ComboFix 08-12-17.01 - Hien 2008-12-18 19:53:08.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1637 [GMT 1:00] Kjører fra: J:\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Hien\Application Data\[u]0[/u]2000000f070e9df509C.manifest c:\documents and settings\Hien\Application Data\[u]0[/u]2000000f070e9df509O.manifest c:\documents and settings\Hien\Application Data\[u]0[/u]2000000f070e9df509P.manifest c:\documents and settings\Hien\Application Data\[u]0[/u]2000000f070e9df509S.manifest c:\windows\GnuHashes.ini c:\windows\system32\GroupPolicy000.dat c:\windows\system32\GroupPolicyManifest c:\windows\system32\GroupPolicyManifest\1.music.mp3 c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd c:\windows\system32\GroupPolicyManifest\10.setup.zip c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd c:\windows\system32\GroupPolicyManifest\11.unpack.zip c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd c:\windows\system32\GroupPolicyManifest\12.limepro.zip c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd c:\windows\system32\GroupPolicyManifest\13.keygen.zip c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd c:\windows\system32\GroupPolicyManifest\2.crack.zip c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd c:\windows\system32\GroupPolicyManifest\9.remix.mp3 c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-18 til 2008-12-18 ))))))))))))))))))))))))))))))))) . 2008-12-18 16:47 . 2008-12-18 16:47 d-------- c:\documents and settings\Hien\Application Data\Malwarebytes 2008-12-18 16:47 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-18 16:46 . 2008-12-18 16:47 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-18 16:46 . 2008-12-18 16:46 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-18 16:46 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-18 15:50 . 2008-12-18 15:50 0 --a------ c:\windows\system32\msexcr.ini 2008-12-18 11:23 . 2008-12-18 11:23 373,760 --ahs---- c:\windows\system32\32.tmp 2008-12-18 11:23 . 2008-12-18 11:23 135,168 --a------ c:\windows\system32\cryptsvc32.dll 2008-12-18 11:09 . 2008-12-18 11:25 d-------- c:\documents and settings\Hien\Application Data\LimeWire 2008-12-17 14:48 . 2008-12-17 14:48 410,984 --a------ c:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-18 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-12-17 13:48 --------- d-----w c:\program files\Java 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((( snapshot@2008-12-18_17.17.29,76 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-18 18:48:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_15c.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-20 200704] "VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552] "VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840] "OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248] "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104] "MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 212992] "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-10-02 999424] "MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 110592] "MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184] "MPSExe"="c:\progra~1\mcafee.com\mps\mscifapp.exe" [2005-07-26 294912] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8c95326a509] 2008-12-18 11:23 135168 c:\windows\system32\cryptsvc32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\cryptsvc32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R3 cmeu0wdm;CardMan 2020;c:\windows\system32\DRIVERS\cmeu0wdm.sys [2008-09-03 43737] S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\DRIVERS\sccmusbm.sys [2008-08-30 23936] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-18 c:\windows\Tasks\McAfee.com Scan for virus - Denne computer (HIEN-3257CF723A-Hien).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 17:18] . . ------- Tilleggsskanning ------- . LSP: c:\windows\system32\mclsp.dll FF - ProfilePath - c:\documents and settings\Hien\Application Data\Mozilla\Firefox\Profiles\wd3bpkca.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nettavisen.no [color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color] c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-18 19:54:44 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\System32\cryptsvc32.dll - - - - - - - > 'lsass.exe'(776) c:\windows\System32\cryptsvc32.dll c:\windows\system32\mclsp.dll c:\windows\system32\SPORDER.dll c:\windows\system32\mclsphlr\gdlsphlr.dll c:\windows\system32\McRtl32.dll . Tidspunkt ferdig: 2008-12-18 19:55:35 ComboFix-quarantined-files.txt 2008-12-18 18:55:32 ComboFix2.txt 2008-12-18 16:17:57 Pre-Run: 233 499 234 304 bytes free Post-Run: 233,499,631,616 byte ledig 153 --- E O F --- 2008-12-18 14:04:40