Just nu i M3-nätverket
Jump to content

Malwarebytes hittade Trojan.Agent


Din_Parla

Recommended Posts

Hej!

När jag scannade med Malwarebytes så hittade den en Trojan.Agent. Vad är detta och vad ska jag göra åt det?

 

Tack på förhand!

 

Annika

 

Malwarebytes loggen:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4329

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

 

2010-07-20 15:41:21

mbam-log-2010-07-20 (15-41-21).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 286040

Förfluten tid: 1 timme(ar), 9 minut(er), 7 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PCS Diag.exe (Trojan.Agent) -> No action taken.

 

DDS loggen:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Annika at 15:47:54,04 on 2010-07-20

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3454.2105 [GMT 2:00]

 

AV: avast! antivirus 4.8.1229 [VPS 081126-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: avast! antivirus 4.8.1229 [VPS 081126-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\jureg.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Mouse Driver\StartAutorun.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\Mouse Driver\KMConfig.exe

C:\Program Files\Mouse Driver\KMProcess.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe

C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe

C:\Program Files\Mouse Driver\KMWDSrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\hp\kbd\kbd.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\FirstClass\fcc32.exe

C:\Windows\system32\WgaTray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Annika\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.nordea.se/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

uRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [sunJavaUpdateReg] "c:\windows\system32\jureg.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [KMCONFIG] c:\program files\mouse driver\StartAutorun.exe KMConfig.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\personal.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\program\microsoft office\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Skicka till &Bluetooth - c:\program files\d-link\bluetooth-programvara\btsendto_ie_ctx.htm

IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\annika\appdata\roaming\mozilla\firefox\profiles\28vhs1er.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.nordea.se/

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-3-30 165456]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-30 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-3-30 50256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-18 40384]

R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\common files\sony ericsson\emma core\services\EmmaDeviceMgmt.exe [2010-2-25 306296]

R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\common files\sony ericsson\emma core\services\EmmaUpdateMgmt.exe [2010-2-25 162936]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\mouse driver\KMWDSrv.exe [2008-5-30 208896]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-8 90112]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-18 1153368]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-18 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-18 40384]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-18 38224]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-8 27632]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-24 135664]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-7-1 13224]

S3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\drivers\GigasetGenericUSB.sys [2009-12-16 44032]

S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2008-12-26 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2008-12-26 13312]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-7-1 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-7-1 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-7-1 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-7-1 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-7-1 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-7-1 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-7-1 115752]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-7-1 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-7-1 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-7-1 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-7-1 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-7-1 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-7-1 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-7-1 109736]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2007-10-30 24064]

 

=============== Created Last 30 ================

 

2010-06-29 06:42:31 38848 ----a-w- c:\windows\avastSS.scr

2010-06-24 22:01:10 0 d-----w- c:\program files\TuneUpMedia

2010-06-23 14:54:50 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-23 14:54:50 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-23 14:54:50 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-23 14:54:50 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-23 14:54:50 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-23 13:52:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-23 13:52:46 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-20 21:09:15 0 d-----w- c:\programdata\Boss Media

2010-06-20 21:09:10 0 d-----w- C:\Casino

 

==================== Find3M ====================

 

2010-07-20 08:15:05 48158 ----a-w- c:\programdata\nvModes.dat

2010-06-28 20:32:56 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-06-28 06:23:28 597598 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-28 06:23:28 117210 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 07:58:27 86016 ----a-w- c:\windows\inf\infpub.dat

2010-06-19 07:58:27 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-06-19 07:58:27 143360 ----a-w- c:\windows\inf\infstor.dat

2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-21 12:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-18 14:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 14:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-27 18:41:14 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-06-27 16:46:27 174 --sha-w- c:\program files\desktop.ini

2007-11-24 07:19:48 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2007-11-24 07:19:48 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2007-11-24 07:19:48 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2007-11-24 07:19:48 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2008-03-30 20:48:59 2 --shatr- c:\windows\winstart.bat

2009-12-17 19:03:44 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-12-17 19:03:44 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-12-17 19:03:44 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2009-11-01 08:07:18 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-02-24 21:47:32 22 --sha-w- c:\windows\sminst\HPCD.sys

2007-11-24 07:36:39 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 15:48:56,18 ===============

 

 

Attach.txt

Link to comment
Share on other sites

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PCS Diag.exe (Trojan.Agent) -> No action taken.

Det ser ju mest ut som falsklarm. Åtminstone om programmet är hämtat från Sony Ericssons webbplats.

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här.

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PCS Diag.exe

Link to comment
Share on other sites

Hej,

detta kan vara ett falsklarm, men för att vara på den säkrare sidan,

ladda upp filen på VIrustotal, http://www.virustotal.com/sv/

Tryck på Bläddraknappen leta reda på C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PCS Diag.exe

tryck skicka fil.

Återkom med svarslänken här i din tråd

Mvh

Mats h

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...