tobler0ne Skrevet 18. februar 2009 Skrevet 18. februar 2009 (endret) AVG rapporterer nok en gang en trojaner som ikke kan fjernes, mens havner i Virus Vault. Den rapporterte et virus med det samme men det kunne jeg fjerne uten at det havnet i vault så vet ikke om det er ut av verden. MBAM: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.34Databaseversjon: 1773 Windows 6.0.6001 Service Pack 1 18.02.2009 17:56:47 mbam-log-2009-02-18 (17-56-47).txt Skanntype: Full Skann (C:\|D:\|) Objekter skannet: 164996 Tid tilbakelagt: 1 hour(s), 22 minute(s), 42 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-02-17.02 - Torbjørn 2009-02-18 18:00:55.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2046.769 [GMT 1:00] Kjører fra: c:\users\Torbjørn\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-18 til 2009-02-18 ))))))))))))))))))))))))))))))))) . 2009-02-18 15:19 . 2009-02-18 15:19 <DIR> d-------- c:\users\Torbjørn\AppData\Roaming\Malwarebytes 2009-02-18 15:19 . 2009-02-18 15:19 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-02-18 15:19 . 2009-02-18 15:19 <DIR> d-------- c:\programdata\Malwarebytes 2009-02-18 15:19 . 2009-02-18 15:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-18 15:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-18 15:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-17 19:14 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-17 19:14 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-17 19:14 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-17 19:14 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-17 19:14 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-11 17:05 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 17:05 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-08 16:57 . 2009-02-08 16:57 25,280 --a------ c:\windows\System32\drivers\hamachi.sys 2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll 2009-02-01 23:08 . 2009-02-17 21:56 <DIR> d-------- c:\users\Torbjørn\AppData\Roaming\Spotify 2009-02-01 23:08 . 2009-02-01 23:08 <DIR> d-------- c:\program files\Spotify . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-18 17:03 3,932,160 --sha-w c:\users\Torbjørn\ntuser.dat 2009-02-18 17:03 3,932,160 --sha-w c:\users\Torbjørn\ntuser.dat 2009-02-18 16:09 187,684 ----a-w c:\users\Torbjørn\AppData\Roaming\nvModes.dat 2009-02-18 14:19 --------- d-----w c:\users\Torbjørn\AppData\Roaming\Malwarebytes 2009-02-18 02:31 --------- d-----w c:\users\Torbjørn\AppData\Roaming\uTorrent 2009-02-17 20:56 --------- d-----w c:\users\Torbjørn\AppData\Roaming\Spotify 2009-02-16 11:22 --------- d-----w c:\users\Torbjørn\AppData\Roaming\dvdcss 2009-02-11 23:28 --------- d-----w c:\programdata\Microsoft Help 2009-02-11 23:28 --------- d-----w c:\program files\Windows Mail 2009-02-11 20:24 --------- d-----w c:\users\Torbjørn\AppData\Roaming\Skype 2009-02-11 20:15 --------- d-----w c:\users\Torbjørn\AppData\Roaming\skypePM 2009-02-08 21:20 --------- d-----w c:\users\Torbjørn\AppData\Roaming\Hamachi 2009-02-08 17:36 --------- d-----w c:\program files\Garena 2009-02-06 13:17 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-06 13:17 10,520 ----a-w c:\windows\System32\avgrsstx.dll 2009-02-04 15:26 --------- d-----w c:\programdata\avg8 2009-01-11 19:24 --------- d-----w c:\users\Torbjørn\AppData\Roaming\gtk-2.0 2009-01-09 14:53 --------- d-----w c:\program files\Windows Live SkyDrive 2009-01-09 14:53 --------- d-----w c:\program files\Windows Live 2009-01-09 14:53 --------- d-----w c:\program files\Microsoft 2009-01-09 14:50 --------- d-----w c:\program files\Common Files\Windows Live 2008-12-26 22:15 --------- d-----w c:\program files\CCleaner 2008-12-21 11:43 --------- d-----w c:\program files\Opera 2008-12-15 15:55 331,926,577 ----a-w c:\windows\DUMP04b1.tmp 2008-11-30 00:19 108,477 ----a-w c:\windows\Thumbplug TGA Uninstaller.exe 2008-05-01 14:21 174 --sha-w c:\program files\desktop.ini 2008-04-14 20:15 32 ----a-w c:\users\All Users\ezsid.dat 2008-04-14 20:15 32 ----a-w c:\programdata\ezsid.dat 2007-11-14 07:32 0 ----a-w c:\users\Torbjørn\AppData\Roaming\wklnhst.dat 2008-10-08 08:44 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-10-08 08:44 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-10-08 08:44 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 33048] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-28 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-28 8538656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-28 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-05-07 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll avgrsstx.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk backup=c:\windows\pss\Acer VCM.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Torbjørn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper og Launcher.lnk] path=c:\users\Torbjørn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper og Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper og Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio] --a------ 2007-06-11 13:54 1286144 c:\acer\Empowering Technology\eAudio\eAudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] --a------ 2007-04-25 15:33 457216 c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2007-07-31 02:36 707080 c:\progra~1\LAUNCH~1\QtZgAcer.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2007-05-24 12:38 206952 c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2006-11-05 20:48 57344 c:\acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{442166C5-7532-47B4-9D95-C8143712DBD6}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{44E403BB-DA90-4FCF-8368-738932C9F9AA}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{815FBA7C-F226-43D8-A01F-5452236EF031}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{9C4B4347-9175-4376-91C0-4DB1DA37E19D}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{51E2E278-0B99-4333-85DE-A2CF647F8985}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{67A418EB-89A9-410B-990F-F280965602E4}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{1722D150-B600-48D7-B66F-F789AB5FC18B}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{BBBF1CB9-ECFE-4CED-93F2-E2A0F9DD524E}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{F03A1E2A-63BB-4FB0-BCB6-C8567E2556DC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{CF04669F-E3E8-4780-A79D-2E29B74FD18D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FBAC63F5-AA75-440C-B408-7B4233261D40}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{4D6DF4F8-5872-41FA-9399-1DF3F6CC6D3D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6BAC489D-8ACB-485D-B718-D6C03978EB5A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{EC603E02-5597-4627-90C2-DAADF42C70EA}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{68AB7DDF-A17E-467C-9561-E2A3327218EB}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{BE9E83C7-1BDC-4954-8E9E-E8A668296F71}d:\\spill\\warcraft iii\\war3.exe"= UDP:d:\spill\warcraft iii\war3.exe:Warcraft III "UDP Query User{D57D9325-CD0B-42A0-956E-8FCE31019B56}d:\\spill\\warcraft iii\\war3.exe"= TCP:d:\spill\warcraft iii\war3.exe:Warcraft III "TCP Query User{9D338334-A96A-4C45-80BF-C3A1B7FF38D4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{11525292-021D-46DE-8336-811F3E72657A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{1F211958-5065-4407-A0AF-0901A638A74B}d:\\spill\\warcraft iii\\war3.exe"= UDP:d:\spill\warcraft iii\war3.exe:Warcraft III "UDP Query User{7A1ED75D-28C7-4C31-AC4F-14AAE48595E0}d:\\spill\\warcraft iii\\war3.exe"= TCP:d:\spill\warcraft iii\war3.exe:Warcraft III "TCP Query User{2B3B576F-0796-44B6-B206-F6A82DBF84C4}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{5E448F4E-9F70-478B-B2F6-E7C8057B3CE5}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{0816D5B8-DBF4-4F6C-AB9A-2EA9557451C6}d:\\spill\\steam\\steamapps\\wardeen\\team fortress 2\\hl2.exe"= UDP:d:\spill\steam\steamapps\wardeen\team fortress 2\hl2.exe:hl2 "UDP Query User{9F0C1CF2-0A80-4DE8-A08F-9EEAC66C6D0E}d:\\spill\\steam\\steamapps\\wardeen\\team fortress 2\\hl2.exe"= TCP:d:\spill\steam\steamapps\wardeen\team fortress 2\hl2.exe:hl2 "TCP Query User{31A4724C-3AA7-43A8-8DDF-9E5E682C67B5}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{3FD6C1A4-B654-4D09-A7E5-E33C580BE344}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{86461A9F-A7A4-46E5-97D8-57A6F5A36851}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena "UDP Query User{FF167EFD-F0BF-462F-9D3C-CD9A488F9655}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena "TCP Query User{463C3EA0-F277-46B6-B5F1-9E2484602747}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{42B8468A-538C-4D8E-8985-05D0CB22E92B}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{634C1158-C10C-4EFF-86E4-BAD680F7AC4D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "TCP Query User{1F952847-0AD4-45A3-A638-C1AE3479E3B3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C5343624-0C0E-4AE5-9AB8-4F50F94C4B05}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{0AEA8F5A-C3CD-47A4-9B87-5B93F9452646}d:\\spill\\warcraft iii\\listchecker\\pickup.listchecker.exe"= UDP:d:\spill\warcraft iii\listchecker\pickup.listchecker.exe:pickup.listchecker "UDP Query User{7F600146-8D2E-4114-90E6-2D0C6364409F}d:\\spill\\warcraft iii\\listchecker\\pickup.listchecker.exe"= TCP:d:\spill\warcraft iii\listchecker\pickup.listchecker.exe:pickup.listchecker "TCP Query User{AE9AD3FB-71F6-4566-89B8-BE856D36B297}d:\\spill\\warcraft iii\\listchecker\\pickup.listchecker.exe"= UDP:d:\spill\warcraft iii\listchecker\pickup.listchecker.exe:pickup.listchecker "UDP Query User{E062B83D-9E20-49DB-879F-C30D624FA315}d:\\spill\\warcraft iii\\listchecker\\pickup.listchecker.exe"= TCP:d:\spill\warcraft iii\listchecker\pickup.listchecker.exe:pickup.listchecker "TCP Query User{23FDBEAC-2483-4EFA-8F2E-B1F8A55C270B}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{28BC8BA1-DACB-4D1D-B8A1-81C561D02F14}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{46CAFB9A-9A11-42FC-84E1-F79EAB66CDE1}d:\\spill\\steam\\steamapps\\wardeen\\team fortress 2\\hl2.exe"= UDP:d:\spill\steam\steamapps\wardeen\team fortress 2\hl2.exe:hl2 "UDP Query User{33F3D160-1349-4E91-9CD6-949248231B64}d:\\spill\\steam\\steamapps\\wardeen\\team fortress 2\\hl2.exe"= TCP:d:\spill\steam\steamapps\wardeen\team fortress 2\hl2.exe:hl2 "{2D2C5581-6F9E-408B-AB47-3BDA4606ABC6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{E2CF229E-8D19-4D46-AF27-F82D35062FF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{9F06E215-AF51-4787-B48E-AF0BDABC16EB}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{3E95CDD6-5C75-4047-9291-683EEAE47C61}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify "TCP Query User{1DA93760-9C74-4B4E-8395-3D2BDD464CFE}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{5B345665-C139-4521-BCD4-C15590735CF0}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [2007-09-22 210432] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-04-26 325128] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-09-22 18:56:24 13560] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 298264] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-13 179712] R3 DAdderFltr;DeathAdder Mouse;c:\windows\System32\drivers\dadder.sys [2007-11-09 22784] R3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-06 34064] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-07-13 43008] S3 CyUsb;Cypress Generic USB Driver;c:\windows\System32\drivers\CYUSB.sys [2007-11-09 31104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e0bb5f5-8ee6-11dc-91ae-9cc5123a5c7a}] \shell\AutoRun\command - E:\SETUP.EXE \shell\configure\command - E:\SETUP.EXE \shell\install\command - E:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c03a5e46-f681-11dc-a7d1-001b247916e2}] \shell\AutoRun\command - H:\LaunchU3.exe -a . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.www.daemon-search.com/default uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://no.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-18 18:03:24 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-02-18 18:04:46 ComboFix-quarantined-files.txt 2009-02-18 17:04:43 ComboFix2.txt 2008-08-19 18:18:29 Pre-Run: 10 846 228 480 byte ledig Post-Run: 10,599,903,232 byte ledig 222 --- E O F --- 2009-02-18 02:01:19 HiJackThis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:17:25, on 18.02.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Windows\System32\mobsync.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Windows Media Player\wmplayer.exe D:\Spill\WC3Banlist\WC3Banlist.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Windows\Explorer.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Opera\opera.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Users\Torbjørn\Desktop\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: InternetExplorer Class - {D1E45498-D865-4E91-A579-D0AAD8D3B5A4} - C:\Program Files\Clue\Clue Add-in 7.0\Clue Addin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: eNetHook.dll avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7852 bytes Endret 18. februar 2009 av Tobye
norbat Skrevet 18. februar 2009 Skrevet 18. februar 2009 Ser ikke noe spesielt i loggene. Kan du si noe mer om trojaneren - hvor fant avg den?
tobler0ne Skrevet 18. februar 2009 Forfatter Skrevet 18. februar 2009 (endret) Jeg greide å delete den fra Virus Vault da AVG rapporterte osv, men den het Trojan horse Generic_c.ABUZ og var located i C:\Program Files\Adobe\Acrobat 7.0\-et eller annet. Husker ikke mer spesifikt, men kjører en ny scan med AVG nå. Resident Shield detection history: Infection: Trojan horse Generic_c.ABUZ Object: C:\Users\Tobjørn\AppData\Local\Opera\Opera\profile\cache4\op0SW10 Result: Moved to Virus Vault Infection: Virus found Win32/Heur Object: C:\Users\Torbjørn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQK5268\file[1].exe Result: Deleted Kjørte CCleaner før jeg begynte med MBAM osv. Endret 18. februar 2009 av Tobye
norbat Skrevet 18. februar 2009 Skrevet 18. februar 2009 Hvis det er Acrobate Reader 7 du har, så bør du oppdatere til v.9
tobler0ne Skrevet 18. februar 2009 Forfatter Skrevet 18. februar 2009 Done. Lå visst litt etter det ^^. Bruker nesten ikke Reader så. Men AVG er ferdig, fant ingen ting.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå