kjetilbjarne Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 ComboFix 08-12-14.01 - Kjetil 2008-12-14 20:40:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1918.1418 [GMT 1:00] Kjører fra: c:\documents and settings\Kjetil\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\404Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-14 til 2008-12-14 ))))))))))))))))))))))))))))))))) . 2008-12-14 19:25 . 2008-12-14 19:25 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-14 19:25 . 2008-12-14 19:25 <DIR> d-------- c:\documents and settings\Kjetil\Programdata\SUPERAntiSpyware.com 2008-12-14 19:25 . 2008-12-14 19:25 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-14 19:24 . 2008-12-14 19:24 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-14 19:11 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe 2008-12-14 18:56 . 2008-12-14 20:06 <DIR> d-------- C:\Ny mappe 2008-12-14 17:59 . 2008-12-14 18:00 1,905 --a------ c:\windows\diagwrn.xml 2008-12-14 17:59 . 2008-12-14 18:00 1,905 --a------ c:\windows\diagerr.xml 2008-12-14 15:17 . 2008-12-14 15:17 230 --a------ c:\windows\system32\spupdsvc.inf 2008-12-11 17:19 . 2008-12-11 17:25 <DIR> d-a------ c:\documents and settings\All Users\Programdata\TEMP 2008-12-11 00:46 . 2008-12-14 20:40 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-11 00:39 . 2008-12-11 00:42 <DIR> d-------- c:\programfiler\Windows Live 2008-12-11 00:39 . 2008-12-11 00:41 <DIR> d--hsc--- c:\programfiler\Fellesfiler\WindowsLiveInstaller 2008-12-11 00:39 . 2008-12-11 00:39 <DIR> d-------- c:\documents and settings\All Users\Programdata\WLInstaller 2008-12-11 00:30 . 2008-12-11 00:30 <DIR> d-------- C:\Program Files 2008-12-11 00:22 . 2008-12-11 00:22 <DIR> d-------- c:\programfiler\Trend Micro 2008-12-02 11:23 . 2008-12-02 11:23 268 --ah----- C:\sqmdata15.sqm 2008-12-02 11:23 . 2008-12-02 11:23 244 --ah----- C:\sqmnoopt15.sqm 2008-12-02 11:05 . 2008-12-02 11:05 <DIR> d-------- c:\documents and settings\All Users\Programdata\Emotum 2008-12-02 10:44 . 2008-12-02 10:44 <DIR> d-------- c:\documents and settings\All Users\Programdata\Telenor 2008-12-02 10:43 . 2008-12-02 10:44 <DIR> d-------- c:\programfiler\Telenor 2008-12-02 10:42 . 2008-12-02 10:42 <DIR> d-------- c:\documents and settings\All Users\Programdata\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-07 15:27 --------- d-----w c:\programfiler\BitComet 2008-12-03 16:23 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-12-03 16:23 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-12-03 16:23 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2008-12-03 16:23 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-12-02 10:20 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2008-11-20 20:17 --------- d-----w c:\documents and settings\Kjetil\Programdata\dvdcss 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "windpipe"="c:\documents and settings\Kjetil\Programdata\Google\fhexj6825097.exe" [2008-12-12 124416] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "SigmatelSysTrayApp"="c:\programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-01-31 385024] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-02-19 267048] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-03 1261336] "Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\BitComet\\BitComet.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12176:TCP"= 12176:TCP:BitComet 12176 TCP "12176:UDP"= 12176:UDP:BitComet 12176 UDP R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-06-15 12936] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-15 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-15 90632] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-03-16 30464] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-14 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: Download all links using BitComet - c:\programfiler\BitComet\BitComet.exe/AddAllLink.htm IE: Download all videos using BitComet - c:\programfiler\BitComet\BitComet.exe/AddVideo.htm IE: Download link using &BitComet - c:\programfiler\BitComet\BitComet.exe/AddLink.htm FF - ProfilePath - c:\documents and settings\Kjetil\Programdata\Mozilla\Firefox\Profiles\n191c2kh.default\ FF - plugin: c:\programfiler\DivX\DivX Content Uploader\npUpload.dll FF - plugin: c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-14 20:42:07 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(884) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . Tidspunkt ferdig: 2008-12-14 20:42:55 ComboFix-quarantined-files.txt 2008-12-14 19:42:53 Pre-Run: 83 214 356 480 byte ledig Post-Run: 83,251,212,288 byte ledig 169 --- E O F --- 2008-12-14 16:56:39 Lenke til kommentar
kjetilbjarne Skrevet 14. desember 2008 Forfatter Del Skrevet 14. desember 2008 Får win32.netsys.q ganske ofte nå. Lenke til kommentar
norbat Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\documents and settings\Kjetil\Programdata\Google\fhexj6825097.exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "windpipe"=- Hvis du ikke nylig har kjørt en rask skann med SuperAntispyware, så gjøre du det, etter at du har oppdatert programmet. Endret 14. desember 2008 av norbat Lenke til kommentar
kjetilbjarne Skrevet 14. desember 2008 Forfatter Del Skrevet 14. desember 2008 gjorde som du sa og kjørte combofix. kjørte så SAS. legger med logg til combofix. virker som om probleme ble borte etter at jeg kjørte combofix. log.txt Lenke til kommentar
norbat Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 Fint, Avinstaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Surf trygt. Lenke til kommentar
kjetilbjarne Skrevet 14. desember 2008 Forfatter Del Skrevet 14. desember 2008 Takk for hjelpen Lenke til kommentar
norbat Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 Bare hyggelig. Oppdater java og flash player Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå