[LØST]Kan noen se over denne loggen

IcedInsanity · 21. mars 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:52:07, on 21.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Programfiler\Intel\Wireless\Bin\OProtSvc.exe

C:\WINDOWS\system32\PSIService.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WgaTray.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\lodslehs.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Programfiler\Wistron\AVManager\AVManager.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\jdhpsnuh.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Symantec\LiveUpdate\AUPDATE.EXE

C:\Documents and Settings\Christer\Skrivebord\HiJackThis.exe

C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

C:\Programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://darkthrone.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: GNX Rolex - {7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4} - C:\WINDOWS\drnpfdxlsk.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [C-Media Mixer] C:\Programfiler\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup

O4 - HKLM\..\Run: [intelZeroConfig] C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HotkeyApp] "C:\Programfiler\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [AVManager] "C:\Programfiler\Wistron\AVManager\AVManager.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [jdhpsnuh] C:\WINDOWS\system32\jdhpsnuh.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [0dP8GlaLfO] C:\WINDOWS\lodslehs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189612146774

O17 - HKLM\System\CCS\Services\Tcpip\..\{63C95944-BE6A-4954-A3CF-4C0DEF7641B3}: NameServer = 192.168.80.1

O20 - AppInit_DLLs:

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: SrvKernel - {e295f1dc-b153-4b61-8527-69739d6f7a21} - C:\WINDOWS\Installer\{e295f1dc-b153-4b61-8527-69739d6f7a21}\SrvKernel.dll

O21 - SSODL: altvxvm - {8FFDBF43-022C-4927-A9B8-5734EE57DB65} - C:\WINDOWS\altvxvm.dll

O21 - SSODL: RunOnceBoot - {840c2132-0ee5-44f3-820b-e908cdd6e48b} - C:\WINDOWS\Installer\{840c2132-0ee5-44f3-820b-e908cdd6e48b}\RunOnceBoot.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 9425 bytes

Endret 23. mars 2008 av Diesel_

snippsat · 21. mars 2008

Må ha litt mere info,du har noen filer du ikke skal ha.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

IcedInsanity · 21. mars 2008

ComboFix 08-03-20.5 - Christer 2008-03-21 16:55:10.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.95 [GMT 1:00]Running from: C:\Documents and Settings\Christer\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Programfiler\akl

C:\Programfiler\akl\akl.dll

C:\Programfiler\akl\akl.exe

C:\Programfiler\akl\uninstall.exe

C:\Programfiler\akl\unsetup.exe

C:\WINDOWS\dat.txt

C:\WINDOWS\mslagent

C:\WINDOWS\mslagent\2_mslagent.dll

C:\WINDOWS\mslagent\mslagent.exe

C:\WINDOWS\mslagent\uninstall.exe

C:\WINDOWS\neobus.dll

.

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

2008-03-21 14:05 . 2008-03-21 14:22 <DIR> dr-h----- C:\Documents and Settings\Christer\Siste

2008-03-21 09:26 . 2008-03-21 09:26 <DIR> d-------- C:\WINDOWS\system32smp

2008-03-21 09:26 . 2008-03-21 11:06 <DIR> d-------- C:\Programfiler\Inet Delivery

2008-03-21 09:26 . 2008-03-21 09:26 <DIR> d-------- C:\Documents and Settings\Christer\Skrivebordvirii

2008-03-21 09:26 . 2008-03-21 09:26 4,096 --a------ C:\Documents and Settings\Christer\SkrivebordTrojan.Win32.BlackBird.exe

2008-03-21 09:26 . 2008-03-21 09:26 4,096 --a------ C:\Documents and Settings\Christer\SkrivebordFWebdEditor.exe

2008-03-21 09:26 . 2008-03-21 09:26 4,096 --a------ C:\Documents and Settings\Christer\Skrivebordfwebd.exe

2008-03-21 09:26 . 2008-03-21 09:26 4,096 --a------ C:\Documents and Settings\Christer\Skrivebordfkwp2.0.exe

2008-03-21 09:26 . 2008-03-21 09:26 4,096 --a------ C:\Documents and Settings\Christer\Skrivebordfkwp1.5.exe

2008-03-21 09:26 . 2008-03-21 09:26 4,096 --a------ C:\Documents and Settings\Christer\Skrivebordfilemanagerclient.exe

2008-03-21 09:26 . 2008-03-21 09:26 4,096 --a------ C:\Documents and Settings\Christer\SkrivebordEditorFKWP2.0.exe

2008-03-21 09:26 . 2008-03-21 09:26 4,096 --a------ C:\Documents and Settings\Christer\SkrivebordEditorFKWP1.5.exe

2008-03-21 09:24 . 2008-03-20 18:24 299,008 --a------ C:\WINDOWS\bokpkov.dll

2008-03-21 09:24 . 2008-03-20 18:24 274,432 --a------ C:\WINDOWS\drnpfdxlsk.dll

2008-03-21 09:24 . 2008-03-20 18:24 266,240 --a------ C:\WINDOWS\altvxvm.dll

2008-03-21 09:24 . 2008-03-20 18:24 204,800 --a------ C:\WINDOWS\etlrlws.dll

2008-03-21 09:24 . 2008-03-20 18:24 98,304 --a------ C:\WINDOWS\fmsxwqs.exe

2008-03-21 09:24 . 2008-03-21 09:24 90,112 --a------ C:\WINDOWS\system32\jdhpsnuh.exe

2008-03-21 09:24 . 2008-03-21 09:24 37,888 --a------ C:\WINDOWS\lodslehs.exe

2008-03-21 09:03 . 2008-03-21 11:32 <DIR> d-------- C:\Programfiler\WinAce

2008-03-18 20:11 . 2008-03-18 20:11 <DIR> d-------- C:\Programfiler\Windows Sidebar

2008-03-18 20:11 . 2008-03-18 20:19 <DIR> d-------- C:\Programfiler\Norton AntiVirus

2008-03-18 20:10 . 2008-03-18 20:12 <DIR> d-------- C:\Programfiler\Symantec

2008-03-18 20:10 . 2008-03-18 20:12 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-03-18 20:10 . 2008-03-18 20:12 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-03-18 20:10 . 2008-03-18 20:12 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-03-18 20:10 . 2008-03-18 20:12 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-03-18 18:34 . 2008-03-18 18:34 <DIR> d-------- C:\Programfiler\TVersity

2008-03-16 11:41 . 2008-03-21 09:22 <DIR> d-------- C:\Rmusikk

2008-03-12 22:00 . 2008-03-12 22:00 <DIR> d-------- C:\WINDOWS\vbSkinner

2008-03-12 22:00 . 2008-03-12 22:02 <DIR> d-------- C:\Programfiler\PFConfig

2008-03-10 20:31 . 2008-03-10 20:35 <DIR> d-------- C:\Nokia

2008-03-10 20:28 . 2008-03-10 20:28 <DIR> d--hs---- C:\Documents and Settings\Christer\Phone Browser

2008-03-09 13:17 . 2008-03-18 19:02 <DIR> d-------- C:\Documents and Settings\Christer\Programdata\Comodo

2008-03-09 13:17 . 2008-03-18 18:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\comodo

2008-03-08 19:16 . 2008-03-08 19:16 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite

2008-03-08 19:16 . 2008-03-08 19:16 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

2008-03-08 19:16 . 2008-03-08 19:18 <DIR> d-------- C:\Documents and Settings\Christer\Programdata\Nokia

2008-03-08 19:16 . 2008-03-08 19:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\PC Suite

2008-03-08 19:15 . 2008-03-08 19:15 <DIR> d-------- C:\Programfiler\PC Connectivity Solution

2008-03-08 19:15 . 2008-03-08 19:15 <DIR> d-------- C:\Programfiler\DIFX

2008-03-08 19:15 . 2008-03-08 19:16 <DIR> d-------- C:\Documents and Settings\Christer\Programdata\PC Suite

2008-03-08 19:14 . 2008-03-08 19:16 <DIR> d-------- C:\Programfiler\Nokia

2008-03-08 19:14 . 2006-10-10 08:54 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-03-08 19:14 . 2006-10-10 08:54 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-03-08 19:14 . 2006-10-10 08:54 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-03-08 19:14 . 2006-10-10 08:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-03-08 19:14 . 2006-10-10 08:54 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-03-08 19:14 . 2006-10-10 08:54 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-03-08 19:14 . 2006-10-10 08:54 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll

2008-03-08 19:13 . 2008-03-08 19:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Downloaded Installations

2008-03-01 16:13 . 2008-03-01 16:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Lavasoft

2008-02-29 17:05 . 2008-03-01 15:23 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-02-29 17:05 . 2008-03-01 15:23 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

2008-02-24 10:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-24 10:56 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-02-24 10:56 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-23 13:56 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-02-23 13:46 . 2008-03-01 15:19 <DIR> d-------- C:\Programfiler\Windows Live

2008-02-23 13:46 . 2008-02-23 13:52 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-02-23 13:45 . 2008-02-23 13:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\WLInstaller

2008-02-23 11:56 . 2008-02-23 11:56 <DIR> d-------- C:\WINDOWS\system32\nb-no

2008-02-23 11:44 . 2007-12-07 03:17 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-02-23 11:44 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-02-23 11:44 . 2007-07-01 04:36 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-02-23 11:44 . 2007-12-07 03:17 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-02-23 11:44 . 2007-12-07 03:17 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-02-23 11:44 . 2007-12-07 03:17 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-02-23 11:44 . 2007-12-07 03:17 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-02-23 11:44 . 2007-12-07 03:17 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-02-23 11:44 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2008-02-23 11:44 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 08:10 --------- d-----w C:\Documents and Settings\Christer\Programdata\LimeWire

2008-03-21 07:58 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-19 16:51 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-03-18 19:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec

2008-03-16 19:54 --------- d-----w C:\Documents and Settings\Christer\Programdata\OpenOffice.org2

2008-03-09 17:10 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-03-01 15:13 --------- d-----w C:\Programfiler\Lavasoft

2008-03-01 15:13 --------- d-----w C:\Documents and Settings\Christer\Programdata\Lavasoft

2008-03-01 15:12 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-01 14:45 --------- d-----w C:\Documents and Settings\Christer\Programdata\wsInspector

2008-02-29 16:02 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-02-29 05:33 --------- d-----w C:\Programfiler\Viewpoint

2008-02-28 15:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Viewpoint

2008-02-23 12:50 --------- d-----w C:\Programfiler\MSN Messenger

2008-02-06 21:43 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys

2008-02-06 21:43 13,021 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat

2008-02-05 19:34 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2008-02-05 19:34 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

2008-02-05 19:34 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2008-02-05 19:34 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2008-02-05 19:34 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2008-02-05 19:34 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2008-02-05 19:34 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2008-02-05 19:34 1,612 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf

2008-02-04 20:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2008-02-04 20:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2008-02-04 20:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2008-02-01 22:55 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2008-02-01 22:55 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2008-02-01 01:51 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2008-02-01 01:51 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2008-02-01 01:51 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2008-01-03 19:24 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll

2007-12-04 18:49 88 --sh--r C:\WINDOWS\system32\62F79915B0.sys

2007-08-08 16:53 80 --sh--r C:\WINDOWS\system32\B01599F762.dll

2007-12-04 18:50 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-03-18 20:14 116088 --a------ C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DEE5BA2-CB70-4BBB-BD94-208BBA8AA6C4}]

2008-03-20 18:24 274432 --a------ C:\WINDOWS\drnpfdxlsk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"="C:\Programfiler\PCI Audio Applications\Bin\AudioRack.exe" [2001-04-09 13:46 225280]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 21:46 401408]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 00:31 385024]

"EOUApp"="C:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 21:50 356352]

"SoundMan"="SOUNDMAN.EXE" [2004-12-01 08:54 77824 C:\WINDOWS\soundman.exe]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-03-11 03:44 98394]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-03-11 03:43 688218]

"HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-07-20 13:50 57344]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 13:28 20480]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-07-15 16:12 81920]

"AVManager"="C:\Programfiler\Wistron\AVManager\AVManager.exe" [2004-12-15 14:19 81920]

"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 05:49 88363 C:\WINDOWS\AGRSMMSG.exe]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47 131072]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47 163840]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-03-30 14:29 32768]

"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 14:12 222720]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-26 02:47 51048]

"osCheck"="C:\Programfiler\Norton AntiVirus\osCheck.exe" [2008-02-07 07:49 718704]

"jdhpsnuh"="C:\WINDOWS\system32\jdhpsnuh.exe" [2008-03-21 09:24 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"0dP8GlaLfO"= C:\WINDOWS\lodslehs.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"SrvKernel"= {e295f1dc-b153-4b61-8527-69739d6f7a21} - C:\WINDOWS\Installer\{e295f1dc-b153-4b61-8527-69739d6f7a21}\SrvKernel.dll [2008-03-21 09:23 14378]

"altvxvm"= {8FFDBF43-022C-4927-A9B8-5734EE57DB65} - C:\WINDOWS\altvxvm.dll [2008-03-20 18:24 266240]

"RunOnceBoot"= {840c2132-0ee5-44f3-820b-e908cdd6e48b} - C:\WINDOWS\Installer\{840c2132-0ee5-44f3-820b-e908cdd6e48b}\RunOnceBoot.dll [2008-03-21 09:25 14378]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 21:46 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2008-01-26 02:47 51048 C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

--a------ 2004-04-23 14:28 77824 C:\Programfiler\Logitech\Profiler\lwemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Spel\\Rollercoaster Tycoon\\rct.exe"=

"C:\\Programfiler\\SopCast\\SopCast.exe"=

"C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon []

R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 22:43]

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

S3 ANVmi;ANVmi;C:\WINDOWS\system32\drivers\ANVmi.sys []

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-13 03:32]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 12:39]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 22:43]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]

.

Contents of the 'Scheduled Tasks' folder

"2008-03-11 10:25:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-18 19:18:33 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Christer.job"

- C:\Programfiler\Norton AntiVirus\Navw32.exek/TASK:

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 17:01:09

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LaunchAp = C:\Programfiler\Launch Manager\LaunchAp.exe?x???\??????|x??|????q??|?j?wQj?w????????0??? ???????????????d??????|????????p?????@?^???????0y?w???????????????sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s??????B~??@?N'?s?<9??6@??<9????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-21 17:04:11

ComboFix-quarantined-files.txt 2008-03-21 16:04:03

.

2008-03-13 22:00:24 --- E O F ---

snippsat · 21. mars 2008

Ja det var litt grums.

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Post logg c:\combofix.

File::

C:\Documents and Settings\Christer\SkrivebordTrojan.Win32.BlackBird.exe

C:\WINDOWS\lodslehs.exe

C:\WINDOWS\system32\jdhpsnuh.exe

C:\Documents and Settings\Christer\SkrivebordFWebdEditor.exe

C:\Documents and Settings\Christer\Skrivebordfkwp2.0.exe

C:\Documents and Settings\Christer\Skrivebordfkwp1.5.exe

C:\Documents and Settings\Christer\Skrivebordfilemanagerclient.exe

C:\Documents and Settings\Christer\SkrivebordEditorFKWP2.0.exe

C:\Documents and Settings\Christer\SkrivebordEditorFKWP1.5.exe

C:\WINDOWS\bokpkov.dll

C:\WINDOWS\drnpfdxlsk.dll

C:\WINDOWS\altvxvm.dll

C:\WINDOWS\etlrlws.dll

C:\WINDOWS\fmsxwqs.exe

C:\WINDOWS\system32\jdhpsnuh.exe

C:\WINDOWS\lodslehs.exe

C:\WINDOWS\system32\62F79915B0.sys

C:\WINDOWS\system32\B01599F762.dll

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"jdhpsnuh"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"0dP8GlaLfO"= -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"SrvKernel"= -

"altvxvm"= -

"RunOnceBoot"= -

SAS som du har oppdatere kjør full scan.

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx.

Kjør register-renser og.

Restart og en ny HijackThis logg.

Endret 21. mars 2008 av SNIPPSAT

IcedInsanity · 21. mars 2008

ComboFix 08-03-20.5 - Christer 2008-03-21 18:14:06.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.111 [GMT 1:00]

Running from: C:\Documents and Settings\Christer\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Christer\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\Documents and Settings\Christer\SkrivebordEditorFKWP1.5.exe

C:\Documents and Settings\Christer\SkrivebordEditorFKWP2.0.exe

C:\Documents and Settings\Christer\Skrivebordfilemanagerclient.exe

C:\Documents and Settings\Christer\Skrivebordfkwp1.5.exe

C:\Documents and Settings\Christer\Skrivebordfkwp2.0.exe

C:\Documents and Settings\Christer\SkrivebordFWebdEditor.exe

C:\Documents and Settings\Christer\SkrivebordTrojan.Win32.BlackBird.exe

C:\WINDOWS\altvxvm.dll

C:\WINDOWS\bokpkov.dll

C:\WINDOWS\drnpfdxlsk.dll

C:\WINDOWS\etlrlws.dll

C:\WINDOWS\fmsxwqs.exe

C:\WINDOWS\lodslehs.exe

C:\WINDOWS\system32\62F79915B0.sys

C:\WINDOWS\system32\B01599F762.dll

C:\WINDOWS\system32\jdhpsnuh.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Christer\SkrivebordEditorFKWP1.5.exe

C:\Documents and Settings\Christer\SkrivebordEditorFKWP2.0.exe

C:\Documents and Settings\Christer\Skrivebordfilemanagerclient.exe

C:\Documents and Settings\Christer\Skrivebordfkwp1.5.exe

C:\Documents and Settings\Christer\Skrivebordfkwp2.0.exe

C:\Documents and Settings\Christer\SkrivebordFWebdEditor.exe

C:\Documents and Settings\Christer\SkrivebordTrojan.Win32.BlackBird.exe

C:\WINDOWS\altvxvm.dll

C:\WINDOWS\bokpkov.dll

C:\WINDOWS\drnpfdxlsk.dll

C:\WINDOWS\etlrlws.dll

C:\WINDOWS\fmsxwqs.exe

C:\WINDOWS\lodslehs.exe

C:\WINDOWS\system32\62F79915B0.sys

C:\WINDOWS\system32\B01599F762.dll

C:\WINDOWS\system32\jdhpsnuh.exe

.

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

2008-03-21 17:15 . 2008-03-21 18:12 <DIR> dr-h----- C:\Documents and Settings\Christer\Siste