Trojan.Generic i svchost.exe - Hjälp!

18 april, 2010

Hej!

Jag får en varning från F-Secure var femte minut. Det har då hittat Trojan.Generic.3314168 i svchost.exe men kan inte ta bort det. Bara blockering fungerar. I historik i F-Secure finns en lista på flera hundra angrepp från olika Windows Temp mappar, en ny mapp med en ny svchost.exe vid varje angrepp. Har tömt win temp mappen (med ATF-Cleaner) men det hjälper inte. Jäkligt besvärligt virus!

Spyware Doctor hittade några 'Downloader Generic'-filer och tog bort dem. (Bifogar SpywareDoctor historik)

Kan någon försöka sig på att hjälpa mig blir jag väldigt tacksam!

Mvh

Andreas

DDS loggen:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Andreas at 17:17:04,97 on 2010-04-18

Internet Explorer: 8.0.6001.18904

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1788.688 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k rpcss

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\STacSV.exe

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\SLsvc.exe

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\aestsrv.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Users\Andreas\Desktop\Malware mm\Spyware Doctor\BDT\BDTUpdateService.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Telenor Säkerhetspaket\Anti-Virus\fsgk32st.exe

C:\Program Files\Telenor Säkerhetspaket\Common\FSMA32.EXE

C:\Program Files\Telenor Säkerhetspaket\Anti-Virus\FSGK32.EXE

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Telenor Säkerhetspaket\Common\FSHDLL32.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Users\Andreas\Desktop\Malware mm\Spyware Doctor\pctsAuxs.exe

C:\Users\Andreas\Desktop\Malware mm\Spyware Doctor\pctsSvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Users\Andreas\Desktop\Malware mm\Spyware Doctor\pctsTray.exe

C:\Program Files\Voddler\service\voddler.exe

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Telenor Säkerhetspaket\ORSP Client\fsorsp.exe

C:\Program Files\Telenor Säkerhetspaket\FWES\Program\fsdfwd.exe

C:\Program Files\Telenor Säkerhetspaket\Anti-Virus\fssm32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Voddler\service\VNetManager.exe

C:\Program Files\Telenor Säkerhetspaket\Common\FSM32.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Emotum\Mobile Broadband\Mobile.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Telenor Säkerhetspaket\Anti-Virus\fsav32.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

C:\Program Files\Telenor Säkerhetspaket\FSGUI\fscuif.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\SearchFilterHost.exe

C:\Users\Andreas\Desktop\Malware mm\dds.scr

C:\windows\system32\conime.exe

C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.se/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=92&bd=all&pf=cmnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=92&bd=all&pf=cmnb

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\users\andreas\desktop\malware mm\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\telenor säkerhetspaket\nrs\iescript\baselitmus.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\telenor säkerhetspaket\nrs\iescript\baselitmus.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\users\andreas\desktop\malware mm\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Emotum Mobile Broadband] c:\program files\emotum\mobile broadband\Mobile.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [HPCam_Menu] "c:\program files\hewlett-packard\hp webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\hp webcam" updatewithcreateonce "software\cyberlink\hp webcam\1.0"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [VoddlerNet Manager] c:\program files\voddler\service\VNetManager.exe

mRun: [F-Secure Manager] "c:\program files\telenor säkerhetspaket\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\telenor säkerhetspaket\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\users\andreas\desktop\malware och sånt\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [iSTray] "c:\users\andreas\desktop\malware mm\spyware doctor\pctsTray.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

LSP: c:\program files\telenor se4,kerhetspaket\fsps\program\FSLSP.DLL

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {C143C4A2-38FA-43C4-84A5-CEF602D90EA6} = 195.54.122.211 195.54.122.221

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-2-22 33920]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-21 64288]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\telenor säkerhetspaket\hips\drivers\fshs.sys [2010-2-22 68064]

R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-2-22 35792]

R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-2-22 71040]

R1 fsvista;F-Secure Vista Support Driver;c:\program files\telenor säkerhetspaket\anti-virus\minifilter\fsvista.sys [2010-2-22 12384]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-31 207688]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-23 29472]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\telenor säkerhetspaket\anti-virus\minifilter\fsgk.sys [2010-2-22 111296]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-10-8 103040]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]

S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2009-7-31 79240]

S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2009-7-31 35240]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2009-7-31 34152]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\telenor säkerhetspaket\anti-virus\win2k\fsfilter.sys [2010-2-22 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\telenor säkerhetspaket\anti-virus\win2k\fsrec.sys [2010-2-22 25184]

=============== Created Last 30 ================

2010-04-18 09:43:04 215410865 ----a-w- c:\windows\MEMORY.DMP

2010-04-17 19:24:21 19944 ----a-w- c:\windows\system32\drivers\ziypzlcj.sys

2010-04-17 13:28:30 767952 ----a-w- c:\windows\BDTSupport.dll

2010-04-17 13:28:27 882 ----a-w- c:\windows\RegSDImport.xml

2010-04-17 13:28:27 879 ----a-w- c:\windows\RegISSImport.xml

2010-04-17 13:28:27 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-04-17 13:28:27 131 ----a-w- c:\windows\IDB.zip

2010-04-17 13:28:27 1152444 ----a-w- c:\windows\UDB.zip

2010-04-17 13:28:24 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-04-17 13:28:24 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-04-17 13:24:51 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat

2010-04-17 13:24:51 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-04-17 13:24:51 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2010-04-17 13:24:34 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-04-17 13:24:34 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat

2010-04-17 13:24:34 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat

2010-04-17 13:24:34 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-04-17 13:23:48 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat

2010-04-17 13:23:48 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-04-17 13:22:57 0 d-----w- c:\program files\common files\PC Tools

2010-04-17 13:22:56 0 d-----w- c:\users\andreas\appdata\roaming\PC Tools

2010-04-17 13:22:56 0 d-----w- c:\programdata\PC Tools

2010-04-17 10:25:33 0 d-----w- c:\windows\system32\MpEngineStore

2010-04-17 10:10:33 204 ----a-w- c:\windows\system32\MRT.INI

2010-04-16 17:02:15 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-04-16 16:57:18 98304 ----a-w- c:\windows\system32\cabview.dll

2010-04-08 09:33:02 916480 ----a-w- c:\windows\system32\wininet.dll

2010-03-30 21:58:31 0 d-----w- c:\programdata\PopCap Games

2010-03-30 20:56:09 0 d-----w- c:\programdata\Sun

==================== Find3M ====================

2010-04-18 12:32:37 642772 ----a-w- c:\windows\system32\perfh01D.dat

2010-04-18 12:32:37 139422 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-29 22:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 22:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-16 19:10:06 35792 ----a-w- c:\windows\system32\drivers\fses.sys

2010-03-09 02:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-22 17:34:31 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-02-20 23:43:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-20 23:43:17 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-12 10:32:56 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-09 18:47:17 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-09 18:47:17 51200 ----a-w- c:\windows\inf\infpub.dat

2009-11-09 18:47:16 86016 ----a-w- c:\windows\inf\infstor.dat

2009-11-09 18:47:16 143360 ----a-w- c:\windows\inf\infstrng.dat

2008-04-16 16:31:09 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2008-04-16 16:31:09 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2008-04-16 16:31:09 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2008-04-16 16:31:09 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-11-17 11:12:50 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-11-09 20:34:53 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-31 06:58:14 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:22:51,15 ===============

Attach.txt

Spyware Doctor historik.htm

18 april, 2010

Loggen från Spyware Doctor listar FakeAlert. Har du sett till något falskt antivirusprogram eller något liknande? I så fall vad var dess namn?

Har du uppdaterat och kört MBAM (Malwarebytes' Anti-Malware)? Har det hittat något?

Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

18 april, 2010

Tack för svaret!

Jag kan inte hitta något konstigt antivirusprogram eller liknande på datorn. Har varit försiktig med att inte ladda ner ngt annat program än erkända program.

Malwarebytes hittade ingenting när jag körde fullständig sökning nu precis.

Jag har dessvärre internet på usb-sticka.

18 april, 2010

För det mesta så går det bra att köra ComboFix i alla fall, men har du möjlighet att installera om programmet till det mobila bredbandet om det skulle behövas?

19 april, 2010

Det gick bra! Loggen nedan.

mvh/ Andreas

ComboFix 10-04-18.02 - Andreas 2010-04-19 12:51:24.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.1788.794 [GMT 2:00]

Körs från: c:\users\Andreas\Desktop\Malware mm\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-1417280820-1643057649-640304220-500

c:\$recycle.bin\S-1-5-21-2274686684-4190351372-3478629728-500

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

.

(((((((((((((((((((((((( Filer Skapade från 2010-03-19 till 2010-04-19 ))))))))))))))))))))))))))))))

.

2010-04-19 11:03 . 2010-04-19 11:03 -------- d-----w- c:\users\Andreas\AppData\Local\temp

2010-04-19 11:03 . 2010-04-19 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-04-18 15:29 . 2010-04-18 15:29 -------- d-----w- c:\users\Andreas\AppData\Local\Threat Expert

2010-04-17 19:24 . 2010-04-17 19:24 19944 ----a-w- c:\windows\system32\drivers\ziypzlcj.sys

2010-04-17 18:38 . 2010-04-17 18:38 -------- d-----w- c:\users\Andreas\AppData\Local\Apple

2010-04-17 18:37 . 2010-04-17 18:37 -------- d-----w- c:\users\Andreas\AppData\Local\Apple Computer

2010-04-17 13:28 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll

2010-04-17 13:28 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-04-17 13:28 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip

2010-04-17 13:28 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip

2010-04-17 13:28 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-04-17 13:28 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-04-17 13:24 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2010-04-17 13:24 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-04-17 13:24 . 2010-03-10 09:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-04-17 13:24 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-04-17 13:23 . 2010-02-05 07:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-04-17 13:22 . 2010-04-17 13:28 -------- d-----w- c:\program files\Common Files\PC Tools

2010-04-17 13:22 . 2010-04-17 16:27 -------- d-----w- c:\programdata\PC Tools

2010-04-17 13:22 . 2010-04-17 13:22 -------- d-----w- c:\users\Andreas\AppData\Roaming\PC Tools

2010-04-17 10:25 . 2010-04-17 19:25 -------- d-----w- c:\windows\system32\MpEngineStore

2010-04-16 17:02 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-04-16 16:57 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

2010-04-16 14:20 . 2010-04-16 14:20 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-04-08 09:33 . 2010-02-23 06:39 916480 ----a-w- c:\windows\system32\wininet.dll

2010-03-30 22:44 . 2010-03-30 22:44 516480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll

2010-03-30 22:44 . 2010-03-30 22:44 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll

2010-03-30 21:58 . 2010-03-31 10:54 -------- d-----w- c:\programdata\PopCap Games

2010-03-30 20:56 . 2010-03-30 20:56 -------- d-----w- c:\program files\Common Files\Java

2010-03-30 00:05 . 2010-03-30 00:05 -------- d-----w- c:\users\Andreas\AppData\Roaming\Roxio

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-19 10:43 . 2008-04-16 16:33 642772 ----a-w- c:\windows\system32\perfh01D.dat

2010-04-19 10:43 . 2008-04-16 16:33 139422 ----a-w- c:\windows\system32\perfc01D.dat

2010-04-18 21:50 . 2009-09-23 12:36 12 ----a-w- c:\windows\bthservsdp.dat

2010-04-17 23:00 . 2009-09-24 12:42 -------- d-----w- c:\users\Andreas\AppData\Roaming\Spotify

2010-04-17 22:51 . 2010-02-20 23:42 966104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-04-17 22:51 . 2010-02-20 23:42 1265264 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-04-17 10:11 . 2009-07-31 07:33 -------- d-----w- c:\programdata\Microsoft Help

2010-04-13 15:21 . 2010-02-21 12:27 680 ----a-w- c:\users\Andreas\AppData\Local\d3d9caps.dat

2010-04-13 08:41 . 2009-07-31 07:19 -------- d-----w- c:\programdata\PDFC

2010-03-30 22:44 . 2010-02-20 23:43 885736 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-03-30 22:44 . 2010-02-20 23:43 210552 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-03-30 22:44 . 2010-02-20 23:43 393896 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-03-30 22:44 . 2010-02-20 23:43 565392 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-03-30 22:44 . 2010-02-20 23:43 221920 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll

2010-03-30 22:44 . 2010-02-20 23:43 432032 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-03-30 22:44 . 2010-02-20 23:43 167312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-03-30 22:44 . 2010-02-20 23:43 329560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-03-30 22:44 . 2010-02-20 23:43 94712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-03-30 22:44 . 2010-02-20 23:42 849744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-03-30 22:44 . 2010-02-20 23:42 855864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-03-30 22:43 . 2010-02-20 23:42 1597952 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-03-30 22:43 . 2010-02-20 23:42 818256 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-03-30 20:54 . 2009-09-24 12:22 -------- d-----w- c:\program files\Java

2010-03-29 22:46 . 2010-02-25 17:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 22:45 . 2010-02-25 17:13 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-26 13:04 . 2009-09-24 12:16 -------- d-----w- c:\users\Andreas\AppData\Roaming\vlc

2010-03-20 13:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-03-18 11:32 . 2010-03-18 11:32 -------- d-----w- c:\program files\Personal

2010-03-16 19:10 . 2010-02-22 17:14 -------- d-----w- c:\program files\Telenor Säkerhetspaket

2010-03-16 19:10 . 2010-02-22 17:16 35792 ----a-w- c:\windows\system32\drivers\fses.sys

2010-03-15 16:20 . 2010-03-15 16:20 -------- d-----w- c:\users\Andreas\AppData\Roaming\F-Secure

2010-03-12 20:49 . 2009-12-22 12:02 -------- d-----w- c:\program files\Voddler

2010-03-12 20:49 . 2010-03-12 20:49 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-03-12 20:48 . 2010-03-12 20:50 38784 ----a-w- c:\users\Andreas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-03-12 20:48 . 2010-03-12 20:49 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-03-09 02:28 . 2009-09-24 12:23 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 17:13 . 2010-02-25 17:13 -------- d-----w- c:\users\Andreas\AppData\Roaming\Malwarebytes

2010-02-25 17:13 . 2010-02-25 17:13 -------- d-----w- c:\programdata\Malwarebytes

2010-02-24 16:55 . 2009-09-23 14:10 130600 ----a-w- c:\users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-24 08:16 . 2009-10-05 08:24 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 06:33 . 2010-04-08 09:32 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 06:33 . 2010-04-08 09:32 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 04:55 . 2010-04-08 09:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-22 17:34 . 2010-02-22 17:17 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-02-22 17:15 . 2010-02-22 16:48 -------- d-----w- c:\programdata\f-secure

2010-02-22 17:12 . 2010-02-22 16:50 -------- d-----w- c:\programdata\fssg

2010-02-20 23:43 . 2010-02-20 23:39 -------- d-----w- c:\programdata\Lavasoft

2010-02-20 23:43 . 2010-02-20 23:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-02-20 23:43 . 2010-02-20 23:43 95024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2010-01-25 12:00 . 2010-02-24 15:06 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:00 . 2010-02-24 15:06 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:00 . 2010-02-24 15:06 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:00 . 2010-02-24 15:06 471552 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 11:58 . 2010-02-24 15:06 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:21 . 2010-02-24 15:06 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-25 08:21 . 2010-02-24 15:06 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:21 . 2010-02-24 15:06 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-25 08:21 . 2010-02-24 15:06 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-23 09:26 . 2010-02-24 15:06 2048 ----a-w- c:\windows\system32\tzres.dll

2009-07-31 06:58 . 2009-07-31 06:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]

"Emotum Mobile Broadband"="c:\program files\Emotum\Mobile Broadband\Mobile.exe" [2009-07-09 348968]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-02-18 506424]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-03 287288]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-16 61440]

"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"VoddlerNet Manager"="c:\program files\Voddler\service\VNetManager.exe" [2010-03-11 580296]

"F-Secure Manager"="c:\program files\Telenor Säkerhetspaket\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files\Telenor Säkerhetspaket\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID s„kerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2010-3-18 939920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:25,f0,e0,31,96,3f,ca,01

R2 blyponzz;ISA/EISA Class Support;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenor Säkerhetspaket\ORSP Client\fsorsp.exe [2010-03-01 55992]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-17 1265264]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]

R3 sdAuxService;PC Tools Auxiliary Service;c:\users\Andreas\Desktop\Malware mm\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telenor Säkerhetspaket\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telenor Säkerhetspaket\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]

R4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]

R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-02-05 70408]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-02-22 33920]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenor Säkerhetspaket\HIPS\drivers\fshs.sys [2009-08-05 68064]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-03-16 35792]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\Telenor Säkerhetspaket\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\aestsrv.exe [2009-03-02 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-15 180224]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\users\Andreas\Desktop\Malware mm\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-08 777240]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]

S2 VoddlerNet;VoddlerNet;c:\program files\Voddler\service\voddler.exe [2010-03-11 1160400]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-02-03 209464]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenor Säkerhetspaket\Anti-Virus\minifilter\fsgk.sys [2010-03-29 111296]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]

--- Övriga tjänster/drivrutiner i minnet ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

blyponzz

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-05-19 00:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Innehållet i mappen 'Schemalagda aktiviteter':

2010-04-16 c:\windows\Tasks\HPCeeScheduleForAndreas.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-07-31 21:38]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

LSP: c:\program files\Telenor Se4,kerhetspaket\FSPS\program\FSLSP.DLL

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

ShellIconOverlayIdentifiers-{93567A87-38FC-40E8-8AD6-6B071AC2124B} - (no file)

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\users\Andreas\Desktop\Malware och sånt\Malwarebytes' Anti-Malware\mbam.exe

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel

AddRemove-CCleaner - c:\users\Andreas\Desktop\Malware och sånt\CCleaner\uninst.exe

AddRemove-HijackThis - c:\users\Andreas\Desktop\HiJackThis!\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-19 13:03

Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,09,f3,a9,68,19,62,42,ac,0c,2b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,09,f3,a9,68,19,62,42,ac,0c,2b,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(784)

c:\program files\telenor säkerhetspaket\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(704)

c:\program files\telenor säkerhetspaket\hips\fshook32.dll

.

Sluttid: 2010-04-19 13:08:30

ComboFix-quarantined-files.txt 2010-04-19 11:08

Före genomsökningen: 72 550 395 904 byte ledigt

Efter genomsökningen: 72 318 967 808 byte ledigt

- - End Of File - - 88B750B642FB79B56B85995D0223A900

19 april, 2010

Det här ser ut som en besvärlig sak som troligen kommer att ta en del tid att få ordning på, bara så du vet.

1. Vet du vilket program som den här mappen hör till?

2010-04-13 08:41 . 2009-07-31 07:19 -------- d-----w- c:\programdata\PDFC

2. På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här.filnamn.

c:\windows\system32\drivers\ziypzlcj.sys

3. Spara denna fil på Skrivbordet:

http://rootrepeal.googlepages.com/RootRepeal.zip

Packa upp zip-filen (extrahera) så att du får en programfil.

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Starta RootRepeal (i Vista och Windows 7 som vanligt genom att högerklicka på ikonen och välja Kör som administratör).

Välj Report-fliken och tryck på Scan.

Bocka för alla sju valen och tryck sedan på Yes/Ja.

Välj C: och tryck Ok.

Det tar ett tag för RootRepeal att söka igenom C:.

När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log. Klistra in innehållet i rootrepeal.log i ditt svar.

4. Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Den har ett slumpmässigt namn så notera vad programmet sparas som.

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta det nedladdade programmet.

En första snabbskanning startar.

Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.

Tillägg:

2. virustotal-sidan verkar vara överlastad för närvarande och då kan man använda http://virusscan.jotti.org/en eller http://www.virscan.org/ i stället.

Logga in

Trojan.Generic i svchost.exe - Hjälp!

Rekommendera Poster

andreasandreas

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

andreasandreas

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

andreasandreas

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Arkiverat

Vem är online 0 Medlemmar, 0 anonym, 25 gäster (Visa hela listan)

Populära medlemmar

Publika meddelanden

Senaste som Tittar

Senaste inlägg

Forum

Aktivitet

pcforalla.se