Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer sending spam


  • Please log in to reply

#1
Nigge

Nigge

    New Member

  • Member
  • Pip
  • 1 posts
Hi, my computer sends spam mail from one of my email accounts(im using outlook express... I have run ComboFix and will post the log in the end of this message. Is there anyway i can see if my problem is fixed? Like a logger that logs all emails that are being sent or something like that? And are there any other way to remove this malware?

ComboFix 11-12-12.02 - Nigge 2011-12-13 0:21.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.3062.1362 [GMT 1:00]
Körs från: c:\users\Nigge\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\java_me_platform_sdk_3.0\bin\device-manager.exe
c:\users\Nigge\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\windows\QMDIspatch.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
.
(((((((((((((((((((((((( Filer skapade från 2011-11-12 till 2011-12-12 ))))))))))))))))))))))))))))))
.
.
2011-12-13 07:41 . 2011-12-13 07:41 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{220F646C-6158-4250-9012-D634FA894A91}\MpKsl6efabb73.sys
2011-12-13 07:41 . 2011-12-12 23:49 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{220F646C-6158-4250-9012-D634FA894A91}\offreg.dll
2011-12-12 23:46 . 2011-12-12 23:51 -------- d-----w- c:\users\Nigge\AppData\Local\temp
2011-12-12 23:46 . 2011-12-12 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-12 14:54 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{220F646C-6158-4250-9012-D634FA894A91}\mpengine.dll
2011-12-02 09:57 . 2011-12-02 09:57 -------- d-----w- c:\program files\iPod
2011-12-02 09:52 . 2011-12-02 09:52 -------- d-----w- c:\program files\Bonjour
2011-12-02 09:47 . 2011-12-02 09:47 -------- d-----w- c:\program files\Apple Software Update
2011-11-30 10:53 . 2011-11-30 10:53 -------- d-----w- c:\users\Nigge\AppData\Roaming\teamspeak2
2011-11-30 10:53 . 2011-11-30 10:53 34064 ----a-w- c:\windows\system32\lhacm.acm
2011-11-30 10:52 . 2011-11-30 10:57 -------- d-----w- c:\program files\Teamspeak2_RC2
2011-11-30 10:50 . 2009-07-22 16:44 57344 ----a-w- c:\windows\system32\zlib1i.dll
2011-11-30 10:50 . 2009-07-22 16:44 57344 ----a-w- c:\windows\system32\CGZipLibrary.dll
2011-11-30 10:50 . 2009-07-22 16:44 143360 ----a-w- c:\windows\system32\Unzip32.dll
2011-11-30 10:50 . 2009-07-22 16:44 49152 ----a-w- c:\windows\system32\DSPing.dll
2011-11-30 10:50 . 2011-11-30 10:55 -------- d-----w- c:\program files\IVAO
2011-11-24 14:49 . 2011-11-24 14:49 -------- d-----w- c:\program files\Application Updater
2011-11-24 14:49 . 2011-11-24 14:49 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-11-24 14:49 . 2011-11-24 14:49 -------- d-----w- c:\program files\Common Files\Spigot
2011-11-24 14:49 . 2011-11-24 14:49 -------- d-----w- c:\programdata\YouTube Downloader
2011-11-24 14:49 . 2011-11-24 14:49 -------- d-----w- c:\program files\YouTube Downloader
2011-11-20 02:03 . 2011-11-20 02:08 -------- d-----w- c:\users\Nigge\AppData\Roaming\SecondLife
2011-11-20 02:03 . 2011-11-20 02:18 -------- d-----w- c:\users\Nigge\AppData\Local\SecondLife
2011-11-20 02:01 . 2011-11-20 02:09 -------- d-----w- c:\program files\SecondLifeViewer2
2011-11-13 22:18 . 2011-11-13 22:18 -------- d-----w- c:\users\Nigge\AppData\Local\Garmin
2011-11-13 21:54 . 2011-11-13 21:54 -------- d-----w- C:\Garmin
2011-11-13 21:25 . 2011-11-13 21:25 -------- d-----w- c:\users\Nigge\AppData\Roaming\Garmin
2011-11-13 21:25 . 2011-11-13 21:25 -------- d-----w- c:\programdata\Garmin
2011-11-13 21:16 . 2011-11-13 21:16 -------- d-----w- c:\program files\DIFX
2011-11-13 21:16 . 2011-11-13 21:54 -------- d-----w- c:\program files\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-02-22 12:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-19 11:36 . 2011-05-24 08:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-11 09:41 . 2011-10-11 09:41 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2542A56-F9CA-4B7B-BD43-A715982E0B42}\gapaengine.dll
2011-10-07 05:23 . 2011-10-07 05:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 05:21 . 2011-10-04 05:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 03:06 . 2011-02-22 13:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-09 17:00 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-09 17:00 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-28 10:35 . 2011-04-26 14:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nigge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nigge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nigge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Nigge\Downloads\utorrent.exe" [2011-02-22 396152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2011-02-22 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-22 2049320]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2009-06-08 65536]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-11-15 896352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Nigge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nigge\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-23 24182896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID säkerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2011-2-24 1086288]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Scrybe.lnk - c:\windows\Installer\{13061CAA-0284-4F9A-B460-3D4699575B35}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-2-22 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl02c4cef1;MpKsl02c4cef1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64FFC6E2-C0C0-42E2-9A06-781B4ACC40DF}\MpKsl02c4cef1.sys [x]
R1 MpKsl031cd9af;MpKsl031cd9af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDAA4BEB-B6C1-4738-B7E9-D3038CD7033D}\MpKsl031cd9af.sys [x]
R1 MpKsl06bb0157;MpKsl06bb0157;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3534E075-41B3-4788-9DE9-910474E742AA}\MpKsl06bb0157.sys [x]
R1 MpKsl136a30d9;MpKsl136a30d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80FC3097-276E-4F4F-8D5C-D71B9116426D}\MpKsl136a30d9.sys [x]
R1 MpKsl1421abdf;MpKsl1421abdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB2260BD-3338-4092-BEA8-EE46350453D5}\MpKsl1421abdf.sys [x]
R1 MpKsl1e317ca9;MpKsl1e317ca9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9456994-9251-4DE2-911C-A697797E555D}\MpKsl1e317ca9.sys [x]
R1 MpKsl207b5c6c;MpKsl207b5c6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{611DFC38-C0E4-4A8F-9D34-F59E80200AEB}\MpKsl207b5c6c.sys [x]
R1 MpKsl2971eb2c;MpKsl2971eb2c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C7450BA-EEB5-4A8A-B236-ECC2F523DF0F}\MpKsl2971eb2c.sys [x]
R1 MpKsl2e81590f;MpKsl2e81590f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7828DA00-2CA4-482F-87D3-3E80F078E890}\MpKsl2e81590f.sys [x]
R1 MpKsl34f52b87;MpKsl34f52b87;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0E06594-C1B0-4DF4-A7A5-E272F028CBEE}\MpKsl34f52b87.sys [x]
R1 MpKsl3a7ed00b;MpKsl3a7ed00b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D62DCB2E-0D8B-4726-ADDA-B4DF52ACEC11}\MpKsl3a7ed00b.sys [x]
R1 MpKsl4acce590;MpKsl4acce590;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{766E8940-7064-469B-95EC-AC3F12C7A6DE}\MpKsl4acce590.sys [x]
R1 MpKsl51187524;MpKsl51187524;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04626BF6-F294-46D2-8DA6-1D7EABAD19E9}\MpKsl51187524.sys [x]
R1 MpKsl5309f9bd;MpKsl5309f9bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{465C732D-BDEC-4E29-B059-2010A74B6F9B}\MpKsl5309f9bd.sys [x]
R1 MpKsl604bae64;MpKsl604bae64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCDAF0BA-57A4-41EE-A7CD-489B4EB2B4EF}\MpKsl604bae64.sys [x]
R1 MpKsl60a48200;MpKsl60a48200;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3BCFA84-29B3-4131-9E48-9B6D342F2374}\MpKsl60a48200.sys [x]
R1 MpKsl6159fbc5;MpKsl6159fbc5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7A0EB59-CB9A-49C0-B54E-A288F7FFEF70}\MpKsl6159fbc5.sys [x]
R1 MpKsl62383fa2;MpKsl62383fa2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DBF58A8-A6B4-49B9-BDE2-7A0AF99CE60C}\MpKsl62383fa2.sys [x]
R1 MpKsl75e2b1be;MpKsl75e2b1be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE8C7495-FDAF-4C81-A652-FF7151E2D3DA}\MpKsl75e2b1be.sys [x]
R1 MpKsl81f489d6;MpKsl81f489d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAE1B755-F14D-4BFE-8028-D45D3B05F825}\MpKsl81f489d6.sys [x]
R1 MpKsl84ff1df6;MpKsl84ff1df6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{974B0CAB-040A-4AD2-88EE-8407EDE87A58}\MpKsl84ff1df6.sys [x]
R1 MpKsl8575173f;MpKsl8575173f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A694F565-A6F1-481C-A924-EA91FAD50288}\MpKsl8575173f.sys [x]
R1 MpKsl87046805;MpKsl87046805;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38F0FC5A-CEC5-4C76-B003-2C9898F4A1B0}\MpKsl87046805.sys [x]
R1 MpKsl94896009;MpKsl94896009;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98F1DBF3-E103-422B-B538-173133445070}\MpKsl94896009.sys [x]
R1 MpKsl97ce992d;MpKsl97ce992d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{974B0CAB-040A-4AD2-88EE-8407EDE87A58}\MpKsl97ce992d.sys [x]
R1 MpKsla0d82524;MpKsla0d82524;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22D8233F-8E02-4B13-9791-22A63593669B}\MpKsla0d82524.sys [x]
R1 MpKsla2600b9d;MpKsla2600b9d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50B7A28C-5E5C-47BD-8F73-94E3E451BC80}\MpKsla2600b9d.sys [x]
R1 MpKslaa1c3c2d;MpKslaa1c3c2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1D11ABE-B7CE-4448-A292-D0F3A84CED07}\MpKslaa1c3c2d.sys [x]
R1 MpKslafdc4329;MpKslafdc4329;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97BADB67-D594-4E1A-8888-819F3915F727}\MpKslafdc4329.sys [x]
R1 MpKslb5be1fab;MpKslb5be1fab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71A6D961-E37B-4AB1-916A-2648B9AC679C}\MpKslb5be1fab.sys [x]
R1 MpKslbd9e666d;MpKslbd9e666d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A1E85CB-45EF-4076-A70A-E4F324B968E7}\MpKslbd9e666d.sys [x]
R1 MpKslc13ecd6c;MpKslc13ecd6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CEA864C-BE68-498B-BAB4-3E48BE29BDDD}\MpKslc13ecd6c.sys [x]
R1 MpKslc62c913d;MpKslc62c913d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88C74A28-85BB-496D-8DEF-2BB03D57ADF5}\MpKslc62c913d.sys [x]
R1 MpKslc8ac6a27;MpKslc8ac6a27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F57972A0-2C24-4DA1-A90A-9E7FAFC5DF96}\MpKslc8ac6a27.sys [x]
R1 MpKslcee5f94c;MpKslcee5f94c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1DAD3DDA-6D62-4C7D-A844-BF86EFD0BA10}\MpKslcee5f94c.sys [x]
R1 MpKsld70316d6;MpKsld70316d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22D8233F-8E02-4B13-9791-22A63593669B}\MpKsld70316d6.sys [x]
R1 MpKsle62e61b1;MpKsle62e61b1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD86E793-3608-49A3-8320-9AA2A5AC67D1}\MpKsle62e61b1.sys [x]
R1 MpKslf6469022;MpKslf6469022;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E5DA6C1-8D8A-4098-B078-EE54E06BA7B4}\MpKslf6469022.sys [x]
R1 MpKslff761ec2;MpKslff761ec2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BB6BF8A-61A4-484F-B804-4ED07B984104}\MpKslff761ec2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-26 136176]
R2 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-08-11 77624]
R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-26 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft - nätverkskontroll;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-08-11 181432]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2008-09-22 42368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-23 1343400]
R3 WisLMSvc;WisLMSvc;c:\program files\LAUNCH MANAGER\WisLMSvc.exe [2006-11-17 118784]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-08 218688]
S1 MpKsl6efabb73;MpKsl6efabb73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{220F646C-6158-4250-9012-D634FA894A91}\MpKsl6efabb73.sys [2011-12-13 29904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-11-15 746392]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 CDMA Device Service;CDMA Device Service;c:\program files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [2011-08-02 63488]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 ScrybeUpdater;Scrybes uppdateringsprogram;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-01-14 1294848]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]
.
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-26 15:30]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-26 15:30]
.
.
------- Extra genomsökning -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
FF - ProfilePath - c:\users\Nigge\AppData\Roaming\Mozilla\Firefox\Profiles\s1qnpshy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://se.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
HKCU-Run-Java™ ME Platform SDK 3.0 - c:\java_me_platform_sdk_3.0\bin\device-manager.exe
HKCU-Run-AdobeBridge - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-3879897788-162830540-79635064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3879897788-162830540-79635064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'Explorer.exe'(1384)
c:\users\Nigge\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Sluttid: 2011-12-13 01:10:57 - datorn startades om.
ComboFix-quarantined-files.txt 2011-12-13 00:10
.
Före genomsökningen: 35 287 343 104 byte ledigt
Efter genomsökningen: 40 727 977 984 byte ledigt
.
- - End Of File - - 1AB0919821CAEEF887653A039BBB40DB

Edited by Nigge, 13 December 2011 - 03:15 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP