ComboFix 08-12-14.01 - Kjetil 2008-12-14 21:10:28.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1918.1452 [GMT 1:00] Kjører fra: c:\documents and settings\Kjetil\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Kjetil\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt * Resident AV is active [COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR] FILE :: c:\documents and settings\Kjetil\Programdata\Google\fhexj6825097.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kjetil\Programdata\Google\fhexj6825097.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-14 til 2008-12-14 ))))))))))))))))))))))))))))))))) . 2008-12-14 19:25 . 2008-12-14 19:25 d-------- c:\programfiler\SUPERAntiSpyware 2008-12-14 19:25 . 2008-12-14 19:25 d-------- c:\documents and settings\Kjetil\Programdata\SUPERAntiSpyware.com 2008-12-14 19:25 . 2008-12-14 19:25 d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-14 19:24 . 2008-12-14 19:24 d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-14 19:11 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe 2008-12-14 18:56 . 2008-12-14 20:06 d-------- C:\Ny mappe 2008-12-14 17:59 . 2008-12-14 18:00 1,905 --a------ c:\windows\diagwrn.xml 2008-12-14 17:59 . 2008-12-14 18:00 1,905 --a------ c:\windows\diagerr.xml 2008-12-14 15:17 . 2008-12-14 15:17 230 --a------ c:\windows\system32\spupdsvc.inf 2008-12-11 17:19 . 2008-12-11 17:25 d-a------ c:\documents and settings\All Users\Programdata\TEMP 2008-12-11 00:46 . 2008-12-14 21:10 d--h----- C:\$AVG8.VAULT$ 2008-12-11 00:39 . 2008-12-11 00:42 d-------- c:\programfiler\Windows Live 2008-12-11 00:39 . 2008-12-11 00:41 d--hsc--- c:\programfiler\Fellesfiler\WindowsLiveInstaller 2008-12-11 00:39 . 2008-12-11 00:39 d-------- c:\documents and settings\All Users\Programdata\WLInstaller 2008-12-11 00:30 . 2008-12-11 00:30 d-------- C:\Program Files 2008-12-11 00:22 . 2008-12-11 00:22 d-------- c:\programfiler\Trend Micro 2008-12-02 11:23 . 2008-12-02 11:23 268 --ah----- C:\sqmdata15.sqm 2008-12-02 11:23 . 2008-12-02 11:23 244 --ah----- C:\sqmnoopt15.sqm 2008-12-02 11:05 . 2008-12-02 11:05 d-------- c:\documents and settings\All Users\Programdata\Emotum 2008-12-02 10:44 . 2008-12-02 10:44 d-------- c:\documents and settings\All Users\Programdata\Telenor 2008-12-02 10:43 . 2008-12-02 10:44 d-------- c:\programfiler\Telenor 2008-12-02 10:42 . 2008-12-02 10:42 d-------- c:\documents and settings\All Users\Programdata\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-07 15:27 --------- d-----w c:\programfiler\BitComet 2008-12-03 16:23 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-12-03 16:23 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-12-03 16:23 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2008-12-03 16:23 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-12-02 10:20 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2008-11-20 20:17 --------- d-----w c:\documents and settings\Kjetil\Programdata\dvdcss 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "SigmatelSysTrayApp"="c:\programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-01-31 385024] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-02-19 267048] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-03 1261336] "Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\BitComet\\BitComet.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12176:TCP"= 12176:TCP:BitComet 12176 TCP "12176:UDP"= 12176:UDP:BitComet 12176 UDP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-06-15 12936] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-15 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-15 90632] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-03-16 30464] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-14 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: Download all links using BitComet - c:\programfiler\BitComet\BitComet.exe/AddAllLink.htm IE: Download all videos using BitComet - c:\programfiler\BitComet\BitComet.exe/AddVideo.htm IE: Download link using &BitComet - c:\programfiler\BitComet\BitComet.exe/AddLink.htm FF - ProfilePath - c:\documents and settings\Kjetil\Programdata\Mozilla\Firefox\Profiles\n191c2kh.default\ FF - plugin: c:\programfiler\DivX\DivX Content Uploader\npUpload.dll FF - plugin: c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-14 21:11:26 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(884) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . Tidspunkt ferdig: 2008-12-14 21:12:09 ComboFix-quarantined-files.txt 2008-12-14 20:12:06 ComboFix2.txt 2008-12-14 19:42:57 Pre-Run: 83 229 958 144 byte ledig Post-Run: 83,220,533,248 byte ledig 162 --- E O F --- 2008-12-14 16:56:39