[LØST] wixawin.com Logger etter scanning

Bullyman · 20. august 2008

Hei!

Har hatt wixawin dritten jeg også, har fulgt kokeboken her og håper noen kan sjekke loggene mine. Er forresten en firmapc jeg har scannet uten noe som helst samtykke fra vår IT leverandør...

Kjørte også Ad-Aware og AVG først, kanskje de har tatt knekken på problemet?

SAS

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 08/20/2008 at 10:35 PM

Application Version : 4.15.1000

Core Rules Database Version : 3541

Trace Rules Database Version: 1530

Scan type : Quick Scan

Total Scan Time : 00:10:28

Memory items scanned : 451

Memory threats detected : 0

Registry items scanned : 394

Registry threats detected : 0

File items scanned : 9111

File threats detected : 0

Combofix

ComboFix 08-08-19.03 - livar 2008-08-20 22:40:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.468 [GMT 2:00]

Running from: C:\Documents and Settings\livar\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))

.

2008-08-20 22:22 . 2008-08-20 22:22 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-20 22:22 . 2008-08-20 22:22 <DIR> d-------- C:\Documents and Settings\livar\Programdata\SUPERAntiSpyware.com

2008-08-20 22:22 . 2008-08-20 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-20 22:15 . 2008-08-20 22:15 <DIR> dr-h----- C:\Documents and Settings\livar\Siste

2008-08-20 22:09 . 2008-08-20 22:09 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-14 07:20 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

2008-07-29 18:02 . 2008-08-20 22:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 16:03 --------- d-----w C:\Programfiler\Lavasoft

2008-07-29 16:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-07-23 05:19 --------- d-----w C:\Programfiler\Microsoft Works

2008-07-17 19:51 --------- d-----w C:\Programfiler\Java

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:33 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll

2008-07-02 16:01 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-02 16:01 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:24 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 08:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 18:34 --------- d-----w C:\Documents and Settings\livar\Programdata\Canon

2008-06-23 18:22 --------- d-----w C:\Programfiler\Canon

2008-06-23 18:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\ZoomBrowser

2008-06-23 18:15 --------- d-----w C:\Programfiler\Fellesfiler\Canon

2008-06-23 09:23 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:22 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:43 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46 761948]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2006-01-26 14:35 172094]

"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]

"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912]

"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928]

"D211STRT.EXE"="C:\Programfiler\Nokia\Nokia D211\D211STRT.EXE" [2002-08-28 09:16 24576]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 07:24 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 18:02 1232152]

"MsmqIntCert"="mqrt.dll" [2007-07-06 14:51 177152 C:\WINDOWS\system32\mqrt.dll]

"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 03:00 88203 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-01-18 14:25:02 581693]

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789351547-1201815496-3247597192-1192\Scripts\Logon\0\0]

"Script"=mapping.cmd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\mqsvc.exe"=

"C:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R0 D211MC;Nokia D211 Management;C:\WINDOWS\system32\drivers\D211MC.sys [2002-08-28 09:09]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-02 18:01]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 18:02]

R2 D211CTL;Nokia D211;C:\Programfiler\Nokia\Nokia D211\D211CTL.exe [2002-08-28 09:12]

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-02-28 19:05]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 13:19]

S3 cmusbser;%CMUSBSER%;C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-13 18:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c45a3f7-ddb7-11dc-81ff-001b77161982}]

\Shell\AutoRun\command - F:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{883d3e2b-cfc1-11dc-81f9-001b77161982}]

\Shell\AutoRun\command - F:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{883d3e2e-cfc1-11dc-81f9-001b77161982}]

\Shell\AutoRun\command - F:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcbf7420-d238-11dc-81fa-001a6b759cd1}]

\Shell\AutoRun\command - F:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cae0089c-e9f0-11dc-8206-001a6b759cd1}]

\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d078d9f8-dec2-11dc-8200-001a6b759cd1}]

\Shell\AutoRun\command - F:\Launcher.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

.

- - - - ORPHANS REMOVED - - - -

Notify-__c005D363 - C:\WINDOWS\system32\__c005D363.dat

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/

R1 -: HKCU-Internet Settings,ProxyOverride = <local>

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.oster-hus.no/XTSAC.cab

C:\WINDOWS\Downloaded Program Files\XTSAC.inf

C:\WINDOWS\Downloaded Program Files\xTSAC.ocx

O16 -: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://remote.oster-hus.no/msrdp.cab

C:\WINDOWS\Downloaded Program Files\msrdp.inf

C:\WINDOWS\Downloaded Program Files\msrdp.ocx

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-20 22:42:01

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????H]?????????|?????? ??4B??????????????hB?????H]?

scanning hidden files ...

C:\Documents and Settings\livar\Lokale innstillinger\Programdata\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_17F0_9C14_560F_8074\$db_clean$ 0 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

Completion time: 2008-08-20 22:42:52

ComboFix-quarantined-files.txt 2008-08-20 20:42:50

Pre-Run: 35,521,974,272 byte ledig

Post-Run: 35,522,166,784 byte ledig

169 --- E O F --- 2008-08-15 05:00:26

HJT