Trojan horse Clicker.AALX

View previous topic View next topic Go down

Trojan horse Clicker.AALX

Post by madsenius on 27th July 2009, 3:57 pm

Hi! Everytiime I open a new window or tab in windows explorer, AVG gives me this message: "Threat dected!". The name of the threat is "Trojan horse Clicker.AALX. This is the result I get after a Highjackthis scan:
Since the whole log is to big to be posted I have to post two messages.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:48, on 28.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Spydeberg xenon team\Desktop\winlogon.exe
C:\Windows\System32\notepad.exe


Last edited by madsenius on 27th July 2009, 4:00 pm; edited 1 time in total (Reason for editing : misunderstanding of the name of the virus)

madsenius
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-07-27
OS OS : Vista
Points Points : 26928
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse Clicker.AALX

Post by madsenius on 27th July 2009, 3:59 pm

Here is the SECOND PART:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{04DBD1A8-8D5E-4C27-8C86-1997837C7A17}: NameServer = 85.255.112.140,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EB49B1D-8340-4851-A7B3-5CB512BC45D1}: NameServer = 85.255.112.140,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B895FE9-5BF9-41DC-845A-024FB274F7DF}: NameServer = 85.255.112.140,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.140,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{04DBD1A8-8D5E-4C27-8C86-1997837C7A17}: NameServer = 85.255.112.140,85.255.112.132
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.140,85.255.112.132
O17 - HKLM\System\CS4\Services\Tcpip\..\{04DBD1A8-8D5E-4C27-8C86-1997837C7A17}: NameServer = 85.255.112.140,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.140,85.255.112.132
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Visning på skjermen (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15450 bytes

madsenius
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-07-27
OS OS : Vista
Points Points : 26928
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse Clicker.AALX

Post by Belahzur on 27th July 2009, 9:22 pm

Hello.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (AVG8)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan horse Clicker.AALX

Post by madsenius on 28th July 2009, 1:49 am

ComboFix 09-07-27.02 - Spydeberg xenon team 29.07.2009 2:17.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.47.1044.18.2030.893 [GMT 1:00]
Kjører fra: c:\users\Spydeberg xenon team\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1777418286-3849083834-602942862-500
c:\$recycle.bin\S-1-5-21-3980819162-4199413548-1520875247-500
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\\setup.exe
c:\windows\Installer\66285.msi
c:\windows\Installer\c7f115.msi
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\MSIVXvqypitqbpbtrxcnsivvbfxwaijmpkxtp.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXkvgbbaabkhkoxadvlkqstedioxedeoot.dll
c:\windows\System32\MSIVXrnsxcsijtirpxssuxevcwfeyotpemqgy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-28 til 2009-07-29 )))))))))))))))))))))))))))))))))
.

2009-07-29 01:31 . 2009-07-29 01:36 -------- d-----w- c:\users\Spydeberg xenon team\AppData\Local\temp
2009-07-29 01:31 . 2009-07-29 01:31 -------- d-----w- c:\users\Gjest\AppData\Local\temp
2009-07-27 23:40 . 2009-07-27 23:40 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB5BB.tmp.exe
2009-07-25 01:56 . 2009-07-25 01:56 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-11 13:54 . 2009-07-11 13:54 -------- d-----w- c:\users\Spydeberg xenon team\AppData\Roaming\AVG8
2009-07-11 13:54 . 2009-07-11 13:51 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-07-11 13:54 . 2009-07-11 13:55 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-07-07 13:46 . 2009-07-22 11:20 -------- d-----w- c:\programdata\NOS
2009-07-07 13:46 . 2009-07-22 11:20 -------- d-----w- c:\program files\NOS
2009-07-07 13:12 . 2009-07-07 13:12 -------- d-----w- c:\users\Spydeberg xenon team\AppData\Local\Microsoft Help
2009-07-07 13:07 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-07 13:07 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 21:53 . 2009-07-28 14:27 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-03 14:44 . 2009-07-24 11:55 -------- d-----w- c:\users\Spydeberg xenon team\AppData\Roaming\Spotify
2009-07-03 14:44 . 2009-07-03 14:44 -------- d-----w- c:\users\Spydeberg xenon team\AppData\Local\Spotify
2009-07-03 14:44 . 2009-07-03 14:44 -------- d-----w- c:\program files\Spotify
2009-07-03 14:06 . 2009-07-03 14:06 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD7F.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 01:31 . 2008-03-15 10:36 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-29 00:37 . 2008-10-22 18:44 -------- d-----w- c:\programdata\Google Updater
2009-07-25 23:43 . 2008-11-24 01:43 -------- d-----w- c:\users\Spydeberg xenon team\AppData\Roaming\dvdcss
2009-07-11 18:10 . 2008-09-20 15:56 -------- d-----w- c:\users\Spydeberg xenon team\AppData\Roaming\BitTorrent
2009-07-11 13:51 . 2008-11-10 17:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-11 13:51 . 2008-11-10 17:10 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-11 13:51 . 2008-11-10 17:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-11 13:48 . 2008-03-15 19:12 98046 ----a-w- c:\windows\system32\perfc014.dat
2009-07-11 13:48 . 2008-03-15 19:12 506942 ----a-w- c:\windows\system32\perfh014.dat
2009-07-07 13:25 . 2008-07-17 15:53 151504 ----a-w- c:\users\Spydeberg xenon team\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-07 13:13 . 2008-03-15 11:57 -------- d-----w- c:\programdata\Microsoft Help
2009-07-07 13:11 . 2008-03-15 11:59 -------- d-----w- c:\program files\Microsoft Works
2009-07-05 18:01 . 2008-03-15 11:19 -------- d-----w- c:\program files\Java
2009-07-03 17:50 . 2008-03-15 11:45 1732 ----a-w- C:\tvtpktfilter.dat
2009-06-11 22:17 . 2008-12-13 17:57 151504 ----a-w- c:\users\Gjest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-05 20:47 . 2009-06-05 20:46 -------- d-----w- c:\program files\iTunes
2009-06-05 20:46 . 2009-06-05 20:46 -------- d-----w- c:\program files\iPod
2009-06-05 20:46 . 2008-07-20 14:06 -------- d-----w- c:\program files\Common Files\Apple
2009-06-05 20:44 . 2009-06-05 20:43 -------- d-----w- c:\program files\QuickTime
2009-06-05 20:35 . 2009-06-05 20:35 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 11:04 . 2008-10-02 19:00 -------- d-----w- c:\program files\Windows Live
2009-06-05 10:49 . 2009-05-14 15:33 -------- d-----w- c:\program files\HP
2009-06-05 10:46 . 2009-05-14 15:32 -------- d-----w- c:\programdata\HP
2009-06-05 10:46 . 2009-06-05 10:46 262144 ----a-w- c:\programdata\ntuser.dat
2009-06-04 14:21 . 2008-10-13 19:26 1 ----a-w- c:\users\Spydeberg xenon team\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-04 14:21 . 2008-10-13 19:13 -------- d-----w- c:\users\Spydeberg xenon team\AppData\Roaming\OpenOffice.org2
2009-06-04 05:53 . 2008-09-20 15:56 -------- d-----w- c:\users\Spydeberg xenon team\AppData\Roaming\DNA
2009-05-30 00:19 . 2008-07-17 15:48 1356 ----a-w- c:\users\Spydeberg xenon team\AppData\Local\d3d9caps.dat
2009-05-29 12:36 . 2009-05-29 12:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 12:36 . 2009-05-29 12:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-21 15:25 . 2008-07-17 19:11 69824 ----a-w- c:\users\Spydeberg xenon team\AppData\Roaming\nvModes.dat
2009-05-21 10:33 . 2009-02-01 17:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-30 12:37 . 2009-06-25 23:27 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-25 23:27 428544 ----a-w- c:\windows\system32\EncDec.dll
2008-05-31 03:14 . 2008-05-31 03:14 323584 ----a-w- c:\program files\setup.exe
2008-05-31 03:14 . 2008-05-31 03:14 217 ----a-w- c:\program files\setup.ini
2008-05-31 03:14 . 2008-05-31 03:14 1821008 ----a-w- c:\program files\instmsiw.exe
2008-05-31 03:14 . 2008-05-31 03:14 1707856 ----a-w- c:\program files\instmsia.exe
2008-03-15 19:27 . 2008-03-15 19:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

madsenius
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-07-27
OS OS : Vista
Points Points : 26928
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse Clicker.AALX

Post by madsenius on 28th July 2009, 1:50 am

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-12-06 324896]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-12-06 214576]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-09-07 408088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 820520]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 536576]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-10-24 33304]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-27 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-27 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-11 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"TpShocks"="TpShocks.exe" - c:\windows\System32\TpShocks.exe [2007-11-22 181536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 21:17 89600 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9EB5D91-99D8-474D-A5DC-8691245AE315}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{31E920D9-E095-406F-8DD4-28042C5D6D8D}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{B79CA642-1116-4646-8A83-77B328CBAAED}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{E0278F9A-ECDB-4D01-A774-9DB7A4C19F01}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{306F5268-AF62-4454-B496-2570DFFA5476}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{AA4D9A0C-5614-48C6-8B90-46DD7C6722EE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5FFE9DA7-CC7A-4B41-8184-769F5AC0F517}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{97F954C2-B2FC-40BA-9500-BDAAFCF225B0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CD728BFE-4496-4C2F-9FD5-4BAC3E2DD61B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{ED7EDBE7-6851-4F42-92FD-B1E9A43068CC}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{3F5897BA-9EF5-408A-943E-7A50C0FAB81F}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{A298DE9E-429B-4454-ABA6-7C03EBB05327}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{5977E5C8-F05A-4272-82F1-CCE5725102E6}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{47274109-70E8-41A6-AB53-F63390CA2D1D}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{BB70F77E-E132-4211-85DC-384C67C2B74D}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"TCP Query User{201279EC-8D5F-4B2C-979E-49E9EDA68BA8}c:\\users\\spydeberg xenon team\\program files\\dna\\btdna.exe"= UDP:c:\users\spydeberg xenon team\program files\dna\btdna.exe:btdna.exe
"UDP Query User{40B10F9E-C30D-4D4D-9856-35E593670909}c:\\users\\spydeberg xenon team\\program files\\dna\\btdna.exe"= TCP:c:\users\spydeberg xenon team\program files\dna\btdna.exe:btdna.exe
"TCP Query User{2F746F14-352C-4E1C-BB6F-11706E6FAA89}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{EE8A22FA-1687-43CC-8F70-89B5F380CDCD}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"{EE923E79-A9E7-4FB1-9454-EDCD520693F4}"= UDP:c:\program files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{7AA13BFF-0295-4BB8-9B99-1CAD12DFFFE5}"= TCP:c:\program files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{4B3DFFA4-8AA3-40AF-8246-7814A2D13A87}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0579D58F-4F95-4144-9C86-1560967E8C5E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6C1CF861-E936-456A-97FE-9534D8FA79B0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{776D147F-2DB9-4202-B9A2-B87256B9EF52}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B2CA8AA7-3E3B-4CA7-9852-8E900EBC06DC}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{F29F88CB-BA1F-4CFA-8625-64EA6E4636FE}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{227E13A2-7881-459C-8BFD-2C39F7EC1374}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A1B76DEA-31D6-43FC-AF51-8B8D012860B6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{00B8972A-C27F-42BB-8D20-D1489DF3454B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8B06CDD8-15D3-439D-881D-A6CCFBD66769}"= UDP:5353:Adobe CSI CS4
"{12E09258-E078-4DA9-A345-00428FCCEFD0}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{03C6D206-B1B1-4D70-A662-F4E2170A4B38}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3AEA9BF7-4BA9-455E-B5A4-1022B365CE5F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3E9617E1-4EA6-453E-AE3D-DBE7C9067881}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A7409A3D-74AC-4E0A-89F1-51A421602B44}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EF1D7C7A-ABFE-48B8-97CE-A5CFEC66F83B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{EFA0A819-8C70-430D-B278-6D5AE6545E7D}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{821ECF40-E129-44A4-9056-EC40531E3388}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [15.03.2008 12:45 220696]
R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [16.10.2007 18:33 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [16.10.2007 18:32 19504]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10.11.2008 18:10 327688]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [19.02.2007 05:12 13744]
R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [15.03.2008 11:46 12080]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.03.2007 22:10 11152]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [22.05.2007 15:59 30336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02.11.2006 11:25 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-07-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-15 16:18]

2009-07-29 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]

2009-07-29 c:\windows\Tasks\User_Feed_Synchronization-{9960BACD-2C91-4B10-A9C0-7AE01909AF03}.job
- c:\windows\system32\msfeedssync.exe [2009-07-07 11:31]
.
.
------- Tilleggsskanning -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send bilde til &Bluetooth-enhet... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send side til &Bluetooth-enhet... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: skandiabanken.no\secure
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-29 02:37
Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

madsenius
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-07-27
OS OS : Vista
Points Points : 26928
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse Clicker.AALX

Post by madsenius on 28th July 2009, 1:50 am

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'Explorer.exe'(1300)
c:\windows\system32\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\System32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Intel\AMT\UNS.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\System32\conime.exe
c:\windows\System32\VSSVC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2009-07-29 2:43 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2009-07-29 01:43

Pre-Run: 96 003 375 104 byte ledig
Post-Run: 95 306 928 128 byte ledig

331 --- E O F --- 2009-07-07 13:15

madsenius
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-07-27
OS OS : Vista
Points Points : 26928
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse Clicker.AALX

Post by Belahzur on 28th July 2009, 5:30 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan horse Clicker.AALX

Post by madsenius on 30th July 2009, 1:01 pm

Hei!
Thank you very much! The message from AVG has stopped coming. There is still only one problem. Some web pages are acting kind of funny. The problem is that each time I update the page about two centimeters of the screen get white. After like 10-15 updates of the same page, the whole screen is white. This concerns wep pages like facebook or local newspapers. I am not sure if this has anything to do with this trojan or something else?

madsenius
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-07-27
OS OS : Vista
Points Points : 26928
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum