Facebookvirus?

[Cecilia]

Det var ju bra att MBAM kunde ta bort mycket. Om datorn inte är omstartad efter sista MBAM-körningen så gör det. Uppdatera och skanna igenom datorn en gång till med MBAM. Klistra in loggen därifrån.

 

Därefter så startar du om datorn och kör DDS. Klistra in dess loggar så får vi se vad som finns kvar efter det.

 

Hur går det att surfa till olika webbplatser nu?

[kajje]

Det dyker inte längre upp webbsidor via explorer när jag startar datorn som det gjorde förut, så det verkar va på rätt väg!!!

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4052

 

Windows 6.0.6000

Internet Explorer 7.0.6000.16982

 

2010-07-04 15:17:00

mbam-log-2010-07-04 (15-17-00).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 125717

Förfluten tid: 20 minut(er), 28 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 2

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.KoobFace) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

[Cecilia]

Det är fortfarande en mycket gammal version av MBAMs databas. Du måste uppdatera MBAM.

[kajje]

DDS (Ver_10-03-17.01) - NTFSx86

Run by Marcus at 5:23:52,97 on 2010-07-06

Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_16

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.46.1053.18.1014.211 [GMT 2:00]

 

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\com hem security\backweb\8910145\program\fsbwsys.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\3\3Connect\AutoUpdateSrv.exe

C:\Program Files\3\3Connect\wilog.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskeng.exe

C:\Windows\ehome\mcupdate.EXE

C:\Windows\system32\lpremove.exe

C:\Windows\system32\lpksetup.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\explorer.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Marcus\Downloads\dds (2).scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZVfox000&ptb=SZy7wJ1AKQTVmaOSdqGxNw

uSearch Bar = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

uSearchURL,(Default) = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"

uRun: [M5T8QL3YW3] c:\users\marcus\appdata\local\temp\Yvr.exe

uRun: [mscjm] c:\users\marcus\appdata\roaming\msa\mscjm.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Google Update] "c:\users\marcus\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [NDSTray.exe] NDSTray.exe

mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe"

mRun: [HDInspector.exe] c:\program files\hard drive inspector\HDInspector.exe

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\comhem~1.lnk - c:\program files\com hem security\backweb\8910145\program\fspex.exe

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?SW

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {7681FD3E-7E8C-4A2D-B0E0-73D6B601AB78} = 80.251.201.177 80.251.201.178

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\5sdh7ofp.default\

FF - prefs.js: browser.search.selectedEngine - MyWebSearch

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=SZy7wJ1AKQTVmaOSdqGxNw&psa=&ind=2010051412&ptnrS=ZVfox000&si=&st=kwd&n=77cef354&searchfor=

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\marcus\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\users\marcus\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\5sdh7ofp.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-9 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-9 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-9 50256]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-1 54632]

 

=============== Created Last 30 ================

 

2010-07-04 12:59:51 171520 ----a-w- c:\windows\system32\wintrust.dll

2010-07-04 12:49:08 97792 ----a-w- c:\windows\system32\cabview.dll

2010-07-04 12:37:00 38848 ----a-w- c:\windows\avastSS.scr

2010-07-04 10:19:21 0 d-----w- c:\users\marcus\appdata\roaming\Malwarebytes

2010-07-04 10:19:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-04 10:19:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-04 10:19:12 0 d-----w- c:\programdata\Malwarebytes

2010-07-04 10:19:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 14:45:36 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

 

==================== Find3M ====================

 

2010-07-06 03:01:38 81514 ----a-w- c:\windows\system32\perfc01D.dat

2010-07-06 03:01:38 472414 ----a-w- c:\windows\system32\perfh01D.dat

2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-13 17:10:11 51200 ----a-w- c:\windows\inf\infpub.dat

2010-05-13 17:10:10 86016 ----a-w- c:\windows\inf\infstor.dat

2010-05-13 17:10:09 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-05-09 14:10:44 1136 ----a-w- c:\users\marcus\appdata\roaming\wklnhst.dat

2008-12-11 10:02:39 174 --sha-w- c:\program files\desktop.ini

2008-06-12 09:31:50 665600 ----a-w- c:\windows\inf\drvindex.dat

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2010-03-09 05:17:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat

2010-03-09 05:17:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat

2010-03-09 05:17:57 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

2010-03-15 12:42:46 16384 --sha-w- c:\windows\temp\cookies\index.dat

2010-03-15 12:42:46 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2010-03-15 12:42:46 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 5:33:31,87 ===============

[kajje]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2007-08-05 13:47:47

System Uptime: 2010-07-06 04:51:39 (1 hours ago)

 

Motherboard: TOSHIBA | | ISKAE

Processor: Intel® Core Duo CPU T2350 @ 1.86GHz | U2E1 | 1861/mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 56 GiB total, 8,884 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 54 GiB total, 54,339 GiB free.

F: is CDROM ()

G: is CDROM (CDFS)

H: is Removable

I: is Removable

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0015

Manufacturer: Microsoft

Name: 6TO4 Adapter

PNP Device ID: ROOT\*6TO4MP\0015

Service: tunnel

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0022

Manufacturer: Microsoft

Name: 6TO4 Adapter

PNP Device ID: ROOT\*6TO4MP\0022

Service: tunnel

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0029

Manufacturer: Microsoft

Name: 6TO4 Adapter

PNP Device ID: ROOT\*6TO4MP\0029

Service: tunnel

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0030

Manufacturer: Microsoft

Name: 6TO4 Adapter

PNP Device ID: ROOT\*6TO4MP\0030

Service: tunnel

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0008

Manufacturer: Microsoft

Name: isatap.{31D0B158-A20C-4758-8D3B-1D5587FF1E26}

PNP Device ID: ROOT\*ISATAP\0008

Service: tunnel

 

==== Installed Programs ======================

 

 

32 Bit HP CIO Components Installer

3Connect

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.9 - Svenska

ALPS Touch Pad Driver

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

BankID säkerhetsprogram 4.10.4

Bluetooth Stack for Windows by Toshiba

Bonjour

CD/DVD Drive Acoustic Silencer

com hem security

DJ_AIO_06_F2400_SW_Min

DNSkarmslackare Screen Saver

DVD MovieFactory for TOSHIBA

Facebook Plug-In

Feedidentifiering (Windows Live Toolbar)

Google Chrome

Google Earth

Hard Drive Inspector Professional 3.80 build # 352

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Deskjet F2400 All-In-One Driver 13.0 Rel .6

Huawei modem

Intel® Graphics Media Accelerator Driver

iTunes

Java 6 Update 16

Junk Mail filter update

Malwarebytes' Anti-Malware

Microsoft .NET Framework 3.5 Language Pack SP1 - sve

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Swedish) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel 2007 Help Uppdatering (KB963678)

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Groove MUI (Swedish) 2007

Microsoft Office InfoPath MUI (Swedish) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Swedish) 2007

Microsoft Office Outlook MUI (Swedish) 2007

Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Swedish) 2007

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Word 2007 Help Uppdatering (KB963665)

Microsoft Office Word MUI (Swedish) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Microsoft XML Parser

Mobile Connect

Mozilla Firefox (3.0.19)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Drivers

OpenOffice.org Installer 1.0

PC Connectivity Solution

QuickTime

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Scan

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB982135)

Security Update for Windows Media Encoder (KB954156)

Smarta menyer (Windows Live Toolbar)

Spotify

Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve

Spyware Doctor 7.0

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

Toolbox

TOSHIBA Administratörslösenord

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

Toshiba Online Product Information

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBAs maskinvaruinstallningar

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Outlook 2007 Junk Email Filter (kb983486)

Utility Common Driver

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live inloggningsassistenten

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Encoder 9 Series

WinDVD for TOSHIBA

WinRAR archiver

 

==== End Of File ===========================

[kajje]

www.malwarebytes.org

 

Databasversion: 4281

 

Windows 6.0.6000

Internet Explorer 7.0.6000.16982

 

2010-07-06 06:17:32

mbam-log-2010-07-06 (06-17-32).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 137179

Förfluten tid: 18 minut(er), 28 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 1

Infekterade registerdataposter: 0

Infekterade mappar: 1

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

C:\Users\Marcus\Local Settings\Application Data\avinvwrmulti (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\Users\Marcus\AppData\Local\Temp\Yvp.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

[Mats H]

Hej,

hur går datorn nu?

Kan du köra en ny DDS, så får vi se om allt är borta?

Om DDS ser bra ut kan du uppdatera följande:

Adobe Reader 7.0.9 - Svenska till 9.3.2

Java™ 6 Update 16 till 6 Update 20.

 

Så återkom med DDS logg, Attach.txt behövs ej.

Mvh

Mats H

[kajje]

Allt funkar hur bra som helst nu, datorn är inte seg och det dyker inte upp oönskade webbsidor som förut!

 

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Marcus at 13:31:34,11 on 2010-07-06

Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_16

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.46.1053.18.1014.123 [GMT 2:00]

 

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\3\3Connect\AutoUpdateSrv.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\3\3Connect\wilog.exe

C:\Program Files\com hem security\backweb\8910145\program\fsbwsys.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\system32\taskeng.exe

C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Marcus\Downloads\dds (2).scr

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZVfox000&ptb=SZy7wJ1AKQTVmaOSdqGxNw

uSearch Bar = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

uSearchURL,(Default) = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"

uRun: [mscjm] c:\users\marcus\appdata\roaming\msa\mscjm.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Google Update] "c:\users\marcus\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [NDSTray.exe] NDSTray.exe

mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe"

mRun: [HDInspector.exe] c:\program files\hard drive inspector\HDInspector.exe

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\comhem~1.lnk - c:\program files\com hem security\backweb\8910145\program\fspex.exe

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?SW

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {7681FD3E-7E8C-4A2D-B0E0-73D6B601AB78} = 80.251.201.177 80.251.201.178

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\5sdh7ofp.default\

FF - prefs.js: browser.search.selectedEngine - MyWebSearch

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=SZy7wJ1AKQTVmaOSdqGxNw&psa=&ind=2010051412&ptnrS=ZVfox000&si=&st=kwd&n=77cef354&searchfor=

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\marcus\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\users\marcus\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\5sdh7ofp.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-9 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-9 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-9 50256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-4 40384]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-31 366840]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-4 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-4 40384]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-1 54632]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-4 38224]

S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-11-7 1252232]

 

=============== Created Last 30 ================

 

2010-07-04 12:59:51 171520 ----a-w- c:\windows\system32\wintrust.dll

2010-07-04 12:49:08 97792 ----a-w- c:\windows\system32\cabview.dll

2010-07-04 12:37:00 38848 ----a-w- c:\windows\avastSS.scr

2010-07-04 10:19:21 0 d-----w- c:\users\marcus\appdata\roaming\Malwarebytes

2010-07-04 10:19:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-04 10:19:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-04 10:19:12 0 d-----w- c:\programdata\Malwarebytes

2010-07-04 10:19:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 14:45:36 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

 

==================== Find3M ====================

 

2010-07-06 03:01:38 81514 ----a-w- c:\windows\system32\perfc01D.dat

2010-07-06 03:01:38 472414 ----a-w- c:\windows\system32\perfh01D.dat

2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-13 17:10:11 51200 ----a-w- c:\windows\inf\infpub.dat

2010-05-13 17:10:10 86016 ----a-w- c:\windows\inf\infstor.dat

2010-05-13 17:10:09 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-05-09 14:10:44 1136 ----a-w- c:\users\marcus\appdata\roaming\wklnhst.dat

2008-12-11 10:02:39 174 --sha-w- c:\program files\desktop.ini

2008-06-12 09:31:50 665600 ----a-w- c:\windows\inf\drvindex.dat

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2010-03-09 05:17:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat

2010-03-09 05:17:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat

2010-03-09 05:17:57 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

2010-03-15 12:42:46 16384 --sha-w- c:\windows\temp\cookies\index.dat

2010-03-15 12:42:46 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2010-03-15 12:42:46 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 13:37:40,21 ===============

[Mats H]

Hej,

du kan ta bort DDS, program och loggar.

Uppdatera Java och Acrobat Reader.

Byt ut alla lösenord, Facebook, MSN, email och banker.

Om du har frågor så återkom.

Kul att vi kunde hjälpa dig!

Mvh

Mats H

[kajje]

Hur ska jag någonsin kunna tacka er nog? Jag är så tacksam!! TACK!!!!

[hottiz]

Ett tips jag fick av syrran var att

onlinescanna datorn på t.ex www.pandasoftware.com

Detta tipset tog bort mycket strul på min förra laptop

Samt att i start/kör kan man skriba chkdsk

och %temp% rensa då tempfilerna

[Mats H]

Hej,

kan bara hålla med, det finns ju ett antal online skanners, som man kan välja mellan.

Nästan varje större producent av antivirus har ju en sådan tjänst.

 

Du kan även skriva diskrensning i sök/startrutan för att ta bort tempfiler.

Mvh

Mats H

[Cecilia]

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZVfox000&ptb=SZy7wJ1AKQTVmaOSdqGxNw

FF - prefs.js: browser.search.selectedEngine - MyWebSearch

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=SZy7wJ1AKQTVmaOSdqGxNw&psa=&ind=2010051412&ptnrS=ZVfox000&si=&st=kwd&n=77cef354&searchfor=

MyWebSearch är ingen bra sida att använda utan byt startsida i Internet Exploerer och i Firefox behöver du byta sökmotor och ta bort MyWebSearch (hantera sökmotorer) samt följande:

I Firefoxs adressfält skriver du:

 

about:config

 

Leta upp raden

keyword.URL

Högerklicka och välj Återställ om det går och annars Modifiera. Klistra in detta:

http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

 

uRun: [mscjm] c:\users\marcus\appdata\roaming\msa\mscjm.exe

Skadlig rad.

Hittar MBAM den vid en ny sökning? Kan misstänkas att där finns något skadligt kvar i datorn om raden inte försvinner eller återkommer efter en omstart av datorn.

Eller var det så att MBAM inte var helt klar när du körde DDS?

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript