Photobucket-virus i Messenger

[smulungen]

Hej, jag har läst i andra threads här på sidan om det här viruset och jag har kört Combofix. Jag vet inte vad jag ska göra nu och hoppas verkligen att nån kan hjälpa mig! Här är loggen från combofix:

 

ComboFix 08-01-11.3 - Administratör 2008-01-12 14:51:43.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1053.18.1217 [GMT 0:00]

Running from: C:\Users\Karin\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\images.zip

C:\Windows\system32\systeminfo.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

 

2008-01-12 14:48 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe

2008-01-12 00:55 . 2008-01-12 00:56 <KAT> d-------- C:\Program Files\Windows Live Safety Center

2008-01-12 00:52 . 2008-01-12 00:52 <KAT> d-------- C:\Windows\LastGood

2008-01-12 00:48 . 2008-01-12 00:52 <KAT> d-------- C:\Program Files\Windows Live

2008-01-12 00:48 . 2008-01-12 00:52 <KAT> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-12 00:47 . 2008-01-12 00:47 <KAT> d-------- C:\Users\All Users\WLInstaller

2008-01-12 00:47 . 2008-01-12 00:47 <KAT> d-------- C:\ProgramData\WLInstaller

2008-01-12 00:34 . 2008-01-12 00:34 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-01-12 00:34 . 2008-01-12 00:34 216,760 --a------ C:\Windows\System32\drivers\netio.sys

2008-01-12 00:34 . 2008-01-12 00:34 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-01-12 00:34 . 2008-01-12 00:34 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-01-12 00:34 . 2008-01-12 00:34 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-01-12 00:33 . 2008-01-12 00:33 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-01-12 00:33 . 2008-01-12 00:33 1,686,016 --a------ C:\Windows\System32\gameux.dll

2008-01-12 00:33 . 2008-01-12 00:33 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-01-12 00:33 . 2008-01-12 00:33 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys

2008-01-12 00:33 . 2008-01-12 00:33 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-01-12 00:33 . 2008-01-12 00:33 109,624 --a------ C:\Windows\System32\drivers\ataport.sys

2008-01-12 00:33 . 2008-01-12 00:33 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys

2008-01-12 00:33 . 2008-01-12 00:33 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

2008-01-12 00:33 . 2008-01-12 00:33 15,928 --a------ C:\Windows\System32\drivers\pciide.sys

2008-01-12 00:33 . 2008-01-12 00:33 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-01-11 19:38 . 2008-01-11 19:39 232,978,714 --a------ C:\Windows\MEMORY.DMP

2008-01-11 18:55 . 2008-01-11 18:55 <KAT> d-------- C:\Users\All Users\BlazeVideo

2008-01-11 18:55 . 2008-01-11 18:55 <KAT> d-------- C:\ProgramData\BlazeVideo

2008-01-11 18:55 . 2008-01-11 18:55 <KAT> d-------- C:\Program Files\BlazeVideo

2008-01-11 18:51 . 2006-12-05 16:11 117,376 --a------ C:\Windows\System32\drivers\AF05BDA.sys

2008-01-11 18:51 . 2006-08-28 20:52 28,672 --a------ C:\Windows\System32\AF05BDAEX.dll

2008-01-11 18:34 . 2008-01-11 18:29 36,864 -r-hs---- C:\Windows\ntmngr.exe

2007-12-16 03:08 . 2007-12-16 03:08 1,327,104 --a------ C:\Windows\System32\quartz.dll

2007-12-16 03:08 . 2007-12-16 03:08 223,232 --a------ C:\Windows\System32\WMASF.DLL

2007-12-16 03:08 . 2007-12-16 03:08 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2007-12-16 03:08 . 2007-12-16 03:08 2,048 --a------ C:\Windows\System32\asferror.dll

2007-12-16 03:05 . 2007-12-16 03:05 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl

2007-12-16 03:05 . 2007-12-16 03:05 56,320 --a------ C:\Windows\System32\iesetup.dll

2007-12-16 03:05 . 2007-12-16 03:05 26,624 --a------ C:\Windows\System32\ieUnatt.exe

2007-12-16 03:04 . 2007-12-16 03:04 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2007-12-16 03:04 . 2007-12-16 03:04 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2007-12-16 03:04 . 2007-12-16 03:04 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2007-12-16 03:04 . 2007-12-16 03:04 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2007-12-16 03:02 . 2007-12-16 03:02 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe

2007-12-16 03:02 . 2007-12-16 03:02 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe

2007-12-16 03:02 . 2007-12-16 03:02 2,048 --a------ C:\Windows\System32\tzres.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 14:57 1,048,576 --sha-w C:\Users\Administratör\NTUSER.DAT

2008-01-12 14:57 1,048,576 --sha-w C:\Users\Administratör\NTUSER.DAT

2008-01-12 00:40 --------- d-----w C:\Program Files\Norman

2008-01-12 00:36 --------- d-----w C:\Program Files\Windows Mail

2008-01-12 00:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-01-12 00:33 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-01-12 00:33 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-01-12 00:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-01-12 00:33 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-11 23:05 --------- d-----w C:\Users\Karin\AppData\Roaming\Skype

2008-01-11 22:49 --------- d-----w C:\Users\Karin\AppData\Roaming\skypePM

2008-01-11 00:01 --------- d-----w C:\ProgramData\Microsoft Help

2008-01-06 19:47 27,335 ----a-w C:\Users\Karin\AppData\Roaming\nvModes.dat

2008-01-03 19:22 218 ----a-w C:\Users\Karin\AppData\Roaming\wklnhst.dat

2007-12-16 03:06 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-16 03:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-11-29 23:18 --------- d-----w C:\Program Files\ReflexiveArcade

2007-11-28 21:40 --------- d-----w C:\Program Files\Java

2007-11-28 21:38 --------- d-----w C:\Program Files\Common Files\Java

2007-11-28 20:09 32 ----a-w C:\Users\All Users\ezsid.dat

2007-11-28 20:09 32 ----a-w C:\ProgramData\ezsid.dat

2007-11-28 20:03 --------- d-----w C:\ProgramData\Skype

2007-11-28 20:03 --------- d-----w C:\Program Files\Skype

2007-11-28 20:03 --------- d-----w C:\Program Files\Common Files\Skype

2007-11-26 10:47 --------- d-----w C:\Users\Karin\AppData\Roaming\Thunderbird

2007-11-26 10:47 --------- d-----w C:\Users\Administratör\AppData\Roaming\Thunderbird

2007-11-26 10:47 --------- d-----w C:\Users\Administratör\AppData\Roaming\Mozilla

2007-11-26 10:47 --------- d-----w C:\Program Files\Mozilla Thunderbird

2007-11-18 03:10 --------- d-----w C:\Users\Karin\AppData\Roaming\uTorrent

2007-11-18 03:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-18 03:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-18 03:05 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-18 03:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-18 03:05 28,344 ----a-w C:\Windows\system32\drivers\battc.sys

2007-11-18 03:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2007-11-18 03:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-18 03:05 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys

2007-11-18 03:05 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-18 03:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-11-18 03:05 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys

2007-11-18 03:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-18 03:04 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-11-18 03:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-11-18 03:03 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2007-11-18 03:03 8,704 ----a-w C:\Windows\System32\hccoin.dll

2007-11-18 03:03 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys

2007-11-18 03:03 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys

2007-11-18 03:03 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys

2007-11-18 03:03 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys

2007-11-18 03:03 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys

2007-11-18 03:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-13 13:47 --------- d-----w C:\Users\Karin\AppData\Roaming\Template

2007-11-09 11:34 28,095 ----a-w C:\Users\Administratör\AppData\Roaming\nvModes.dat

2007-10-27 22:57 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll

2007-10-27 22:57 23,552 ----a-w C:\Windows\System32\lpremove.exe

2007-10-27 22:57 165,888 ----a-w C:\Windows\System32\lpksetup.exe

2007-10-27 22:57 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll

2007-10-27 22:51 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-10-27 22:51 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-10-27 22:51 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-10-27 22:51 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-10-27 22:50 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-10-27 22:50 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-10-27 22:50 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-10-27 22:49 750,080 ----a-w C:\Windows\System32\qmgr.dll

2007-10-27 07:51 80,896 ----a-w C:\Windows\System32\wudriver.dll

2007-10-27 07:51 549,720 ----a-w C:\Windows\System32\wuapi.dll

2007-10-27 07:51 53,080 ----a-w C:\Windows\System32\wuauclt.exe

2007-10-27 07:51 43,352 ----a-w C:\Windows\System32\wups2.dll

2007-10-27 07:51 33,624 ----a-w C:\Windows\System32\wups.dll

2007-10-27 07:51 31,232 ----a-w C:\Windows\System32\wuapp.exe

2007-10-27 07:51 163,000 ----a-w C:\Windows\System32\wuwebv.dll

2007-10-27 07:51 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll

2007-10-27 07:51 1,524,224 ----a-w C:\Windows\System32\wucltux.dll

2007-10-18 11:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll

2007-09-12 12:26 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 00:33 1232896]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 12:34 2159104 C:\Windows\System32\oobefldr.dll]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]

"BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" [2007-03-07 17:30 270336]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-12 11:52 1006264]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-18 23:31 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-18 23:31 8466432]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-18 23:31 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 14:01 4431872 C:\Windows\RtHDVCpl.exe]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-05-25 10:17 159744]

"FIC HotKey"="C:\Program Files\Hotkey Utility\tray.exe" [2007-07-13 21:38 561152]

"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2007-05-16 18:42 29696]

"Silent Mode"="C:\Program Files\Light Sensor Utility\Sensor.exe" [2007-06-27 16:56 253952]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 18:46 153136]

"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 12:41 183352]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"*WerKernelReporting"="C:\Windows\SYSTEM32\WerFault.exe" [2006-11-02 09:45 216064]

 

C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Sk„rmurklipp och start f”r OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 18:24:54]

 

R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 07:55]

R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 17:52]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-03-15 15:46]

R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2007-07-09 08:50]

R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-07-12 09:38]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 11:23]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-15 22:00]

R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-21 22:00]

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2007-05-07 11:48]

S3 AF05BDA;AF9005 BDA Device;C:\Windows\system32\drivers\AF05BDA.sys [2006-12-05 16:11]

S3 nvcfsr;nvcfsr;C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 13:25]

S3 nvcoafl4;nvcoafl4;C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 13:25]

S3 nvcoaft4;nvcoaft4;C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 13:25]

S3 nvcoarc4;nvcoarc4;C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 13:25]

S4 viamraid;viamraid;C:\Windows\system32\drivers\viamraid.sys [2006-03-31 00:18]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

 

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2008-01-12 14:44:31 C:\Windows\Tasks\User_Feed_Synchronization-{3AB2F12E-EEE9-4E2F-AECE-F09DAD0FC20E}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-12 14:57:14

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-12 14:59:31

ComboFix-quarantined-files.txt 2008-01-12 14:59:22

.

2008-01-12 00:34:58 --- E O F ---

[norbat]

Hej, smulungen

 

Denne filen: C:\Windows\ntmngr.exe skal bort.

 

Du kan bruke utforsker til å finne og slette den, eller gjør følgende:

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\Windows\ntmngr.exe

 

Post loggen igjen.

 

Deretter kan du tømme temp.-filer. Du kan bruke f.eks. CCleaner:

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Kjør også noen runder med 'Register'til det ikke finner flere feil.

[smulungen]

Det här är loggen som skapades efter när jag släppt CFScript.txt på Combofix-iconet:

 

 

 

ComboFix 08-01-11.3 - Administratör 2008-01-12 18:05:16.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1053.18.1281 [GMT 0:00]

Running from: C:\Users\Karin\Desktop\ComboFix.exe

Command switches used :: C:\Users\Karin\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\Windows\ntmngr.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\ntmngr.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

 

2008-01-12 15:02 . 2008-01-12 15:02 41 --a------ C:\Windows\System32\Filzip.ini

2008-01-12 14:48 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe

2008-01-12 00:55 . 2008-01-12 00:56 <KAT> d-------- C:\Program Files\Windows Live Safety Center

2008-01-12 00:52 . 2008-01-12 00:52 <KAT> d-------- C:\Windows\LastGood.Tmp

2008-01-12 00:48 . 2008-01-12 00:52 <KAT> d-------- C:\Program Files\Windows Live

2008-01-12 00:48 . 2008-01-12 00:52 <KAT> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-12 00:47 . 2008-01-12 00:47 <KAT> d-------- C:\Users\All Users\WLInstaller

2008-01-12 00:47 . 2008-01-12 00:47 <KAT> d-------- C:\ProgramData\WLInstaller

2008-01-12 00:34 . 2008-01-12 00:34 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-01-12 00:34 . 2008-01-12 00:34 216,760 --a------ C:\Windows\System32\drivers\netio.sys

2008-01-12 00:34 . 2008-01-12 00:34 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-01-12 00:34 . 2008-01-12 00:34 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-01-12 00:34 . 2008-01-12 00:34 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-01-12 00:33 . 2008-01-12 00:33 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-01-12 00:33 . 2008-01-12 00:33 1,686,016 --a------ C:\Windows\System32\gameux.dll

2008-01-12 00:33 . 2008-01-12 00:33 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-01-12 00:33 . 2008-01-12 00:33 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys

2008-01-12 00:33 . 2008-01-12 00:33 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-01-12 00:33 . 2008-01-12 00:33 109,624 --a------ C:\Windows\System32\drivers\ataport.sys

2008-01-12 00:33 . 2008-01-12 00:33 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys

2008-01-12 00:33 . 2008-01-12 00:33 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

2008-01-12 00:33 . 2008-01-12 00:33 15,928 --a------ C:\Windows\System32\drivers\pciide.sys

2008-01-12 00:33 . 2008-01-12 00:33 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-01-11 19:38 . 2008-01-11 19:39 232,978,714 --a------ C:\Windows\MEMORY.DMP

2008-01-11 18:55 . 2008-01-11 18:55 <KAT> d-------- C:\Users\All Users\BlazeVideo

2008-01-11 18:55 . 2008-01-11 18:55 <KAT> d-------- C:\ProgramData\BlazeVideo

2008-01-11 18:55 . 2008-01-11 18:55 <KAT> d-------- C:\Program Files\BlazeVideo

2008-01-11 18:51 . 2006-12-05 16:11 117,376 --a------ C:\Windows\System32\drivers\AF05BDA.sys

2008-01-11 18:51 . 2006-08-28 20:52 28,672 --a------ C:\Windows\System32\AF05BDAEX.dll

2007-12-16 03:08 . 2007-12-16 03:08 1,327,104 --a------ C:\Windows\System32\quartz.dll

2007-12-16 03:08 . 2007-12-16 03:08 223,232 --a------ C:\Windows\System32\WMASF.DLL

2007-12-16 03:08 . 2007-12-16 03:08 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2007-12-16 03:08 . 2007-12-16 03:08 2,048 --a------ C:\Windows\System32\asferror.dll

2007-12-16 03:05 . 2007-12-16 03:05 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl

2007-12-16 03:05 . 2007-12-16 03:05 56,320 --a------ C:\Windows\System32\iesetup.dll

2007-12-16 03:05 . 2007-12-16 03:05 26,624 --a------ C:\Windows\System32\ieUnatt.exe

2007-12-16 03:04 . 2007-12-16 03:04 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2007-12-16 03:04 . 2007-12-16 03:04 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2007-12-16 03:04 . 2007-12-16 03:04 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2007-12-16 03:04 . 2007-12-16 03:04 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2007-12-16 03:02 . 2007-12-16 03:02 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe

2007-12-16 03:02 . 2007-12-16 03:02 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe

2007-12-16 03:02 . 2007-12-16 03:02 2,048 --a------ C:\Windows\System32\tzres.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 18:07 1,048,576 --sha-w C:\Users\Administratör\NTUSER.DAT

2008-01-12 18:07 1,048,576 --sha-w C:\Users\Administratör\NTUSER.DAT

2008-01-12 15:04 --------- d-----w C:\Program Files\Norman

2008-01-12 00:36 --------- d-----w C:\Program Files\Windows Mail

2008-01-12 00:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-01-12 00:33 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-01-12 00:33 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-01-12 00:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-01-12 00:33 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-11 23:05 --------- d-----w C:\Users\Karin\AppData\Roaming\Skype

2008-01-11 22:49 --------- d-----w C:\Users\Karin\AppData\Roaming\skypePM

2008-01-11 00:01 --------- d-----w C:\ProgramData\Microsoft Help

2008-01-06 19:47 27,335 ----a-w C:\Users\Karin\AppData\Roaming\nvModes.dat

2008-01-03 19:22 218 ----a-w C:\Users\Karin\AppData\Roaming\wklnhst.dat

2007-12-16 03:06 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-16 03:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-11-29 23:18 --------- d-----w C:\Program Files\ReflexiveArcade

2007-11-28 21:40 --------- d-----w C:\Program Files\Java

2007-11-28 21:38 --------- d-----w C:\Program Files\Common Files\Java

2007-11-28 20:09 32 ----a-w C:\Users\All Users\ezsid.dat

2007-11-28 20:09 32 ----a-w C:\ProgramData\ezsid.dat

2007-11-28 20:03 --------- d-----w C:\ProgramData\Skype

2007-11-28 20:03 --------- d-----w C:\Program Files\Skype

2007-11-28 20:03 --------- d-----w C:\Program Files\Common Files\Skype

2007-11-26 10:47 --------- d-----w C:\Users\Karin\AppData\Roaming\Thunderbird

2007-11-26 10:47 --------- d-----w C:\Users\Administratör\AppData\Roaming\Thunderbird

2007-11-26 10:47 --------- d-----w C:\Users\Administratör\AppData\Roaming\Mozilla

2007-11-26 10:47 --------- d-----w C:\Program Files\Mozilla Thunderbird

2007-11-18 03:10 --------- d-----w C:\Users\Karin\AppData\Roaming\uTorrent

2007-11-18 03:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-18 03:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-18 03:05 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-18 03:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-18 03:05 28,344 ----a-w C:\Windows\system32\drivers\battc.sys

2007-11-18 03:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2007-11-18 03:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-18 03:05 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys

2007-11-18 03:05 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-18 03:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-11-18 03:05 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys

2007-11-18 03:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-18 03:04 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-11-18 03:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-11-18 03:03 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2007-11-18 03:03 8,704 ----a-w C:\Windows\System32\hccoin.dll

2007-11-18 03:03 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys

2007-11-18 03:03 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys

2007-11-18 03:03 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys

2007-11-18 03:03 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys

2007-11-18 03:03 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys

2007-11-18 03:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-13 13:47 --------- d-----w C:\Users\Karin\AppData\Roaming\Template

2007-11-09 11:34 28,095 ----a-w C:\Users\Administratör\AppData\Roaming\nvModes.dat

2007-10-27 22:57 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll

2007-10-27 22:57 23,552 ----a-w C:\Windows\System32\lpremove.exe

2007-10-27 22:57 165,888 ----a-w C:\Windows\System32\lpksetup.exe

2007-10-27 22:57 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll

2007-10-27 22:51 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-10-27 22:51 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-10-27 22:51 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-10-27 22:51 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-10-27 22:50 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-10-27 22:50 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-10-27 22:50 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-10-27 22:49 750,080 ----a-w C:\Windows\System32\qmgr.dll

2007-10-27 07:51 80,896 ----a-w C:\Windows\System32\wudriver.dll

2007-10-27 07:51 549,720 ----a-w C:\Windows\System32\wuapi.dll

2007-10-27 07:51 53,080 ----a-w C:\Windows\System32\wuauclt.exe

2007-10-27 07:51 43,352 ----a-w C:\Windows\System32\wups2.dll

2007-10-27 07:51 33,624 ----a-w C:\Windows\System32\wups.dll

2007-10-27 07:51 31,232 ----a-w C:\Windows\System32\wuapp.exe

2007-10-27 07:51 163,000 ----a-w C:\Windows\System32\wuwebv.dll

2007-10-27 07:51 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll

2007-10-27 07:51 1,524,224 ----a-w C:\Windows\System32\wucltux.dll

2007-10-18 11:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll

2007-09-12 12:26 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-12_14.58.08,95 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-12 13:35:52 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-01-12 17:55:11 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-01-12 14:50:33 176,128 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-12 18:05:03 176,128 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-12 14:50:33 155,648 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT

+ 2008-01-12 18:05:03 155,648 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000002\NTUSER.DAT

- 2008-01-12 14:50:33 1,671,168 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-12 18:05:03 1,675,264 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

- 2008-01-12 14:50:34 2,691,072 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-12 18:05:03 2,691,072 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-12 14:50:34 1,024,000 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-12 18:05:03 1,024,000 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

- 2008-01-12 14:50:34 368,640 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-12 18:05:03 368,640 ----a-w C:\Windows\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

- 2008-01-12 14:35:58 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-01-12 17:55:13 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-01-12 00:53:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-01-12 15:05:17 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-01-12 15:05:17 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-01-12 13:37:14 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

+ 2008-01-12 15:07:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat

- 2008-01-12 00:41:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-01-12 15:05:12 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-01-12 15:05:12 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-01-12 00:46:07 103,924 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-01-12 15:09:17 103,924 ----a-w C:\Windows\System32\perfc009.dat

- 2008-01-12 00:46:07 81,514 ----a-w C:\Windows\System32\perfc01D.dat

+ 2008-01-12 15:09:17 81,514 ----a-w C:\Windows\System32\perfc01D.dat

- 2008-01-12 00:46:07 610,142 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-01-12 15:09:17 610,142 ----a-w C:\Windows\System32\perfh009.dat

- 2008-01-12 00:46:07 472,414 ----a-w C:\Windows\System32\perfh01D.dat

+ 2008-01-12 15:09:17 472,414 ----a-w C:\Windows\System32\perfh01D.dat

- 2008-01-12 00:42:17 6,290 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3786830622-2154953181-3828633063-1001_UserData.bin

+ 2008-01-12 15:06:31 6,290 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3786830622-2154953181-3828633063-1001_UserData.bin

- 2008-01-12 00:42:16 55,320 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-01-12 15:06:31 55,368 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-01-12 00:42:15 31,590 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-01-12 15:06:30 32,030 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 00:33 1232896]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 12:34 2159104 C:\Windows\System32\oobefldr.dll]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]

"BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" [2007-03-07 17:30 270336]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-12 11:52 1006264]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-18 23:31 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-18 23:31 8466432]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-18 23:31 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 14:01 4431872 C:\Windows\RtHDVCpl.exe]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-05-25 10:17 159744]

"FIC HotKey"="C:\Program Files\Hotkey Utility\tray.exe" [2007-07-13 21:38 561152]

"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2007-05-16 18:42 29696]

"Silent Mode"="C:\Program Files\Light Sensor Utility\Sensor.exe" [2007-06-27 16:56 253952]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 18:46 153136]

"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 12:41 183352]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"*WerKernelReporting"="C:\Windows\SYSTEM32\WerFault.exe" [2006-11-02 09:45 216064]

 

C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Sk„rmurklipp och start f”r OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 18:24:54]

 

R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 07:55]

R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 17:52]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-03-15 15:46]

R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2007-07-09 08:50]

R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-07-12 09:38]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 11:23]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-15 22:00]

R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-21 22:00]

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2007-05-07 11:48]

S3 AF05BDA;AF9005 BDA Device;C:\Windows\system32\drivers\AF05BDA.sys [2006-12-05 16:11]

S3 nvcfsr;nvcfsr;C:\Program Files\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 13:25]

S3 nvcoafl4;nvcoafl4;C:\Program Files\Norman\Nvc\bin\nvcoafl4.sys [2007-01-09 13:25]

S3 nvcoaft4;nvcoaft4;C:\Program Files\Norman\Nvc\bin\nvcoaft4.sys [2007-01-09 13:25]

S3 nvcoarc4;nvcoarc4;C:\Program Files\Norman\Nvc\bin\nvcoarc4.sys [2007-01-09 13:25]

S4 viamraid;viamraid;C:\Windows\system32\drivers\viamraid.sys [2006-03-31 00:18]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-12 17:58:04 C:\Windows\Tasks\User_Feed_Synchronization-{3AB2F12E-EEE9-4E2F-AECE-F09DAD0FC20E}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-12 18:08:00

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-12 18:09:05

ComboFix-quarantined-files.txt 2008-01-12 18:09:01

ComboFix2.txt 2008-01-12 14:59:33

.

2008-01-12 00:34:58 --- E O F ---

[norbat]

Loggen ser fin ut.

 

Er det fortsatt problemer med MSN?

[smulungen]

Nej, det verkar fungera nu. Tack så hemskt mycket för hjälpen!!! Jag skulle inte ha kunnat lösa problemet själv så jag uppskattar det verkligen!

[norbat]

Bare hyggelig å være til hjelp.

 

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

 

Surf trygt.

[smulungen]

Japp. Det har jag gjort nu. Tack än en gång!