McDuck81 Skrevet 29. juli 2010 Del Skrevet 29. juli 2010 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4367 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 29.07.2010 22:34:15 mbam-log-2010-07-29 (22-34-15).txt Skanntype: Hurtigsøk Objekter skannet: 129399 Tid tilbakelagt: 12 minutt(er), 33 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) ComboFix 10-07-29.01 - Bruker 29.07.2010 22:53:08.1.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.47.1033.18.2046.1016 [GMT 2:00] Kjører fra: c:\users\Bruker\Downloads\ComboFix.exe SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-06-28 til 2010-07-29 ))))))))))))))))))))))))))))))))) . 2010-07-29 21:02 . 2010-07-29 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-29 20:13 . 2010-07-29 20:13 -------- d-----w- c:\users\Bruker\AppData\Roaming\Malwarebytes 2010-07-29 20:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-29 20:13 . 2010-07-29 20:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-29 20:13 . 2010-07-29 20:13 -------- d-----w- c:\programdata\Malwarebytes 2010-07-29 20:13 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-28 20:02 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-07-28 17:28 . 2010-07-28 17:28 -------- d-----w- c:\program files\CCleaner 2010-07-21 20:29 . 2010-07-21 20:29 -------- d-----w- C:\$AVG 2010-07-21 20:17 . 2010-07-21 20:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-21 20:17 . 2010-07-21 20:17 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-21 20:17 . 2010-07-21 20:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-21 20:17 . 2010-07-21 20:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-07-21 20:17 . 2010-07-29 19:48 -------- d-----w- c:\windows\system32\drivers\Avg 2010-07-21 20:17 . 2010-07-21 20:19 -------- d-----w- c:\programdata\AVG Security Toolbar 2010-07-21 20:14 . 2010-07-21 20:14 -------- d-----w- c:\program files\AVG 2010-07-21 20:14 . 2010-07-21 20:14 -------- d-----w- c:\programdata\avg9 2010-07-20 20:51 . 2010-07-28 16:57 -------- d-----w- c:\users\Bruker\AppData\Local\gyvbsxpod . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-29 21:03 . 2010-02-27 22:19 -------- d-----w- c:\program files\Common Files\Akamai 2010-07-28 20:29 . 2008-09-13 22:58 12 ----a-w- c:\windows\bthservsdp.dat 2010-07-28 20:15 . 2008-09-13 23:10 -------- d-----w- c:\programdata\Symantec 2010-07-28 20:04 . 2009-05-03 09:36 -------- d-----w- c:\users\Bruker\AppData\Roaming\Apple Computer 2010-07-28 18:30 . 2008-10-10 12:56 -------- d-----w- c:\program files\Google 2010-07-28 17:14 . 2009-01-11 13:38 -------- d-----w- c:\program files\Microsoft 2010-07-18 21:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-07-18 21:43 . 2008-09-13 23:22 -------- d-----w- c:\programdata\Microsoft Help 2010-07-06 18:25 . 2009-01-27 18:12 -------- d-----w- c:\users\Bruker\AppData\Roaming\Spotify 2010-06-28 21:39 . 2008-12-30 22:07 -------- d-----w- c:\users\Bruker\AppData\Roaming\uTorrent 2010-06-26 01:04 . 2008-09-13 23:26 -------- d-----w- c:\program files\Microsoft.NET 2010-06-23 19:06 . 2010-06-23 19:06 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb23.tmp.exe 2010-06-22 20:31 . 2010-05-30 16:50 -------- d-----w- c:\program files\iTunes 2010-06-22 20:29 . 2010-06-22 20:29 -------- d-----w- c:\program files\iPod 2010-06-22 20:29 . 2009-05-03 09:31 -------- d-----w- c:\program files\Common Files\Apple 2010-06-22 20:22 . 2010-06-22 20:22 -------- d-----w- c:\program files\Bonjour 2010-06-22 20:16 . 2010-06-22 20:16 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-22 20:13 . 2010-02-05 08:11 -------- d-----w- c:\program files\Safari 2010-06-22 20:09 . 2010-06-22 20:09 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe 2010-06-07 10:04 . 2009-10-25 22:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-07 10:04 . 2008-12-30 22:07 -------- d-----w- c:\program files\uTorrent 2010-05-26 17:06 . 2010-06-08 19:51 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-08 19:51 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-19 16:01 . 2010-05-19 16:01 655360 ----a-w- c:\users\Bruker\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-05-19 16:01 . 2010-05-19 16:01 282624 ----a-w- c:\users\Bruker\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-05-19 16:01 . 2010-05-19 16:01 208896 ----a-w- c:\users\Bruker\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll 2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-04 05:59 . 2010-06-08 19:51 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-08 19:51 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 05:55 . 2010-06-08 19:51 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 04:31 . 2010-06-08 19:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 22:24 . 2010-05-01 22:26 38784 ----a-w- c:\users\Bruker\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-05-01 22:24 . 2010-05-01 22:26 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-05-01 14:13 . 2010-06-08 19:51 2037248 ----a-w- c:\windows\system32\win32k.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "BtcMaestro"="c:\program files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe" [2008-08-21 360448] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "SigmatelSysTrayApp"="sttray.exe" [2007-01-12 303104] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-21 2065760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "VistaSp2"=hex(b):85,83,2e,d0,89,cf,ca,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-21 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-21 243024] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-21 308136] S2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2008-06-05 344161] S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2008-06-05 120976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5643 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {{907A768D-DD74-476d-8487-FD27DF7AD7FF} - c:\casino\Club Dice Casino\casino.exe Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://connectra.km.kongsberg.com/SNX/CSHELL/extender.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-29 23:02 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2010-07-29 23:06:49 ComboFix-quarantined-files.txt 2010-07-29 21:06 Pre-Run: 9 203 052 544 bytes free Post-Run: 9 142 300 672 bytes free - - End Of File - - 925F998C60A2A97FCFB418E28A3E7035 Lenke til kommentar
snippsat Skrevet 30. juli 2010 Del Skrevet 30. juli 2010 Loggene ser bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå