OOOP, see it is in Norwegian??? There wasnt a question for the language!!!! SorryComboFix 10-05-15.03 - Peter 16.05.2010 16:54:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.3071.2483 [GMT 2:00]
Kjører fra: c:\documents and settings\Peter\Desktop\commy.exe
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Peter\Application Data\Desktopicon
c:\documents and settings\Peter\Application Data\inst.exe
c:\program files\eMule\lang\ar_AE.dll
c:\program files\eMule\lang\ba_BA.dll
c:\program files\eMule\lang\bg_BG.dll
c:\program files\eMule\lang\ca_ES.dll
c:\program files\eMule\lang\cz_CZ.dll
c:\program files\eMule\lang\da_DK.dll
c:\program files\eMule\lang\de_DE.dll
c:\program files\eMule\lang\el_GR.dll
c:\program files\eMule\lang\es_AS.dll
c:\program files\eMule\lang\es_ES_T.dll
c:\program files\eMule\lang\et_EE.dll
c:\program files\eMule\lang\fa_IR.dll
c:\program files\eMule\lang\fi_FI.dll
c:\program files\eMule\lang\fr_BR.dll
c:\program files\eMule\lang\fr_FR.dll
c:\program files\eMule\lang\gl_ES.dll
c:\program files\eMule\lang\he_IL.dll
c:\program files\eMule\lang\hu_HU.dll
c:\program files\eMule\lang\it_IT.dll
c:\program files\eMule\lang\jp_JP.dll
c:\program files\eMule\lang\ko_KR.dll
c:\program files\eMule\lang\lt_LT.dll
c:\program files\eMule\lang\lv_LV.dll
c:\program files\eMule\lang\mt_MT.dll
c:\program files\eMule\lang\nb_NO.dll
c:\program files\eMule\lang\nl_NL.dll
c:\program files\eMule\lang\nn_NO.dll
c:\program files\eMule\lang\pl_PL.dll
c:\program files\eMule\lang\pt_BR.dll
c:\program files\eMule\lang\pt_PT.dll
c:\program files\eMule\lang\ro_RO.dll
c:\program files\eMule\lang\ru_RU.dll
c:\program files\eMule\lang\sl_SI.dll
c:\program files\eMule\lang\sq_AL.dll
c:\program files\eMule\lang\sv_SE.dll
c:\program files\eMule\lang\tr_TR.dll
c:\program files\eMule\lang\ua_UA.dll
c:\program files\eMule\lang\ug_CN.dll
c:\program files\eMule\lang\va_ES.dll
c:\program files\eMule\lang\va_ES_RACV.dll
c:\program files\eMule\lang\vi_VN.dll
c:\program files\eMule\lang\zh_CN.dll
c:\program files\eMule\lang\zh_TW.dll
C:\Thumbs.db
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-04-16 til 2010-05-16 )))))))))))))))))))))))))))))))))
.
2010-05-15 12:37 . 2010-05-15 12:37 503808 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1807a956-n\msvcp71.dll
2010-05-15 12:37 . 2010-05-15 12:37 499712 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1807a956-n\jmc.dll
2010-05-15 12:37 . 2010-05-15 12:37 348160 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1807a956-n\msvcr71.dll
2010-05-15 12:37 . 2010-05-15 12:37 61440 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5f522b00-n\decora-sse.dll
2010-05-15 12:37 . 2010-05-15 12:37 12800 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5f522b00-n\decora-d3d.dll
2010-05-14 05:06 . 2010-05-14 05:06 -------- d-----w- c:\program files\ESET
2010-05-10 10:20 . 2010-05-10 10:20 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-05-10 10:20 . 2010-05-10 10:20 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-05-10 10:19 . 2010-05-10 10:19 2 --shatr- c:\windows\winstart.bat
2010-05-10 10:19 . 2010-05-06 11:44 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-05-10 10:18 . 2010-05-10 12:46 -------- d-----w- c:\program files\UnHackMe
2010-05-06 05:26 . 2010-05-06 05:26 -------- d-----w- c:\program files\JRE
2010-05-03 18:46 . 2010-05-03 18:47 -------- d-----w- c:\documents and settings\Peter\Application Data\vlc
2010-05-02 12:24 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-29 12:24 . 2010-04-29 12:29 -------- d-----w- c:\program files\Ask.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 07:25 . 2009-07-20 01:59 -------- d-----w- c:\program files\uTorrent
2010-05-15 22:29 . 2009-07-20 01:58 -------- d-----w- c:\documents and settings\Peter\Application Data\uTorrent
2010-05-10 05:10 . 2009-11-09 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-09 19:33 . 2009-11-27 00:32 117760 ----a-w- c:\documents and settings\Peter\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-09 02:43 . 2009-09-06 11:12 1 ----a-w- c:\documents and settings\Peter\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-06 05:43 . 2009-07-14 15:15 75440 ----a-w- c:\documents and settings\Peter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 05:26 . 2009-07-14 18:03 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-06 05:24 . 2009-11-12 22:30 -------- d-----w- c:\program files\Java
2010-05-04 20:01 . 2009-07-14 16:19 -------- d-----w- c:\program files\Opera
2010-05-04 12:29 . 2009-07-14 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 21:02 . 2009-08-11 17:06 -------- d-----w- c:\program files\VideoLAN
2010-04-30 13:12 . 2009-07-14 19:05 -------- d-----w- c:\program files\Opera 10 Beta
2010-04-29 13:39 . 2009-07-14 18:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-07-14 18:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 07:09 . 2009-07-15 15:49 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-20 17:06 . 2009-11-27 00:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-12 16:28 . 2009-11-10 08:55 -------- d-----w- c:\documents and settings\Peter\Application Data\dvdcss
2010-04-12 16:27 . 2009-08-30 20:56 -------- d-----w- c:\documents and settings\Peter\Application Data\Vso
2010-04-12 00:49 . 2010-04-12 00:49 -------- d-----w- c:\documents and settings\Peter\Application Data\ImTOO Software Studio
2010-04-12 00:49 . 2010-04-12 00:49 -------- d-----w- c:\program files\ImTOO
2010-04-11 13:05 . 2009-10-25 23:50 -------- d-----w- c:\documents and settings\Peter\Application Data\Skype
2010-04-11 10:57 . 2009-07-31 16:43 -------- d-----w- c:\documents and settings\Peter\Application Data\skypePM
2010-04-11 08:00 . 2010-04-11 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-04-11 07:59 . 2010-04-11 07:55 -------- d-----w- c:\program files\RegCure
2010-04-11 06:50 . 2010-04-11 06:45 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-04-11 06:39 . 2009-08-01 15:57 -------- d-----w- c:\documents and settings\Peter\Application Data\Uniblue
2010-04-02 13:10 . 2010-02-22 11:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-30 17:48 . 2009-07-14 15:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-30 17:28 . 2010-03-30 17:28 503808 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62f2f14c-n\msvcp71.dll
2010-03-30 17:28 . 2010-03-30 17:28 499712 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62f2f14c-n\jmc.dll
2010-03-30 17:28 . 2010-03-30 17:28 348160 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-62f2f14c-n\msvcr71.dll
2010-03-30 17:28 . 2010-03-30 17:28 61440 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4c2341e5-n\decora-sse.dll
2010-03-30 17:28 . 2010-03-30 17:28 12800 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4c2341e5-n\decora-d3d.dll
2010-03-30 17:28 . 2010-03-30 17:28 -------- d-----w- c:\program files\Common Files\Java
2010-03-29 23:54 . 2009-09-28 11:08 -------- d-----w- c:\program files\CCleaner
2010-03-25 11:41 . 2010-03-25 11:41 -------- d-----w- c:\program files\Smart Projects
2010-03-13 06:04 . 2010-03-13 06:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 06:04 . 2009-07-15 15:49 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 06:03 . 2009-07-15 15:49 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 16:20 . 2010-02-22 16:20 1 ----a-w- c:\windows\system32\Eztoo AVI Video Converter.dat
2010-02-17 07:10 . 2008-04-14 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-11-09 06:49 . 2009-11-09 06:49 107520 --sha-r- c:\windows\system32\GBPKIGMR.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2010-05-06 594144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-06-10 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-15 113664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 06:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\soffice.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\sbase.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\scalc.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\sdraw.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\simpress.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\smath.exe"=
"c:\\Program Files\\OpenOffice.org 3\\program\\swriter.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\7-Zip\\7zFM.exe"=
"c:\\Program Files\\D-Link\\AirPlus G DWL-G510\\D-Link Wizard.exe"=
"c:\\Program Files\\D-Link\\AirPlus G DWL-G510\\AirGCFG.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\RapidShareManager_0_1_0_248\\RapidShareManager_0_1_0_248\\RapidShareManager.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50488:TCP"= 50488:TCP:TCP
"23090:UDP"= 23090:UDP:UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15.07.2009 17:49 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15.07.2009 17:49 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13.03.2010 08:04 308064]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [10.05.2010 12:20 35816]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.06.2009 14:20 12648]
S3 SASENUM;SASENUM;\??\c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Peter\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
--- Andre tjenester/drivere lastet i minnet ---
*Deregistered* - UnHackMeDrv
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2010-05-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:29]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.sol.no/
.
- - - - TOMME PEKERE FJERNET - - - -
Toolbar-Locked - (no file)
WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)
HKCU-Run-WebCamRT.exe - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-16 16:58
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Tidspunkt ferdig: 2010-05-16 17:00:07
ComboFix-quarantined-files.txt 2010-05-16 14:59
Pre-Run: 151 593 795 584 bytes free
Post-Run: 151 586 959 360 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
- - End Of File - - 5CF9E0C24A01DA5106BD130A83ABCF1D