Minnesfel

[Cecilia]

Datorn är eller har varit infekterad i alla fall.

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg.

Kör ComboFix (som administratör) och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

[inlägget ändrat 2008-02-12 22:42:03 av Cecilia]

[Cecilia]

Hur stor är växlingsfilen nu då? Hur ser motsvarande skärmdump ut nu?

 

[william_90]

Här kommer logen:

 

[log]ComboFix 08-02-15.2 - William 2008-02-15 23:15:50.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1053.18.412 [GMT 1:00]

Running from: C:\Users\William\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\William\AppData\Roaming\inst.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))

.

 

2008-02-12 12:38 . 2008-02-12 12:38 <KAT> d-------- C:\Program Files\Trend Micro

2008-02-07 19:59 . 2008-02-13 18:42 1,258,162 --a------ C:\Windows\System32\PerfStringBackup.INI

2008-02-06 16:11 . 2008-02-06 16:14 <KAT> d-------- C:\Users\Guest account\AppData\Roaming\uTorrent

2008-02-02 17:48 . 2008-02-02 17:49 <KAT> d-------- C:\Program Files\Cepstral

2008-02-02 17:19 . 2008-02-02 17:19 <KAT> d-------- C:\Program Files\AliveMedia

2008-02-02 17:19 . 2002-12-03 03:02 491,520 --a------ C:\Windows\System32\NCTAudioFile.dll

2008-02-02 17:19 . 2002-12-03 03:10 158,208 --a------ C:\Windows\System32\NCTTextToAudio.dll

2008-02-02 17:19 . 2002-03-19 07:18 120,832 --a------ C:\Windows\System32\lame_enc.dll

2008-01-25 23:24 . 2008-02-15 07:51 16,384 --------- C:\Windows\System32\Ikeext.etl

2008-01-25 23:12 . 2008-01-25 23:19 <KAT> d-------- C:\Users\Guest account\AppData\Roaming\TiFiC

2008-01-25 23:12 . 2008-01-25 23:12 <KAT> d-------- C:\Users\Guest account\AppData\Roaming\ArcSoft

2008-01-25 16:54 . 2008-01-25 16:55 <KAT> d-------- C:\Users\William\{4399e929-b1b1-4ab8-b2c4-823c6135d998}

2008-01-25 16:52 . 2008-01-25 16:52 <KAT> d-------- C:\Program Files\Telia

2008-01-25 16:51 . 2008-01-25 17:02 <KAT> d-------- C:\Users\William\AppData\Roaming\TiFiC

2008-01-25 16:48 . 2008-01-25 16:48 <KAT> d-------- C:\Program Files\TiFiC

2008-01-25 16:48 . 2008-01-25 16:51 <KAT> d-------- C:\Program Files\Common Files\TiFiC

2008-01-24 20:39 . 2008-01-24 20:39 <KAT> d-------- C:\Users\William\{ca7cf9da-6a12-4d0d-afdc-b2365868ba37}

2008-01-24 20:15 . 2008-02-12 14:00 10,000,022 --a------ C:\ATsvcLog.txt.old

2008-01-24 19:45 . 2008-01-24 19:46 <KAT> d-------- C:\Users\William\{1772b8f7-d41f-4ad4-954b-84c3878fde57}

2008-01-24 19:12 . 2008-01-25 16:53 <KAT> d-------- C:\Program Files\HuaWei

2008-01-22 17:51 . 2008-02-15 23:04 <KAT> dr------- C:\Users\William\Pictures

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-15 22:15 786,432 --sha-w C:\Users\Gäst\ntuser.dat

2008-02-15 22:15 786,432 --sha-w C:\Users\Gäst\ntuser.dat

2008-02-15 22:12 --------- d-----w C:\Users\William\AppData\Roaming\uTorrent

2008-02-15 10:26 35,541 ----a-w C:\Users\William\AppData\Roaming\nvModes.dat

2008-02-14 16:51 --------- d-----w C:\Users\William\AppData\Roaming\U3

2008-02-08 21:40 --------- d-----w C:\Program Files\ESET

2008-01-31 19:56 --------- d-----w C:\Users\William\AppData\Roaming\Dev-Cpp

2008-01-31 11:17 --------- d-----w C:\Program Files\NCH Swift Sound

2008-01-25 22:13 13,401 ----a-w C:\Users\Guest account\AppData\Roaming\nvModes.dat

2008-01-23 13:17 --------- d-----w C:\ProgramData\FLEXnet

2008-01-14 19:58 357 ----a-w C:\Users\William\.cb_layout.bin

2008-01-12 17:31 --------- d-----w C:\Users\William\AppData\Roaming\Media Player Classic

2008-01-12 17:21 --------- d-----w C:\Users\William\AppData\Roaming\DivX

2008-01-12 17:20 --------- d-----w C:\Program Files\DivX

2008-01-12 17:19 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-01-12 17:12 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-01-12 02:20 --------- d-----w C:\Program Files\Windows Mail

2008-01-12 02:13 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-01-12 02:13 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-01-12 02:13 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-01-12 02:13 216,760 ----a-w C:\Windows\system32\drivers\netio.sys

2008-01-12 02:13 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-01-12 02:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-01-12 02:10 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-01-12 02:10 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-01-12 02:10 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-01-12 02:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-01-12 02:10 1,686,016 ----a-w C:\Windows\System32\gameux.dll

2008-01-12 02:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-01-12 02:09 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys

2008-01-12 02:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-01-12 02:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-01-12 02:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-01-12 02:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-01-12 02:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-01-12 02:09 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-01-12 02:09 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-12 02:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-01-05 17:37 --------- d-----w C:\Program Files\Traveller

2008-01-05 17:09 21,840 ----atw C:\Windows\System32\SIntfNT.dll

2008-01-05 17:09 17,212 ----atw C:\Windows\System32\SIntf32.dll

2008-01-05 17:09 12,067 ----atw C:\Windows\System32\SIntf16.dll

2008-01-05 10:18 --------- d-----w C:\Program Files\RemotelyAnywhere

2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-01-04 21:58 129,784 ------w C:\Windows\System32\PxAFS.DLL

2008-01-04 21:58 120,056 ------w C:\Windows\System32\pxcpyi64.exe

2008-01-04 21:58 118,520 ------w C:\Windows\System32\pxinsi64.exe

2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll

2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll

2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll

2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll

2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll

2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll

2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll

2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll

2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll

2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll

2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll

2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe

2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

2007-12-25 10:08 --------- d-----w C:\Users\William\AppData\Roaming\ArcSoft

2007-12-25 10:05 --------- d-----w C:\Program Files\Picasa2

2007-12-25 10:04 --------- d-----w C:\Program Files\Google

2007-12-25 10:01 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-25 10:01 --------- d-----w C:\Program Files\My Book

2007-12-25 10:00 364,544 ----a-w C:\Windows\System32\WDBtnMgr.exe

2007-12-24 15:47 --------- d-----w C:\Program Files\DJ Music Mixer

2007-12-24 15:46 274,332 ----a-w C:\Windows\DJ Music Mixer Uninstaller.exe

2007-12-24 12:49 7,680 ----a-w C:\Windows\System32\ff_vfw.dll

2007-12-22 22:37 --------- d-----w C:\Program Files\URUSoft

2007-12-18 20:58 --------- d-----w C:\ProgramData\VMware

2007-12-18 20:19 --------- d-----w C:\Users\William\AppData\Roaming\My Games

2007-12-17 18:34 --------- d-----w C:\Users\William\AppData\Roaming\VMware

2007-12-13 07:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-13 07:03 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-13 07:03 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-13 07:02 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-13 07:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-13 07:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-13 07:01 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-13 06:54 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe

2007-12-13 06:54 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe

2007-11-19 14:44 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-16 12:24 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-16 12:24 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-16 12:24 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-16 12:24 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-16 12:24 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-16 12:24 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-11-16 12:24 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-11-16 12:24 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-16 12:24 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-16 12:24 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-11-16 12:21 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2007-11-16 12:21 8,704 ----a-w C:\Windows\System32\hccoin.dll

2007-10-18 17:15 47,360 ----a-w C:\Users\William\AppData\Roaming\pcouffin.sys

2007-06-30 17:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-06-30 17:23 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-06-30 17:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-22 16:32 1006264]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 05:25 7766016]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 07:02 815104]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 05:25 90191]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 05:25 81920]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-04 11:48 950664]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]

"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-2510T Optical Combi Tilt Mouse\moffice.exe" [2007-05-22 15:49 823296]

"ConnecteSupport"="C:\Program Files\TiFiC\TiFiC Client G1\ConnecteSupport.exe" [2008-01-24 21:43 1986560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Connect Monitor.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk

backup=C:\Windows\pss\Connect Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Backup Monitor.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Backup Monitor.lnk

backup=C:\Windows\pss\WD Backup Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinManager.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinManager.lnk

backup=C:\Windows\pss\WinManager.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2007-12-25 11:03 1862144 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

-ra------ 2001-07-09 11:50 155648 C:\Windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2007-02-21 02:18 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-08-07 01:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

--a------ 2006-12-02 16:32 167936 C:\Program Files\HP\QuickPlay\QPService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemotelyAnywhere GUI]

--a------ 2007-04-05 12:18 63064 C:\Program Files\RemotelyAnywhere\x86\RAGui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-07-07 14:12 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]

--a------ 2007-12-25 11:00 364544 C:\Windows\System32\WDBtnMgr.exe

 

R2 Cepstral License Server;Cepstral License Server;"C:\Program Files\Cepstral\bin\CepstralLicSrv.exe" [2007-03-15 13:54]

R2 CTATSvc;Telia Connect AT Service;"C:\Program Files\Telia\Connect\ATService.exe" [2007-12-10 11:35]

R2 CTConnect;Telia Connect;"C:\Program Files\Telia\Connect\Connect.exe" [2007-12-10 11:35]

R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 17:05]

R2 RAInfo;RemotelyAnywhere Kernel Information Provider;C:\Program Files\RemotelyAnywhere\x86\RaInfo.sys [2007-04-05 10:55]

R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;C:\Windows\system32\drivers\RARfsDriver.sys [2007-04-05 10:55]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 18:39]

R3 NETw3v32;Intel® PRO/trådlöst 3945ABG-kortdrivrutin för Windows Vista 32-bitars;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 10:02]

S2 DCamUSB20;USB 2.0 Capture;C:\Windows\system32\Drivers\CsMini20.sys [2003-03-19 04:07]

S3 BCM43XV;Broadcom Extensible 802.11 nätverkskortsdrivrutin;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

S3 mirrorv3;mirrorv3;C:\Windows\system32\DRIVERS\rminiv3.sys [2006-11-01 04:01]

S3 ramirr;ramirr;C:\Windows\system32\DRIVERS\ramirr.sys [2007-04-05 10:54]

S3 UDTT2BDA;DTV-DVB USB2 DVB-T receiver;C:\Windows\system32\Drivers\UDTT2BDA.sys [2005-11-29 09:06]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15744e48-cb5c-11dc-927a-ef3f532412e7}]

\shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15744e49-cb5c-11dc-927a-ef3f532412e7}]

\shell\AutoRun\command - F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15744eb9-cb5c-11dc-927a-8c1c01e489b0}]

\shell\AutoRun\command - F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{297b4576-54a6-11dc-84ab-005056c00008}]

\shell\AutoRun\command - H:\LaunchU3.exe -a

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-15 22:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{097066E6-EAC5-40C7-AACF-7EA50D2F9E0D}.job"

- C:\Windows\system32\msfeedssync.exe

"2008-02-15 22:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{FCE8DE74-63F0-451A-8DB6-153FA2D33611}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-15 23:23:00

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-15 23:25:36

ComboFix-quarantined-files.txt 2008-02-15 22:25:33

.

2008-02-15 06:59:07 --- E O F ---

[/log]

 

[Cecilia]

Vad finns i mapparna C:\Users\William\{4399e929-b1b1-4ab8-b2c4-823c6135d998} C:\Users\William\{ca7cf9da-6a12-4d0d-afdc-b2365868ba37} och C:\Users\William\{1772b8f7-d41f-4ad4-954b-84c3878fde57} ?

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O21 - SSODL: syshelps - {4D1EBE36-E761-407D-BEED-A0139E6371FC} - syshelps.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

[william_90]

Japp, filerna du bad mig att ta bort är nu raderade.

 

I var och en av de där suspekta mapparna ligger en säkerhetskatalog (.cat), vilket är något jag aldrig hört talas om.

 

Filnamn:

ewmdm2k.cat

ewdcsc.cat

ewser2k.cat

 

 

 

 

 

[Lars2W2]

Har du mobilt bredband, så är det förmodligen via ett Huawei E620 Data card. Iaf om man ska tro Google (-;

 

[Cecilia]

Ja, det kan nog stämma för det finns en mapp C:\Program Files\HuaWei i datorn också.

 

Då ser jag inte längre något otrevligt i loggarna.

 

Har det löst sig med det virtuella minnet?

 

[william_90]

ja, kör mobilt bredband på deltid.

 

Det skumma med det virtuella minnet är att den fungerar så länge jag själv specificerar en storlek (just nu 1.5 * Ram). När Vista själv får välja, dvs över 3000 MB, så börjas det med varningar och tjat igen.

 

Tack återigen för hjälpen och tipsen!