Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Logga in   
  • Registrera konto


Foto
* * * * * 1 röster

Virus Hjälp! Trojan horse Generic18.BYZH


Den här tråden har arkiverats. Det innebär att du inte längre kan svara på inlägg i tråden. Vänligen starta en ny tråd vid behov.
35 svar i den här tråden

#1 Niki

Niki
  • Medlem
  • Pip
  • 16 inlägg

Skrivet 15 september 2010 - 19:51

Hejsan!

Idag när jag spelade spel så tabbades jag ner till skrivbordet tackvare AVG 9.0 Free som hittat en trojan (Trojan horse Generic18.BYZH) på min hårddisk.
Jag tog bort filen med hjälp utav AVG och trodde allt var frid och fröjd. Tills 2 timmar senare, då samma meddelande dyker upp igen.. Så jag googlade Trojan horse Generic18.BYZH och hittade hit tack vare en annan person som haft samma problem. Länk

Jag har precis gjort första steget.


Hej! Låt bli systemåterställningen för det löser inte ditt problem!
Följ dessa instruktioner och posta loggarna så får vi se hur det ser ut: http://www.saswsupport.se/?page_id=241
Mvh MrO


Efter att jag gjort den scanningen så sparades denna log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databasversion: 4621

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2010-09-15 20:33:49
mbam-log-2010-09-15 (20-33-49).txt

Skanningstyp: Snabbskanning
Antal skannade objekt: 135141
Förfluten tid: 4 minut(er), 53 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Users\Samsung\AppData\Local\Temp\test.exe (Trojan.Zlob) -> Quarantined and deleted successfully.



Nu står jag vid steg två i Denna guide och vet inte var jag laddar ner Hijack This.

Jag är evigt tacksam för all hjälp jag kan få!

MVH
Niki


ANNONS:

#2 si3rra

si3rra

    =^..^=

  • Hedersmedlem
  • 3 498 inlägg

Skrivet 15 september 2010 - 20:24

http://free.antivirus.com/hijackthis/

#3 Sunshine

Sunshine
  • Medlem
  • PipPipPipPipPipPipPipPip
  • 1 980 inlägg

Skrivet 15 september 2010 - 21:07

http://www.tech-faq....emove-zlob.html
Testa denna och se om det inte tas bort!
Mvh// Sunshine

#4 Cecilia

Cecilia
  • Hedersmedlem
  • 4 718 inlägg

Skrivet 15 september 2010 - 21:14

Det är inte alls säkert att infektionen yttrar sig på samma sätt längre för skadliga program kommer ständigt i nya versioner och därför behöver det inte gå bra att följa en gammal instruktion.

Jag skulle vilja veta i vilka filer och mappar som AVG har hittat de trojanska hästarna, det borde finnas en logg eller karantän i AVG där det framgår.

I stället för HijackThis föredrar jag DDS eftersom det visar mer. Spara DDS på Skrivbordet.
http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.
Tryck Yes/Ja om frågan om Optional Scan dyker upp.
I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

#5 Niki

Niki
  • Medlem
  • Pip
  • 16 inlägg

Skrivet 15 september 2010 - 21:42

Det är inte alls säkert att infektionen yttrar sig på samma sätt längre för skadliga program kommer ständigt i nya versioner och därför behöver det inte gå bra att följa en gammal instruktion.

Jag skulle vilja veta i vilka filer och mappar som AVG har hittat de trojanska hästarna, det borde finnas en logg eller karantän i AVG där det framgår.

I stället för HijackThis föredrar jag DDS eftersom det visar mer. Spara DDS på Skrivbordet.
http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.
Tryck Yes/Ja om frågan om Optional Scan dyker upp.
I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.



Först och främst tack för visat intresse! :)

Filen är bifogad och här kommer DDS logen.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Samsung at 22:36:55,18 on 2010-09-15
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3566.2335 [GMT 2:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\SYSTEM32\Rezip.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Templates\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Spotify\spotify.exe
C:\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Samsung\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Google Update] "c:\users\samsung\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ATI] c:\users\samsung\appdata\roaming\microsoft\windows\templates\taskeng.exe
uRun: [ControlPanel] c:\users\samsung\appdata\roaming\microsoft\taskeng.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\samsung\appdata\roaming\mozilla\firefox\profiles\xz66l5jx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\samsung\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-1 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-1 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-1 243024]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-1-5 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-1 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-1 308136]
R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2010-1-5 311296]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-1-6 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-10 29472]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-8-1 9728]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-6 125696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-8-1 105576]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-7-4 119016]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-8-1 5760]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-1 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-17 430152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2010-8-1 39936]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-10 54632]
S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-1 1343400]

=============== Created Last 30 ================

2010-09-15 18:27:46 0 d-----w- c:\users\samsung\appdata\roaming\Malwarebytes
2010-09-15 18:27:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 18:27:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 18:27:33 0 d-----w- c:\programdata\Malwarebytes
2010-09-15 18:27:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 01:00:44 0 d-----w- C:\05001902cdbcc91ca822668e3774
2010-09-14 22:28:31 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 18:40:42 0 d-----w- c:\users\samsung\appdata\roaming\StealthBot
2010-09-13 18:40:12 0 d-----w- C:\Stealthbot
2010-09-12 08:01:13 49917 ----a-w- c:\users\samsung\.ems.cfg
2010-09-12 08:00:18 299520 ----a-w- c:\windows\uninst.exe
2010-09-12 07:57:44 0 d-----w- c:\program files\Your Freedom
2010-09-05 14:27:15 0 d-----w- c:\program files\iPod
2010-09-05 14:27:14 0 d-----w- c:\program files\iTunes
2010-08-30 21:01:36 0 d-----w- c:\programdata\Boss Media
2010-08-30 21:01:33 0 d-----w- C:\Svenska Spels Poker
2010-08-26 10:22:21 0 d-----w- c:\programdata\Office Genuine Advantage
2010-08-25 20:38:22 0 d-----w- c:\users\samsung\appdata\roaming\AVG9
2010-08-24 21:12:50 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 08:13:58 0 d-----w- C:\Ventrilo 3.0.5
2010-08-24 08:13:56 254 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-08-24 08:13:22 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-08-23 06:41:00 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-23 06:41:00 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-08-20 10:36:05 0 d-----w- c:\program files\Screaming Bee LLC
2010-08-20 10:30:06 0 d-----w- C:\MorphVOX Pro
2010-08-20 10:27:36 0 d-----w- c:\program files\Screaming Bee
2010-08-20 07:38:53 0 d-----w- c:\users\samsung\appdata\roaming\Screaming Bee
2010-08-20 07:38:37 0 d-----w- c:\programdata\Screaming Bee
2010-08-19 15:17:28 0 d-----w- c:\program files\SpotifyRemotelessHelper
2010-08-17 15:39:04 574976 ----a-w- c:\windows\system32\Western_Railway_NV_3D_Screensaver.scr
2010-08-17 15:39:04 0 d-----w- c:\program files\Western Railway NV 3D Screensaver
2010-08-17 13:46:33 0 d-----w- c:\programdata\AVG Security Toolbar

==================== Find3M ====================

2010-09-03 19:42:48 617470 ----a-w- c:\windows\system32\perfh01D.dat
2010-09-03 19:42:48 120802 ----a-w- c:\windows\system32\perfc01D.dat
2010-08-14 18:52:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-08-14 18:49:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2010-08-07 20:23:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-02 19:09:25 170 ----a-w- c:\programdata\nvUnsupRes.dat
2010-08-02 16:12:22 28457 ----a-w- c:\windows\DIIUnin.dat
2010-08-01 17:38:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 16:48:33 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-08-01 16:48:33 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-08-01 16:48:33 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-08-01 16:31:01 94208 ----a-w- c:\windows\DIIUnin.exe
2010-08-01 16:31:01 2829 ----a-w- c:\windows\DIIUnin.pif
2010-08-01 14:40:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-01 14:39:59 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-01 14:39:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-09 14:20:08 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20:06 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20:06 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20:06 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20:06 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-07 12:03:14 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-21 22:07:47 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07:45 600680 ----a-w- c:\windows\system32\nvuhda.exe
2010-06-21 22:07:43 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-01-06 04:19:35 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2010-01-06 04:19:35 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2010-01-06 04:19:35 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2010-01-06 04:19:35 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:37:50,55 ===============

Bifogade fil(er)

  • Bifogad fil  Attach.txt   6,13KB   2 Antal nedladdningar


#6 Cecilia

Cecilia
  • Hedersmedlem
  • 4 718 inlägg

Skrivet 15 september 2010 - 22:04

I fortsättningen använd inte citat-knappen utan klistra in loggar direkt i svaret utan någon knapp.

Hittade du någon information i AVG om vilka filer det hade hittat?

Vad finns i mappen C:\05001902cdbcc91ca822668e3774 ?
Och i mappen C:\Stealthbot ?

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.
c:\windows\system32\Rezip.exe
c:\windows\system32\spoolsv.exe

#7 Niki

Niki
  • Medlem
  • Pip
  • 16 inlägg

Skrivet 15 september 2010 - 22:14

I fortsättningen använd inte citat-knappen utan klistra in loggar direkt i svaret utan någon knapp.

Hittade du någon information i AVG om vilka filer det hade hittat?

Vad finns i mappen C:\05001902cdbcc91ca822668e3774 ?
Och i mappen C:\Stealthbot ?

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.
c:\windows\system32\Rezip.exe
c:\windows\system32\spoolsv.exe


AVG hittade denna:
"C:\Users\Samsung\AppData\Local\Temp\412gg.exe";"Trojan horse Generic18.BYZH";"Moved to Virus Vault"


Rezip.exe gav detta:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: f85ae59a52885f4b09aadafb23001a3b
Date first seen: 2009-07-25 03:29:46 (UTC)
Date last seen: 2010-09-14 14:24:45 (UTC)
Detection ratio: 0/43

Spoolsv.exe gav detta:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: d1bb750eb51694de183e08b9c33be5b2
Date first seen: 2010-09-14 21:58:56 (UTC)
Date last seen: 2010-09-15 00:09:31 (UTC)
Detection ratio: 0/42

Stealthbot är en chat-client för spelet Diablo II. Inget märkvärdigt, då jag använt det i åratal.


Tack igen!

#8 Cecilia

Cecilia
  • Hedersmedlem
  • 4 718 inlägg

Skrivet 15 september 2010 - 22:53

Det såg ju bra ut. Då är det enda frågetecknet vad som finns i mappen C:\05001902cdbcc91ca822668e3774.

#9 Niki

Niki
  • Medlem
  • Pip
  • 16 inlägg

Skrivet 16 september 2010 - 05:49

Det såg ju bra ut. Då är det enda frågetecknet vad som finns i mappen C:\05001902cdbcc91ca822668e3774.



i C:\05001902cdbcc91ca822668e3774 finns en MRT.exe.

Jag tänkte jag skulle scanna den i total virus, men det kunde jag inte.. Står att jag ska kontakta filens ägare för mer information :S Jag har aldrig varit med om dess like.

€: Jag googlade och det verkar vara en legitim fil (MRT.exe).


Men du ser inget annat som kan tänkas vara något?

Det här inlägget har redigerats av Niki: 16 september 2010 - 05:51


#10 Cecilia

Cecilia
  • Hedersmedlem
  • 4 718 inlägg

Skrivet 16 september 2010 - 09:19

Ja, det är ju Microsofts program för att ta bort vissa typer av skadliga filer och det kom med Windows-uppdateringarna som kom ut tisdag kväll.

Jag tycker det ser ut som att AVG stoppade infektionen innan den hann ställa till med något i datorn. Tycker du att datorn fungerar normalt?

#11 e-son

e-son

    e-compressed

  • Hedersmedlem
  • 9 567 inlägg

Skrivet 16 september 2010 - 09:40

Ja, det är ju Microsofts program för att ta bort vissa typer av skadliga filer och det kom med Windows-uppdateringarna som kom ut tisdag kväll.


Ett litet fel bara...!
MRT.exe skall ligga i C:\Windows\System32 som standard. Loggfilen för programmet finns på C:\Windows\debug\mrt.log.
Vet inte hur den har hamnat i nämnda underliga mapp, men föreslår att den zippas och flyttas till annan lämplig plats, varefter "den riktiga" MRT.exe undersöks lite mer ingående.

Edit:
Man kan t.ex köra MRT.exe för att kolla så att den fungerar som förväntat, genom att skriva mrt.exe i startmenyns sökfält och trycka Enter...

Det här inlägget har redigerats av e-son: 16 september 2010 - 09:47


Ingen support via PM! Skriv ett inlägg i lämplig forumdel, så hjälper jag gärna till när jag kan.

Spoiler

 

`°º¤æ-.,¸ <°)))>< ¸,.-椺°` Endast döda fiskar följer strömmen `°º¤æ-.,¸ <°)))>< ¸,.-椺°`

thinkbigger


#12 Cecilia

Cecilia
  • Hedersmedlem
  • 4 718 inlägg

Skrivet 16 september 2010 - 09:53

Det är inte första gången som jag ser MRT i en sådan mapp. Jag vet inte, men det är kanske någon temporär mapp?

#13 e-son

e-son

    e-compressed

  • Hedersmedlem
  • 9 567 inlägg

Skrivet 16 september 2010 - 10:07

Det är inte första gången som jag ser MRT i en sådan mapp. Jag vet inte, men det är kanske någon temporär mapp?


Dom enda liknande mappnamn jag kan minnas är dom tempmappar som ibland bev över efter servicepack-installationer, ominstallationer o.dyl men dom brukde då vara fulla av rester och inte tomma sånär som på den här enstaka filen.
Hur som helst är det inget som skall finnas där.

Ingen support via PM! Skriv ett inlägg i lämplig forumdel, så hjälper jag gärna till när jag kan.

Spoiler

 

`°º¤æ-.,¸ <°)))>< ¸,.-椺°` Endast döda fiskar följer strömmen `°º¤æ-.,¸ <°)))>< ¸,.-椺°`

thinkbigger


#14 Cecilia

Cecilia
  • Hedersmedlem
  • 4 718 inlägg

Skrivet 16 september 2010 - 10:26

Niki, kan du komma ihåg när på dygnet det var som AVG reagerade första gången?

Den konstiga mappen skapades under natten:
2010-09-15 01:00:44 0 d-----w- C:\05001902cdbcc91ca822668e3774
fast den tiden motsvarar troligen klockan 3 svensk sommartid.
En Windowsuppdatering verka ha gjorts 1,5 timme innan dess:
2010-09-14 22:28:31 316928 ----a-w- c:\windows\system32\spoolsv.exe

#15 Niki

Niki
  • Medlem
  • Pip
  • 16 inlägg

Skrivet 16 september 2010 - 11:31

Jag drog igång en fullständig scanning med det där malware programmet. Jag ska även kolla loggarna från avg så snart jag kommer hem.

Återkommer ikväll!

För övrct så verkar datorn fungera som den ska. Dock verkar mitt internet jäkla slött för o vara 25mbit. Men det kan ju vara driftstörningar eller nått annat.

#16 Niki

Niki
  • Medlem
  • Pip
  • 16 inlägg

Skrivet 16 september 2010 - 15:51

Kom precis hem och kikade på Malware scanningen.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databasversion: 4621

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2010-09-16 16:48:05
mbam-log-2010-09-16 (16-48-05).txt

Skanningstyp: Fullständig skanning (C:\|)
Antal skannade objekt: 256005
Förfluten tid: 46 minut(er), 38 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 2

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Users\Samsung\Desktop\Niki\Installfiler\ventriloMIX05.exe (Trojan.Wreckit) -> Quarantined and deleted successfully.
C:\Windows\MSetup\BASW-01278A18\FailSafeFactoryInstaller_1017.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

-----------------------------------------------------

Nu fick ja samtidigt ett nytt meddelande av AVG.
Posted Image

Vad ska jag ta mig till? :(




Ny DDS log samt Attatch:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Samsung at 16:52:40,67 on 2010-09-16
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3566.2071 [GMT 2:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\SYSTEM32\Rezip.exe
C:\windows\system32\taskhost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Templates\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\taskmgr.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\NOTEPAD.EXE
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\mspaint.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samsung\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\explorer.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Samsung\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Google Update] "c:\users\samsung\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ATI] c:\users\samsung\appdata\roaming\microsoft\windows\templates\taskeng.exe
uRun: [ControlPanel] c:\users\samsung\appdata\roaming\microsoft\taskeng.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\samsung\appdata\roaming\mozilla\firefox\profiles\xz66l5jx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\samsung\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-1 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-1 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-1 243024]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-1-5 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-1 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-1 308136]
R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2010-1-5 311296]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-8-1 9728]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-6 125696]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-15 38224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-8-1 105576]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-7-4 119016]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-8-1 5760]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-1 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-17 430152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-1-6 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-10 29472]
S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2010-8-1 39936]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-10 54632]
S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-1 1343400]

=============== Created Last 30 ================

2010-09-15 18:27:46 0 d-----w- c:\users\samsung\appdata\roaming\Malwarebytes
2010-09-15 18:27:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 18:27:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 18:27:33 0 d-----w- c:\programdata\Malwarebytes
2010-09-15 18:27:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 01:00:44 0 d-----w- C:\05001902cdbcc91ca822668e3774
2010-09-14 22:28:31 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 18:40:42 0 d-----w- c:\users\samsung\appdata\roaming\StealthBot
2010-09-13 18:40:12 0 d-----w- C:\Stealthbot
2010-09-12 08:01:13 49917 ----a-w- c:\users\samsung\.ems.cfg
2010-09-12 08:00:18 299520 ----a-w- c:\windows\uninst.exe
2010-09-12 07:57:44 0 d-----w- c:\program files\Your Freedom
2010-09-05 14:27:15 0 d-----w- c:\program files\iPod
2010-09-05 14:27:14 0 d-----w- c:\program files\iTunes
2010-08-30 21:01:36 0 d-----w- c:\programdata\Boss Media
2010-08-30 21:01:33 0 d-----w- C:\Svenska Spels Poker
2010-08-26 10:22:21 0 d-----w- c:\programdata\Office Genuine Advantage
2010-08-25 20:38:22 0 d-----w- c:\users\samsung\appdata\roaming\AVG9
2010-08-24 21:12:50 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 08:13:58 0 d-----w- C:\Ventrilo 3.0.5
2010-08-24 08:13:56 254 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-08-24 08:13:22 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-08-23 06:41:00 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-23 06:41:00 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-08-20 10:36:05 0 d-----w- c:\program files\Screaming Bee LLC
2010-08-20 10:30:06 0 d-----w- C:\MorphVOX Pro
2010-08-20 10:27:36 0 d-----w- c:\program files\Screaming Bee
2010-08-20 07:38:53 0 d-----w- c:\users\samsung\appdata\roaming\Screaming Bee
2010-08-20 07:38:37 0 d-----w- c:\programdata\Screaming Bee
2010-08-19 15:17:28 0 d-----w- c:\program files\SpotifyRemotelessHelper
2010-08-17 15:39:04 574976 ----a-w- c:\windows\system32\Western_Railway_NV_3D_Screensaver.scr
2010-08-17 15:39:04 0 d-----w- c:\program files\Western Railway NV 3D Screensaver

==================== Find3M ====================

2010-09-16 04:40:46 261 ----a-w- c:\programdata\nvUnsupRes.dat
2010-09-03 19:42:48 617470 ----a-w- c:\windows\system32\perfh01D.dat
2010-09-03 19:42:48 120802 ----a-w- c:\windows\system32\perfc01D.dat
2010-08-14 18:52:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-08-14 18:49:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2010-08-07 20:23:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-02 16:12:22 28457 ----a-w- c:\windows\DIIUnin.dat
2010-08-01 17:38:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 16:48:33 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-08-01 16:48:33 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-08-01 16:48:33 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-08-01 16:31:01 94208 ----a-w- c:\windows\DIIUnin.exe
2010-08-01 16:31:01 2829 ----a-w- c:\windows\DIIUnin.pif
2010-08-01 14:40:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-01 14:39:59 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-01 14:39:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-09 14:20:08 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20:06 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20:06 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20:06 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20:06 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-07 12:03:14 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-21 22:07:47 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07:45 600680 ----a-w- c:\windows\system32\nvuhda.exe
2010-06-21 22:07:43 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-01-06 04:19:35 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2010-01-06 04:19:35 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2010-01-06 04:19:35 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2010-01-06 04:19:35 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:53:04,76 ===============

Bifogade fil(er)

  • Bifogad fil  Attach.txt   5,14KB   4 Antal nedladdningar

Det här inlägget har redigerats av Niki: 16 september 2010 - 15:58


#17 Cecilia

Cecilia
  • Hedersmedlem
  • 4 718 inlägg

Skrivet 16 september 2010 - 16:26

Vet du något om de två filerna MBAM hittade? Något du vet har funnits länge i datorn?
Ventrilo ser ju ut att ha installerats för 3-4 veckor sedan.
Har du sett till något falskt antivirusprogram eller liknande?
Har du fått oväntade frågor från Användarkontrollen (UAC)?

Kunde du komma ihåg när på dygnet det var som AVG reagerade första gången?

Vi söker djupare i datorn.
Spara ComboFix på Skrivbordet:
http://download.blee...Bs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.
Hur? Se http://www.bleepingc...opic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Det här inlägget har redigerats av Cecilia: 16 september 2010 - 16:27


#18 Niki

Niki
  • Medlem
  • Pip
  • 16 inlägg

Skrivet 16 september 2010 - 16:44

Vet du något om de två filerna MBAM hittade? Något du vet har funnits länge i datorn?


Nej det gör jag inte, aldrig sett dem tidigare.

Har du sett till något falskt antivirusprogram eller liknande?


Nepp, avinsallerade Mcaffe eller vare heter precis efter att jag återställt datorn till tillståndet den var i när jag köpte den. (backup)
Och efter det insallerade jag AVG.

Har du fått oväntade frågor från Användarkontrollen (UAC)?


Nej, inte vad jag märkt. Men min kära flickvän har börjat tanka hem serier.. Så jag har stora antagningar om att det kan vara där jag fått det ifrån.
När jag frågade henne om vad hon laddat ner så sa hon något i stil med att det var en RAR-fil med lösenord eller nått..

Kunde du komma ihåg när på dygnet det var som AVG reagerade första gången?


Första gången måste ha varit i Tisdag runt 17-18 snåret. Då har jag precis kommit hem från jobbet. Men när jag tittar i loggarna på AVG så står detta datum och klockslag.

2010-9-15, 20:00 (Detta är efter att jag lagt upp en tråd på detta forum)
2010-9-16, 16:52 (Idag när jag kom hem)



Återkommer när jag kört Combofix.

#19 Niki

Niki
  • Medlem
  • Pip
  • 16 inlägg

Skrivet 16 september 2010 - 17:07

ComboFix:



ComboFix 10-09-15.02 - Samsung 2010-09-16 17:51:26.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3566.2595 [GMT 2:00]
Körs från: c:\users\Samsung\Desktop\ComboFix.exe
* Skapade en ny återställningspunkt
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe
c:\users\Samsung\AppData\Roaming\Microsoft\taskeng.exe
c:\users\Samsung\AppData\Roaming\Microsoft\Windows\Templates\taskeng.exe
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
c:\windows\system32\tmp.reg
c:\windows\system32\vbzlib1.dll

.
(((((((((((((((((((((((( Filer Skapade från 2010-08-16 till 2010-09-16 ))))))))))))))))))))))))))))))
.

2010-09-15 18:27 . 2010-09-15 18:27 -------- d-----w- c:\users\Samsung\AppData\Roaming\Malwarebytes
2010-09-15 18:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 18:27 . 2010-09-15 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 18:27 . 2010-09-15 18:27 -------- d-----w- c:\programdata\Malwarebytes
2010-09-15 18:27 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 01:00 . 2010-09-15 01:02 -------- d-----w- C:\05001902cdbcc91ca822668e3774
2010-09-14 22:28 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 18:40 . 2010-09-13 18:40 -------- d-----w- c:\users\Samsung\AppData\Roaming\StealthBot
2010-09-13 18:40 . 2010-09-13 18:40 7358 ----a-r- c:\users\Samsung\AppData\Roaming\Microsoft\Installer\{C05DEB30-501D-4106-958D-C5E147D2BF7E}\_7a653c12.exe
2010-09-13 18:40 . 2010-09-13 18:40 7358 ----a-r- c:\users\Samsung\AppData\Roaming\Microsoft\Installer\{C05DEB30-501D-4106-958D-C5E147D2BF7E}\_3c6a7f4.exe
2010-09-13 18:40 . 2010-09-13 18:40 -------- d-----w- C:\Stealthbot
2010-09-12 09:13 . 2010-09-12 11:24 -------- d-----w- c:\users\Samsung\AppData\Roaming\vlc
2010-09-12 08:00 . 1998-02-06 20:37 299520 ----a-w- c:\windows\uninst.exe
2010-09-12 07:57 . 2010-09-12 07:57 -------- d-----w- c:\program files\Your Freedom
2010-09-05 14:27 . 2010-09-05 14:27 -------- d-----w- c:\program files\iPod
2010-09-05 14:27 . 2010-09-05 14:27 -------- d-----w- c:\program files\iTunes
2010-09-05 14:25 . 2010-09-05 14:26 -------- d-----w- c:\program files\QuickTime
2010-09-05 14:24 . 2010-09-05 14:24 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-30 21:01 . 2010-08-30 21:01 -------- d-----w- c:\users\Samsung\AppData\Local\Boss Media
2010-08-30 21:01 . 2010-08-30 21:01 -------- d-----w- c:\programdata\Boss Media
2010-08-30 21:01 . 2010-08-30 21:01 -------- d-----w- C:\Svenska Spels Poker
2010-08-26 10:22 . 2010-08-26 10:22 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-08-25 20:38 . 2010-08-25 20:38 -------- d-----w- c:\users\Samsung\AppData\Roaming\AVG9
2010-08-25 13:43 . 2010-08-25 13:43 -------- d-----w- c:\program files\Gabest
2010-08-24 21:12 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 08:13 . 2010-08-24 08:13 -------- d-----w- C:\Ventrilo 3.0.5
2010-08-24 08:13 . 2010-08-24 08:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-23 06:41 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-08-23 06:41 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-23 06:40 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-08-23 06:40 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-08-23 06:40 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-23 06:40 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-08-23 06:40 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-08-23 06:40 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-08-23 06:40 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-08-23 06:40 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-08-23 06:40 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-23 06:40 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-08-23 06:40 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-08-22 18:53 . 2010-08-22 18:53 -------- d-----w- c:\users\Samsung\AppData\Roaming\dvdcss
2010-08-20 10:36 . 2010-08-20 10:36 -------- d-----w- c:\program files\Screaming Bee LLC
2010-08-20 10:31 . 2010-08-20 10:31 -------- d-----w- c:\users\Samsung\AppData\Local\IsolatedStorage
2010-08-20 10:30 . 2010-08-20 10:30 -------- d-----w- C:\MorphVOX Pro
2010-08-20 10:27 . 2010-08-20 10:45 -------- d-----w- c:\program files\Screaming Bee
2010-08-20 07:38 . 2010-08-20 07:45 -------- d-----w- c:\users\Samsung\AppData\Roaming\Screaming Bee
2010-08-20 07:38 . 2010-08-20 10:31 -------- d-----w- c:\programdata\Screaming Bee
2010-08-19 15:39 . 2010-08-19 15:39 -------- d-----w- c:\users\Samsung\AppData\Local\Diagnostics
2010-08-19 15:17 . 2010-08-19 15:17 -------- d-----w- c:\program files\SpotifyRemotelessHelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 15:24 . 2010-08-01 17:59 -------- d-----w- c:\users\Samsung\AppData\Roaming\uTorrent
2010-09-16 15:05 . 2010-08-01 14:36 -------- d-----w- c:\program files\Common Files\Steam
2010-09-16 04:40 . 2010-08-02 19:06 261 ----a-w- c:\programdata\nvUnsupRes.dat
2010-09-15 21:33 . 2010-08-01 15:03 -------- d-----w- c:\users\Samsung\AppData\Roaming\Spotify
2010-09-15 21:16 . 2010-08-15 16:59 -------- d-----w- c:\users\Samsung\AppData\Roaming\Mumble
2010-09-15 01:18 . 2010-03-10 20:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-15 01:02 . 2010-03-10 20:43 -------- d-----w- c:\programdata\Microsoft Help
2010-09-14 22:58 . 2010-08-12 16:20 -------- d-----w- c:\program files\DsNET Corp
2010-09-12 11:24 . 2010-09-12 09:13 -------- d-----w- c:\users\Samsung\AppData\Roaming\vlc
2010-09-06 18:05 . 2010-03-10 20:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-05 14:29 . 2010-01-05 11:09 -------- d-----w- c:\programdata\Partner
2010-09-05 14:27 . 2010-08-14 18:48 -------- d-----w- c:\program files\Common Files\Apple
2010-09-03 19:42 . 2010-01-06 04:20 617470 ----a-w- c:\windows\system32\perfh01D.dat
2010-09-03 19:42 . 2010-01-06 04:20 120802 ----a-w- c:\windows\system32\perfc01D.dat
2010-08-26 17:18 . 2010-03-10 20:47 85408 ----a-w- c:\users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-25 12:24 . 2010-03-10 20:48 -------- d-----w- c:\program files\Microsoft
2010-08-24 08:14 . 2010-08-01 17:26 -------- d-----w- c:\users\Samsung\AppData\Roaming\Ventrilo
2010-08-18 14:34 . 2010-08-14 18:50 -------- d-----w- c:\users\Samsung\AppData\Roaming\Apple Computer
2010-08-17 15:43 . 2010-01-05 22:49 -------- d-----w- c:\programdata\NVIDIA
2010-08-17 15:39 . 2010-08-17 15:39 -------- d-----w- c:\program files\Western Railway NV 3D Screensaver
2010-08-17 13:46 . 2010-08-17 13:46 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-15 17:03 . 2010-08-15 16:58 -------- d-----w- c:\program files\Mumble
2010-08-14 18:53 . 2010-08-14 18:49 -------- d-----w- c:\programdata\Apple Computer
2010-08-14 18:52 . 2010-08-14 18:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-08-14 18:52 . 2010-08-14 18:52 -------- d-----w- c:\program files\Bonjour
2010-08-14 18:49 . 2010-08-14 18:49 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-14 18:49 . 2010-08-14 18:49 -------- d-----w- c:\program files\Apple Software Update
2010-08-14 18:49 . 2010-08-14 18:48 -------- d-----w- c:\programdata\Apple
2010-08-14 18:49 . 2010-08-14 18:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2010-08-14 14:40 . 2010-03-10 20:42 -------- d-----w- c:\program files\Microsoft Works
2010-08-08 18:34 . 2010-08-08 10:58 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-08 10:56 . 2010-08-08 10:56 -------- d-----w- c:\program files\Adobe Media Player
2010-08-08 10:55 . 2010-08-08 10:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-08 10:55 . 2010-08-08 10:55 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-08 10:27 . 2010-01-05 10:52 -------- d-----w- c:\programdata\WinClon
2010-08-08 10:27 . 2010-01-05 10:42 -------- d-----w- c:\program files\Samsung
2010-08-08 10:27 . 2010-01-05 10:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 20:23 . 2010-08-07 20:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-07 20:19 . 2010-08-07 20:19 -------- d-----w- c:\program files\VideoLAN
2010-08-04 14:31 . 2010-03-10 20:48 -------- d-----w- c:\program files\Windows Live
2010-08-02 22:54 . 2010-08-02 22:54 -------- d-----w- c:\program files\PowerISO
2010-08-02 16:12 . 2010-08-01 16:31 28457 ----a-w- c:\windows\DIIUnin.dat
2010-08-02 16:06 . 2010-08-02 16:06 -------- d-----w- c:\program files\Sandboxie
2010-08-01 17:59 . 2010-08-01 17:59 -------- d-----w- c:\program files\uTorrent
2010-08-01 17:38 . 2010-08-01 17:38 -------- d-----w- c:\program files\Common Files\Java
2010-08-01 17:38 . 2010-08-01 17:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 17:38 . 2010-08-01 17:38 -------- d-----w- c:\program files\Java
2010-08-01 17:26 . 2010-08-01 17:26 -------- d-----w- c:\program files\VentriloMIX
2010-08-01 17:04 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-01 16:48 . 2010-08-01 16:48 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-08-01 16:48 . 2010-08-01 16:48 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-08-01 16:48 . 2010-08-01 16:48 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-08-01 16:31 . 2010-08-01 16:31 94208 ----a-w- c:\windows\DIIUnin.exe
2010-08-01 16:31 . 2010-08-01 16:31 2829 ----a-w- c:\windows\DIIUnin.pif
2010-08-01 15:22 . 2010-08-01 15:22 -------- d-----w- c:\program files\Marvell
2010-08-01 15:03 . 2010-08-01 15:03 655360 ----a-w- c:\users\Samsung\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-08-01 15:03 . 2010-08-01 15:03 282624 ----a-w- c:\users\Samsung\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-08-01 15:03 . 2010-08-01 15:03 208896 ----a-w- c:\users\Samsung\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-08-01 15:03 . 2010-08-01 15:03 -------- d-----w- c:\program files\Spotify
2010-08-01 14:55 . 2010-08-01 14:55 -------- d-----w- c:\users\Samsung\AppData\Roaming\Razer
2010-08-01 14:53 . 2010-08-01 14:53 -------- d-----w- c:\program files\Razer
2010-08-01 14:41 . 2010-01-05 10:54 -------- d-----w- c:\programdata\McAfee
2010-08-01 14:40 . 2010-08-01 14:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-01 14:39 . 2010-08-01 14:39 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-01 14:39 . 2010-08-01 14:39 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-01 14:39 . 2010-08-01 14:39 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-01 14:37 . 2010-08-01 14:37 -------- d-----w- c:\program files\AVG
2010-08-01 14:37 . 2010-08-01 14:37 -------- d-----w- c:\programdata\avg9
2010-08-01 14:36 . 2010-01-05 11:09 -------- d-----w- c:\program files\Google
2010-08-01 14:35 . 2010-08-01 14:34 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-01 14:35 . 2010-08-01 14:35 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-01 14:27 . 2010-01-05 10:38 -------- d-----w- c:\program files\Intel
2010-08-01 14:27 . 2010-08-01 14:27 -------- d-----w- c:\users\Samsung\AppData\Roaming\InstallShield
2010-08-01 14:26 . 2010-08-01 14:26 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB166.tmp.exe
2010-07-29 06:30 . 2010-08-14 14:36 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-14 14:36 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-07 12:03 . 2010-01-05 10:38 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-01 12:21 . 2010-07-01 12:21 34896 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2010-06-30 06:25 . 2010-08-14 14:36 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 02:47 . 2010-06-23 02:47 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-22 02:47 . 2010-08-14 14:36 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-14 14:36 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-14 14:36 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 22:07 . 2010-08-01 14:33 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-01-06 03:54 600680 ----a-w- c:\windows\system32\nvuhda.exe
2010-06-21 22:07 . 2010-01-06 03:54 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-01 14:33 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-19 06:33 . 2010-08-14 14:36 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-14 14:36 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-14 14:36 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-14 14:36 2326016 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-04 328568]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]
"Google Update"="c:\users\Samsung\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-01 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-01 2065760]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [2009-08-10 39936]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-01 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-01 243024]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-08-02 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-01 308136]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-19 9728]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-21 5760]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 14:36]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 14:36]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3668850500-1260674723-286945001-1000Core.job
- c:\users\Samsung\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 14:36]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3668850500-1260674723-286945001-1000UA.job
- c:\users\Samsung\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 14:36]
.
.
------- Extra genomsökning -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\xz66l5jx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Samsung\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICY ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

Toolbar-Locked - (no file)
HKCU-Run-ATI - c:\users\Samsung\AppData\Roaming\Microsoft\Windows\Templates\taskeng.exe
HKCU-Run-ControlPanel - c:\users\Samsung\AppData\Roaming\Microsoft\taskeng.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS


.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2010-09-16 17:57:30
ComboFix-quarantined-files.txt 2010-09-16 15:57

Före genomsökningen: 386 940 141 568 byte ledigt
Efter genomsökningen: 387 040 559 104 byte ledigt

- - End Of File - - 2799AECAC713D12B07CB8D24B40F9E38

#20 Cecilia

Cecilia
  • Hedersmedlem
  • 4 718 inlägg

Skrivet 16 september 2010 - 17:11

C:\Windows\MSetup\BASW-01278A18\FailSafeFactoryInstaller_1017.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Är det en Samsung-dator?
Det kan vara ett falsklarm av MBAM, se http://forums.malwar...php?t62165.html

Har någon av er installerat Ventrilo 24 augusti?