[Løst][LØST]Sjek av MBAM, Combofix og HJT logger

[RMBB]

Tror det meste er vekk, men legger ut loggene

 

MBAM

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1379

Windows 5.1.2600 Service Pack 3

 

10.11.2008 13:53:41

mbam-log-2008-11-10 (13-53-41).txt

 

Skanntype: Full Skann (C:\|)

Objekter skannet: 111320

Tid tilbakelagt: 34 minute(s), 15 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 6

Registerverdier infisert: 1

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 4

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati8dlxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati8dlxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati8dlxx (Rootkit.Agent) -> Delete on reboot.

HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\rs32net.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\Documents and Settings\Anonym\Lokale innstillinger\Temp\temp.exe (Spyware.LDPinch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\ati8dlxx.sys (Rootkit.Agent) -> Delete on reboot.

C:\Documents and Settings\Anonym\Lokale innstillinger\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

Combofix

 

ComboFix 08-11-09.04 - Anonym 2008-11-10 15:52:28.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.555 [GMT 1:00]

Running from: c:\documents and settings\Anonym\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\setup.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))

.

 

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\Anonym\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-10 13:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-10 11:36 . 2008-11-10 11:36 <DIR> dr-h----- c:\documents and settings\Anonym\Siste

2008-11-10 11:34 . 2008-11-10 11:34 <DIR> d-------- c:\programfiler\CCleaner

2008-11-10 11:28 . 2008-11-10 13:55 32,768 --a------ c:\windows\system32\drivers\ati8dlxx.sys

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr-h----- c:\documents and settings\Administrator\Siste

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Symantec

2008-11-07 09:59 . 2005-11-30 07:14 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Apple Computer

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Mine dokumenter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2008-11-07 09:59 . 2008-11-10 15:54 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Favoritter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2008-11-07 09:59 . 2008-11-07 09:59 <DIR> d-------- c:\documents and settings\Administrator

2008-11-06 11:02 . 2008-11-10 13:55 <DIR> d-------- c:\programfiler\PestPatrol

2008-11-06 11:01 . 2008-11-06 11:02 1,737 --a------ c:\windows\SetupPestPatrolCorporate.mif

2008-11-04 21:24 . 2008-11-04 21:24 <DIR> d-------- c:\programfiler\Windows Defender

2008-11-04 21:10 . 2008-11-04 21:16 <DIR> d-------- c:\documents and settings\Anonym\Programdata\ErrorSmart

2008-11-02 15:14 . 2008-11-02 15:14 <DIR> d-------- c:\programfiler\VideoLAN

2008-10-31 18:44 . 2008-11-02 15:15 <DIR> d-------- c:\documents and settings\Anonym\Programdata\vlc

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\no

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\bits

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\l2schemas

2008-10-31 14:23 . 2008-10-31 14:23 <DIR> d-------- c:\windows\ServicePackFiles

2008-10-31 14:15 . 2008-10-31 14:15 <DIR> d-------- c:\windows\EHome

2008-10-31 05:16 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys

2008-10-31 05:16 . 2004-08-03 22:41 685,056 --------- c:\windows\system32\drivers\hsfcxts2.sys

2008-10-31 05:16 . 2004-08-03 22:41 220,032 --------- c:\windows\system32\drivers\hsfbs2s2.sys

2008-10-31 05:16 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty

2008-10-31 02:57 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-30 21:45 . 2008-10-30 21:45 <DIR> d-------- C:\INDIANA_JONES_4

2008-10-30 17:17 . 2008-10-30 17:17 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\programfiler\NOS

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS

2008-10-30 04:42 . 2008-10-30 04:42 <DIR> dr-h----- c:\documents and settings\LocalService\Siste

2008-10-25 16:07 . 2008-10-27 21:02 <DIR> d-------- c:\programfiler\PokerStars

2008-10-24 18:50 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\nb-no

2008-10-24 18:50 . 2008-10-03 18:31 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll

2008-10-24 18:50 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat

2008-10-24 18:50 . 2007-03-08 06:11 1,007,616 --------- c:\windows\system32\dllcache\ieframe.dll.mui

2008-10-24 18:50 . 2008-08-26 09:30 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll

2008-10-24 18:50 . 2008-08-26 09:30 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll

2008-10-24 18:50 . 2008-08-26 09:30 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

2008-10-24 18:50 . 2008-08-26 09:30 63,488 --------- c:\windows\system32\dllcache\icardie.dll

2008-10-24 18:50 . 2008-08-26 09:30 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll

2008-10-24 18:50 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,190,976 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,067,840 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-18 07:09 . 2008-09-15 16:29 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-18 07:09 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 08:56 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared

2008-11-10 08:30 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec

2008-11-06 09:38 --------- d-----w c:\programfiler\Hewlett-Packard

2008-11-06 09:37 --------- d-----w c:\programfiler\Google

2008-10-31 15:48 --------- d-----w c:\programfiler\MSN Messenger

2008-10-30 16:15 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-10-24 18:06 --------- d-----w c:\documents and settings\Anonym\Programdata\Microgaming

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-09 16:09 --------- d-----w c:\programfiler\Apple Software Update

2008-10-09 16:06 --------- d-----w c:\programfiler\iTunes

2008-10-09 16:06 --------- d-----w c:\programfiler\iPod

2008-10-09 16:06 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-09 16:04 --------- d-----w c:\programfiler\QuickTime

2008-10-09 16:04 --------- d-----w c:\programfiler\Bonjour

2008-10-09 16:03 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-10-07 21:28 --------- d-----w c:\documents and settings\Anonym\Programdata\NCH Swift Sound

2008-10-07 21:21 --------- d-----w c:\documents and settings\Anonym\Programdata\Tunebite

2008-10-07 21:11 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Swift Sound

2008-10-07 21:09 27,136 ----a-w c:\windows\system32\drivers\nchssvad.sys

2008-10-07 21:09 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Software

2008-10-07 21:01 --------- d-----w c:\documents and settings\All Users\Programdata\RapidSolution

2008-10-06 16:48 --------- d-----w c:\programfiler\PixiePack Codec Pack

2008-10-05 19:43 --------- d-----w c:\documents and settings\Anonym\Programdata\LimeWire

2008-09-22 09:03 --------- d-----w c:\documents and settings\Anonym\Programdata\FaxCtr

2008-09-20 11:55 --------- d-----w c:\documents and settings\Anonym\Programdata\Lexmark Productivity Studio

2008-09-16 18:14 --------- d-----w c:\programfiler\hp deskjet 3320 series

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-08-27 13:00 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-08-25 08:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-08-14 13:27 2,190,976 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27 2,067,840 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys

2007-07-12 09:34 56,104 ----a-w c:\documents and settings\Anonym\Programdata\GDIPFONTCACHEV1.DAT

2007-03-18 19:22 389,120 ----a-w c:\documents and settings\Anonym\stas75_20060810.0001.dll

2006-08-17 09:13 0 ----a-w c:\documents and settings\Anonym\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]

"hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]

"MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

"Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]

"PestPatrol Control Center"="c:\programfiler\PestPatrol\PPControl.exe" [2004-11-15 98304]

"PPMemCheck"="c:\programfiler\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]

"CookiePatrol"="c:\programfiler\PestPatrol\CookiePatrol.exe" [2005-01-10 73728]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msvideo7"= STV680tg.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2goxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8dlxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8ucxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vdxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8wexx.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2005-10-11 16:17 409600 c:\programfiler\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-05-01 23:21 100056 c:\progra~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 19:20 866584 c:\programfiler\Windows Defender\MSASCui.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Programfiler\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

 

R0 ati8dlxx;ati8dlxx;c:\windows\system32\Drivers\ati8dlxx.sys [2008-11-10 32768]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

S0 ati2goxx;ati2goxx;c:\windows\system32\Drivers\ati2goxx.sys [ ]

S0 ati8ucxx;ati8ucxx;c:\windows\system32\Drivers\ati8ucxx.sys [ ]

S0 ati8vdxx;ati8vdxx;c:\windows\system32\Drivers\ati8vdxx.sys [ ]

S0 ati8wexx;ati8wexx;c:\windows\system32\Drivers\ati8wexx.sys [ ]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608]

S3 getPlus® Helper;getPlus® Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;c:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]

S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [2002-09-28 32000]

S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [2002-10-04 28057]

S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [2002-11-28 21081]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ba2d07a-8ef4-11dc-b1e7-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292dfa65-a2f7-11db-9b80-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

*Newly Created Service* - PROCEXP90

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]

c:\programfiler\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2008-11-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26]

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart\ErrorSmart.exe []

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart []

 

2008-11-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

 

2008-11-10 c:\windows\Tasks\Symantec NetDetect.job

- c:\programfiler\Symantec\LiveUpdate\NDetect.exe []

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-EPSON Stylus Photo R220 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE

HKLM-Run-PestPatrolCL - (no file)

SafeBoot-ati0aixx.sys

SafeBoot-ati0whxx.sys

SafeBoot-ati1dlxx.sys

SafeBoot-ati1gmxx.sys

SafeBoot-ati2bjxx.sys

SafeBoot-ati2krxx.sys

SafeBoot-ati3nuxx.sys

SafeBoot-ati3ucxx.sys

SafeBoot-ati4enxx.sys

SafeBoot-ati4hnxx.sys

SafeBoot-ati4ksxx.sys

SafeBoot-ati4msxx.sys

SafeBoot-ati5emxx.sys

SafeBoot-ati5foxx.sys

SafeBoot-ati5hnxx.sys

SafeBoot-ati5mvxx.sys

SafeBoot-ati5udxx.sys

SafeBoot-ati6cjxx.sys

SafeBoot-ati6fmxx.sys

SafeBoot-ati6ovxx.sys

SafeBoot-ati6tbxx.sys

SafeBoot-ati7hoxx.sys

SafeBoot-ati7xgxx.sys

SafeBoot-ati7xhxx.sys

SafeBoot-ati8jrxx.sys

SafeBoot-ati8udxx.sys

MSConfigStartUp-rs32net - c:\windows\System32\rs32net.exe

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com/search?q=startside+no&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe -

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-10 15:55:23

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????6?4?7?6??????? ???B?????????????hLC????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-10 15:56:19

ComboFix-quarantined-files.txt 2008-11-10 14:56:13

 

Pre-Run: 28 437 577 728 byte ledig

Post-Run: 29,304,848,384 byte ledig

 

286 --- E O F --- 2008-11-07 12:16:45

 

 

HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:21:08, on 10.11.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe

C:\Programfiler\PestPatrol\PPControl.exe

C:\Programfiler\PestPatrol\PPMemCheck.exe

C:\Programfiler\PestPatrol\CookiePatrol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\TomTom HOME 2\HOMERunner.exe

C:\Programfiler\HPQ\SHARED\HPQWMI.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\anthonius\Skrivebord\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe"

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programfiler\PestPatrol\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\Programfiler\PestPatrol\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\Programfiler\PestPatrol\CookiePatrol.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programfiler\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

 

--

End of file - 7574 bytes

 

 

Endret 17. november 2008 av Jyztrik

[norbat]

Oppdater MBAM og kjør en ny rask skan + combofix. Post loggene.

[RMBB]

Her er loggene:

 

 

ComboFix 08-11-10.01 - Anonym 2008-11-11 10:05:08.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.550 [GMT 1:00]

Running from: c:\documents and settings\Anonym\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))

.

 

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\Anonym\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-10 13:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-10 11:36 . 2008-11-10 11:36 <DIR> dr-h----- c:\documents and settings\Anonym\Siste

2008-11-10 11:34 . 2008-11-10 11:34 <DIR> d-------- c:\programfiler\CCleaner

2008-11-10 11:28 . 2008-11-11 09:39 32,768 --a------ c:\windows\system32\drivers\ati8dlxx.sys

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr-h----- c:\documents and settings\Administrator\Siste

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Symantec

2008-11-07 09:59 . 2005-11-30 07:14 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Apple Computer

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Mine dokumenter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2008-11-07 09:59 . 2008-11-11 10:07 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Favoritter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2008-11-07 09:59 . 2008-11-07 09:59 <DIR> d-------- c:\documents and settings\Administrator

2008-11-06 11:02 . 2008-11-11 09:40 <DIR> d-------- c:\programfiler\PestPatrol

2008-11-06 11:01 . 2008-11-06 11:02 1,737 --a------ c:\windows\SetupPestPatrolCorporate.mif

2008-11-04 21:24 . 2008-11-04 21:24 <DIR> d-------- c:\programfiler\Windows Defender

2008-11-04 21:10 . 2008-11-04 21:16 <DIR> d-------- c:\documents and settings\Anonym\Programdata\ErrorSmart

2008-11-02 15:14 . 2008-11-02 15:14 <DIR> d-------- c:\programfiler\VideoLAN

2008-10-31 18:44 . 2008-11-02 15:15 <DIR> d-------- c:\documents and settings\Anonym\Programdata\vlc

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\no

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\bits

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\l2schemas

2008-10-31 14:23 . 2008-10-31 14:23 <DIR> d-------- c:\windows\ServicePackFiles

2008-10-31 14:15 . 2008-10-31 14:15 <DIR> d-------- c:\windows\EHome

2008-10-31 05:16 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys

2008-10-31 05:16 . 2004-08-03 22:41 685,056 --------- c:\windows\system32\drivers\hsfcxts2.sys

2008-10-31 05:16 . 2004-08-03 22:41 220,032 --------- c:\windows\system32\drivers\hsfbs2s2.sys

2008-10-31 05:16 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty

2008-10-31 02:57 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-30 21:45 . 2008-10-30 21:45 <DIR> d-------- C:\INDIANA_JONES_4

2008-10-30 17:17 . 2008-10-30 17:17 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\programfiler\NOS

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS

2008-10-30 04:42 . 2008-10-30 04:42 <DIR> dr-h----- c:\documents and settings\LocalService\Siste

2008-10-25 16:07 . 2008-10-27 21:02 <DIR> d-------- c:\programfiler\PokerStars

2008-10-24 18:50 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\nb-no

2008-10-24 18:50 . 2008-10-03 18:31 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll

2008-10-24 18:50 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat

2008-10-24 18:50 . 2007-03-08 06:11 1,007,616 --------- c:\windows\system32\dllcache\ieframe.dll.mui

2008-10-24 18:50 . 2008-08-26 09:30 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll

2008-10-24 18:50 . 2008-08-26 09:30 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll

2008-10-24 18:50 . 2008-08-26 09:30 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

2008-10-24 18:50 . 2008-08-26 09:30 63,488 --------- c:\windows\system32\dllcache\icardie.dll

2008-10-24 18:50 . 2008-08-26 09:30 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll

2008-10-24 18:50 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,190,976 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,067,840 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-18 07:09 . 2008-09-15 16:29 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-18 07:09 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 08:56 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared

2008-11-10 08:30 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec

2008-11-06 09:38 --------- d-----w c:\programfiler\Hewlett-Packard

2008-11-06 09:37 --------- d-----w c:\programfiler\Google

2008-10-31 15:48 --------- d-----w c:\programfiler\MSN Messenger

2008-10-30 16:15 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-10-24 18:06 --------- d-----w c:\documents and settings\Anonym\Programdata\Microgaming

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-09 16:09 --------- d-----w c:\programfiler\Apple Software Update

2008-10-09 16:06 --------- d-----w c:\programfiler\iTunes

2008-10-09 16:06 --------- d-----w c:\programfiler\iPod

2008-10-09 16:06 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-09 16:04 --------- d-----w c:\programfiler\QuickTime

2008-10-09 16:04 --------- d-----w c:\programfiler\Bonjour

2008-10-09 16:03 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-10-07 21:28 --------- d-----w c:\documents and settings\Anonym\Programdata\NCH Swift Sound

2008-10-07 21:21 --------- d-----w c:\documents and settings\Anonym\Programdata\Tunebite

2008-10-07 21:11 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Swift Sound

2008-10-07 21:09 27,136 ----a-w c:\windows\system32\drivers\nchssvad.sys

2008-10-07 21:09 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Software

2008-10-07 21:01 --------- d-----w c:\documents and settings\All Users\Programdata\RapidSolution

2008-10-06 16:48 --------- d-----w c:\programfiler\PixiePack Codec Pack

2008-10-05 19:43 --------- d-----w c:\documents and settings\Anonym\Programdata\LimeWire

2008-09-22 09:03 --------- d-----w c:\documents and settings\Anonym\Programdata\FaxCtr

2008-09-20 11:55 --------- d-----w c:\documents and settings\Anonym\Programdata\Lexmark Productivity Studio

2008-09-16 18:14 --------- d-----w c:\programfiler\hp deskjet 3320 series

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-08-27 13:00 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-08-25 08:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-08-14 13:27 2,190,976 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27 2,067,840 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys

2007-07-12 09:34 56,104 ----a-w c:\documents and settings\Anonym\Programdata\GDIPFONTCACHEV1.DAT

2007-03-18 19:22 389,120 ----a-w c:\documents and settings\Anonym\stas75_20060810.0001.dll

2006-08-17 09:13 0 ----a-w c:\documents and settings\Anonym\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-10_15.55.45,42 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-10 12:59:25 62,678 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-11 08:43:57 62,678 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-10 12:59:25 71,104 ----a-w c:\windows\system32\perfc014.dat

+ 2008-11-11 08:43:57 71,104 ----a-w c:\windows\system32\perfc014.dat

- 2008-11-10 12:59:25 401,398 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-11 08:43:57 401,398 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-10 12:59:25 405,492 ----a-w c:\windows\system32\perfh014.dat

+ 2008-11-11 08:43:57 405,492 ----a-w c:\windows\system32\perfh014.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]

"hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]

"MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

"Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]

"PestPatrol Control Center"="c:\programfiler\PestPatrol\PPControl.exe" [2004-11-15 98304]

"PPMemCheck"="c:\programfiler\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]

"CookiePatrol"="c:\programfiler\PestPatrol\CookiePatrol.exe" [2005-01-10 73728]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msvideo7"= STV680tg.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2goxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8dlxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8ucxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vdxx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8wexx.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2005-10-11 16:17 409600 c:\programfiler\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-05-01 23:21 100056 c:\progra~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 19:20 866584 c:\programfiler\Windows Defender\MSASCui.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Programfiler\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

 

R0 ati8dlxx;ati8dlxx;c:\windows\system32\Drivers\ati8dlxx.sys [2008-11-11 32768]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

S0 ati2goxx;ati2goxx;c:\windows\system32\Drivers\ati2goxx.sys [ ]

S0 ati8ucxx;ati8ucxx;c:\windows\system32\Drivers\ati8ucxx.sys [ ]

S0 ati8vdxx;ati8vdxx;c:\windows\system32\Drivers\ati8vdxx.sys [ ]

S0 ati8wexx;ati8wexx;c:\windows\system32\Drivers\ati8wexx.sys [ ]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608]

S3 getPlus® Helper;getPlus® Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;c:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]

S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [2002-09-28 32000]

S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [2002-10-04 28057]

S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [2002-11-28 21081]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ba2d07a-8ef4-11dc-b1e7-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292dfa65-a2f7-11db-9b80-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]

c:\programfiler\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2008-11-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26]

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart\ErrorSmart.exe []

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart []

 

2008-11-11 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

 

2008-11-11 c:\windows\Tasks\Symantec NetDetect.job

- c:\programfiler\Symantec\LiveUpdate\NDetect.exe []

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com/search?q=startside+no&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe -

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-11 10:07:24

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????6?4?7?6??????? ???B?????????????hLC????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-11 10:08:21

ComboFix-quarantined-files.txt 2008-11-11 09:08:09

ComboFix2.txt 2008-11-10 14:56:21

 

Pre-Run: 29 783 625 728 byte ledig

Post-Run: 29,770,137,600 byte ledig

 

262 --- E O F --- 2008-11-07 12:16:45

 

 

 

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1382

Windows 5.1.2600 Service Pack 3

 

11.11.2008 09:38:05

mbam-log-2008-11-11 (09-38-05).txt

 

Skanntype: Rask Skann

Objekter skannet: 49209

Tid tilbakelagt: 4 minute(s), 38 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 3

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati8dlxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati8dlxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati8dlxx (Rootkit.Agent) -> Delete on reboot.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\drivers\ati8dlxx.sys (Rootkit.Agent) -> Delete on reboot.

 

 

[RMBB]

Bump, noen som gidder sjekke over?

Endret 12. november 2008 av Jyztrik

[snippsat]

Last ned Avenger

Kopiere fet tekst,start avenger lim tekst inn i "input script here"

Trykk på execute knappen.

 

Files to delete:

c:\windows\system32\Drivers\ati8dlxx.sys

c:\windows\system32\Drivers\ati2goxx.sys

c:\windows\system32\Drivers\ati8ucxx.sys

c:\windows\system32\Drivers\ati8vdxx.sys

c:\windows\system32\Drivers\ati8wexx.sys

 

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2goxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8dlxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8ucxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vdxx.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8wexx.sys]

[Pizzaen]

Et spørsmål til snippsat: Hvorfor bruker du ikke combofix til og slette de filene? Jeg spør ikke for og pirke på det du gjør, men prøver og lærer litt

[snippsat]

Fordi jeg har prøvd og fjerne de filene med Driver:: kommando i comobifx før.

Da greide ikke combofix og fjerne de filene.

 

Mulig File:: kommando i combofix hadde gått greit.

Men avenger tar dem hvertfall.

 

MBAM fant 1 av disse filer men greide ikke og slette den on reboot.

Filer infisert:

C:\WINDOWS\system32\drivers\ati8dlxx.sys (Rootkit.Agent) -> Delete on reboot.

[RMBB]

Takk for svar.

 

Ser ikke ut som Avenger klarte det:

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: could not open file "c:\windows\system32\Drivers\ati8dlxx.sys"

Deletion of file "c:\windows\system32\Drivers\ati8dlxx.sys" failed!

Status: 0xc0000022 (STATUS_ACCESS_DENIED)

 

 

Error: file "c:\windows\system32\Drivers\ati2goxx.sys" not found!

Deletion of file "c:\windows\system32\Drivers\ati2goxx.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\system32\Drivers\ati8ucxx.sys" not found!

Deletion of file "c:\windows\system32\Drivers\ati8ucxx.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\system32\Drivers\ati8vdxx.sys" not found!

Deletion of file "c:\windows\system32\Drivers\ati8vdxx.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\system32\Drivers\ati8wexx.sys" not found!

Deletion of file "c:\windows\system32\Drivers\ati8wexx.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

 

Her er combofix loggen:

 

ComboFix 08-11-10.01 - Anonym 2008-11-12 13:14:54.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.559 [GMT 1:00]

Running from: c:\documents and settings\Anonym\Skrivebord\ComboFix.exe

Command switches used :: c:\documents and settings\Anonym\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))

.

 

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\Anonym\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-10 13:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-10 11:36 . 2008-11-12 13:13 <DIR> dr-h----- c:\documents and settings\Anonym\Siste

2008-11-10 11:34 . 2008-11-10 11:34 <DIR> d-------- c:\programfiler\CCleaner

2008-11-10 11:28 . 2008-11-11 09:39 32,768 --a------ c:\windows\system32\drivers\ati8dlxx.sys

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr-h----- c:\documents and settings\Administrator\Siste

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Symantec

2008-11-07 09:59 . 2005-11-30 07:14 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Apple Computer

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Mine dokumenter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2008-11-07 09:59 . 2008-11-12 13:17 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Favoritter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2008-11-07 09:59 . 2008-11-07 09:59 <DIR> d-------- c:\documents and settings\Administrator

2008-11-06 11:02 . 2008-11-12 13:09 <DIR> d-------- c:\programfiler\PestPatrol

2008-11-06 11:01 . 2008-11-06 11:02 1,737 --a------ c:\windows\SetupPestPatrolCorporate.mif

2008-11-04 21:24 . 2008-11-04 21:24 <DIR> d-------- c:\programfiler\Windows Defender

2008-11-04 21:10 . 2008-11-04 21:16 <DIR> d-------- c:\documents and settings\Anonym\Programdata\ErrorSmart

2008-11-02 15:14 . 2008-11-02 15:14 <DIR> d-------- c:\programfiler\VideoLAN

2008-10-31 18:44 . 2008-11-02 15:15 <DIR> d-------- c:\documents and settings\Anonym\Programdata\vlc

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\no

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\bits

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\l2schemas

2008-10-31 14:23 . 2008-10-31 14:23 <DIR> d-------- c:\windows\ServicePackFiles

2008-10-31 14:15 . 2008-10-31 14:15 <DIR> d-------- c:\windows\EHome

2008-10-31 05:16 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys

2008-10-31 05:16 . 2004-08-03 22:41 685,056 --------- c:\windows\system32\drivers\hsfcxts2.sys

2008-10-31 05:16 . 2004-08-03 22:41 220,032 --------- c:\windows\system32\drivers\hsfbs2s2.sys

2008-10-31 05:16 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty

2008-10-31 02:57 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-30 21:45 . 2008-10-30 21:45 <DIR> d-------- C:\INDIANA_JONES_4

2008-10-30 17:17 . 2008-10-30 17:17 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\programfiler\NOS

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS

2008-10-30 04:42 . 2008-10-30 04:42 <DIR> dr-h----- c:\documents and settings\LocalService\Siste

2008-10-25 16:07 . 2008-10-27 21:02 <DIR> d-------- c:\programfiler\PokerStars

2008-10-24 18:50 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\nb-no

2008-10-24 18:50 . 2008-10-03 18:31 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll

2008-10-24 18:50 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat

2008-10-24 18:50 . 2007-03-08 06:11 1,007,616 --------- c:\windows\system32\dllcache\ieframe.dll.mui

2008-10-24 18:50 . 2008-08-26 09:30 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll

2008-10-24 18:50 . 2008-08-26 09:30 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll

2008-10-24 18:50 . 2008-08-26 09:30 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

2008-10-24 18:50 . 2008-08-26 09:30 63,488 --------- c:\windows\system32\dllcache\icardie.dll

2008-10-24 18:50 . 2008-08-26 09:30 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll

2008-10-24 18:50 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,190,976 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,067,840 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-18 07:09 . 2008-09-15 16:29 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-18 07:09 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 08:56 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared

2008-11-10 08:30 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec

2008-11-06 09:38 --------- d-----w c:\programfiler\Hewlett-Packard

2008-11-06 09:37 --------- d-----w c:\programfiler\Google

2008-10-31 15:48 --------- d-----w c:\programfiler\MSN Messenger

2008-10-30 16:15 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-10-24 18:06 --------- d-----w c:\documents and settings\Anonym\Programdata\Microgaming

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-09 16:09 --------- d-----w c:\programfiler\Apple Software Update

2008-10-09 16:06 --------- d-----w c:\programfiler\iTunes

2008-10-09 16:06 --------- d-----w c:\programfiler\iPod

2008-10-09 16:06 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-09 16:04 --------- d-----w c:\programfiler\QuickTime

2008-10-09 16:04 --------- d-----w c:\programfiler\Bonjour

2008-10-09 16:03 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-10-07 21:28 --------- d-----w c:\documents and settings\Anonym\Programdata\NCH Swift Sound

2008-10-07 21:21 --------- d-----w c:\documents and settings\Anonym\Programdata\Tunebite

2008-10-07 21:11 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Swift Sound

2008-10-07 21:09 27,136 ----a-w c:\windows\system32\drivers\nchssvad.sys

2008-10-07 21:09 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Software

2008-10-07 21:01 --------- d-----w c:\documents and settings\All Users\Programdata\RapidSolution

2008-10-06 16:48 --------- d-----w c:\programfiler\PixiePack Codec Pack

2008-10-05 19:43 --------- d-----w c:\documents and settings\Anonym\Programdata\LimeWire

2008-09-22 09:03 --------- d-----w c:\documents and settings\Anonym\Programdata\FaxCtr

2008-09-20 11:55 --------- d-----w c:\documents and settings\Anonym\Programdata\Lexmark Productivity Studio

2008-09-16 18:14 --------- d-----w c:\programfiler\hp deskjet 3320 series

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-08-27 13:00 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-08-25 08:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-08-14 13:27 2,190,976 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27 2,067,840 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys

2007-07-12 09:34 56,104 ----a-w c:\documents and settings\Anonym\Programdata\GDIPFONTCACHEV1.DAT

2007-03-18 19:22 389,120 ----a-w c:\documents and settings\Anonym\stas75_20060810.0001.dll

2006-08-17 09:13 0 ----a-w c:\documents and settings\Anonym\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-10_15.55.45,42 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-10 12:59:25 62,678 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-12 12:13:25 62,678 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-10 12:59:25 71,104 ----a-w c:\windows\system32\perfc014.dat

+ 2008-11-12 12:13:25 71,104 ----a-w c:\windows\system32\perfc014.dat

- 2008-11-10 12:59:25 401,398 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-12 12:13:25 401,398 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-10 12:59:25 405,492 ----a-w c:\windows\system32\perfh014.dat

+ 2008-11-12 12:13:25 405,492 ----a-w c:\windows\system32\perfh014.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]

"hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]

"MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

"Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]

"PestPatrol Control Center"="c:\programfiler\PestPatrol\PPControl.exe" [2004-11-15 98304]

"PPMemCheck"="c:\programfiler\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]

"CookiePatrol"="c:\programfiler\PestPatrol\CookiePatrol.exe" [2005-01-10 73728]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msvideo7"= STV680tg.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8dlxx.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2005-10-11 16:17 409600 c:\programfiler\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-05-01 23:21 100056 c:\progra~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 19:20 866584 c:\programfiler\Windows Defender\MSASCui.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Programfiler\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

 

R0 ati8dlxx;ati8dlxx;c:\windows\system32\Drivers\ati8dlxx.sys [2008-11-11 32768]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

S0 ati2goxx;ati2goxx;c:\windows\system32\Drivers\ati2goxx.sys [ ]

S0 ati8ucxx;ati8ucxx;c:\windows\system32\Drivers\ati8ucxx.sys [ ]

S0 ati8vdxx;ati8vdxx;c:\windows\system32\Drivers\ati8vdxx.sys [ ]

S0 ati8wexx;ati8wexx;c:\windows\system32\Drivers\ati8wexx.sys [ ]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608]

S3 getPlus® Helper;getPlus® Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;c:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]

S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [2002-09-28 32000]

S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [2002-10-04 28057]

S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [2002-11-28 21081]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ba2d07a-8ef4-11dc-b1e7-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292dfa65-a2f7-11db-9b80-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]

c:\programfiler\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2008-11-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26]

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart\ErrorSmart.exe []

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart []

 

2008-11-12 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

 

2008-11-12 c:\windows\Tasks\Symantec NetDetect.job

- c:\programfiler\Symantec\LiveUpdate\NDetect.exe []

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-12 13:17:14

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????6?4?7?6??????? ???B?????????????hLC????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-12 13:18:11

ComboFix-quarantined-files.txt 2008-11-12 12:17:59

ComboFix2.txt 2008-11-11 09:08:22

ComboFix3.txt 2008-11-10 14:56:21

 

Pre-Run: 29 734 375 424 byte ledig

Post-Run: 29,719,658,496 byte ledig

 

244 --- E O F --- 2008-11-07 12:16:45

 

 

[Pizzaen]

Fordi jeg har prøvd og fjerne de filene med Driver:: kommando i comobifx før.

Da greide ikke combofix og fjerne de filene.

 

Mulig File:: kommando i combofix hadde gått greit.

Men avenger tar dem hvertfall.

 

MBAM fant 1 av disse filer men greide ikke og slette den on reboot.

Filer infisert:

C:\WINDOWS\system32\drivers\ati8dlxx.sys (Rootkit.Agent) -> Delete on reboot.

 

Ok

[snippsat]

Lag et nytt CFScript.txt med fet tekst

Samme rutine før.

 

File::

c:\windows\system32\Drivers\ati8dlxx.sys

c:\windows\system32\Drivers\ati2goxx.sys

c:\windows\system32\Drivers\ati8ucxx.sys

c:\windows\system32\Drivers\ati8vdxx.sys

c:\windows\system32\Drivers\ati8wexx.sys

 

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8dlxx.sys

Endret 12. november 2008 av SNIPPSAT

[RMBB]

Avenger

Slet litt med og legge inn skriptet riktig:P

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Wed Nov 12 14:21:43 2008

 

14:21:43: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

 

 

//////////////////////////////////////////

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Wed Nov 12 14:21:49 2008

 

14:21:49: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

 

 

//////////////////////////////////////////

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 3)

Wed Nov 12 14:22:01 2008

 

14:22:01: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

 

 

//////////////////////////////////////////

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: could not open file "c:\windows\system32\Drivers\ati8dlxx.sys"

Deletion of file "c:\windows\system32\Drivers\ati8dlxx.sys" failed!

Status: 0xc0000022 (STATUS_ACCESS_DENIED)

 

 

Error: file "c:\windows\system32\Drivers\ati2goxx.sys" not found!

Deletion of file "c:\windows\system32\Drivers\ati2goxx.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\system32\Drivers\ati8ucxx.sys" not found!

Deletion of file "c:\windows\system32\Drivers\ati8ucxx.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\system32\Drivers\ati8vdxx.sys" not found!

Deletion of file "c:\windows\system32\Drivers\ati8vdxx.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\system32\Drivers\ati8wexx.sys" not found!

Deletion of file "c:\windows\system32\Drivers\ati8wexx.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

Combofix

 

ComboFix 08-11-10.01 - Anonym 2008-11-12 14:45:39.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.556 [GMT 1:00]

Running from: c:\documents and settings\Anonym\Skrivebord\ComboFix.exe

Command switches used :: C:\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))

.

 

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\Anonym\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-10 13:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-10 11:36 . 2008-11-12 14:31 <DIR> dr-h----- c:\documents and settings\Anonym\Siste

2008-11-10 11:34 . 2008-11-10 11:34 <DIR> d-------- c:\programfiler\CCleaner

2008-11-10 11:28 . 2008-11-11 09:39 32,768 --a------ c:\windows\system32\drivers\ati8dlxx.sys

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr-h----- c:\documents and settings\Administrator\Siste

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Symantec

2008-11-07 09:59 . 2005-11-30 07:14 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Apple Computer

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Mine dokumenter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2008-11-07 09:59 . 2008-11-12 14:47 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Favoritter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2008-11-07 09:59 . 2008-11-07 09:59 <DIR> d-------- c:\documents and settings\Administrator

2008-11-06 11:02 . 2008-11-12 14:24 <DIR> d-------- c:\programfiler\PestPatrol

2008-11-06 11:01 . 2008-11-06 11:02 1,737 --a------ c:\windows\SetupPestPatrolCorporate.mif

2008-11-04 21:24 . 2008-11-04 21:24 <DIR> d-------- c:\programfiler\Windows Defender

2008-11-04 21:10 . 2008-11-04 21:16 <DIR> d-------- c:\documents and settings\Anonym\Programdata\ErrorSmart

2008-11-02 15:14 . 2008-11-02 15:14 <DIR> d-------- c:\programfiler\VideoLAN

2008-10-31 18:44 . 2008-11-02 15:15 <DIR> d-------- c:\documents and settings\Anonym\Programdata\vlc

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\no

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\bits

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\l2schemas

2008-10-31 14:23 . 2008-10-31 14:23 <DIR> d-------- c:\windows\ServicePackFiles

2008-10-31 14:15 . 2008-10-31 14:15 <DIR> d-------- c:\windows\EHome

2008-10-31 05:16 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys

2008-10-31 05:16 . 2004-08-03 22:41 685,056 --------- c:\windows\system32\drivers\hsfcxts2.sys

2008-10-31 05:16 . 2004-08-03 22:41 220,032 --------- c:\windows\system32\drivers\hsfbs2s2.sys

2008-10-31 05:16 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty

2008-10-31 02:57 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-30 21:45 . 2008-10-30 21:45 <DIR> d-------- C:\INDIANA_JONES_4

2008-10-30 17:17 . 2008-10-30 17:17 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\programfiler\NOS

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS

2008-10-30 04:42 . 2008-10-30 04:42 <DIR> dr-h----- c:\documents and settings\LocalService\Siste

2008-10-25 16:07 . 2008-10-27 21:02 <DIR> d-------- c:\programfiler\PokerStars

2008-10-24 18:50 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\nb-no

2008-10-24 18:50 . 2008-10-03 18:31 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll

2008-10-24 18:50 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat

2008-10-24 18:50 . 2007-03-08 06:11 1,007,616 --------- c:\windows\system32\dllcache\ieframe.dll.mui

2008-10-24 18:50 . 2008-08-26 09:30 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll

2008-10-24 18:50 . 2008-08-26 09:30 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll

2008-10-24 18:50 . 2008-08-26 09:30 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

2008-10-24 18:50 . 2008-08-26 09:30 63,488 --------- c:\windows\system32\dllcache\icardie.dll

2008-10-24 18:50 . 2008-08-26 09:30 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll

2008-10-24 18:50 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,190,976 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,067,840 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-18 07:09 . 2008-09-15 16:29 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-18 07:09 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 08:56 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared

2008-11-10 08:30 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec

2008-11-06 09:38 --------- d-----w c:\programfiler\Hewlett-Packard

2008-11-06 09:37 --------- d-----w c:\programfiler\Google

2008-10-31 15:48 --------- d-----w c:\programfiler\MSN Messenger

2008-10-30 16:15 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-10-24 18:06 --------- d-----w c:\documents and settings\Anonym\Programdata\Microgaming

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-09 16:09 --------- d-----w c:\programfiler\Apple Software Update

2008-10-09 16:06 --------- d-----w c:\programfiler\iTunes

2008-10-09 16:06 --------- d-----w c:\programfiler\iPod

2008-10-09 16:06 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-09 16:04 --------- d-----w c:\programfiler\QuickTime

2008-10-09 16:04 --------- d-----w c:\programfiler\Bonjour

2008-10-09 16:03 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-10-07 21:28 --------- d-----w c:\documents and settings\Anonym\Programdata\NCH Swift Sound

2008-10-07 21:21 --------- d-----w c:\documents and settings\Anonym\Programdata\Tunebite

2008-10-07 21:11 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Swift Sound

2008-10-07 21:09 27,136 ----a-w c:\windows\system32\drivers\nchssvad.sys

2008-10-07 21:09 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Software

2008-10-07 21:01 --------- d-----w c:\documents and settings\All Users\Programdata\RapidSolution

2008-10-06 16:48 --------- d-----w c:\programfiler\PixiePack Codec Pack

2008-10-05 19:43 --------- d-----w c:\documents and settings\Anonym\Programdata\LimeWire

2008-09-22 09:03 --------- d-----w c:\documents and settings\Anonym\Programdata\FaxCtr

2008-09-20 11:55 --------- d-----w c:\documents and settings\Anonym\Programdata\Lexmark Productivity Studio

2008-09-16 18:14 --------- d-----w c:\programfiler\hp deskjet 3320 series

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-08-27 13:00 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-08-25 08:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-08-14 13:27 2,190,976 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27 2,067,840 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys

2007-07-12 09:34 56,104 ----a-w c:\documents and settings\Anonym\Programdata\GDIPFONTCACHEV1.DAT

2007-03-18 19:22 389,120 ----a-w c:\documents and settings\Anonym\stas75_20060810.0001.dll

2006-08-17 09:13 0 ----a-w c:\documents and settings\Anonym\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-10_15.55.45,42 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-10 12:59:25 62,678 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-12 13:28:28 62,678 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-10 12:59:25 71,104 ----a-w c:\windows\system32\perfc014.dat

+ 2008-11-12 13:28:28 71,104 ----a-w c:\windows\system32\perfc014.dat

- 2008-11-10 12:59:25 401,398 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-12 13:28:28 401,398 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-10 12:59:25 405,492 ----a-w c:\windows\system32\perfh014.dat

+ 2008-11-12 13:28:28 405,492 ----a-w c:\windows\system32\perfh014.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]

"hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]

"MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

"Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]

"PestPatrol Control Center"="c:\programfiler\PestPatrol\PPControl.exe" [2004-11-15 98304]

"PPMemCheck"="c:\programfiler\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]

"CookiePatrol"="c:\programfiler\PestPatrol\CookiePatrol.exe" [2005-01-10 73728]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msvideo7"= STV680tg.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8dlxx.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2005-10-11 16:17 409600 c:\programfiler\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-05-01 23:21 100056 c:\progra~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 19:20 866584 c:\programfiler\Windows Defender\MSASCui.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Programfiler\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

 

R0 ati8dlxx;ati8dlxx;c:\windows\system32\Drivers\ati8dlxx.sys [2008-11-11 32768]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

S0 ati2goxx;ati2goxx;c:\windows\system32\Drivers\ati2goxx.sys [ ]

S0 ati8ucxx;ati8ucxx;c:\windows\system32\Drivers\ati8ucxx.sys [ ]

S0 ati8vdxx;ati8vdxx;c:\windows\system32\Drivers\ati8vdxx.sys [ ]

S0 ati8wexx;ati8wexx;c:\windows\system32\Drivers\ati8wexx.sys [ ]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608]

S3 getPlus® Helper;getPlus® Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;c:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]

S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [2002-09-28 32000]

S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [2002-10-04 28057]

S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [2002-11-28 21081]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ba2d07a-8ef4-11dc-b1e7-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292dfa65-a2f7-11db-9b80-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]

c:\programfiler\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2008-11-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26]

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart\ErrorSmart.exe []

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart []

 

2008-11-12 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

 

2008-11-12 c:\windows\Tasks\Symantec NetDetect.job

- c:\programfiler\Symantec\LiveUpdate\NDetect.exe []

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-12 14:47:47

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????6?4?7?6??????? ???B?????????????hLC????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-12 14:48:44

ComboFix-quarantined-files.txt 2008-11-12 13:48:37

ComboFix2.txt 2008-11-12 12:18:12

ComboFix3.txt 2008-11-11 09:08:22

ComboFix4.txt 2008-11-10 14:56:21

 

Pre-Run: 29 706 215 424 byte ledig

Post-Run: 29,691,494,400 byte ledig

 

245 --- E O F --- 2008-11-07 12:16:45

 

 

[snippsat]

I post #10 skulle du ikke bruke avenger.

 

Her er korrekt info,så vi er enige.

 

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

File::

c:\windows\system32\Drivers\ati8dlxx.sys

c:\windows\system32\Drivers\ati2goxx.sys

c:\windows\system32\Drivers\ati8ucxx.sys

c:\windows\system32\Drivers\ati8vdxx.sys

c:\windows\system32\Drivers\ati8wexx.sys

 

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8dlxx.sys

Endret 12. november 2008 av SNIPPSAT

[RMBB]

Ok, skjønnte ikke det :S

 

Her er ny logg:

 

ComboFix 08-11-10.01 - Anonym 2008-11-13 12:31:28.6 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.524 [GMT 1:00]

Running from: c:\documents and settings\Anonym\Skrivebord\ComboFix.exe

Command switches used :: c:\documents and settings\Anonym\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

c:\windows\system32\Drivers\ati2goxx.sys

c:\windows\system32\Drivers\ati8dlxx.sys

c:\windows\system32\Drivers\ati8ucxx.sys

c:\windows\system32\Drivers\ati8vdxx.sys

c:\windows\system32\Drivers\ati8wexx.sys

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Drivers\ati8dlxx.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ati8dlxx

-------\Service_ati8dlxx

 

 

((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))

.

 

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\Anonym\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-10 13:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-10 11:36 . 2008-11-13 12:27 <DIR> dr-h----- c:\documents and settings\Anonym\Siste

2008-11-10 11:34 . 2008-11-10 11:34 <DIR> d-------- c:\programfiler\CCleaner

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr-h----- c:\documents and settings\Administrator\Siste

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Symantec

2008-11-07 09:59 . 2005-11-30 07:14 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Apple Computer

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Mine dokumenter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2008-11-07 09:59 . 2008-11-12 15:29 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Favoritter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2008-11-07 09:59 . 2008-11-07 09:59 <DIR> d-------- c:\documents and settings\Administrator

2008-11-06 11:02 . 2008-11-13 12:34 <DIR> d-------- c:\programfiler\PestPatrol

2008-11-06 11:01 . 2008-11-06 11:02 1,737 --a------ c:\windows\SetupPestPatrolCorporate.mif

2008-11-04 21:24 . 2008-11-04 21:24 <DIR> d-------- c:\programfiler\Windows Defender

2008-11-04 21:10 . 2008-11-04 21:16 <DIR> d-------- c:\documents and settings\Anonym\Programdata\ErrorSmart

2008-11-02 15:14 . 2008-11-02 15:14 <DIR> d-------- c:\programfiler\VideoLAN

2008-10-31 18:44 . 2008-11-02 15:15 <DIR> d-------- c:\documents and settings\Anonym\Programdata\vlc

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\no

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\bits

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\l2schemas

2008-10-31 14:23 . 2008-10-31 14:23 <DIR> d-------- c:\windows\ServicePackFiles

2008-10-31 14:15 . 2008-10-31 14:15 <DIR> d-------- c:\windows\EHome

2008-10-31 05:16 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys

2008-10-31 05:16 . 2004-08-03 22:41 685,056 --------- c:\windows\system32\drivers\hsfcxts2.sys

2008-10-31 05:16 . 2004-08-03 22:41 220,032 --------- c:\windows\system32\drivers\hsfbs2s2.sys

2008-10-31 05:16 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty

2008-10-31 02:57 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-30 21:45 . 2008-10-30 21:45 <DIR> d-------- C:\INDIANA_JONES_4

2008-10-30 17:17 . 2008-10-30 17:17 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\programfiler\NOS

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS

2008-10-30 04:42 . 2008-10-30 04:42 <DIR> dr-h----- c:\documents and settings\LocalService\Siste

2008-10-25 16:07 . 2008-10-27 21:02 <DIR> d-------- c:\programfiler\PokerStars

2008-10-24 18:50 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\nb-no

2008-10-24 18:50 . 2008-10-03 18:31 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll

2008-10-24 18:50 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat

2008-10-24 18:50 . 2007-03-08 06:11 1,007,616 --------- c:\windows\system32\dllcache\ieframe.dll.mui

2008-10-24 18:50 . 2008-08-26 09:30 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll

2008-10-24 18:50 . 2008-08-26 09:30 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll

2008-10-24 18:50 . 2008-08-26 09:30 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

2008-10-24 18:50 . 2008-08-26 09:30 63,488 --------- c:\windows\system32\dllcache\icardie.dll

2008-10-24 18:50 . 2008-08-26 09:30 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll

2008-10-24 18:50 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,190,976 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,067,840 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-18 07:09 . 2008-09-15 16:29 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-18 07:09 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 08:56 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared

2008-11-10 08:30 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec

2008-11-06 09:38 --------- d-----w c:\programfiler\Hewlett-Packard

2008-11-06 09:37 --------- d-----w c:\programfiler\Google

2008-10-31 15:48 --------- d-----w c:\programfiler\MSN Messenger

2008-10-30 16:15 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-10-24 18:06 --------- d-----w c:\documents and settings\Anonym\Programdata\Microgaming

2008-10-09 16:09 --------- d-----w c:\programfiler\Apple Software Update

2008-10-09 16:06 --------- d-----w c:\programfiler\iTunes

2008-10-09 16:06 --------- d-----w c:\programfiler\iPod

2008-10-09 16:06 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-09 16:04 --------- d-----w c:\programfiler\QuickTime

2008-10-09 16:04 --------- d-----w c:\programfiler\Bonjour

2008-10-09 16:03 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-10-07 21:28 --------- d-----w c:\documents and settings\Anonym\Programdata\NCH Swift Sound

2008-10-07 21:21 --------- d-----w c:\documents and settings\Anonym\Programdata\Tunebite

2008-10-07 21:11 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Swift Sound

2008-10-07 21:09 27,136 ----a-w c:\windows\system32\drivers\nchssvad.sys

2008-10-07 21:09 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Software

2008-10-07 21:01 --------- d-----w c:\documents and settings\All Users\Programdata\RapidSolution

2008-10-06 16:48 --------- d-----w c:\programfiler\PixiePack Codec Pack

2008-10-05 19:43 --------- d-----w c:\documents and settings\Anonym\Programdata\LimeWire

2008-09-22 09:03 --------- d-----w c:\documents and settings\Anonym\Programdata\FaxCtr

2008-09-20 11:55 --------- d-----w c:\documents and settings\Anonym\Programdata\Lexmark Productivity Studio

2008-09-16 18:14 --------- d-----w c:\programfiler\hp deskjet 3320 series

2007-07-12 09:34 56,104 ----a-w c:\documents and settings\Anonym\Programdata\GDIPFONTCACHEV1.DAT

2007-03-18 19:22 389,120 ----a-w c:\documents and settings\Anonym\stas75_20060810.0001.dll

2006-08-17 09:13 0 ----a-w c:\documents and settings\Anonym\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-10_15.55.45,42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2008-11-10 12:59:25 62,678 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-13 11:35:45 62,678 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-10 12:59:25 71,104 ----a-w c:\windows\system32\perfc014.dat

+ 2008-11-13 11:35:45 71,104 ----a-w c:\windows\system32\perfc014.dat

- 2008-11-10 12:59:25 401,398 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-13 11:35:45 401,398 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-10 12:59:25 405,492 ----a-w c:\windows\system32\perfh014.dat

+ 2008-11-13 11:35:45 405,492 ----a-w c:\windows\system32\perfh014.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]

"hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]

"MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

"Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]

"PestPatrol Control Center"="c:\programfiler\PestPatrol\PPControl.exe" [2004-11-15 98304]

"PPMemCheck"="c:\programfiler\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]

"CookiePatrol"="c:\programfiler\PestPatrol\CookiePatrol.exe" [2005-01-10 73728]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msvideo7"= STV680tg.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2005-10-11 16:17 409600 c:\programfiler\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-05-01 23:21 100056 c:\progra~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 19:20 866584 c:\programfiler\Windows Defender\MSASCui.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Programfiler\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

 

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

S0 ati2goxx;ati2goxx;c:\windows\system32\Drivers\ati2goxx.sys [ ]

S0 ati8ucxx;ati8ucxx;c:\windows\system32\Drivers\ati8ucxx.sys [ ]

S0 ati8vdxx;ati8vdxx;c:\windows\system32\Drivers\ati8vdxx.sys [ ]

S0 ati8wexx;ati8wexx;c:\windows\system32\Drivers\ati8wexx.sys [ ]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608]

S3 getPlus® Helper;getPlus® Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;c:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]

S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [2002-09-28 32000]

S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [2002-10-04 28057]

S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [2002-11-28 21081]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ba2d07a-8ef4-11dc-b1e7-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292dfa65-a2f7-11db-9b80-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]

c:\programfiler\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2008-11-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26]

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart\ErrorSmart.exe []

 

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart []

 

2008-11-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

 

2008-11-13 c:\windows\Tasks\Symantec NetDetect.job

- c:\programfiler\Symantec\LiveUpdate\NDetect.exe []

.

- - - - ORPHANS REMOVED - - - -

 

SafeBoot-ati8dlxx.sys

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-13 12:34:15

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????6?4?7?6??`???? ???B?????????????hLC????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\programfiler\Windows Defender\MsMpEng.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\scardsvr.exe

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe

c:\windows\system32\wscntfy.exe

c:\programfiler\HPQ\Shared\hpqwmi.exe

c:\windows\system32\wbem\wmiadap.exe

.

**************************************************************************

.

Completion time: 2008-11-13 12:37:50 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-13 11:37:45

ComboFix2.txt 2008-11-12 14:29:10

ComboFix3.txt 2008-11-12 13:48:45

ComboFix4.txt 2008-11-12 12:18:12

ComboFix5.txt 2008-11-13 11:28:17

 

Pre-Run: 29 676 253 184 byte ledig

Post-Run: 29,590,065,152 byte ledig

 

249 --- E O F --- 2008-11-07 12:16:45

 

 

[snippsat]

Ja nå er registeroppføringer borte.

Men forsatt så er de filene vrange.

 

Kan du gå til mappe c:\windows\system32\Drivers

Og se etter disse filer.

Du kan se om navet stemmer på dem.

Prøve og slette dem manulet med hjelp av Unlocker kan testes.

Sikkerhetmodus prøve der og.

 

Nå skjønner du hvordan avanger virker du kan prøve og kjøre dem igjennom den en gang til.

 

En til.

http://www.softpedia.com/get/System/Boot-M...oveOnBoot.shtml

 

Filene det er snakk om.

c:\windows\system32\Drivers\ati8dlxx.sys

c:\windows\system32\Drivers\ati2goxx.sys

c:\windows\system32\Drivers\ati8ucxx.sys

c:\windows\system32\Drivers\ati8vdxx.sys

c:\windows\system32\Drivers\ati8wexx.sys

[RMBB]

Takker.

Men jeg finner ikke de filene:S De er ikke skjulte heller.

Skulle alt være i orden nå da eller?

[r2d290]

har du både satt prikk ved "vis skjulte filer og mapper", og skrudd av "skjul beskyttede operativsystemfiler (anbefales)"?

[RMBB]

Ja. Finner dem ikke..

[snippsat]

Ja. Finner dem ikke.

Ja da sier vi det er greit.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf trygt.

[RMBB]

Takk for hjelpen

[r2d290]

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-