Tror jeg har virus - hjelp?!?!

[bkf_94]

Heysann

Jeg tror jeg har et datavirus eller noen hacker meg, er egentlig ikke noe data-geni men jeg mener å ha lest at noen kan hacke PC-en din og gå innpå nettsider på den, men jeg er ikke sikker

 

det som skjer er at det popper opp sånn reklame hele tiden, på adresselinjen kommer det nettsider jeg ikke har hørt om.

 

jeg skal innrømme at jeg går innpå sånn porn, men har bare vært på sånne sider der du ser 'videoene' på nettsiden, du laster ikke noe ned.

 

Jeg har lastet ned en del sanger og i det siste fra limewire, det kan vel være noe der og..

 

Jeg har brukt noen programmer til å søke maskinen for virus, slette alle 'truende' filer

 

Takker til alle som kan hjelpe meg :D :D :D :D

[norbat]

Kjør gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene det spørres etter, kopierer du og legger inn her i din egen post.

[bkf_94]

Kjør gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene det spørres etter, kopierer du og legger inn her i din egen post.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:14:51, on 14.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe

C:\Programfiler\CA\eTrust Antivirus\InoRT.exe

C:\Programfiler\CA\eTrust Antivirus\InoTask.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Microsoft IntelliType Pro\type32.exe

C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe

C:\PROGRA~1\CA\ETRUST~1\realmon.exe

C:\WINDOWS\CNYHKey.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\Dit.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\QuickTime\QTTask.exe

D:\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\DOCUME~1\Gerry\LOKALE~1\Temp\~e5.0001

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

D:\TMHT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\MUSIKK~1\TEXTPR~1\TEXTAL~1\TEXTAL~1\TAForIE.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll

O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [Phase One Media Reader] C:\foto\CAPTUR~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\deamontool\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Love default global mess] C:\Documents and settings\All Users\Programdata\great coal love default\Heart bias.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [steam] "d:\spill\steam.exe" -silent

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [encreadme] C:\DOCUME~1\Gerry\PROGRA~1\TESTPL~1\Send license memo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programfiler\Fellesfiler\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/pi...st_uploader.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {274967E8-7BE3-4195-B719-CFE8878B2E39} (FotolaboUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/FotolaboUploader.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103809220312

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144181556046

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programfiler\CA\eTrust Antivirus\InoTask.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

O24 - Desktop Component 0: (no name) - C:\Documents and settings\Gerry\Mine dokumenter\Mine bilder\Picture\spes.jpg

O24 - Desktop Component 1: (no name) - http://www.i4design.dk/images/art/push-on-...azy-diamond.jpg

 

--

End of file - 11626 bytes

[norbat]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\MUSIKK~1\TEXTPR~1\TEXTAL~1\TEXTAL~1\TAForIE.dll (file missing)

O4 - HKLM\..\Run: [Love default global mess] C:\Documents and settings\All Users\Programdata\great coal love default\Heart bias.exe

O4 - HKCU\..\Run: [encreadme] C:\DOCUME~1\Gerry\PROGRA~1\TESTPL~1\Send license memo.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt)

[bkf_94]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\MUSIKK~1\TEXTPR~1\TEXTAL~1\TEXTAL~1\TAForIE.dll (file missing)

O4 - HKLM\..\Run: [Love default global mess] C:\Documents and settings\All Users\Programdata\great coal love default\Heart bias.exe

O4 - HKCU\..\Run: [encreadme] C:\DOCUME~1\Gerry\PROGRA~1\TESTPL~1\Send license memo.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt)

 

Hey , fant ikke den første jeg skulle merke, men jeg tok de andre

 

her er logfilen fra Combofix:

ComboFix 08-03-14.4 - Gerry 2008-03-15 1:00:48.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.578 [GMT 1:00]

Running from: C:\Documents and settings\Gerry\Lokale innstillinger\Temporary Internet Files\Content.IE5\2DGFG3CX\ComboFix[1].exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Programfiler\MyWebSearch

C:\Programfiler\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL_tobedeleted

C:\Programfiler\Video Add-on

C:\WINDOWS\system32\f3PSSavr.scr

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))

.

 

2008-03-12 22:47 . 2008-03-15 00:01 <DIR> dr-h----- C:\Documents and settings\Gerry\Siste

2008-03-06 21:24 . 2008-03-06 21:24 <DIR> d-------- C:\Programfiler\Test Plan Dash

2008-03-06 21:24 . 2008-03-06 21:24 <DIR> d-------- C:\Programfiler\Circle Developement

2008-03-06 21:24 . 2008-03-06 21:24 <DIR> d-------- C:\Documents and settings\Gerry\Programdata\Test Plan Dash

2008-03-06 21:24 . 2008-03-06 21:24 <DIR> d-------- C:\Documents and settings\All Users\Programdata\great coal love default

2008-02-26 20:34 . 2008-02-26 20:34 <DIR> d-------- C:\Documents and settings\All Users\Programdata\NVIDIA

2008-02-15 15:21 . 2008-03-15 01:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-15 15:21 . 2008-02-15 15:21 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-14 23:55 --------- d-----w C:\Documents and settings\Gerry\Programdata\Skype

2008-03-14 14:45 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-03-11 18:18 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-11 17:58 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-03-10 21:58 22,872 ----a-w C:\Documents and settings\Gerry\Programdata\wklnhst.dat

2008-03-10 18:41 --------- d-----w C:\Documents and settings\Gerry\Programdata\dvdcss

2008-03-08 11:19 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-06 20:24 --------- d-----w C:\Programfiler\MSN Messenger

2008-03-06 20:24 --------- d-----w C:\Programfiler\Messenger Plus! Live

2008-03-03 19:00 --------- d-----w C:\Programfiler\Windows Live Safety Center

2008-02-27 00:46 --------- d-----w C:\Documents and settings\Gerry\Programdata\Ahead

2008-02-24 14:20 --------- d---a-w C:\Documents and settings\All Users\Programdata\TEMP

2008-02-04 15:24 --------- d-----w C:\Documents and settings\Gerry\Programdata\GetRightToGo

2008-02-04 15:10 --------- d-----w C:\Documents and settings\Gerry\Programdata\Turbine

2008-01-24 18:18 --------- d-----w C:\Documents and settings\Gerry\Programdata\WeGame

2008-01-15 10:21 488,800 ----a-w C:\WINDOWS\system32\Ltkrn15u.dll

2008-01-15 10:21 390,496 ----a-w C:\WINDOWS\system32\Lfcmp15u.dll

2008-01-15 10:21 185,688 ----a-w C:\WINDOWS\system32\Ltfil15u.dll

2008-01-09 14:34 23,552 ----a-w C:\Documents and settings\Gerry\khhdea.exe

2007-12-27 21:49 77,824 ----a-w C:\Documents and settings\Gerry\gcjqwb.exe

2007-12-25 14:47 10,138 ----a-w C:\Documents and settings\Gerry\hvdluo.exe

2007-11-26 22:25 192,000 ----a-w C:\Documents and settings\Gerry\rioibs.exe

2007-07-28 22:11 32 ----a-r C:\Documents and settings\All Users\hash.dat

2007-07-23 22:08 115,776 ----a-w C:\Documents and settings\Gerry\Programdata\GDIPFONTCACHEV1.DAT

2007-01-01 12:58 1 ----a-w C:\Documents and settings\Gerry\SI.bin

2006-03-29 21:08 13 -c-h--w C:\Documents and settings\All Users\Programdata\ÝÙÃÄ3113›.sys

2005-06-24 11:30 104 --sh--r C:\WINDOWS\system32\0DD58108D7.sys

2004-12-23 14:27 8 -csh--r C:\WINDOWS\system32\F30928A2D0.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 21:44 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-08-31 16:40 22879528]

"Steam"="d:\spill\steam.exe" [2008-03-15 01:06 1266936]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288]

"encreadme"="C:\DOCUME~1\Gerry\PROGRA~1\TESTPL~1\Send license memo.exe" [2008-03-06 21:24 437760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2005-03-15 01:46 196608]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

"Snarvei til egenskapsside for High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]

"Phase One Media Reader"="C:\foto\CAPTUR~1\CAPTUR~1\DCIMImp.exe" [ ]

"nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"ledpointer"="CNYHKey.exe" [2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03 221184]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-23 15:26 217088]

"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]

"DAEMON Tools"="C:\deamontool\DAEMON Tools\daemon.exe" [ ]

"Cmaudio"="cmicnfg.cpl" []

"CHotkey"="mHotkey.exe" [2004-02-24 14:05 508416 C:\WINDOWS\mHotkey.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]

"Love default global mess"="C:\Documents and settings\All Users\Programdata\great coal love default\Heart bias.exe" [2008-03-15 01:06 893952]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= C:\Documents and settings\Gerry\Mine dokumenter\Mine bilder\Picture\spes.jpg

FriendlyName=

 

[HKLM\~\startupfolder\C:^Documents and settings^Gerry^Start-meny^Programmer^Oppstart^VP-EYE.lnk]

path=C:\Documents and settings\Gerry\Start-meny\Programmer\Oppstart\VP-EYE.lnk

backup=C:\WINDOWS\pss\VP-EYE.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]

--a------ 2005-10-08 21:08 212992 C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%WinDir%\\system32\\fxsclnt.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=

"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\bittornado\\btdownloadgui.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\StubInstaller.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Documents and settings\\Gerry\\Mine dokumenter\\Mine nedlastninger\\Musikk\\LimeWire\\LimeWire.exe"=

"D:\\Bittornado\\btdownloadgui.exe"=

"D:\\iTunes\\iTunes.exe"=

"C:\\WINDOWS\\system32\\SolidStateNetworks\\SolidStateION\\solidnm.exe"=

"C:\\Programfiler\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\WINDOWS\\Explorer.EXE"=

"D:\\DataSpill\\mohpa.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24429:TCP"= 24429:TCP:BitComet 24429 TCP

"24429:UDP"= 24429:UDP:BitComet 24429 UDP

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"52467:TCP"= 52467:TCP:*:Disabled:SolidNetworkManager

"52467:UDP"= 52467:UDP:*:Disabled:SolidNetworkManager

"10782:TCP"= 10782:TCP:SolidNetworkManager

"10782:UDP"= 10782:UDP:SolidNetworkManager

 

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 14:46]

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2006-01-24 12:53]

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2006-01-24 12:53]

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-04-27 16:28]

R2 xinstall;xinstall;C:\WINDOWS\system32\drivers\xinstall.sys [2005-06-24 12:37]

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]

R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]

R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2006-01-24 13:02]

R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]

S2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys []

S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-14 15:45]

S3 idrmkl;idrmkl;C:\DOCUME~1\Gerry\LOKALE~1\Temp\idrmkl.sys []

S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\scct_launcher.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-15 00:00:00 C:\WINDOWS\Tasks\A76CD83390DB54F3.job"

- c:\docume~1\gerry\progra~1\testpl~1\locks creative lite.exe

"2007-10-31 20:45:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-15 01:07:01

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\xfire_lsp_9028.dll

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\WINDOWS\HKCYDLL.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\System32\SCardSvr.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe

C:\Programfiler\CA\eTrust Antivirus\InoRT.exe

C:\Programfiler\CA\eTrust Antivirus\InoTask.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe

C:\Programfiler\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2008-03-15 1:09:38 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-15 00:09:34

.

2008-03-12 17:02:21 --- E O F ---

[norbat]

Problemet ditt kommer bla. av programmet Messenger Plus.

 

Gjør følgende:

 

Avinstaller Messenger Plus fra legg til / fjern programmer

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\Documents and settings\Gerry\khhdea.exe

C:\Documents and settings\Gerry\gcjqwb.exe

C:\Documents and settings\Gerry\hvdluo.exe

C:\Documents and settings\Gerry\rioibs.exe

 

Folder::

C:\Programfiler\Test Plan Dash

C:\Documents and settings\Gerry\Programdata\Test Plan Dash

C:\Documents and settings\All Users\Programdata\great coal love default

C:\DOCUME~1\Gerry\LOKALE~1\Temp\idrmkl.sys

C:\WINDOWS\Tasks\A76CD83390DB54F3.job

 

Driver::

idrmkl

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"encreadme"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Love default global mess"=-

 

Post ny hjt-logg.

[bkf_94]

Problemet ditt kommer bla. av programmet Messenger Plus.

 

Gjør følgende:

 

Avinstaller Messenger Plus fra legg til / fjern programmer

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\Documents and settings\Gerry\khhdea.exe

C:\Documents and settings\Gerry\gcjqwb.exe

C:\Documents and settings\Gerry\hvdluo.exe

C:\Documents and settings\Gerry\rioibs.exe

 

Folder::

C:\Programfiler\Test Plan Dash

C:\Documents and settings\Gerry\Programdata\Test Plan Dash

C:\Documents and settings\All Users\Programdata\great coal love default

C:\DOCUME~1\Gerry\LOKALE~1\Temp\idrmkl.sys

C:\WINDOWS\Tasks\A76CD83390DB54F3.job

 

Driver::

idrmkl

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"encreadme"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Love default global mess"=-

 

Post ny hjt-logg.

 

 

er det dette jeg skal lagre dette i notisblokk?

 

 

File::

C:\Documents and settings\Gerry\khhdea.exe

C:\Documents and settings\Gerry\gcjqwb.exe

C:\Documents and settings\Gerry\hvdluo.exe

C:\Documents and settings\Gerry\rioibs.exe

 

Folder::

C:\Programfiler\Test Plan Dash

C:\Documents and settings\Gerry\Programdata\Test Plan Dash

C:\Documents and settings\All Users\Programdata\great coal love default

C:\DOCUME~1\Gerry\LOKALE~1\Temp\idrmkl.sys

C:\WINDOWS\Tasks\A76CD83390DB54F3.job

 

Driver::

idrmkl

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"encreadme"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Love default global mess"=-

[snippsat]

Du gjør akkurat det som står der.

Du kopierer fet tekst,limer inn i notisblokk.

Trykk på fil lagre som "CFScript.txt"lagrer den på skrivebordet.

Da skal den ligge på skrivebordet.

Endret 16. mars 2008 av SNIPPSAT

[bkf_94]

Problemet ditt kommer bla. av programmet Messenger Plus.

 

Gjør følgende:

 

Avinstaller Messenger Plus fra legg til / fjern programmer

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\Documents and settings\Gerry\khhdea.exe

C:\Documents and settings\Gerry\gcjqwb.exe

C:\Documents and settings\Gerry\hvdluo.exe

C:\Documents and settings\Gerry\rioibs.exe

 

Folder::

C:\Programfiler\Test Plan Dash

C:\Documents and settings\Gerry\Programdata\Test Plan Dash

C:\Documents and settings\All Users\Programdata\great coal love default

C:\DOCUME~1\Gerry\LOKALE~1\Temp\idrmkl.sys

C:\WINDOWS\Tasks\A76CD83390DB54F3.job

 

Driver::

idrmkl

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"encreadme"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Love default global mess"=-

 

Post ny hjt-logg.

 

Ny logg:

ComboFix 08-03-14.4 - Gerry 2008-03-16 23:30:14.2 - NTFSx86

Running from: C:\Documents and settings\Gerry\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and settings\Gerry\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Documents and settings\Gerry\gcjqwb.exe

C:\Documents and settings\Gerry\hvdluo.exe

C:\Documents and settings\Gerry\khhdea.exe

C:\Documents and settings\Gerry\rioibs.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and settings\All Users\Programdata\great coal love default

C:\Documents and settings\All Users\Programdata\great coal love default\Heart bias.exe

C:\Documents and settings\Gerry\gcjqwb.exe

C:\Documents and settings\Gerry\hvdluo.exe

C:\Documents and settings\Gerry\khhdea.exe

C:\Documents and settings\Gerry\Programdata\Test Plan Dash

C:\Documents and settings\Gerry\Programdata\Test Plan Dash\0

C:\Documents and settings\Gerry\Programdata\Test Plan Dash\HTM TONS ERROR KEEP.exe

C:\Documents and settings\Gerry\Programdata\Test Plan Dash\locks creative lite.exe

C:\Documents and settings\Gerry\Programdata\Test Plan Dash\mgolqdve.exe

C:\Documents and settings\Gerry\Programdata\Test Plan Dash\Send license memo.exe

C:\Documents and settings\Gerry\rioibs.exe

C:\Programfiler\Test Plan Dash

C:\WINDOWS\Tasks\A76CD83390DB54F3.job\

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\LEGACY_IDRMKL

-------\idrmkl

 

 

((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))

.

 

2008-03-16 01:24 . 2008-03-16 01:24 <DIR> d-------- C:\ComboFix[1]

2008-03-12 22:47 . 2008-03-16 23:28 <DIR> dr-h----- C:\Documents and settings\Gerry\Siste

2008-03-06 21:24 . 2008-03-06 21:24 <DIR> d-------- C:\Programfiler\Circle Developement

2008-02-26 20:34 . 2008-02-26 20:34 <DIR> d-------- C:\Documents and settings\All Users\Programdata\NVIDIA

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-16 21:55 --------- d-----w C:\Documents and settings\Gerry\Programdata\Skype

2008-03-16 10:47 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-03-15 01:15 --------- d-----w C:\Programfiler\MSN Messenger

2008-03-11 18:18 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-11 17:58 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-03-10 21:58 22,872 ----a-w C:\Documents and settings\Gerry\Programdata\wklnhst.dat

2008-03-10 18:41 --------- d-----w C:\Documents and settings\Gerry\Programdata\dvdcss

2008-03-08 11:19 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-06 20:24 --------- d-----w C:\Programfiler\Messenger Plus! Live

2008-03-03 19:00 --------- d-----w C:\Programfiler\Windows Live Safety Center

2008-02-27 00:46 --------- d-----w C:\Documents and settings\Gerry\Programdata\Ahead

2008-02-24 14:20 --------- d---a-w C:\Documents and settings\All Users\Programdata\TEMP

2008-02-04 15:24 --------- d-----w C:\Documents and settings\Gerry\Programdata\GetRightToGo

2008-02-04 15:10 --------- d-----w C:\Documents and settings\Gerry\Programdata\Turbine

2008-01-24 18:18 --------- d-----w C:\Documents and settings\Gerry\Programdata\WeGame

2008-01-15 10:21 488,800 ----a-w C:\WINDOWS\system32\Ltkrn15u.dll

2008-01-15 10:21 390,496 ----a-w C:\WINDOWS\system32\Lfcmp15u.dll

2008-01-15 10:21 185,688 ----a-w C:\WINDOWS\system32\Ltfil15u.dll

2007-07-28 22:11 32 ----a-r C:\Documents and settings\All Users\hash.dat

2007-07-23 22:08 115,776 ----a-w C:\Documents and settings\Gerry\Programdata\GDIPFONTCACHEV1.DAT

2007-01-01 12:58 1 ----a-w C:\Documents and settings\Gerry\SI.bin

2006-03-29 21:08 13 -c-h--w C:\Documents and settings\All Users\Programdata\ÝÙÃÄ3113›.sys

2005-06-24 11:30 104 --sh--r C:\WINDOWS\system32\0DD58108D7.sys

2004-12-23 14:27 8 -csh--r C:\WINDOWS\system32\F30928A2D0.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-15_ 1.09.23.51 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-14 14:49:29 51,824 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-03-16 10:51:03 51,824 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-03-14 14:49:29 59,290 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2008-03-16 10:51:03 59,290 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2008-03-14 14:49:29 376,026 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-03-16 10:51:03 376,026 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-03-14 14:49:29 380,968 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2008-03-16 10:51:04 380,968 ----a-w C:\WINDOWS\system32\perfh014.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 21:44 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-08-31 16:40 22879528]

"Steam"="d:\spill\steam.exe" [2008-03-15 01:06 1266936]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2005-03-15 01:46 196608]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

"Snarvei til egenskapsside for High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]

"Phase One Media Reader"="C:\foto\CAPTUR~1\CAPTUR~1\DCIMImp.exe" [ ]

"nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"ledpointer"="CNYHKey.exe" [2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03 221184]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-23 15:26 217088]

"Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe]

"DAEMON Tools"="C:\deamontool\DAEMON Tools\daemon.exe" [ ]

"Cmaudio"="cmicnfg.cpl" []

"CHotkey"="mHotkey.exe" [2004-02-24 14:05 508416 C:\WINDOWS\mHotkey.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= C:\Documents and settings\Gerry\Mine dokumenter\Mine bilder\Picture\spes.jpg

FriendlyName=

 

[HKLM\~\startupfolder\C:^Documents and settings^Gerry^Start-meny^Programmer^Oppstart^VP-EYE.lnk]

path=C:\Documents and settings\Gerry\Start-meny\Programmer\Oppstart\VP-EYE.lnk

backup=C:\WINDOWS\pss\VP-EYE.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]

--a------ 2005-10-08 21:08 212992 C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%WinDir%\\system32\\fxsclnt.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"=

"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"=

"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\bittornado\\btdownloadgui.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\StubInstaller.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Documents and settings\\Gerry\\Mine dokumenter\\Mine nedlastninger\\Musikk\\LimeWire\\LimeWire.exe"=

"D:\\Bittornado\\btdownloadgui.exe"=

"D:\\iTunes\\iTunes.exe"=

"C:\\WINDOWS\\system32\\SolidStateNetworks\\SolidStateION\\solidnm.exe"=

"C:\\Programfiler\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\WINDOWS\\Explorer.EXE"=

"D:\\DataSpill\\mohpa.exe"=

"D:\\DataSpill\\COH\\BugReport\\BugReport.exe"=

"D:\\DataSpill\\COH\\RelicCOH.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24429:TCP"= 24429:TCP:BitComet 24429 TCP

"24429:UDP"= 24429:UDP:BitComet 24429 UDP

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"52467:TCP"= 52467:TCP:*:Disabled:SolidNetworkManager

"52467:UDP"= 52467:UDP:*:Disabled:SolidNetworkManager

"10782:TCP"= 10782:TCP:SolidNetworkManager

"10782:UDP"= 10782:UDP:SolidNetworkManager

 

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 14:46]

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2006-01-24 12:53]

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2006-01-24 12:53]

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-04-27 16:28]

R2 xinstall;xinstall;C:\WINDOWS\system32\drivers\xinstall.sys [2005-06-24 12:37]

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-10-06 14:10]

R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]

R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2006-01-24 13:02]

R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07]

S2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys []

S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-03-16 11:47]

S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\scct_launcher.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-16 22:00:01 C:\WINDOWS\Tasks\A76CD83390DB54F3.job"

- c:\docume~1\gerry\progra~1\testpl~1\locks creative lite.exe

"2007-10-31 20:45:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-16 23:35:07

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\xfire_lsp_9028.dll

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\WINDOWS\HKCYDLL.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\System32\SCardSvr.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programfiler\CA\eTrust Antivirus\InoRpc.exe

C:\Programfiler\CA\eTrust Antivirus\InoRT.exe

C:\Programfiler\CA\eTrust Antivirus\InoTask.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe

C:\Programfiler\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2008-03-16 23:38:28 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-16 22:38:24

ComboFix2.txt 2008-03-15 00:09:39

.

2008-03-12 17:02:21 --- E O F ---

[snippsat]

Kan du poste en ny HijackThis logg.

[bkf_94]

Kan du poste en ny HijackThis logg.

 

Den siste jeg postet var etter CFScript tingen, skal jeg poste ny?

[snippsat]

Ja post en ny hjt-logg