 68856]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2007-12-16 15:25 290112]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"locks draw"="C:\DOCUME~1\(snorre)\PROGRA~1\TEAMME~1\creative okay.exe" [2008-01-12 20:54 443392]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]

"IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]

"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12 94208]

"ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]

"D-Link AirPlus Xtreme G"="C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 16:00 2502656]

"ANIWZCSService"="C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 15:12 32768]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-04-25 13:15 53408]

"Corel Photo Downloader"="C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496]

"BearFlix"="C:\Programfiler\BearFlix\bearflix.exe" [ ]

"Support audio cool poll"="C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe" [2008-02-09 17:08 1976320]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 08:33 54928]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2006-03-06 22:30:57 24576]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

 

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08]

S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 00:07]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-02-09 17:00:00 C:\WINDOWS\Tasks\AD724BD29729FD02.job"

- c:\docume~1\(snorre)\progra~1\teamme~1\Sect mpeg defy.exe

"2008-02-09 08:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-02-09 17:02:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

"2008-02-08 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - snorre1.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/TASK:

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-09 18:15:11

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"

.

Completion time: 2008-02-09 18:16:43

ComboFix2.txt 2008-02-09 16:42:53

.

2008-01-09 20:54:50 --- E O F ---

[norbat]

Ting tyder på at du ikke fikk kjørt veiledningen over (opprettet en notisblokk fil med navn: CFScript, som du dro og slapp over Combofix-iconet slik at Combofix startet igjen.

[M3moreX]

fikk gjort dette og Combofix bare avsluttet. Fikk ingen logg men får fortsatt pop-ups.

[norbat]

Kunne du ha forsøkt igjen: Kopier og lim inn det som er i fet skrift over i notisblokk, lagre fila på skrivebordet som CFScript, dra fila over combofix-iconet og se om ikke combofix får kjørt.

[M3moreX]

ser ut til at det ikke kommer opp noe mer pop-ups

Tusen takk for hjelpen tar å skriver mer vis det kommer noe.

[norbat]

Ok,

 

Du kunne ha kjørt Avenger bare for å se om de filene combofix skulle fjerne, er fjernet:

 

Hent Avenger og pakk det ut.

 

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

Files to delete:

C:\WINDOWS\Tasks\AD724BD29729FD02.job

C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe

 

Folders to delete:

C:\Programfiler\Team Meow Support

C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO

C:\Documents and Settings\(snorre)\Programdata\Team Meow Support

C:\Documents and Settings\(snorre)\Programdata\BearShare

C:\Programfiler\BearFlix

 

Registry values to delete:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"locks draw"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"BearFlix"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"Support audio cool poll"

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}

Klikk på Trafikklyset. Restart PC-en.

 

tter restart vil det komme en loggfil som forteller hva som har skjedd. Gi gjerne tilbakemedling

[M3moreX]

Ser ut som at skal funke fint nå. Takker for hjelpen.

 

Ny logg:

Klikk for å se/fjerne innholdet nedenfor

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.

Error code: 0

Line: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|"locks draw

 

 

//////////////////////////////////////////

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\jrbodlfg

 

*******************

 

Script file located at: \??\C:\WINDOWS\system32\adtgtcdt.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\Tasks\AD724BD29729FD02.job deleted successfully.

File C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO\Proxy scr.exe deleted successfully.

Folder C:\Programfiler\Team Meow Support deleted successfully.

Folder C:\Documents and Settings\All Users\Programdata\INTERNET SPAM SUPPORT AUDIO deleted successfully.

Folder C:\Documents and Settings\(snorre)\Programdata\Team Meow Support deleted successfully.

Folder C:\Documents and Settings\(snorre)\Programdata\BearShare deleted successfully.

 

 

Folder C:\Programfiler\BearFlix not found!

Deletion of folder C:\Programfiler\BearFlix failed!

 

Could not process line:

C:\Programfiler\BearFlix

Status: 0xc0000034

 

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BearFlix deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Support audio cool poll deleted successfully.

 

 

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} failed!

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[norbat]

Ser ut som at Avenger fjernet lop-infeksjonen.

 

Du kan avinstallere combofix ved å skrive combofix /u i kjør-feltet (start->kjør)

 

Surf trygt.