tobler0ne Skrevet 18. februar 2009 Del Skrevet 18. februar 2009 (endret) AVG rapporterer nok en gang en trojaner som ikke kan fjernes, mens havner i Virus Vault. Den rapporterte et virus med det samme men det kunne jeg fjerne uten at det havnet i vault så vet ikke om det er ut av verden. MBAM: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.34Databaseversjon: 1773 Windows 6.0.6001 Service Pack 1 18.02.2009 17:56:47 mbam-log-2009-02-18 (17-56-47).txt Skanntype: Full Skann (C:\|D:\|) Objekter skannet: 164996 Tid tilbakelagt: 1 hour(s), 22 minute(s), 42 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-02-17.02 - Torbjørn 2009-02-18 18:00:55.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2046.769 [GMT 1:00] Kjører fra: c:\users\Torbjørn\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-18 til 2009-02-18 ))))))))))))))))))))))))))))))))) . 2009-02-18 15:19 . 2009-02-18 15:19 <DIR> d-------- c:\users\Torbjørn\AppData\Roaming\Malwarebytes 2009-02-18 15:19 . 2009-02-18 15:19 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-02-18 15:19 . 2009-02-18 15:19 <DIR> d-------- c:\programdata\Malwarebytes 2009-02-18 15:19 . 2009-02-18 15:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-18 15:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-18 15:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-17 19:14 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-17 19:14 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-17 19:14 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-17 19:14 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-17 19:14 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-11 17:05 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 17:05 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-08 16:57 . 2009-02-08 16:57 25,280 --a------ c:\windows\System32\drivers\hamachi.sys 2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll 2009-02-01 23:08 . 2009-02-17 21:56 <DIR> d-------- c:\users\Torbjørn\AppData\Roaming\Spotify 2009-02-01 23:08 . 2009-02-01 23:08 <DIR> d-------- c:\program files\Spotify . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-18 17:03 3,932,160 --sha-w c:\users\Torbjørn\ntuser.dat 2009-02-18 17:03 3,932,160 --sha-w c:\users\Torbjørn\ntuser.dat 2009-02-18 16:09 187,684 ----a-w c:\users\Torbjørn\AppData\Roaming\nvModes.dat 2009-02-18 14:19 --------- d-----w c:\users\Torbjørn\AppData\Roaming\Malwarebytes 2009-02-18 02:31 --------- d-----w c:\users\Torbjørn\AppData\Roaming\uTorrent 2009-02-17 20:56 --------- d-----w c:\users\Torbjørn\AppData\Roaming\Spotify 2009-02-16 11:22 --------- d-----w c:\users\Torbjørn\AppData\Roaming\dvdcss 2009-02-11 23:28 --------- d-----w c:\programdata\Microsoft Help 2009-02-11 23:28 --------- d-----w c:\program files\Windows Mail 2009-02-11 20:24 --------- d-----w c:\users\Torbjørn\AppData\Roaming\Skype 2009-02-11 20:15 --------- d-----w c:\users\Torbjørn\AppData\Roaming\skypePM 2009-02-08 21:20 --------- d-----w c:\users\Torbjørn\AppData\Roaming\Hamachi 2009-02-08 17:36 --------- d-----w c:\program files\Garena 2009-02-06 13:17 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-06 13:17 10,520 ----a-w c:\windows\System32\avgrsstx.dll 2009-02-04 15:26 --------- d-----w c:\programdata\avg8 2009-01-11 19:24 --------- d-----w c:\users\Torbjørn\AppData\Roaming\gtk-2.0 2009-01-09 14:53 --------- d-----w c:\program files\Windows Live SkyDrive 2009-01-09 14:53 --------- d-----w c:\program files\Windows Live 2009-01-09 14:53 --------- d-----w c:\program files\Microsoft 2009-01-09 14:50 --------- d-----w c:\program files\Common Files\Windows Live 2008-12-26 22:15 --------- d-----w c:\program files\CCleaner 2008-12-21 11:43 --------- d-----w c:\program files\Opera 2008-12-15 15:55 331,926,577 ----a-w c:\windows\DUMP04b1.tmp 2008-11-30 00:19 108,477 ----a-w c:\windows\Thumbplug TGA Uninstaller.exe 2008-05-01 14:21 174 --sha-w c:\program files\desktop.ini 2008-04-14 20:15 32 ----a-w c:\users\All Users\ezsid.dat 2008-04-14 20:15 32 ----a-w c:\programdata\ezsid.dat 2007-11-14 07:32 0 ----a-w c:\users\Torbjørn\AppData\Roaming\wklnhst.dat 2008-10-08 08:44 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-10-08 08:44 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-10-08 08:44 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 33048] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-28 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-28 8538656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-28 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-05-07 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll avgrsstx.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk backup=c:\windows\pss\Acer VCM.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Torbjørn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper og Launcher.lnk] path=c:\users\Torbjørn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper og Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper og Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio] --a------ 2007-06-11 13:54 1286144 c:\acer\Empowering Technology\eAudio\eAudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] --a------ 2007-04-25 15:33 457216 c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2007-07-31 02:36 707080 c:\progra~1\LAUNCH~1\QtZgAcer.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2007-05-24 12:38 206952 c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2006-11-05 20:48 57344 c:\acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{442166C5-7532-47B4-9D95-C8143712DBD6}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{44E403BB-DA90-4FCF-8368-738932C9F9AA}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{815FBA7C-F226-43D8-A01F-5452236EF031}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{9C4B4347-9175-4376-91C0-4DB1DA37E19D}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{51E2E278-0B99-4333-85DE-A2CF647F8985}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{67A418EB-89A9-410B-990F-F280965602E4}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{1722D150-B600-48D7-B66F-F789AB5FC18B}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{BBBF1CB9-ECFE-4CED-93F2-E2A0F9DD524E}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{F03A1E2A-63BB-4FB0-BCB6-C8567E2556DC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{CF04669F-E3E8-4780-A79D-2E29B74FD18D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FBAC63F5-AA75-440C-B408-7B4233261D40}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{4D6DF4F8-5872-41FA-9399-1DF3F6CC6D3D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6BAC489D-8ACB-485D-B718-D6C03978EB5A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{EC603E02-5597-4627-90C2-DAADF42C70EA}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{68AB7DDF-A17E-467C-9561-E2A3327218EB}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{BE9E83C7-1BDC-4954-8E9E-E8A668296F71}d:\\spill\\warcraft iii\\war3.exe"= UDP:d:\spill\warcraft iii\war3.exe:Warcraft III "UDP Query User{D57D9325-CD0B-42A0-956E-8FCE31019B56}d:\\spill\\warcraft iii\\war3.exe"= TCP:d:\spill\warcraft iii\war3.exe:Warcraft III "TCP Query User{9D338334-A96A-4C45-80BF-C3A1B7FF38D4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{11525292-021D-46DE-8336-811F3E72657A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{1F211958-5065-4407-A0AF-0901A638A74B}d:\\spill\\warcraft iii\\war3.exe"= UDP:d:\spill\warcraft iii\war3.exe:Warcraft III "UDP Query User{7A1ED75D-28C7-4C31-AC4F-14AAE48595E0}d:\\spill\\warcraft iii\\war3.exe"= TCP:d:\spill\warcraft iii\war3.exe:Warcraft III "TCP Query User{2B3B576F-0796-44B6-B206-F6A82DBF84C4}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{5E448F4E-9F70-478B-B2F6-E7C8057B3CE5}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{0816D5B8-DBF4-4F6C-AB9A-2EA9557451C6}d:\\spill\\steam\\steamapps\\wardeen\\team fortress 2\\hl2.exe"= UDP:d:\spill\steam\steamapps\wardeen\team fortress 2\hl2.exe:hl2 "UDP Query User{9F0C1CF2-0A80-4DE8-A08F-9EEAC66C6D0E}d:\\spill\\steam\\steamapps\\wardeen\\team fortress 2\\hl2.exe"= TCP:d:\spill\steam\steamapps\wardeen\team fortress 2\hl2.exe:hl2 "TCP Query User{31A4724C-3AA7-43A8-8DDF-9E5E682C67B5}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{3FD6C1A4-B654-4D09-A7E5-E33C580BE344}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client "TCP Query User{86461A9F-A7A4-46E5-97D8-57A6F5A36851}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena "UDP Query User{FF167EFD-F0BF-462F-9D3C-CD9A488F9655}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena "TCP Query User{463C3EA0-F277-46B6-B5F1-9E2484602747}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{42B8468A-538C-4D8E-8985-05D0CB22E92B}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{634C1158-C10C-4EFF-86E4-BAD680F7AC4D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "TCP Query User{1F952847-0AD4-45A3-A638-C1AE3479E3B3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C5343624-0C0E-4AE5-9AB8-4F50F94C4B05}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{0AEA8F5A-C3CD-47A4-9B87-5B93F9452646}d:\\spill\\warcraft iii\\listchecker\\pickup.listchecker.exe"= UDP:d:\spill\warcraft iii\listchecker\pickup.listchecker.exe:pickup.listchecker "UDP Query User{7F600146-8D2E-4114-90E6-2D0C6364409F}d:\\spill\\warcraft iii\\listchecker\\pickup.listchecker.exe"= TCP:d:\spill\warcraft iii\listchecker\pickup.listchecker.exe:pickup.listchecker "TCP Query User{AE9AD3FB-71F6-4566-89B8-BE856D36B297}d:\\spill\\warcraft iii\\listchecker\\pickup.listchecker.exe"= UDP:d:\spill\warcraft iii\listchecker\pickup.listchecker.exe:pickup.listchecker "UDP Query User{E062B83D-9E20-49DB-879F-C30D624FA315}d:\\spill\\warcraft iii\\listchecker\\pickup.listchecker.exe"= TCP:d:\spill\warcraft iii\listchecker\pickup.listchecker.exe:pickup.listchecker "TCP Query User{23FDBEAC-2483-4EFA-8F2E-B1F8A55C270B}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{28BC8BA1-DACB-4D1D-B8A1-81C561D02F14}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{46CAFB9A-9A11-42FC-84E1-F79EAB66CDE1}d:\\spill\\steam\\steamapps\\wardeen\\team fortress 2\\hl2.exe"= UDP:d:\spill\steam\steamapps\wardeen\team fortress 2\hl2.exe:hl2 "UDP Query User{33F3D160-1349-4E91-9CD6-949248231B64}d:\\spill\\steam\\steamapps\\wardeen\\team fortress 2\\hl2.exe"= TCP:d:\spill\steam\steamapps\wardeen\team fortress 2\hl2.exe:hl2 "{2D2C5581-6F9E-408B-AB47-3BDA4606ABC6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{E2CF229E-8D19-4D46-AF27-F82D35062FF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{9F06E215-AF51-4787-B48E-AF0BDABC16EB}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{3E95CDD6-5C75-4047-9291-683EEAE47C61}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify "TCP Query User{1DA93760-9C74-4B4E-8395-3D2BDD464CFE}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{5B345665-C139-4521-BCD4-C15590735CF0}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [2007-09-22 210432] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-04-26 325128] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-09-22 18:56:24 13560] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 298264] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-13 179712] R3 DAdderFltr;DeathAdder Mouse;c:\windows\System32\drivers\dadder.sys [2007-11-09 22784] R3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-06 34064] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-07-13 43008] S3 CyUsb;Cypress Generic USB Driver;c:\windows\System32\drivers\CYUSB.sys [2007-11-09 31104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e0bb5f5-8ee6-11dc-91ae-9cc5123a5c7a}] \shell\AutoRun\command - E:\SETUP.EXE \shell\configure\command - E:\SETUP.EXE \shell\install\command - E:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c03a5e46-f681-11dc-a7d1-001b247916e2}] \shell\AutoRun\command - H:\LaunchU3.exe -a . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.www.daemon-search.com/default uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://no.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-18 18:03:24 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-02-18 18:04:46 ComboFix-quarantined-files.txt 2009-02-18 17:04:43 ComboFix2.txt 2008-08-19 18:18:29 Pre-Run: 10 846 228 480 byte ledig Post-Run: 10,599,903,232 byte ledig 222 --- E O F --- 2009-02-18 02:01:19 HiJackThis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:17:25, on 18.02.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Windows\System32\mobsync.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Windows Media Player\wmplayer.exe D:\Spill\WC3Banlist\WC3Banlist.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Windows\Explorer.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Opera\opera.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Users\Torbjørn\Desktop\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: InternetExplorer Class - {D1E45498-D865-4E91-A579-D0AAD8D3B5A4} - C:\Program Files\Clue\Clue Add-in 7.0\Clue Addin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: eNetHook.dll avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7852 bytes Endret 18. februar 2009 av Tobye Lenke til kommentar
norbat Skrevet 18. februar 2009 Del Skrevet 18. februar 2009 Ser ikke noe spesielt i loggene. Kan du si noe mer om trojaneren - hvor fant avg den? Lenke til kommentar
tobler0ne Skrevet 18. februar 2009 Forfatter Del Skrevet 18. februar 2009 (endret) Jeg greide å delete den fra Virus Vault da AVG rapporterte osv, men den het Trojan horse Generic_c.ABUZ og var located i C:\Program Files\Adobe\Acrobat 7.0\-et eller annet. Husker ikke mer spesifikt, men kjører en ny scan med AVG nå. Resident Shield detection history: Infection: Trojan horse Generic_c.ABUZ Object: C:\Users\Tobjørn\AppData\Local\Opera\Opera\profile\cache4\op0SW10 Result: Moved to Virus Vault Infection: Virus found Win32/Heur Object: C:\Users\Torbjørn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQK5268\file[1].exe Result: Deleted Kjørte CCleaner før jeg begynte med MBAM osv. Endret 18. februar 2009 av Tobye Lenke til kommentar
norbat Skrevet 18. februar 2009 Del Skrevet 18. februar 2009 Hvis det er Acrobate Reader 7 du har, så bør du oppdatere til v.9 Lenke til kommentar
tobler0ne Skrevet 18. februar 2009 Forfatter Del Skrevet 18. februar 2009 Done. Lå visst litt etter det ^^. Bruker nesten ikke Reader så. Men AVG er ferdig, fant ingen ting. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå