[Løst][LØST]Sjek av MBAM, Combofix og HJT logger

RMBB · 10. november 2008

Tror det meste er vekk, men legger ut loggene

MBAM

Malwarebytes' Anti-Malware 1.30

Database versjon: 1379

Windows 5.1.2600 Service Pack 3

10.11.2008 13:53:41

mbam-log-2008-11-10 (13-53-41).txt

Skanntype: Full Skann (C:\|)

Objekter skannet: 111320

Tid tilbakelagt: 34 minute(s), 15 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 6

Registerverdier infisert: 1

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 4

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati8dlxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati8dlxx (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati8dlxx (Rootkit.Agent) -> Delete on reboot.

HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\system32\rs32net.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\Documents and Settings\Anonym\Lokale innstillinger\Temp\temp.exe (Spyware.LDPinch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\ati8dlxx.sys (Rootkit.Agent) -> Delete on reboot.

C:\Documents and Settings\Anonym\Lokale innstillinger\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Combofix

ComboFix 08-11-09.04 - Anonym 2008-11-10 15:52:28.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.555 [GMT 1:00]

Running from: c:\documents and settings\Anonym\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\setup.exe

.

((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))

.

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\Anonym\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-10 13:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-10 11:36 . 2008-11-10 11:36 <DIR> dr-h----- c:\documents and settings\Anonym\Siste

2008-11-10 11:34 . 2008-11-10 11:34 <DIR> d-------- c:\programfiler\CCleaner

2008-11-10 11:28 . 2008-11-10 13:55 32,768 --a------ c:\windows\system32\drivers\ati8dlxx.sys

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr-h----- c:\documents and settings\Administrator\Siste

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Symantec

2008-11-07 09:59 . 2005-11-30 07:14 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Apple Computer

2008-11-07 09:59 . 2005-11-30 07:15 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Mine dokumenter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2008-11-07 09:59 . 2008-11-10 15:54 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2008-11-07 09:59 . 2005-11-30 06:48 <DIR> dr------- c:\documents and settings\Administrator\Favoritter

2008-11-07 09:59 . 2005-11-30 16:41 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2008-11-07 09:59 . 2008-11-07 09:59 <DIR> d-------- c:\documents and settings\Administrator

2008-11-06 11:02 . 2008-11-10 13:55 <DIR> d-------- c:\programfiler\PestPatrol

2008-11-06 11:01 . 2008-11-06 11:02 1,737 --a------ c:\windows\SetupPestPatrolCorporate.mif

2008-11-04 21:24 . 2008-11-04 21:24 <DIR> d-------- c:\programfiler\Windows Defender

2008-11-04 21:10 . 2008-11-04 21:16 <DIR> d-------- c:\documents and settings\Anonym\Programdata\ErrorSmart

2008-11-02 15:14 . 2008-11-02 15:14 <DIR> d-------- c:\programfiler\VideoLAN

2008-10-31 18:44 . 2008-11-02 15:15 <DIR> d-------- c:\documents and settings\Anonym\Programdata\vlc

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\no

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\bits

2008-10-31 14:25 . 2008-10-31 14:25 <DIR> d-------- c:\windows\l2schemas

2008-10-31 14:23 . 2008-10-31 14:23 <DIR> d-------- c:\windows\ServicePackFiles

2008-10-31 14:15 . 2008-10-31 14:15 <DIR> d-------- c:\windows\EHome

2008-10-31 05:16 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys

2008-10-31 05:16 . 2004-08-03 22:41 685,056 --------- c:\windows\system32\drivers\hsfcxts2.sys

2008-10-31 05:16 . 2004-08-03 22:41 220,032 --------- c:\windows\system32\drivers\hsfbs2s2.sys

2008-10-31 05:16 . 2004-07-17 22:55 129,045 --------- c:\windows\system32\drivers\cxthsfs2.cty

2008-10-31 02:57 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-30 21:45 . 2008-10-30 21:45 <DIR> d-------- C:\INDIANA_JONES_4

2008-10-30 17:17 . 2008-10-30 17:17 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\programfiler\NOS

2008-10-30 16:45 . 2008-10-30 16:45 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS

2008-10-30 04:42 . 2008-10-30 04:42 <DIR> dr-h----- c:\documents and settings\LocalService\Siste

2008-10-25 16:07 . 2008-10-27 21:02 <DIR> d-------- c:\programfiler\PokerStars

2008-10-24 18:50 . 2008-10-31 14:25 <DIR> d-------- c:\windows\system32\nb-no

2008-10-24 18:50 . 2008-10-03 18:31 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll

2008-10-24 18:50 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat

2008-10-24 18:50 . 2007-03-08 06:11 1,007,616 --------- c:\windows\system32\dllcache\ieframe.dll.mui

2008-10-24 18:50 . 2008-08-26 09:30 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll

2008-10-24 18:50 . 2008-08-26 09:30 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll

2008-10-24 18:50 . 2008-08-26 09:30 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

2008-10-24 18:50 . 2008-08-26 09:30 63,488 --------- c:\windows\system32\dllcache\icardie.dll

2008-10-24 18:50 . 2008-08-26 09:30 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll

2008-10-24 18:50 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,190,976 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,067,840 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-18 07:09 . 2008-08-14 14:27 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-18 07:09 . 2008-09-15 16:29 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-18 07:09 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 08:56 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared

2008-11-10 08:30 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec

2008-11-06 09:38 --------- d-----w c:\programfiler\Hewlett-Packard

2008-11-06 09:37 --------- d-----w c:\programfiler\Google

2008-10-31 15:48 --------- d-----w c:\programfiler\MSN Messenger

2008-10-30 16:15 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-10-24 18:06 --------- d-----w c:\documents and settings\Anonym\Programdata\Microgaming

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-09 16:09 --------- d-----w c:\programfiler\Apple Software Update

2008-10-09 16:06 --------- d-----w c:\programfiler\iTunes

2008-10-09 16:06 --------- d-----w c:\programfiler\iPod

2008-10-09 16:06 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-09 16:04 --------- d-----w c:\programfiler\QuickTime

2008-10-09 16:04 --------- d-----w c:\programfiler\Bonjour

2008-10-09 16:03 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-10-07 21:28 --------- d-----w c:\documents and settings\Anonym\Programdata\NCH Swift Sound

2008-10-07 21:21 --------- d-----w c:\documents and settings\Anonym\Programdata\Tunebite

2008-10-07 21:11 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Swift Sound

2008-10-07 21:09 27,136 ----a-w c:\windows\system32\drivers\nchssvad.sys

2008-10-07 21:09 --------- d-----w c:\documents and settings\All Users\Programdata\NCH Software

2008-10-07 21:01 --------- d-----w c:\documents and settings\All Users\Programdata\RapidSolution

2008-10-06 16:48 --------- d-----w c:\programfiler\PixiePack Codec Pack

2008-10-05 19:43 --------- d-----w c:\documents and settings\Anonym\Programdata\LimeWire

2008-09-22 09:03 --------- d-----w c:\documents and settings\Anonym\Programdata\FaxCtr

2008-09-20 11:55 --------- d-----w c:\documents and settings\Anonym\Programdata\Lexmark Productivity Studio

2008-09-16 18:14 --------- d-----w c:\programfiler\hp deskjet 3320 series

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-08-27 13:00 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-08-25 08:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-08-14 13:27 2,190,976 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27 2,067,840 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys

2007-07-12 09:34 56,104 ----a-w c:\documents and settings\Anonym\Programdata\GDIPFONTCACHEV1.DAT

2007-03-18 19:22 389,120 ----a-w c:\documents and settings\Anonym\stas75_20060810.0001.dll

2006-08-17 09:13 0 ----a-w c:\documents and settings\Anonym\Programdata\wklnhst.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"TomTomHOME.exe"="c:\programfiler\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]

"hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]

"MXOBG"="c:\windows\MXOALDR.EXE" [2003-10-10 94208]

"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]

"Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]

"PestPatrol Control Center"="c:\programfiler\PestPatrol\PPControl.exe" [2004-11-15 98304]

"PPMemCheck"="c:\programfiler\PestPatrol\PPMemCheck.exe" [2003-04-19 148480]

"CookiePatrol"="c:\programfiler\PestPatrol\CookiePatrol.exe" [2005-01-10 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msvideo7"= STV680tg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2goxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8dlxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8ucxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vdxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8wexx.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2005-10-11 16:17 409600 c:\programfiler\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\programfiler\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\programfiler\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2008-05-01 23:21 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 19:20 866584 c:\programfiler\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Programfiler\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

R0 ati8dlxx;ati8dlxx;c:\windows\system32\Drivers\ati8dlxx.sys [2008-11-10 32768]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

S0 ati2goxx;ati2goxx;c:\windows\system32\Drivers\ati2goxx.sys [ ]

S0 ati8ucxx;ati8ucxx;c:\windows\system32\Drivers\ati8ucxx.sys [ ]

S0 ati8vdxx;ati8vdxx;c:\windows\system32\Drivers\ati8vdxx.sys [ ]

S0 ati8wexx;ati8wexx;c:\windows\system32\Drivers\ati8wexx.sys [ ]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608]

S3 getPlus® Helper;getPlus® Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;c:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]

S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [2002-09-28 32000]

S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [2002-10-04 28057]

S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [2002-11-28 21081]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ba2d07a-8ef4-11dc-b1e7-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292dfa65-a2f7-11db-9b80-0014a52c36da}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]

c:\programfiler\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 16:26]

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart\ErrorSmart.exe []

2008-11-06 c:\windows\Tasks\ErrorSmart Scheduled Scan.job

- c:\programfiler\ErrorSmart []

2008-11-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-10 c:\windows\Tasks\Symantec NetDetect.job

- c:\programfiler\Symantec\LiveUpdate\NDetect.exe []

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-EPSON Stylus Photo R220 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE

HKLM-Run-PestPatrolCL - (no file)

SafeBoot-ati0aixx.sys

SafeBoot-ati0whxx.sys

SafeBoot-ati1dlxx.sys

SafeBoot-ati1gmxx.sys

SafeBoot-ati2bjxx.sys

SafeBoot-ati2krxx.sys

SafeBoot-ati3nuxx.sys

SafeBoot-ati3ucxx.sys

SafeBoot-ati4enxx.sys

SafeBoot-ati4hnxx.sys

SafeBoot-ati4ksxx.sys

SafeBoot-ati4msxx.sys

SafeBoot-ati5emxx.sys

SafeBoot-ati5foxx.sys

SafeBoot-ati5hnxx.sys

SafeBoot-ati5mvxx.sys

SafeBoot-ati5udxx.sys

SafeBoot-ati6cjxx.sys

SafeBoot-ati6fmxx.sys

SafeBoot-ati6ovxx.sys

SafeBoot-ati6tbxx.sys

SafeBoot-ati7hoxx.sys

SafeBoot-ati7xgxx.sys

SafeBoot-ati7xhxx.sys

SafeBoot-ati8jrxx.sys

SafeBoot-ati8udxx.sys

MSConfigStartUp-rs32net - c:\windows\System32\rs32net.exe

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com/search?q=startside+no&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe -

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-10 15:55:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????6?4?7?6??????? ???B?????????????hLC????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-11-10 15:56:19

ComboFix-quarantined-files.txt 2008-11-10 14:56:13

Pre-Run: 28 437 577 728 byte ledig

Post-Run: 29,304,848,384 byte ledig

286 --- E O F --- 2008-11-07 12:16:45

HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:21:08, on 10.11.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe

C:\Programfiler\PestPatrol\PPControl.exe

C:\Programfiler\PestPatrol\PPMemCheck.exe

C:\Programfiler\PestPatrol\CookiePatrol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\TomTom HOME 2\HOMERunner.exe

C:\Programfiler\HPQ\SHARED\HPQWMI.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\anthonius\Skrivebord\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe"

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programfiler\PestPatrol\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\Programfiler\PestPatrol\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\Programfiler\PestPatrol\CookiePatrol.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programfiler\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

--

End of file - 7574 bytes

Endret 17. november 2008 av Jyztrik

norbat · 10. november 2008

Oppdater MBAM og kjør en ny rask skan + combofix. Post loggene.

RMBB · 11. november 2008

Her er loggene:

ComboFix 08-11-10.01 - Anonym 2008-11-11 10:05:08.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.550 [GMT 1:00]

Running from: c:\documents and settings\Anonym\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))

.

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\Anonym\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-11-10 13:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-10 13:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-10 13:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-10 11:36 . 2008-11-10 11:36 <DIR> dr-h----- c:\documents and settings\Anonym\Siste

2008-11-10 11:34 . 2008-11-10 11:34 <DIR> d-------- c:\programfiler\CCleaner

2008-11-10 11:28 . 2008-11-11 09:39 32,768 --a------ c:\windows\system32\drivers\ati8dlxx.sys