Jump to content

trojan

toguns
 Share

Recommended Posts

Mats H

Mats H

Posted
Posted (edited)
Filen heter sfc_os.dll

Får inte virustotal att fungera , står bara 0 bytes size recived

Lite info!

http://www.processlibrary.com/directory/files/sfc_os/

Description

sfc.dll is a file that contains functions used to monitor system files for validity. It belongs to the Microsoft Windows environment.

Recommendation

sfc_os.dll should not be disabled, required for essential applications to work properly..

Gå in på länken ovan och kolla!

Vart tog trojanen vägen?

Mvh

Mats H

Edited by Mats H
Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Det låter som att det är en Windows-fil som har blivit ändrad och det är ju inte bra, då slutar det ofta med en ominstallation av Windows. Om du söker igenom datorn med F-secure (Säker Surf) hittar den då fler filer?

Kan du göra en kopia av filen och lägga på Skrivbordet?

Link to comment
Share on other sites
toguns

toguns

Posted
  • Author
Posted

Här är resultatet av dds

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2005-05-07 17:24:05

System Uptime: 2009-09-18 20:59:18 (17 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5RD1-V

Processor: Intel® Celeron® CPU 2.80GHz | LGA 775 | 2799/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 30 GiB total, 16,057 GiB free.

D: is FIXED (NTFS) - 78 GiB total, 22,484 GiB free.

E: is FIXED (NTFS) - 78 GiB total, 55,832 GiB free.

F: is CDROM ()

G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP226: 2009-08-01 18:03:18 - Systemkontrollpunkt

RP227: 2009-08-02 22:28:24 - Systemkontrollpunkt

RP228: 2009-08-04 15:34:25 - Systemkontrollpunkt

RP229: 2009-08-05 15:59:00 - Systemkontrollpunkt

RP230: 2009-08-08 13:38:37 - Systemkontrollpunkt

RP231: 2009-08-08 23:28:10 - Software Distribution Service 3.0

RP232: 2009-08-15 10:00:26 - Systemkontrollpunkt

RP233: 2009-08-16 00:44:55 - Software Distribution Service 3.0

RP234: 2009-08-17 22:04:14 - Systemkontrollpunkt

RP235: 2009-08-19 10:53:21 - Systemkontrollpunkt

RP236: 2009-08-20 11:20:42 - Systemkontrollpunkt

RP237: 2009-08-21 12:20:39 - Systemkontrollpunkt

RP238: 2009-08-22 12:43:53 - Systemkontrollpunkt

RP239: 2009-08-23 23:05:33 - Systemkontrollpunkt

RP240: 2009-08-25 09:15:03 - Systemkontrollpunkt

RP241: 2009-08-26 17:40:36 - RadarSync Restore Point

RP242: 2009-08-26 22:01:41 - Software Distribution Service 3.0

RP243: 2009-08-27 14:47:12 - Java 6 Update 15 installerades

RP244: 2009-08-28 15:10:14 - Systemkontrollpunkt

RP245: 2009-08-30 11:39:49 - Systemkontrollpunkt

RP246: 2009-08-31 14:36:09 - Systemkontrollpunkt

RP247: 2009-09-01 15:47:42 - Systemkontrollpunkt

RP248: 2009-09-01 21:56:59 - Software Distribution Service 3.0

RP249: 2009-09-03 08:43:25 - Systemkontrollpunkt

RP250: 2009-09-04 08:56:10 - Systemkontrollpunkt

RP251: 2009-09-05 09:56:10 - Systemkontrollpunkt

RP252: 2009-09-07 16:33:12 - Systemkontrollpunkt

RP253: 2009-09-08 17:04:26 - Systemkontrollpunkt

RP254: 2009-09-09 18:04:25 - Systemkontrollpunkt

RP255: 2009-09-10 09:14:40 - Software Distribution Service 3.0

RP256: 2009-09-11 00:30:40 - Software Distribution Service 3.0

RP257: 2009-09-11 23:46:33 - Software Distribution Service 3.0

RP258: 2009-09-12 10:45:39 - Software Distribution Service 3.0

RP259: 2009-09-13 01:14:03 - Software Distribution Service 3.0

RP260: 2009-09-13 12:22:42 - Skrivardrivrutinen Br som saknar digital signatur har installer

RP261: 2009-09-13 22:26:18 - Software Distribution Service 3.0

RP262: 2009-09-14 22:14:01 - Software Distribution Service 3.0

RP263: 2009-09-16 22:31:07 - Software Distribution Service 3.0

RP264: 2009-09-17 22:58:20 - Systemkontrollpunkt

RP265: 2009-09-17 23:08:04 - Software Distribution Service 3.0

RP266: 2009-09-18 21:02:49 - Software Distribution Service 3.0

==== Installed Programs ======================

ACDSee Photo Manager 2009

Ad-Aware

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Photoshop Elements 7.0

Adobe Reader 9.1.3 - Svenska

Alky for Applications (Windows XP)

Apple Software Update

ASUS Probe V2.24.04

ATI Display Driver

Link to comment
Share on other sites
toguns

toguns

Posted
  • Author
Posted

Det var kanske den här du var ute efter :)

Ledsen att det blev fel ;)

DDS (Ver_09-07-30.01) - NTFSx86

Run by Tomas at 15:14:50,84 on 2009-09-19

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.2.1252.46.1053.18.959.441 [GMT 2:00]

AV: Telia Säker Surf 8.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: Telia Säker Surf 8.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\Eraser\Eraser.exe

C:\Program\C Technologies\C-Pen 20\CPen20.exe

C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program\C Technologies\C-Pen 20\CPenOCR.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program\IncrediMail\bin\IMApp.exe

C:\Program\Brother\Brmfcmon\BrMfcmon.exe

C:\Program\C Technologies\C-Pen 20\CPenDesk.exe

E:\Program\Photoshop elements 7.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\uTorrent\uTorrent.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsavgui.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\scanwizard.exe

C:\Documents and Settings\Tomas\Skrivbord\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\micros~1\office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [incrediMail] c:\program\incredimail\bin\IncMail.exe /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program\delade filer\ahead\lib\NMBgMonitor.exe"

uRun: [Eraser] c:\program\eraser\Eraser.exe -hide

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [setDefPrt] c:\program\brother\brmfl05a\BrStDvPt.exe

mRun: [F-Secure Manager] "c:\program\telia\telias sakerhetstjanster\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program\telia\telias sakerhetstjanster\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Telia] "c:\program\telia\supportassistent\bin\sprtcmd.exe" /P Telia

mRun: [Ad-Watch] c:\program\lavasoft\ad-aware\AAWTray.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\c-pen 20.lnk - c:\windows\installer\{ed10a1f7-c0d9-44f4-aa62-e6eacfe9188c}\_C05C4E3FAC1D_403E_A9AF_31FAF7F4ECFA.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\status~1.lnk - c:\program\brother\brmfcmon\BrMfcWnd.exe

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: E&xportera till Microsoft Excel

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~1\office12\REFIEBAR.DLL

LSP: c:\program\telia\telias sakerhetstjanster\fsps\program\fslsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program\micros~1\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\micros~1\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tomas\applic~1\mozilla\firefox\profiles\6pzb54nq.default\

FF - prefs.js: browser.search.selectedEngine - Fast Browser Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-1-27 33920]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-1-27 79904]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-20 64160]

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2007-6-16 103680]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program\telia\telias sakerhetstjanster\hips\drivers\fshs.sys [2009-1-27 66720]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program\telia\telias sakerhetstjanster\anti-virus\fsgk32st.exe [2009-1-27 215648]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia);c:\program\telia\supportassistent\bin\sprtsvc.exe [2009-3-30 202016]

R3 CPen20;CPen20;c:\windows\system32\drivers\CPen20.sys [2005-2-16 18536]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\telia\telias sakerhetstjanster\anti-virus\minifilter\fsgk.sys [2009-1-27 99960]

R3 FSORSPClient;F-Secure ORSP Client;c:\program\telia\telias sakerhetstjanster\orsp client\fsorsp.exe [2009-1-27 55904]

S3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\drivers\pendfu.sys [2005-2-14 39008]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2009-6-23 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2009-6-23 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2009-6-23 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2009-6-23 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2009-6-23 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2009-6-23 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2009-6-23 110120]

S4 F-Secure Filter;F-Secure File System Filter;c:\program\telia\telias sakerhetstjanster\anti-virus\win2k\fsfilter.sys [2009-1-27 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\telia\telias sakerhetstjanster\anti-virus\win2k\fsrec.sys [2009-1-27 25184]

=============== Created Last 30 ================

2009-09-19 13:02 <DIR> --d----- c:\program\Enigma Software Group

2009-09-19 12:57 139,776 -------- c:\windows\system32\sfc_os.dll.$DIS

2009-09-19 12:08 <DIR> --d----- c:\program\VirusTotalUploader

2009-09-18 22:02 <DIR> --d----- c:\docume~1\tomas\applic~1\Malwarebytes

2009-09-18 22:01 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-18 22:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-09-18 22:01 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-18 22:01 <DIR> --d----- c:\program\Malwarebytes' Anti-Malware

2009-09-18 10:04 8,192 a--sh--- c:\windows\system32\dllcache\Thumbs.db

2009-09-09 08:43 153,088 -------- c:\windows\system32\dllcache\triedit.dll

2009-09-01 16:24 <DIR> --dsh--- c:\documents and settings\tomas\PrivacIE

==================== Find3M ====================

2009-08-08 23:39 453,292 a------- c:\windows\system32\perfh01D.dat

2009-08-08 23:39 87,426 a------- c:\windows\system32\perfc01D.dat

2009-08-05 11:08 205,312 a------- c:\windows\system32\mswebdvd.dll

2009-08-05 11:08 205,312 -------- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll

2009-07-20 15:04 15,688 a------- c:\windows\system32\lsdelete.exe

2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll

2009-07-19 15:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll

2009-07-17 21:00 58,880 a------- c:\windows\system32\atl.dll

2009-07-17 21:00 58,880 -------- c:\windows\system32\dllcache\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll

2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll

2009-07-10 15:38 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

2009-07-06 12:31 87,608 a------- c:\docume~1\tomas\applic~1\inst.exe

2009-07-06 12:31 47,360 a------- c:\docume~1\tomas\applic~1\pcouffin.sys

2009-07-03 19:00 915,456 a------- c:\windows\system32\wininet.dll

2009-07-03 19:00 206,848 a------- c:\windows\system32\dllcache\occache.dll

2009-07-03 19:00 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll

2009-07-03 19:00 915,456 -------- c:\windows\system32\dllcache\wininet.dll

2009-07-03 19:00 12,800 -------- c:\windows\system32\dllcache\xpshims.dll

2009-07-03 19:00 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll

2009-07-03 19:00 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll

2009-07-03 19:00 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll

2009-07-03 19:00 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll

2009-07-03 19:00 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll

2009-07-03 19:00 184,320 -------- c:\windows\system32\dllcache\iepeers.dll

2009-07-03 19:00 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll

2009-07-03 13:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe

2009-06-22 13:49 117,248 a------- c:\windows\system32\mqtgsvc.exe

2009-06-22 13:49 19,968 a------- c:\windows\system32\mqbkup.exe

2009-06-22 13:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe

2009-06-22 13:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe

2009-06-22 13:49 4,608 a------- c:\windows\system32\mqsvc.exe

2009-06-22 13:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe

2009-06-22 13:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys

2009-06-22 08:48 726,528 -------- c:\windows\system32\dllcache\jscript.dll

2009-01-27 16:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012009012720090128\index.dat

============= FINISH: 15:17:17,65 ===============

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Ad-aware Ad-watch är väldigt bra, men just nu så kan den störa de nödvändiga förändringarna i registret så du behöver stänga av den. Kom ihåg att sätta på den när datorn är ren men inte förrän dess..

Starta Ad-Aware och välj fliken Ad-Watch Live!.

Avbocka alla alternativ, men skriv först upp hur det är inställt så att du kan återställa när datorn är ren.

Avsluta programmet och starta om datorn.

Avinstallera alla Java utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång). De gamla versionerna innehåller säkerhetshål så dem ska man inte ha kvar i datorn.

Vad har du installerat för program från Enigma Software Group idag? Du kan läsa andras åsikter om det företaget på http://www.mywot.com/sv/scorecard/enigmasoftware.com

Skanna dessa filer på virustotal-sidan:

c:\windows\system32\sfc_os.dll.$DIS

c:\windows\system32\dllcache\triedit.dll

c:\docume~1\tomas\applic~1\inst.exe

Link to comment
Share on other sites
RickyRick

RickyRick

Posted
Posted

Tjenare!

Jag har precis haft samma helsike men lyckades lösa det för en timme sen.

F-secure klarade inte att ta bort trojan.win32.patched.hp i sfc_os.dll och jag fick varningar om det hela tiden.

Jag tog en kopia på sfc_os.dll o la på skrivbordet. Där kunde F-secure hantera problemet.

Gick sedan in i system32 och döpte om sfc_os.dll så den gick att slänga.

Tog en kopia på den rensade filen som jag hade på skrivbordet o klistrade in i system32. Sen funka allt igen! :)

Hoppas att det va till nån hjälp...

/R

Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Fast frågan är ju hur en vanlig Windows-fil blev ändrad (kan ju finnas något kvar i datorn då) eller om det var falsklarm av F-secure?

Eftersom sfc_os.dll har hand om filskyddet i Windows som ska hindra Windows-filer från att bli borttagna (ändrade?) så låter det ju som att skadliga program skulle tycka att det vore mycket bra att ändra i den filen.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...