Kan noen se på Combofix loggen min?

[Trainman]

Kan dere?

 

ComboFix 08-03-18.1 - Torunn Bleka Frogner 2008-03-19 15:16:24.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.113 [GMT 1:00]

Running from: D:\Programfiler\PREVXCSIFREE\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))

.

 

2008-03-19 15:08 . 2008-03-19 15:08 <DIR> d-------- C:\Programfiler\PrevxCSI

2008-03-19 15:08 . 2008-03-19 15:09 <DIR> d-------- C:\Documents and Settings\Torunn Bleka Frogner\Programdata\PrevxCSI

2008-03-19 15:08 . 2008-03-19 15:08 10,752 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2008-03-14 08:01 . 2008-03-14 08:02 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-03-11 16:06 . 2008-03-18 14:24 <DIR> dr-h----- C:\Documents and Settings\Torunn Bleka Frogner\Siste

2008-02-29 17:44 . 2008-02-29 17:44 <DIR> d-------- C:\Programfiler\MSECache

2008-02-29 17:35 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll

2008-02-29 17:31 . 2008-02-29 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Logishrd

2008-02-22 19:01 . 2008-02-22 19:01 736 --a------ C:\WINDOWS\DigimaxMaster.INI

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-14 07:07 --------- d-----w C:\Programfiler\MSN Messenger

2008-03-14 07:04 --------- d-----w C:\Programfiler\Windows Live

2008-03-14 06:58 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-03-10 12:56 --------- d-----w C:\Documents and Settings\Torunn Bleka Frogner\Programdata\LimeWire

2008-03-09 19:06 91,264 ----a-w C:\WINDOWS\system32\drivers\zebrsce.sys

2008-03-09 19:06 83,200 ----a-w C:\WINDOWS\system32\drivers\zebrbus.sys

2008-03-09 19:06 63,360 ----a-w C:\WINDOWS\system32\drivers\zebrceb.sys

2008-03-09 19:06 14,848 ----a-w C:\WINDOWS\system32\drivers\zebrmdfl.sys

2008-03-09 19:06 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrwhnt.sys

2008-03-09 19:06 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrwh.sys

2008-03-09 19:06 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrcmnt.sys

2008-03-09 19:06 12,160 ----a-w C:\WINDOWS\system32\drivers\zebrcm.sys

2008-03-09 19:06 109,568 ----a-w C:\WINDOWS\system32\drivers\zebrmdmc.sys

2008-03-09 19:06 109,568 ----a-w C:\WINDOWS\system32\drivers\zebrmdm.sys

2008-03-09 19:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2008-03-05 07:25 --------- d-----w C:\Programfiler\Java

2008-02-29 16:40 --------- d-----w C:\Programfiler\Fellesfiler\LogiShrd

2008-02-29 16:30 --------- d-----w C:\Programfiler\Logitech

2008-02-22 18:02 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-19 13:08 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-02-17 14:56 --------- d-----w C:\Programfiler\Sony Ericsson

2008-01-29 19:02 --------- d-----w C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-01-29 17:09 --------- d-----w C:\Programfiler\Sony

2008-01-29 11:44 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2008-01-29 11:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech

2008-01-24 16:35 --------- d-----w C:\Documents and Settings\Torunn Bleka Frogner\Programdata\Nvu

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-19 22:58 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-04-09 20:22 94,772,637 ----a-w C:\Programfiler\StudioPatch10_7_0.exe

2007-04-04 12:55 9,340,443 ----a-w C:\Programfiler\win2k_xp142550.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45e3fa83-4965-4122-950b-4baf304b40ce}]

2008-01-07 18:38 1530904 --a------ C:\Programfiler\Dyresonen\tbDyre.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{45E3FA83-4965-4122-950B-4BAF304B40CE}"= "C:\Programfiler\Dyresonen\tbDyre.dll" [2008-01-07 18:38 1530904]

 

[HKEY_CLASSES_ROOT\clsid\{45e3fa83-4965-4122-950b-4baf304b40ce}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{45E3FA83-4965-4122-950B-4BAF304B40CE}"= C:\Programfiler\Dyresonen\tbDyre.dll [2008-01-07 18:38 1530904]

 

[HKEY_CLASSES_ROOT\clsid\{45e3fa83-4965-4122-950b-4baf304b40ce}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"mRouterConfig"="C:\Programfiler\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 11:54 290816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 17:20 1024000]

"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 16:18 212992]

"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-10-26 16:11 2889728]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]

"PowerKey"="C:\Programfiler\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]

"LManager"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 19:05 385024]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 08:47 131072]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 08:47 163840]

"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]

"avgnt"="D:\Programfiler1\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 20:50 249896]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-10-20 17:26 185632]

"PC Suite for Smartphones"="C:\Programfiler\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-02 18:54 98304]

"LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]

"LogitechQuickCamRibbon"="C:\Programfiler\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

 

C:\Documents and Settings\Torunn Bleka Frogner\Start-meny\Programmer\Oppstart\

PrevxCSI.lnk - C:\Programfiler\PrevxCSI\prevxcsi.exe [2008-03-19 15:08:15 219648]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-29 12:44:18 67128]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programfiler\Superantispyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

D:\Programfiler\Superantispyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programfiler\Superantispyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]

D:\Programfiler1\Ad-Aware SE Plus\Ad-Watch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-07-15 01:07 32768 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SENS"=2 (0x2)

"RasMan"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=

"C:\\Programfiler\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=

"D:\\Programfiler1\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-03-19 15:08]

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 15:00]

R3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29]

R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-03-09 20:06]

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

S2 Ndiskio;Ndiskio;d:\programfiler1\norman antivirus1\nse\bin\ndiskio.sys []

S3 nvcfsr;nvcfsr;D:\Programfiler1\Norman AntiVirus1\Nvc\bin\nvcfsr.sys []

S3 nvcoafl51;nvcoafl51;D:\Programfiler1\Norman AntiVirus1\Nvc\bin\nvcoafl51.sys []

S3 nvcoaft51;nvcoaft51;D:\Programfiler1\Norman AntiVirus1\Nvc\bin\nvcoaft51.sys []

S3 nvcoarc51;nvcoarc51;D:\Programfiler1\Norman AntiVirus1\Nvc\bin\nvcoarc51.sys []

S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2008-03-09 20:06]

S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2008-03-09 20:06]

S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2008-03-09 20:06]

S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2008-03-09 20:06]

S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2008-03-09 20:06]

S4 nvcoas;Norman Virus Control on-access component;D:\Programfiler1\Norman AntiVirus1\Nvc\bin\nvcoas.exe []

S4 NVCScheduler;Norman Virus Control Scheduler;D:\Programfiler1\Norman AntiVirus1\Nvc\BIN\NVCSCHED.EXE []

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d770f821-d659-11db-bc43-0016ce138e3b}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6052689-dc62-11db-bc51-0016ce138e3b}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

 

*Newly Created Service* - INT15.SYS

*Newly Created Service* - PXARK

*Newly Created Service* - RKREVEAL150

.

Contents of the 'Scheduled Tasks' folder

"2008-03-19 12:52:00 C:\WINDOWS\Tasks\WebReg 20071018135255.job"

- C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe'/TaskName 20071018135255 /N

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-19 15:19:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-19 15:21:02

.

2008-03-12 19:08:44 --- E O F ---

[snippsat]

Ser grei ut dette.

 

Restart og en HijackThis logg.

[Trainman]

Ser grei ut dette.

 

Restart og en HijackThis logg.

 

HJT loggen ser bra ut. Har sjekket den. Takk for svar.