combofix log trenger hjelp

[kjetilbjarne]

ComboFix 08-12-14.01 - Kjetil 2008-12-14 20:40:33.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1918.1418 [GMT 1:00]

Kjører fra: c:\documents and settings\Kjetil\Skrivebord\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

* Resident AV is active

 

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\404Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-14 til 2008-12-14 )))))))))))))))))))))))))))))))))

.

 

2008-12-14 19:25 . 2008-12-14 19:25 <DIR> d-------- c:\programfiler\SUPERAntiSpyware

2008-12-14 19:25 . 2008-12-14 19:25 <DIR> d-------- c:\documents and settings\Kjetil\Programdata\SUPERAntiSpyware.com

2008-12-14 19:25 . 2008-12-14 19:25 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com

2008-12-14 19:24 . 2008-12-14 19:24 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard

2008-12-14 19:11 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe

2008-12-14 18:56 . 2008-12-14 20:06 <DIR> d-------- C:\Ny mappe

2008-12-14 17:59 . 2008-12-14 18:00 1,905 --a------ c:\windows\diagwrn.xml

2008-12-14 17:59 . 2008-12-14 18:00 1,905 --a------ c:\windows\diagerr.xml

2008-12-14 15:17 . 2008-12-14 15:17 230 --a------ c:\windows\system32\spupdsvc.inf

2008-12-11 17:19 . 2008-12-11 17:25 <DIR> d-a------ c:\documents and settings\All Users\Programdata\TEMP

2008-12-11 00:46 . 2008-12-14 20:40 <DIR> d--h----- C:\$AVG8.VAULT$

2008-12-11 00:39 . 2008-12-11 00:42 <DIR> d-------- c:\programfiler\Windows Live

2008-12-11 00:39 . 2008-12-11 00:41 <DIR> d--hsc--- c:\programfiler\Fellesfiler\WindowsLiveInstaller

2008-12-11 00:39 . 2008-12-11 00:39 <DIR> d-------- c:\documents and settings\All Users\Programdata\WLInstaller

2008-12-11 00:30 . 2008-12-11 00:30 <DIR> d-------- C:\Program Files

2008-12-11 00:22 . 2008-12-11 00:22 <DIR> d-------- c:\programfiler\Trend Micro

2008-12-02 11:23 . 2008-12-02 11:23 268 --ah----- C:\sqmdata15.sqm

2008-12-02 11:23 . 2008-12-02 11:23 244 --ah----- C:\sqmnoopt15.sqm

2008-12-02 11:05 . 2008-12-02 11:05 <DIR> d-------- c:\documents and settings\All Users\Programdata\Emotum

2008-12-02 10:44 . 2008-12-02 10:44 <DIR> d-------- c:\documents and settings\All Users\Programdata\Telenor

2008-12-02 10:43 . 2008-12-02 10:44 <DIR> d-------- c:\programfiler\Telenor

2008-12-02 10:42 . 2008-12-02 10:42 <DIR> d-------- c:\documents and settings\All Users\Programdata\Symantec

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-07 15:27 --------- d-----w c:\programfiler\BitComet

2008-12-03 16:23 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-12-03 16:23 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys

2008-12-03 16:23 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys

2008-12-03 16:23 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2008-12-02 10:20 --------- d-----w c:\documents and settings\All Users\Programdata\avg8

2008-11-20 20:17 --------- d-----w c:\documents and settings\Kjetil\Programdata\dvdcss

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"windpipe"="c:\documents and settings\Kjetil\Programdata\Google\fhexj6825097.exe" [2008-12-12 124416]

"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"SigmatelSysTrayApp"="c:\programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-01-31 385024]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-02-19 267048]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-03 1261336]

"Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\BitComet\\BitComet.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12176:TCP"= 12176:TCP:BitComet 12176 TCP

"12176:UDP"= 12176:UDP:BitComet 12176 UDP

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-06-15 12936]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-15 98440]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-15 90632]

R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]

R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-03-16 30464]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2008-12-14 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm

IE: Download all links using BitComet - c:\programfiler\BitComet\BitComet.exe/AddAllLink.htm

IE: Download all videos using BitComet - c:\programfiler\BitComet\BitComet.exe/AddVideo.htm

IE: Download link using &BitComet - c:\programfiler\BitComet\BitComet.exe/AddLink.htm

FF - ProfilePath - c:\documents and settings\Kjetil\Programdata\Mozilla\Firefox\Profiles\n191c2kh.default\

FF - plugin: c:\programfiler\DivX\DivX Content Uploader\npUpload.dll

FF - plugin: c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava11.dll

FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava12.dll

FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava13.dll

FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava14.dll

FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava32.dll

FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll

FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-14 20:42:07

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(884)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\BCMLogon.dll

.

Tidspunkt ferdig: 2008-12-14 20:42:55

ComboFix-quarantined-files.txt 2008-12-14 19:42:53

 

Pre-Run: 83 214 356 480 byte ledig

Post-Run: 83,251,212,288 byte ledig

 

169 --- E O F --- 2008-12-14 16:56:39

[kjetilbjarne]

Får win32.netsys.q ganske ofte nå.

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

 

 

File::

c:\documents and settings\Kjetil\Programdata\Google\fhexj6825097.exe

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"windpipe"=-

 

Hvis du ikke nylig har kjørt en rask skann med SuperAntispyware, så gjøre du det, etter at du har oppdatert programmet.

Endret 14. desember 2008 av norbat

[kjetilbjarne]

gjorde som du sa og kjørte combofix. kjørte så SAS. legger med logg til combofix. virker som om probleme ble borte etter at jeg kjørte combofix.

log.txt

[norbat]

Fint,

Avinstaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør).

Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.

 

Surf trygt.

[kjetilbjarne]

Takk for hjelpen

[norbat]

Bare hyggelig.

 

Oppdater java og flash player