Får ikke åpnet Youtube og Battlefield.no

[Crazy_Man]

og jeg tror noe i denne loggen kan hjelpe

 

HJT-logg

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 20:00:55, on 03.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

D:\Programfiler\Folding@Home SMP\smpd.exe

C:\WINDOWS\system32\PnkBstrA/RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [amd_dc_opt] D:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - D:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{FA8A8520-C27F-455D-8B12-F5C2B52E5BF8}: NameServer = 10.0.0.138

O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - D:\Programfiler\Folding@Home SMP\smpd.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 6820 bytes

 

SAS logg

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 10/03/2007 at 08:43 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3317

Trace Rules Database Version: 1318

 

Scan type : Complete Scan

Total Scan Time : 00:39:04

 

Memory items scanned : 579

Memory threats detected : 0

Registry items scanned : 5194

Registry threats detected : 0

File items scanned : 36434

File threats detected : 5

 

Adware.Tracking Cookie

C:\Documents and Settings\Torgeir\Cookies\[email protected][1].txt

C:\Documents and Settings\Torgeir\Cookies\torgeir@serving-sys[1].txt

C:\Documents and Settings\Torgeir\Cookies\[email protected][1].txt

C:\Documents and Settings\Torgeir\Cookies\torgeir@doubleclick[1].txt

C:\Documents and Settings\Torgeir\Cookies\torgeir@atdmt[2].txt

 

og er det noe annet som ikke skal være her?

[norbat]

Loggene ser greie ut.

 

Har dette skjedd nylig og har du installer noe e.l i forkant av dette?

Kan det være brannmuren din som tuller? Se om du kan disable den og prøv igjen.

[Crazy_Man]

det skjedde etter at jeg kom hjem fra Lan. det var en dust der som innstallerte 007 keyloggeren, men jeg tror jeg fikk fjerna den.

 

har prøvd å disable brannmuren, men jeg kommer ikke inn da heller

[norbat]

Vi kan forsøke med en annen logg:

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix.

[Crazy_Man]

her

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-10-03.7 - Torgeir 2007-10-03 23:22:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1361 [GMT 2:00]

Running from: C:\Documents and Settings\Torgeir\Skrivebord\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\tmp87.tmp

 

.

((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))

.

 

2007-10-03 23:21 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-03 16:41 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\Codemasters

2007-10-03 16:38 <DIR> d-------- C:\WINDOWS\LastGood

2007-10-03 16:38 <DIR> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP

2007-10-03 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\InstallShield

2007-10-03 11:37 <DIR> dr-h----- C:\Documents and Settings\Torgeir\Siste

2007-10-02 23:18 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\Opera

2007-09-30 01:41 <DIR> d--hs---- C:\WINDOWS\ftpcache

2007-09-29 13:01 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\fretsonfire

2007-09-29 03:06 15 -rahs---- C:\WINDOWS\system32\Settings.dll

2007-09-29 03:05 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\U3

2007-09-29 03:01 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata\SecuROM

2007-09-21 18:40 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\InstallShield

2007-09-15 01:33 299,520 --a------ C:\WINDOWS\uninst.exe

2007-09-15 01:19 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\Ultra Fractal 4

2007-09-13 17:13 <DIR> dr-h----- C:\Documents and Settings\Torgeir\Programdata\SecuROM

2007-09-11 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ATI

2007-09-07 15:40 <DIR> d-------- C:\ijji

2007-09-07 15:39 <DIR> d--h----- C:\Documents and Settings\Torgeir\Programdata\ijjigame

2007-09-04 17:22 <DIR> d-------- C:\Programfiler\Google

2007-09-04 17:22 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\Google

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-03 23:24 --------- d-------- C:\Documents and Settings\Torgeir\Programdata\uTorrent

2007-10-03 22:41 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-10-03 22:40 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2007-10-03 17:03 --------- d--h----- C:\Programfiler\InstallShield Installation Information

2007-10-03 16:38 --------- d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-10-03 16:37 --------- d-------- C:\Programfiler\Fellesfiler\InstallShield

2007-10-03 16:32 --------- d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2007-10-03 00:53 --------- d-------- C:\Documents and Settings\Torgeir\Programdata\Xfire

2007-10-03 00:09 --------- d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2007-10-02 21:38 --------- d-------- C:\Documents and Settings\Torgeir\Programdata\teamspeak2

2007-09-29 00:02 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys

2007-09-20 19:35 --------- d-------- C:\Documents and Settings\Torgeir\Programdata\Bioshock

2007-09-12 18:34 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2007-09-12 18:34 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-09-11 20:46 22328 --a------ C:\Documents and Settings\Torgeir\Programdata\PnkBstrK.sys

2007-09-11 20:45 674600 --a------ C:\WINDOWS\system32\pbsvc.exe

2007-09-11 20:45 66872 --a------ C:\WINDOWS\system32\pnkbstra.exe

2007-09-11 20:02 --------- d-------- C:\Programfiler\ATI Technologies

2007-09-04 16:41 --------- d-------- C:\Documents and Settings\Torgeir\Programdata\AdobeUM

2007-08-30 15:44 --------- d-------- C:\Programfiler\Apple Software Update

2007-08-30 15:44 --------- d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2007-08-30 15:44 --------- d-------- C:\Documents and Settings\All Users\Programdata\Apple

2007-08-29 18:03 --------- d-------- C:\Programfiler\AGEIA Technologies

2007-08-22 04:33 46432 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp

2007-08-22 04:09 352256 --a------ C:\WINDOWS\system32\ATIDEMGX.dll

2007-08-22 04:07 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll

2007-08-22 04:07 268800 --a------ C:\WINDOWS\system32\ati2dvag.dll

2007-08-22 04:07 2417664 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys

2007-08-22 03:59 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe

2007-08-22 03:59 143360 --a------ C:\WINDOWS\system32\atipdlxx.dll

2007-08-22 03:58 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll

2007-08-22 03:58 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll

2007-08-22 03:57 487424 --a------ C:\WINDOWS\system32\ati2evxx.exe

2007-08-22 03:56 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL

2007-08-22 03:48 8306688 --a------ C:\WINDOWS\system32\atioglx2.dll

2007-08-22 03:47 3091392 --a------ C:\WINDOWS\system32\ati3duag.dll

2007-08-22 03:35 1586816 --a------ C:\WINDOWS\system32\ativvaxx.dll

2007-08-22 03:21 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll

2007-08-22 03:19 266240 --a------ C:\WINDOWS\system32\atikvmag.dll

2007-08-22 03:17 17408 --a------ C:\WINDOWS\system32\atitvo32.dll

2007-08-22 03:15 172032 --a------ C:\WINDOWS\system32\atiok3x2.dll

2007-08-22 03:13 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll

2007-08-22 03:11 450560 --a------ C:\WINDOWS\system32\ati2cqag.dll

2007-08-21 21:05 593920 --------- C:\WINDOWS\system32\ati2sgag.exe

2007-08-17 19:26 --------- d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared

2007-08-17 19:26 --------- d-------- C:\Documents and Settings\All Users\Programdata\Macrovision

2007-08-09 22:01 --------- d-------- C:\Documents and Settings\NetworkService\Programdata\Xfire

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-12 19:56 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2007-07-12 19:49 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll

2007-07-12 19:49 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll

2007-07-12 09:22 81920 --a------ C:\WINDOWS\system32\frapsvid.dll

2007-04-18 23:33 1 --a------ C:\Documents and Settings\Torgeir\SI.bin

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32]

"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-25 14:00]

"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-25 14:00]

"C6501Sound"="c6501.cpl" []

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 16:17]

"ZoneAlarm Client"="D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

"amd_dc_opt"="D:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]

"QuickTime Task"="D:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - D:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-04-25 23:20:26]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - D:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-04-25 23:20:26]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^system.config.bat]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\system.config.bat

backup=C:\WINDOWS\pss\system.config.batCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Torgeir^Start-meny^Programmer^Oppstart^FAH504-Console.exe.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Torgeir^Start-meny^Programmer^Oppstart^Folding@Home 5.03.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Torgeir^Start-meny^Programmer^Oppstart^winFAH-GPU-beta4.exe.lnk]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"d:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

"D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Programfiler\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy]

copyfstq.exe /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

"D:\Programfiler\Valve\Steam\Steam.exe" -silent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"FAH@D:+Programfiler+Folding@Home+FAH504-Console.exe"=2 (0x2)

"Spooler"=2 (0x2)

"usnjsvc"=3 (0x3)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"btwdins"=2 (0x2)

 

R2 LMIInfo;LogMeIn Kernel Information Provider;\??\D:\Programfiler\LogMeIn\x86\RaInfo.sys

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;D:\Programfiler\Folding@Home SMP\smpd.exe

R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys

R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys

R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys

R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys

S3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys

S3 LUsbKbd;Logitech SetPoint USB Filter Driver;C:\WINDOWS\system32\drivers\LUsbKbd.sys

S3 rtl8029;Realtek RTL8029(AS)-basert PCI Ethernet-kort NT-driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS

S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys

S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys

S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

S4 FAH@D:+Programfiler+Folding@Home+FAH504-Console.exe;FAH@D:+Programfiler+Folding@Home+FAH504-Console.exe;D:\Programfiler\Folding@Home\FAH504-Console.exe -svcstart

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6772be72-b910-11db-813c-0018f380dc2f}]

AutoRun\command- F:\Launch.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83a481e8-b9cc-11db-8144-0018f380dc2f}]

AutoRun\command- H:\setup\rsrc\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83a481e9-b9cc-11db-8144-0018f380dc2f}]

AutoRun\command- I:\setup\rsrc\Autorun.exe

dinstall\command- I:\Directx\dxsetup.exe

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PNKBSTRK

.

Contents of the 'Scheduled Tasks' folder

"2007-08-30 13:44:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-03 23:24:32

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@C:+Documents and Settings+Torgeir+Skrivebord+FAH5.91beta3-console.exe]

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@D:+Programfiler+Folding@Home+FAH504-Console.exe]

"ImagePath"="D:\Programfiler\Folding@Home\FAH504-Console.exe -svcstart"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]

"ImagePath"="\"D:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe\""

.

Completion time: 2007-10-03 23:25:13

C:\ComboFix-quarantined-files.txt ... 2007-10-03 23:25

.

--- E O F ---

[norbat]

Ok,

vi kjører en til:

 

Last ned SDFix til skrivebordet.

 

Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix

 

Restart PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus)

 

Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet

 

Det lages en rapport (Report.txt) som du poster.

[Crazy_Man]

Nå virker det i alle fall

 

var det noe her som ble gjort

 

Klikk for å se/fjerne innholdet nedenfor

SDFix: Version 1.107

 

Run by Torgeir on 04.10.2007 at 01:33

 

Microsoft Windows XP [Versjon 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Trojan Files Found:

 

C:\WINDOWS\system32\tmp5F.tmp - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

C:\WINDOWS

No streams found.

 

C:\WINDOWS\system32

No streams found.

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"D:\\Spill\\Crysis Beta\\Crysis MP Beta\\Bin32\\Crysis.exe"="D:\\Spill\\Crysis Beta\\Crysis MP Beta\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_mp_beta"

"C:\\WINDOWS\\system32\\pnkbstra.exe"="C:\\WINDOWS\\system32\\pnkbstra.exe:*:Enabled:PnkBstrA"

"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

Remaining Files:

---------------

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

Sat 29 Sep 2007 15 A.SHR --- "C:\WINDOWS\system32\Settings.dll"

Sun 18 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Fri 18 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

Finished!

 

Uansett Tusen takk igjen Norbat