(LØST) Combofix-logg,kan noen sjekke denne?

[erikpau1]

ComboFix 08-01-11.1 - eripau 2008-01-11 23:36:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1151 [GMT 1:00]

Running from: C:\Documents and Settings\eripau\Lokale innstillinger\Temporary Internet Files\Content.IE5\V9BS1UGV\ComboFix[1].exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\445930.exe

C:\WINDOWS\system32\lsprst7.dll

C:\WINDOWS\system32\ssprs.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))

.

 

2008-01-11 23:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-11 23:29 . 2008-01-11 23:29 82,965 --a------ C:\Upload_Me.zip

2008-01-11 23:18 . 2008-01-11 23:18 <DIR> d-------- C:\KAV

2008-01-11 22:54 . 2008-01-11 23:29 <DIR> d-------- C:\MSNFix

2008-01-11 22:45 . 2008-01-11 22:45 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData

2008-01-11 22:11 . 2008-01-11 22:30 574,119 --a------ C:\chanrar.rar

2008-01-11 20:53 . 2008-01-11 21:28 <DIR> d---s---- C:\Documents and Settings\LocalService\Favoritter

2008-01-11 20:41 . 2008-01-11 20:41 45,568 -r-hs---- C:\WINDOWS\lssas.exe

2008-01-11 20:41 . 2008-01-11 20:41 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe

2008-01-09 11:11 . 2008-01-09 11:11 <DIR> d--h----- C:\Documents and Settings\All Users\Programdata\CanonBJ

2008-01-09 11:11 . 2005-11-21 06:00 158,720 --a------ C:\WINDOWS\system32\CNMLM7S.DLL

2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Programfiler\Maxtor

2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Maxtor

2008-01-06 19:44 . 2008-01-06 19:44 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-01-06 19:44 . 2008-01-11 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-06 19:44 . 2008-01-06 19:44 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-05 23:46 . 2008-01-11 23:16 <DIR> d--hs---- C:\Documents and Settings\eripau\Siste

2008-01-05 23:04 . 2008-01-05 23:04 <DIR> d-------- C:\Programfiler\uTorrent

2008-01-05 23:04 . 2008-01-11 18:50 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\uTorrent

2007-12-21 21:12 . 2007-12-21 21:16 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-21 21:12 . 2007-12-21 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2007-12-21 15:36 . 2007-12-21 15:36 <DIR> d-------- C:\Programfiler\DivX

2007-12-18 09:21 . 2008-01-06 23:23 116 --a------ C:\WINDOWS\NeroDigital.ini

2007-12-18 00:10 . 2007-12-18 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LightScribe

2007-12-17 22:40 . 2005-01-31 11:18 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll

2007-12-17 22:40 . 2005-01-31 11:20 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS

2007-12-17 22:40 . 2005-01-31 11:10 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll

2007-12-17 22:40 . 2005-01-31 11:08 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll

2007-12-17 22:40 . 2005-01-31 11:00 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll

2007-12-17 22:40 . 2005-01-31 11:12 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2007-12-17 22:40 . 2005-01-31 09:37 9,255 -ra------ C:\WINDOWS\system32\lvcoinst.ini

2007-12-17 22:26 . 2008-01-06 23:23 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\Ahead

2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Nero

2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\WINDOWS\CatRoot

2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\Programfiler\Vimicro

2007-12-16 22:41 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe

2007-12-16 22:41 . 2004-06-18 16:52 233,557 --a------ C:\WINDOWS\system32\VM31bPrp.Ax

2007-12-16 22:41 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe

2007-12-16 22:41 . 2004-08-17 11:44 91,263 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys

2007-12-16 22:41 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll

2007-12-16 22:41 . 2002-08-22 17:02 53,248 --a------ C:\WINDOWS\StillCap.exe

2007-12-16 22:41 . 2003-08-07 15:19 49,152 --a------ C:\WINDOWS\amcap.exe

2007-12-16 22:41 . 2004-03-08 17:00 24,576 --a------ C:\WINDOWS\RunSetup.dll

2007-12-13 16:13 . 2007-12-13 16:56 1,244,214 --a------ C:\Bordell ved presse.bmp

2007-12-13 12:53 . 2007-12-13 12:55 128,127,222 --a------ C:\VTS_01_5.avi

2007-12-13 12:40 . 2007-12-13 12:53 886,747,220 --a------ C:\VTS_01_4.avi

2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-12-11 11:45 . 2004-08-03 23:10 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys

2007-12-11 11:45 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys

2007-12-11 11:44 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys

2007-12-11 11:44 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys

2007-12-11 11:44 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys

2007-12-11 11:44 . 2004-08-03 23:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys

2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-11 21:50 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-01-10 23:04 --------- d-----w C:\Programfiler\Clue

2008-01-09 20:38 --------- d-----w C:\Programfiler\QuickTime

2008-01-09 17:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-01-05 22:17 --------- d-----w C:\Programfiler\Fellesfiler\Webroot Shared

2008-01-05 22:15 --------- d-----w C:\Programfiler\Privacy Guardian

2007-12-30 13:39 --------- d-----w C:\Programfiler\LimeWire

2007-12-29 15:57 --------- d-----w C:\Documents and Settings\eripau\Programdata\LimeWire

2007-12-26 01:09 --------- d-----w C:\Programfiler\Messenger Plus! Live

2007-12-21 20:18 --------- d-----w C:\Programfiler\Windows Live

2007-12-18 08:15 --------- d-----w C:\Documents and Settings\eripau\Programdata\Lionhead Studios

2007-12-16 21:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-12 21:16 --------- d-----w C:\Programfiler\Windows Live Safety Center

2007-12-10 08:04 --------- d-----w C:\Programfiler\Java

2007-12-04 23:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Minnetonka Audio Software

2007-12-04 22:43 --------- d-----w C:\Programfiler\Fellesfiler\AVSMedia

2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winupsvc.exe

2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winsvcup.exe

2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\mswinup.exe

2007-12-02 20:05 --------- d-----w C:\Programfiler\AVS4YOU

2007-12-02 20:01 --------- d-----w C:\Documents and Settings\eripau\Programdata\AVS4YOU

2007-12-02 18:59 --------- d-----w C:\Programfiler\Theorica Divx ;-) Codecs

2007-12-02 14:48 --------- d-----w C:\Programfiler\AliveMedia

2007-11-27 23:48 --------- d-----w C:\Documents and Settings\eripau\Programdata\Skype

2007-11-19 12:49 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-11-16 09:44 --------- d-----w C:\Programfiler\Apple Software Update

2007-11-16 09:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-11 22:12 --------- d-----w C:\Programfiler\Lavasoft

2007-11-11 22:12 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-11-11 22:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-26 06:43 111,464 ----a-w C:\WINDOWS\Fonts\sf_movie_poster.zip

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-10-11 08:04 64,534 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2007-10-11 08:04 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2007-10-11 08:04 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll

2004-08-04 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe

2007-06-29 08:04 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1E45498-D865-4E91-A579-D0AAD8D3B5A4}]

2007-01-08 03:17 155648 --a------ C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-26 18:30 94208]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088]

"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 13:28 124928]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 19:36 827392]

"QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 07:41 159744]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-06-27 11:25 185896]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]

"Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"Adobe_ID0EYTHM"="C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"mxomssmenu"="C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\eripau\Start-meny\Programmer\Oppstart\

CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 08:57:36]

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]

 

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35]

R2 Maxtor Sync Service;Maxtor Service;C:\Programfiler\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-24 01:13]

S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 00:23]

S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50]

S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 11:44]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a3c4e7e-57a1-11dc-8171-001a4b599103}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{844751e5-5b77-11dc-817c-001a735a0d0a}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e548f782-23dd-11dc-ab50-001a734a4008}]

\Shell\AutoRun\command - E:\WD_Windows_Tools\setup.exe

 

*Newly Created Service* - PROCEXP90

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {C7099049-4779-1634-2C83-372EE984396F} /qb

.

Contents of the 'Scheduled Tasks' folder

"2008-01-09 16:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-01-11 19:30:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-11 23:38:47

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-11 23:40:12

ComboFix-quarantined-files.txt 2008-01-11 22:39:27

.

2008-01-11 15:11:50 --- E O F ---

Endret 12. januar 2008 av erikpau1

[norbat]

Denne loggen er gammel. Kunne du ha laget en ny?

[erikpau1]

Her er en oppdatert logg:

 

 

ComboFix 08-01-11.3 - eripau 2008-01-12 15:19:17.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1202 [GMT 1:00]

Running from: C:\Documents and Settings\eripau\Lokale innstillinger\Temporary Internet Files\Content.IE5\GYWLR2PB\ComboFix[1].exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

 

2008-01-12 14:34 . 2008-01-12 14:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-01-12 14:34 . 2008-01-12 14:34 <DIR> d-------- C:\WINDOWS\LastGood

2008-01-12 14:34 . 2008-01-12 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab

2008-01-11 23:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-11 23:29 . 2008-01-11 23:29 82,965 --a------ C:\Upload_Me.zip

2008-01-11 23:18 . 2008-01-11 23:18 <DIR> d-------- C:\KAV

2008-01-11 22:54 . 2008-01-11 23:29 <DIR> d-------- C:\MSNFix

2008-01-11 22:45 . 2008-01-11 22:45 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData

2008-01-11 22:11 . 2008-01-11 22:30 574,119 --a------ C:\chanrar.rar

2008-01-11 20:53 . 2008-01-11 21:28 <DIR> d---s---- C:\Documents and Settings\LocalService\Favoritter

2008-01-11 20:41 . 2008-01-11 20:41 45,568 -r-hs---- C:\WINDOWS\lssas.exe

2008-01-11 20:41 . 2008-01-11 20:41 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe

2008-01-09 11:11 . 2008-01-09 11:11 <DIR> d--h----- C:\Documents and Settings\All Users\Programdata\CanonBJ

2008-01-09 11:11 . 2005-11-21 06:00 158,720 --a------ C:\WINDOWS\system32\CNMLM7S.DLL

2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Programfiler\Maxtor

2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Maxtor

2008-01-06 19:44 . 2008-01-06 19:44 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-01-06 19:44 . 2008-01-11 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-06 19:44 . 2008-01-06 19:44 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-05 23:46 . 2008-01-12 14:25 <DIR> d--hs---- C:\Documents and Settings\eripau\Siste

2008-01-05 23:04 . 2008-01-05 23:04 <DIR> d-------- C:\Programfiler\uTorrent

2008-01-05 23:04 . 2008-01-11 18:50 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\uTorrent

2007-12-21 21:12 . 2007-12-21 21:16 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-21 21:12 . 2007-12-21 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2007-12-21 15:36 . 2007-12-21 15:36 <DIR> d-------- C:\Programfiler\DivX

2007-12-18 09:21 . 2008-01-06 23:23 116 --a------ C:\WINDOWS\NeroDigital.ini

2007-12-18 00:10 . 2007-12-18 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LightScribe

2007-12-17 22:40 . 2005-01-31 11:18 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll

2007-12-17 22:40 . 2005-01-31 11:20 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS

2007-12-17 22:40 . 2005-01-31 11:10 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll

2007-12-17 22:40 . 2005-01-31 11:08 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll

2007-12-17 22:40 . 2005-01-31 11:00 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll

2007-12-17 22:40 . 2005-01-31 11:12 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2007-12-17 22:40 . 2005-01-31 09:37 9,255 -ra------ C:\WINDOWS\system32\lvcoinst.ini

2007-12-17 22:26 . 2008-01-06 23:23 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\Ahead

2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Nero

2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\WINDOWS\CatRoot

2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\Programfiler\Vimicro

2007-12-16 22:41 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe

2007-12-16 22:41 . 2004-06-18 16:52 233,557 --a------ C:\WINDOWS\system32\VM31bPrp.Ax

2007-12-16 22:41 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe

2007-12-16 22:41 . 2004-08-17 11:44 91,263 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys

2007-12-16 22:41 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll

2007-12-16 22:41 . 2002-08-22 17:02 53,248 --a------ C:\WINDOWS\StillCap.exe

2007-12-16 22:41 . 2003-08-07 15:19 49,152 --a------ C:\WINDOWS\amcap.exe

2007-12-16 22:41 . 2004-03-08 17:00 24,576 --a------ C:\WINDOWS\RunSetup.dll

2007-12-13 16:13 . 2007-12-13 16:56 1,244,214 --a------ C:\Bordell ved presse.bmp

2007-12-13 12:53 . 2007-12-13 12:55 128,127,222 --a------ C:\VTS_01_5.avi

2007-12-13 12:40 . 2007-12-13 12:53 886,747,220 --a------ C:\VTS_01_4.avi

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 13:32 --------- d-----w C:\Programfiler\Messenger Plus! Live

2008-01-12 13:21 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-01-10 23:04 --------- d-----w C:\Programfiler\Clue

2008-01-09 20:38 --------- d-----w C:\Programfiler\QuickTime

2008-01-09 17:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-01-05 22:17 --------- d-----w C:\Programfiler\Fellesfiler\Webroot Shared

2008-01-05 22:15 --------- d-----w C:\Programfiler\Privacy Guardian

2007-12-30 13:39 --------- d-----w C:\Programfiler\LimeWire

2007-12-29 15:57 --------- d-----w C:\Documents and Settings\eripau\Programdata\LimeWire

2007-12-21 20:18 --------- d-----w C:\Programfiler\Windows Live

2007-12-18 08:15 --------- d-----w C:\Documents and Settings\eripau\Programdata\Lionhead Studios

2007-12-16 21:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-12 21:16 --------- d-----w C:\Programfiler\Windows Live Safety Center

2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-12-10 08:04 --------- d-----w C:\Programfiler\Java

2007-12-04 23:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Minnetonka Audio Software

2007-12-04 22:43 --------- d-----w C:\Programfiler\Fellesfiler\AVSMedia

2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winupsvc.exe

2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winsvcup.exe

2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\mswinup.exe

2007-12-02 20:05 --------- d-----w C:\Programfiler\AVS4YOU

2007-12-02 20:01 --------- d-----w C:\Documents and Settings\eripau\Programdata\AVS4YOU

2007-12-02 18:59 --------- d-----w C:\Programfiler\Theorica Divx ;-) Codecs

2007-12-02 14:48 --------- d-----w C:\Programfiler\AliveMedia

2007-11-27 23:48 --------- d-----w C:\Documents and Settings\eripau\Programdata\Skype

2007-11-19 12:49 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-11-16 09:44 --------- d-----w C:\Programfiler\Apple Software Update

2007-11-16 09:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-26 06:43 111,464 ----a-w C:\WINDOWS\Fonts\sf_movie_poster.zip

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2004-08-04 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe

2007-06-29 08:04 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-11_23.39.01,51 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-11 22:35:35 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-12 14:18:40 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-11 22:35:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-12 14:18:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-11 22:35:36 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-12 14:18:41 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

- 2008-01-11 22:35:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-12 14:18:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-11 22:35:36 5,419,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-12 14:18:41 5,419,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

- 2008-01-11 22:35:37 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-12 14:18:42 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll

+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1E45498-D865-4E91-A579-D0AAD8D3B5A4}]

2007-01-08 03:17 155648 --a------ C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-26 18:30 94208]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088]

"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 13:28 124928]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 19:36 827392]

"QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 07:41 159744]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-06-27 11:25 185896]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]

"Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"Adobe_ID0EYTHM"="C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"mxomssmenu"="C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"MessengerPlusLiveUninstall"="C:\DOCUME~1\eripau\LOKALE~1\Temp\MsgPlusUninstall.exe" [2007-12-16 00:37 900432]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\eripau\Start-meny\Programmer\Oppstart\

CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 08:57:36]

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]

 

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35]

R2 Maxtor Sync Service;Maxtor Service;C:\Programfiler\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-24 01:13]

S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 00:23]

S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50]

S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 11:44]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a3c4e7e-57a1-11dc-8171-001a4b599103}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{844751e5-5b77-11dc-817c-001a735a0d0a}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e548f782-23dd-11dc-ab50-001a734a4008}]

\Shell\AutoRun\command - E:\WD_Windows_Tools\setup.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {C7099049-4779-1634-2C83-372EE984396F} /qb

.

Contents of the 'Scheduled Tasks' folder

"2008-01-09 16:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-01-12 13:37:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-12 15:29:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

-> C:\WINDOWS\system32\DLAAPI_W.DLL

.

Completion time: 2008-01-12 15:30:43

ComboFix-quarantined-files.txt 2008-01-12 14:29:43

ComboFix2.txt 2008-01-11 22:40:13

.

2008-01-11 15:11:50 --- E O F ---

[norbat]

Prøv følgende:

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

 

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\chanrar.rar

C:\WINDOWS\lssas.exe

C:\WINDOWS\ntmngr.exe

C:\Upload_Me.zip

 

Folder::

C:\MSNFix

[erikpau1]

Eg forstår ikkje ka du mener med combofix-ikonet.

Når eg kjørte combofix så fant eg en link til combofix her på forumet, og då åpnet combofix seg automatisk uten noe installasjon.

Tror ikkje det ligger fysisk på PC-en.

[norbat]

Du skal laste ned Combfix og legge det på skrivebordet.

[erikpau1]

ånn, nå funket det, ny logg ligger under. Ser d bra ut? hva skal jeg gjøre nå?

 

 

ComboFix 08-01-11.3 - eripau 2008-01-12 16:04:49.3 - NTFSx86

Running from: C:\Documents and Settings\eripau\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\eripau\Skrivebord\CFScript.txt

* Created a new restore point

 

FILE

C:\chanrar.rar

C:\Upload_Me.zip

C:\WINDOWS\lssas.exe

C:\WINDOWS\ntmngr.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\chanrar.rar

C:\MSNFix

C:\MSNFix\11.01.2008_23292382.txt

C:\MSNFix\11.01.2008_23292382.zip

C:\MSNFix\incl\banker.reg

C:\MSNFix\incl\MD5File.exe

C:\MSNFix\incl\msnchk.exe

C:\MSNFix\incl\Process.exe

C:\MSNFix\incl\swreg.exe

C:\MSNFix\incl\zip.exe

C:\MSNFix\msnchk.exe

C:\MSNFix\MSNFix.bat

C:\Upload_Me.zip

C:\WINDOWS\lssas.exe

C:\WINDOWS\ntmngr.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

 

2008-01-12 14:34 . 2008-01-12 14:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-01-12 14:34 . 2008-01-12 14:34 <DIR> d-------- C:\WINDOWS\LastGood

2008-01-12 14:34 . 2008-01-12 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab

2008-01-11 23:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-11 23:18 . 2008-01-11 23:18 <DIR> d-------- C:\KAV

2008-01-11 22:45 . 2008-01-11 22:45 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData

2008-01-11 20:53 . 2008-01-11 21:28 <DIR> d---s---- C:\Documents and Settings\LocalService\Favoritter

2008-01-09 11:11 . 2008-01-09 11:11 <DIR> d--h----- C:\Documents and Settings\All Users\Programdata\CanonBJ

2008-01-09 11:11 . 2005-11-21 06:00 158,720 --a------ C:\WINDOWS\system32\CNMLM7S.DLL

2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Programfiler\Maxtor

2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Maxtor

2008-01-06 19:44 . 2008-01-06 19:44 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-01-06 19:44 . 2008-01-11 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-06 19:44 . 2008-01-06 19:44 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-05 23:46 . 2008-01-12 15:55 <DIR> d--hs---- C:\Documents and Settings\eripau\Siste

2008-01-05 23:04 . 2008-01-05 23:04 <DIR> d-------- C:\Programfiler\uTorrent

2008-01-05 23:04 . 2008-01-11 18:50 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\uTorrent

2007-12-21 21:12 . 2007-12-21 21:16 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-21 21:12 . 2007-12-21 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2007-12-21 15:36 . 2007-12-21 15:36 <DIR> d-------- C:\Programfiler\DivX

2007-12-18 09:21 . 2008-01-06 23:23 116 --a------ C:\WINDOWS\NeroDigital.ini

2007-12-18 00:10 . 2007-12-18 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LightScribe

2007-12-17 22:40 . 2005-01-31 11:18 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll

2007-12-17 22:40 . 2005-01-31 11:20 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS

2007-12-17 22:40 . 2005-01-31 11:10 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll

2007-12-17 22:40 . 2005-01-31 11:08 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll

2007-12-17 22:40 . 2005-01-31 11:00 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll

2007-12-17 22:40 . 2005-01-31 11:12 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys

2007-12-17 22:40 . 2005-01-31 09:37 9,255 -ra------ C:\WINDOWS\system32\lvcoinst.ini

2007-12-17 22:26 . 2008-01-06 23:23 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\Ahead

2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Nero

2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\WINDOWS\CatRoot

2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\Programfiler\Vimicro

2007-12-16 22:41 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe

2007-12-16 22:41 . 2004-06-18 16:52 233,557 --a------ C:\WINDOWS\system32\VM31bPrp.Ax

2007-12-16 22:41 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe

2007-12-16 22:41 . 2004-08-17 11:44 91,263 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys

2007-12-16 22:41 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll

2007-12-16 22:41 . 2002-08-22 17:02 53,248 --a------ C:\WINDOWS\StillCap.exe

2007-12-16 22:41 . 2003-08-07 15:19 49,152 --a------ C:\WINDOWS\amcap.exe

2007-12-16 22:41 . 2004-03-08 17:00 24,576 --a------ C:\WINDOWS\RunSetup.dll

2007-12-13 16:13 . 2007-12-13 16:56 1,244,214 --a------ C:\Bordell ved presse.bmp

2007-12-13 12:53 . 2007-12-13 12:55 128,127,222 --a------ C:\VTS_01_5.avi

2007-12-13 12:40 . 2007-12-13 12:53 886,747,220 --a------ C:\VTS_01_4.avi

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 13:32 --------- d-----w C:\Programfiler\Messenger Plus! Live

2008-01-12 13:21 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-01-10 23:04 --------- d-----w C:\Programfiler\Clue

2008-01-09 20:38 --------- d-----w C:\Programfiler\QuickTime

2008-01-09 17:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-01-05 22:17 --------- d-----w C:\Programfiler\Fellesfiler\Webroot Shared

2008-01-05 22:15 --------- d-----w C:\Programfiler\Privacy Guardian

2007-12-30 13:39 --------- d-----w C:\Programfiler\LimeWire

2007-12-29 15:57 --------- d-----w C:\Documents and Settings\eripau\Programdata\LimeWire

2007-12-21 20:18 --------- d-----w C:\Programfiler\Windows Live

2007-12-18 08:15 --------- d-----w C:\Documents and Settings\eripau\Programdata\Lionhead Studios

2007-12-16 21:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-12 21:16 --------- d-----w C:\Programfiler\Windows Live Safety Center

2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-12-10 08:04 --------- d-----w C:\Programfiler\Java

2007-12-04 23:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Minnetonka Audio Software

2007-12-04 22:43 --------- d-----w C:\Programfiler\Fellesfiler\AVSMedia

2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winupsvc.exe

2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winsvcup.exe

2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\mswinup.exe

2007-12-02 20:05 --------- d-----w C:\Programfiler\AVS4YOU

2007-12-02 20:01 --------- d-----w C:\Documents and Settings\eripau\Programdata\AVS4YOU

2007-12-02 18:59 --------- d-----w C:\Programfiler\Theorica Divx ;-) Codecs

2007-12-02 14:48 --------- d-----w C:\Programfiler\AliveMedia

2007-11-27 23:48 --------- d-----w C:\Documents and Settings\eripau\Programdata\Skype

2007-11-19 12:49 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-11-16 09:44 --------- d-----w C:\Programfiler\Apple Software Update

2007-11-16 09:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-26 06:43 111,464 ----a-w C:\WINDOWS\Fonts\sf_movie_poster.zip

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2004-08-04 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe

2007-06-29 08:04 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-11_23.39.01,51 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-11 22:35:35 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-12 15:04:35 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-11 22:35:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-12 15:04:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-11 22:35:36 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-12 15:04:35 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

- 2008-01-11 22:35:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-12 15:04:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-11 22:35:36 5,419,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-12 15:04:36 5,419,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

- 2008-01-11 22:35:37 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-12 15:04:37 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll

+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1E45498-D865-4E91-A579-D0AAD8D3B5A4}]

2007-01-08 03:17 155648 --a------ C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-26 18:30 94208]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088]

"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 13:28 124928]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 19:36 827392]

"QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 07:41 159744]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-06-27 11:25 185896]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]

"Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"Adobe_ID0EYTHM"="C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"mxomssmenu"="C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"MessengerPlusLiveUninstall"="C:\DOCUME~1\eripau\LOKALE~1\Temp\MsgPlusUninstall.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\eripau\Start-meny\Programmer\Oppstart\

CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 08:57:36]

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]

 

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35]

R2 Maxtor Sync Service;Maxtor Service;C:\Programfiler\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-24 01:13]

S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 00:23]

S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50]

S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 11:44]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a3c4e7e-57a1-11dc-8171-001a4b599103}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{844751e5-5b77-11dc-817c-001a735a0d0a}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e548f782-23dd-11dc-ab50-001a734a4008}]

\Shell\AutoRun\command - E:\WD_Windows_Tools\setup.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {C7099049-4779-1634-2C83-372EE984396F} /qb

.

Contents of the 'Scheduled Tasks' folder

"2008-01-09 16:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-01-12 13:37:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-12 16:15:03

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-12 16:16:10

ComboFix-quarantined-files.txt 2008-01-12 15:15:41

ComboFix2.txt 2008-01-12 14:30:44

ComboFix3.txt 2008-01-11 22:40:13

.

2008-01-11 15:11:50 --- E O F ---

[norbat]

Du kan gjøre følgende:

 

Tøm temporære filer:

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

 

Avinstaller Combofix:

Klikk: Start->Kjør

Skriv: ComboFix /u

Combifix vil starte igjen og så avinstallere seg.

 

Gjør et ekstra søk på pc etter følgende to filer:

(Bruk søkefunksjonen i windows)

C:\WINDOWS\lssas.exe

C:\WINDOWS\ntmngr.exe

Fortell om og evt. hvor disse skulle ligge (se borti fra om de ligger i noen karantenemappe eller som tekst i en eller annen tekstfil)

 

Tøm systemgjenopprettingsmappa:

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc, fjern merket igjen for å aktivere funksjonen.

Endret 12. januar 2008 av norbat

[erikpau1]

Takker så mye for hjelpen, Norbat.

Du har vært til stor hjelp.

 

Skal gi beskjed hvis viruset ved formodning ikke skulle være vekke...

 

Ps: kan jeg stille tilbake klokken til vanlig modus? combofix eller msnfix endret den til å vises som 2008-01-12 istedenfor 12. januar 2008

[norbat]

Det kan du selvfølgelig.