Gå til innhold

combofix-logg hos ICE76

ICE76

Av ICE76
i IKT-drift og sikkerhet

Anbefalte innlegg

ICE76

ICE76

Skrevet
Skrevet (endret)

Her er min logg.

 

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

 

2008-01-12 23:50 . 2008-01-12 23:50 <DIR> d-------- C:\fsaua.data

2008-01-12 19:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 19:23 . 2008-01-12 19:23 126,976 --a------ C:\zip.exe

2008-01-12 19:23 . 2008-01-12 19:23 60,416 --a------ C:\WINDOWS\system32\drivers\lblvahwq.sys

2008-01-12 19:23 . 2008-01-12 19:23 1,080 --a------ C:\afyivpvt.bat

2008-01-12 08:37 . 2008-01-12 08:37 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-01-12 08:37 . 2008-01-12 19:14 <DIR> d-------- C:\Documents and Settings\Arild Rønning\Programdata\AVG7

2008-01-12 08:37 . 2008-01-12 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-01-12 08:37 . 2008-01-12 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-01-04 22:00 . 2008-01-04 22:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2008-01-03 20:22 . 2008-01-03 20:25 <DIR> d-------- C:\Programfiler\SpeedFan

2008-01-03 20:22 . 2008-01-03 20:22 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-01-02 14:26 . 2008-01-02 14:26 83 --a------ C:\WINDOWS\wwp.INI

2007-12-25 02:08 . 2007-12-25 02:08 <DIR> d-------- C:\Programfiler\XviD

2007-12-25 02:08 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-12-25 02:08 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-12-25 02:08 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2007-12-22 11:26 . 2008-01-12 08:31 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2007-12-22 11:06 . 2007-12-22 11:06 <DIR> d-------- C:\Documents and Settings\Arild Rønning\Programdata\Simply Super Software

2007-12-22 11:06 . 2007-12-22 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Simply Super Software

2007-12-22 11:06 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2007-12-22 11:06 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2007-12-17 08:16 . 2007-12-17 08:16 <DIR> d-------- C:\Documents and Settings\Arild Rønning\Programdata\vlc

2007-12-17 08:15 . 2007-12-17 08:15 <DIR> d-------- C:\Programfiler\VideoLAN

2007-12-17 08:09 . 2007-12-17 08:09 <DIR> d-------- C:\Programfiler\defaultlogomode

2007-12-17 07:32 . 2007-12-17 08:10 <DIR> d-------- C:\Documents and Settings\Arild Rønning\Programdata\defaultlogomode

2007-12-17 07:32 . 2007-12-17 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Software rule flag owns

2007-12-13 15:52 . 2007-12-13 15:53 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-13 15:52 . 2007-12-13 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 23:06 --------- d-----w C:\Documents and Settings\Arild Rønning\Programdata\uTorrent

2008-01-04 06:44 --------- d-----w C:\Documents and Settings\Arild Rønning\Programdata\dvdcss

2007-12-31 15:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-20 23:58 --------- d-----w C:\Programfiler\Windows Live Safety Center

2007-12-13 14:52 --------- d-----w C:\Programfiler\Windows Live

2007-11-30 17:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\ATI

2007-11-30 15:54 --------- d-----w C:\Programfiler\Windows Live Toolbar

2007-11-30 15:54 --------- d-----w C:\Programfiler\Windows Live Favorites

2007-11-28 00:25 --------- d-----w C:\Documents and Settings\Arild Rønning\Programdata\Earthsim

2007-11-28 00:14 --------- d-----w C:\Programfiler\ATI Technologies

2007-11-28 00:05 --------- d-----w C:\Programfiler\Windows Desktop Search

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-11-01 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll

2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll

2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll

2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-12_19.31.32,17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-11 14:20:52 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll

+ 2007-12-11 14:20:52 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll

+ 2007-12-11 14:22:14 397,312 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll

+ 2007-12-11 14:20:52 159,744 ----a-w C:\WINDOWS\Downloaded Program Files\fsld32.dll

+ 2007-12-11 14:20:24 580,200 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe

+ 2007-12-11 14:20:24 580,200 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncheradmin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]

"uTorrent"="C:\Programfiler\uTorrent\uTorrent.exe" [2007-09-17 07:14 219952]

"AWMON"="E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 11:12 517632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-08-09 00:00 950664]

"LiveMonitor"="C:\Programfiler\MSI\Live Update 3\LMonitor.exe" [ ]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]

"Adobe Reader Speed Launcher"="E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]

"NWEReboot"="" []

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 09:14 528384]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]

"MediaFace Integration"="E:\Programfiler\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 16:46 53248]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 08:37 219136]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 14:50 233472]

 

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 17:08]

R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]

S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-10-10 10:50]

 

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2007-12-22 10:00:01 C:\WINDOWS\Tasks\A01FEBF39198656F.job"

- c:\docume~1\arildr~1\progra~1\defaul~1\RoadTestAim.exe

"2007-12-22 09:48:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 00:07:01

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-13 0:07:36

ComboFix2.txt 2008-01-12 18:31:49

.

2008-01-08 21:20:59 --- E O F ---

 

 

Har ikke så mye mer peiling på hva jeg skal gjøre så om noen kan hjelpe er jeg takknemlig.

Endret av ICE76
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet (endret)

Hent NoLop.exe, legg det på skrivebordet.

 

Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen.

 

Gå til nettstedet Jotti og last opp følgende fil for sjekk:

C:\WINDOWS\system32\drivers\lblvahwq.sys

(Mulig du må slå på visning av skjulte filer og mapper samt beskyttede operativsystemfiler - Kontrollpanel->Mappealt.->Vis)

 

Blir det funnet noe på fila, forandrer du navnet til den: lblvahwq.sys.vir

 

Bruk utforsker til å slette mappa:

C:\Documents and Settings\All Users\Programdata\Software rule flag owns

 

Kjør en full scan med SAS (gratisversjonen).

 

Gi tilbakemelding på hvordan det har gått og om filene ble slettet.

(Du kan godt poste en ny combofix-logg)

Endret av norbat
Lenke til kommentar
ICE76

ICE76

Skrevet
  • Forfatter
Skrevet

Har da fulgt alle norbat's sine tips og kommet til følgende logg:

 

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))

.

 

2008-01-13 09:49 . 2008-01-13 09:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-13 09:49 . 2008-01-13 09:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-13 09:49 . 2008-01-13 09:49 <DIR> d-------- C:\Documents and Settings\Arild Rønning\Programdata\SUPERAntiSpyware.com

2008-01-13 09:49 . 2008-01-13 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-01-13 09:19 . 2008-01-13 09:21 <DIR> d-------- C:\NoLopBackups

2008-01-13 09:19 . 2008-01-13 09:20 132 --a------ C:\delete.bat

2008-01-12 23:50 . 2008-01-12 23:50 <DIR> d-------- C:\fsaua.data

2008-01-12 19:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 19:23 . 2008-01-12 19:23 126,976 --a------ C:\zip.exe

2008-01-12 19:23 . 2008-01-12 19:23 60,416 --a------ C:\WINDOWS\system32\drivers\lblvahwq.sys

2008-01-12 19:23 . 2008-01-12 19:23 1,080 --a------ C:\afyivpvt.bat

2008-01-12 08:37 . 2008-01-12 08:37 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-01-12 08:37 . 2008-01-12 19:14 <DIR> d-------- C:\Documents and Settings\Arild Rønning\Programdata\AVG7

2008-01-12 08:37 . 2008-01-12 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-01-12 08:37 . 2008-01-12 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-01-04 22:00 . 2008-01-04 22:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2008-01-03 20:22 . 2008-01-03 20:25 <DIR> d-------- C:\Programfiler\SpeedFan

2008-01-03 20:22 . 2008-01-03 20:22 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-01-02 14:26 . 2008-01-02 14:26 83 --a------ C:\WINDOWS\wwp.INI

2007-12-25 02:08 . 2007-12-25 02:08 <DIR> d-------- C:\Programfiler\XviD

2007-12-25 02:08 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-12-25 02:08 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-12-25 02:08 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2007-12-22 11:26 . 2008-01-12 08:31 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2007-12-22 11:06 . 2007-12-22 11:06 <DIR> d-------- C:\Documents and Settings\Arild Rønning\Programdata\Simply Super Software

2007-12-22 11:06 . 2007-12-22 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Simply Super Software

2007-12-22 11:06 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2007-12-22 11:06 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2007-12-17 08:16 . 2007-12-17 08:16 <DIR> d-------- C:\Documents and Settings\Arild Rønning\Programdata\vlc

2007-12-17 08:15 . 2007-12-17 08:15 <DIR> d-------- C:\Programfiler\VideoLAN

2007-12-17 08:09 . 2007-12-17 08:09 <DIR> d-------- C:\Programfiler\defaultlogomode

2007-12-17 07:32 . 2007-12-17 08:10 <DIR> d-------- C:\Documents and Settings\Arild Rønning\Programdata\defaultlogomode

2007-12-13 15:52 . 2007-12-13 15:53 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-13 15:52 . 2007-12-13 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-13 10:12 --------- d-----w C:\Documents and Settings\Arild Rønning\Programdata\uTorrent

2008-01-04 06:44 --------- d-----w C:\Documents and Settings\Arild Rønning\Programdata\dvdcss

2007-12-31 15:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-20 23:58 --------- d-----w C:\Programfiler\Windows Live Safety Center

2007-12-13 14:52 --------- d-----w C:\Programfiler\Windows Live

2007-11-30 17:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\ATI

2007-11-30 15:54 --------- d-----w C:\Programfiler\Windows Live Toolbar

2007-11-30 15:54 --------- d-----w C:\Programfiler\Windows Live Favorites

2007-11-28 00:25 --------- d-----w C:\Documents and Settings\Arild Rønning\Programdata\Earthsim

2007-11-28 00:14 --------- d-----w C:\Programfiler\ATI Technologies

2007-11-28 00:05 --------- d-----w C:\Programfiler\Windows Desktop Search

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-11-01 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll

2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll

2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll

2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-12_19.31.32,17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-11 14:20:52 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll

+ 2007-12-11 14:20:52 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll

+ 2007-12-11 14:22:14 397,312 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll

+ 2007-12-11 14:20:52 159,744 ----a-w C:\WINDOWS\Downloaded Program Files\fsld32.dll

+ 2007-12-11 14:20:24 580,200 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe

+ 2007-12-11 14:20:24 580,200 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncheradmin.exe

+ 2008-01-13 08:49:29 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe

+ 2008-01-13 08:49:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-01-13 08:49:29 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2008-01-12 18:26:03 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat

+ 2008-01-13 08:21:54 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat

- 2008-01-12 18:26:03 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat

+ 2008-01-13 08:21:54 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat

+ 2008-01-13 08:21:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_76c.dat

- 2008-01-12 18:26:03 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-13 08:21:54 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]

"uTorrent"="C:\Programfiler\uTorrent\uTorrent.exe" [2007-09-17 07:14 219952]

"AWMON"="E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 11:12 517632]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-08-09 00:00 950664]

"LiveMonitor"="C:\Programfiler\MSI\Live Update 3\LMonitor.exe" [ ]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]

"Adobe Reader Speed Launcher"="E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]

"NWEReboot"="" []

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 09:14 528384]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]

"MediaFace Integration"="E:\Programfiler\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 16:46 53248]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 08:37 219136]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 14:50 233472]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 17:08]

R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]

S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-10-10 10:50]

 

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

Contents of the 'Scheduled Tasks' folder

"2007-12-22 09:48:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 11:20:01

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-13 11:20:26

ComboFix2.txt 2008-01-12 23:07:36

ComboFix3.txt 2008-01-12 18:31:49

.

2008-01-08 21:20:59 --- E O F ---

 

Tror jeg nærmer meg en "rein" data :new_woot:

Lenke til kommentar
ICE76

ICE76

Skrevet
  • Forfatter
Skrevet

Jepp :thumbup:

Den er ikke til stede :woot:

Tusen takk for all hjelp.

Har det litt travelt nå, men skal rydde mine egne notater litt her samt forhistorien slik at det bedre kan hjelpe andre i denne situasjonen.

All ære å takk for denne løsningen til norbat

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...