[lolli_pop]

Jag har en trojan på min dator i System32-filer. Jag har AVG men undrar bara hur man kan få bort det från AVG så när jag klickar bort, jag tror att det bara utgår från valv till nästa scan när den hittas igen.

[thingie2]

Det verkar som du behöver göra mer än att bara försöka att ta bort med AVG, försöka ta en titt på denna tråd.

[lolli_pop]

Ok, tack. Jag kommer att köra Hijack Denna morgon:)

[evilfantasy]

Kör alla de läser av och skicka loggarna. HijackThis oftast räcker inte.

[lolli_pop]

Jag sprang SUPERAntiSpyware och fick loggen. Jag har också sprang AVG en gång till och det kom med sex platser att Trojan har smittats.

Detta är SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/26/2008 vid 08:30

Application Version: 4.21.1004

Core Rules Database Version: 3609
Trace Rules Database Version: 1595

Scan type: Complete Scan
Total Scan Time: 00:59:08

Memory ex skannade: 430
Memory hot upptäcks: 0
Registreringsenheten ex skannade: 4950
Registreringsenheten hot upptäcks: 0
Arkiv ex skannade: 73876
Arkiv hot upptäcktes: 77

Trojan.Unknown Ursprung
C: \ WINDOWS \ mslagent \ 2_mslagent.dll
C: \ WINDOWS \ mslagent \ mslagent.exe
C: \ WINDOWS \ mslagent \ uninstall.exe
C: \ WINDOWS \ mslagent
C: \ WINDOWS \ system32 \ SMP \ msrc.exe
C: \ WINDOWS \ system32 \ SMP

Adware.INetDelivery
C: \ Program Files \ inet Leverans \ inetdl.exe
C: \ Program Files \ inet Leverans \ intdel.exe
C: \ Program Files \ inet Leveransrapporter
C: \ Program Files \ akl \ akl.dll
C: \ Program Files \ akl \ akl.exe
C: \ Program Files \ akl \ uninstall.exe
C: \ Program Files \ akl \ unsetup.exe
C: \ Program Files \ akl

Trojan.Fake-Drop/Gen
C: \ WINDOWS \ system32 \ VBSYS2.DLL
C: \ WINDOWS \ system32 \ AWTOOLB.DLL
C: \ WINDOWS \ system32 \ SYSREQ.EXE
C: \ WINDOWS \ system32 \ WINWGPX.EXE
C: \ WINDOWS \ system32 \ BDN.COM
C: \ WINDOWS \ system32 \ MSSECU.EXE
C: \ WINDOWS \ system32 \ VCATCHPI.DLL
C: \ WINDOWS \ system32 \ AKTTZN.EXE
C: \ WINDOWS \ system32 \ WINSYSTEM.EXE
C: \ WINDOWS \ system32 \ NEWSD32.EXE
C: \ WINDOWS \ system32 \ EMESX.DLL
C: \ WINDOWS \ system32 \ RUNDL1.EXE
C: \ WINDOWS \ system32 \ ANTICIPATOR.DLL
C: \ WINDOWS \ system32 \ THUN.DLL
C: \ WINDOWS \ system32 \ THUN32.DLL
C: \ WINDOWS \ system32 \ MSVCHOST.EXE
C: \ WINDOWS \ system32 \ REGC64.DLL
C: \ WINDOWS \ system32 \ REGM64.DLL
C: \ WINDOWS \ system32 \ SSVCHOST.COM
C: \ WINDOWS \ system32 \ SSVCHOST.EXE
C: \ WINDOWS \ system32 \ TEMP # 01.EXE
C: \ WINDOWS \ system32 \ MSGP.EXE
C: \ WINDOWS \ system32 \ MTR2.EXE
C: \ WINDOWS \ system32 \ H @ TKEYSH @ @ K. DLL
C: \ WINDOWS \ system32 \ NETODE.EXE
C: \ WINDOWS \ system32 \ MEDUP012.DLL
C: \ WINDOWS \ system32 \ MEDUP020.DLL
C: \ WINDOWS \ system32 \ SSURF022.DLL
C: \ WINDOWS \ system32 \ MSNBHO.DLL
C: \ WINDOWS \ system32 \ BSVA-EGIHSG52.EXE
C: \ WINDOWS \ system32 \ PS1.EXE
C: \ WINDOWS \ system32 \ HXIWLGPM.DAT
C: \ WINDOWS \ system32 \ HXIWLGPM.EXE
C: \ WINDOWS \ system32 \ TAACK.DAT
C: \ WINDOWS \ system32 \ TAACK.EXE
C: \ WINDOWS \ system32 \ MWIN32.EXE
C: \ WINDOWS \ system32 \ VBIEWER.OCX
C: \ WINDOWS \ system32 \ HOPROXY.DLL
C: \ WINDOWS \ system32 \ WINLOGONPC.EXE
C: \ WINDOWS \ BDN.COM
C: \ WINDOWS \ MSSECU.EXE
C: \ WINDOWS \ WINSYSTEM.EXE
C: \ WINDOWS \ ITUNESMUSIC.EXE
C: \ WINDOWS \ A. BAT
C: \ WINDOWS \ BASE64.TMP
C: \ WINDOWS \ FVPROTECT.EXE
C: \ WINDOWS \ USERCONFIG9X.DLL
C: \ WINDOWS \ ZIP1.TMP
C: \ WINDOWS \ ZIP2.TMP
C: \ WINDOWS \ ZIP3.TMP
C: \ WINDOWS \ ZIPPED.TMP

Dpcproxy
C: \ WINDOWS \ system32 \ DPCPROXY.EXE

Unclassified.Unknown Ursprung / System
C: \ WINDOWS \ system32 \ PSOF1.EXE

Adware.Pacer D
C: \ WINDOWS \ system32 \ PSOFT1.EXE

Trojan.Dluca-I
C: \ WINDOWS \ system32 \ SNCNTR.EXE

Adware.Vundo-Variant / J
C: \ WINDOWS \ QRBGLTOS.DLL

Trojan.Net-MSV/VPS-Variant
C: \ WINDOWS \ GRFXBANOMOK.DLL

Adware.180solutions/Seekmo/Zango
C: \ Documents and Settings \ GÄST \ Desktop \ SETUP.EXE

Adware.Tracking Cookie
C: \ Documents and Settings \ Guest \ Cookies \ gäst @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Guest \ Cookies \ gäst @ tjänstgör-sys [2]. Txt
C: \ Documents and Settings \ Guest \ Cookies \ gäst @ atdmt [2]. Txt
C: \ Documents and Settings \ Guest \ Cookies \ gäst @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Guest \ Cookies \ guest@bs.serving-sys [2]. Txt

[lolli_pop]

MalwareByres Log:

Malwarebytes' Anti-Malware 1.30
Database version: 1324
Windows 5.1.2600 Service Pack 2

26/10/2008 23:09:02
mbam-log-2008-10-26 (23-09-02). txt

Scan type: Quick Scan
Objekt skannade: 52045
Tid som förflutit: 4 minute (s), 36 sekund (er)

Memory Processes Infekterade: 0
Minnesmoduler Infekterade: 0
Registernycklar Infekterade: 0
Registervärdena Infekterade: 0
Registry Data Items Infekterade: 0
Mappar Infekterade: 1
Filer Infekterade: 1

Memory Processes Infekterade:
(Inga illasinnade poster upptäcks)

Minnesmoduler Infekterade:
(Inga illasinnade poster upptäcks)

Registernycklar Infekterade:
(Inga illasinnade poster upptäcks)

Registervärdena Infekterade:
(Inga illasinnade poster upptäcks)

Registry Data Items Infekterade:
(Inga illasinnade poster upptäcks)

Mappar Infekterade:
C: \ Documents and Settings \ Guest \ Lokala inställningar \ Temp \ ac8zt2 (Trojan.FakeAlert) ->

Karantän och raderades.

Filer Infekterade:
C: \ WINDOWS \ egsf.exe (Trojan.FakeAlert) -> karantän och raderades.

[evilfantasy]

Behov av HijackThis log nu

[lolli_pop]

Citat:

Ursprungligen postat av jamesjon

NOD32 är det bästa för trojan.

Care att expandera?

[evilfantasy]

Snälla bara fortsätta med utstationering loggarna om du behöver hjälp.

[lolli_pop]

Loggfil av Trend Micro HijackThis v2.0.2
Scan sparades vid 23:01:07 den 27/10/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Kör processer:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Program \ WIDCOMM \ Bluetooth-programvara \ bin \ btwdins.exe
C: \ Program \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ progra ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ Acer \ Empowering Technology \ eRecovery \ Monitor.exe
C: \ Program \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
C: \ Program Files \ Virgin Bredband \ rådgivare \ Broadbandadvisor.exe
C: \ Program Files \ TextBridge Pro Millennium \ bin \ InstantAccess.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ progra ~ 1 \ AVG \ AVG8 \ avgtray.exe
C: \ WINDOWS \ sm56hlpr.exe
C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Ulead Systems \ Ulead Photo Express 3.0 SE \ CalCheck.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Trust \ Easy Webscan 19200 \ ScanPanel \ ScnPanel.exe
C: \ Program Files \ FinePixViewerS \ QuickDCF2.exe
C: \ progra ~ 1 \ WIDCOMM \ BLUETO ~ 1 \ BTSTAC ~ 1.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ HijackThis \ Analyse.exe.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://global.acer.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokala
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - (145B29F4-A56B-4b90-BBAC-45784EBEBBB7) - C: \ Program Files \ StumbleUpon \ StumbleUponIEBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program \ Delade filer \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ progra ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program \ Java \ jre6 \ lib \ distribuera \ jqs \ dvs \ jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - (E99421FB-68DD-40F0-B4AC-B7027CAE2F1A) - C: \ Program Files \ EPSON \ EPSON Web-To-Page \ EPSON Web-To-Page.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program \ google \ googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - (EE5D279F-081B-4404-994D-C6B60AAEBA6D) - C: \ Program Files \ EPSON \ EPSON Web-To-Page \ EPSON Web-To-Page.dll
O3 - Toolbar: StumbleUpon Toolbar - (5093EB4C-3E93-40AB-9266-B607BA87BDC8) - C: \ Program Files \ StumbleUpon \ StumbleUponIEBar.dll
O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ progra ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ Imjpmig.exe" / förstöra / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Empowering Technology \ eRecovery \ Monitor.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [BJCFD] C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
O4 - HKLM \ .. \ Run: [Broadbandadvisor.exe] "C: \ Program Files \ Virgin Bredband \ rådgivare \ Broadbandadvisor.exe" / AutoRun
O4 - HKLM \ .. \ Run: [InstantAccess] C: \ Program Files \ TextBridge Pro Millennium \ bin \ InstantAccess.exe / h
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ progra ~ 1 \ AVG \ AVG8 \ avgtray.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / bakgrund
O4 - HKCU \ .. \ Run: [SWG] C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Comet Screensaver.lnk = C: \ Program Files \ Comet Screensaver \ Comet Screensaver.exe
O4 - Startup: IMVU.lnk = C: \ Program \ IMVU \ IMVUClient.exe
O4 - Startup: Tillbehör
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Bluetooth.lnk =?
O4 - Global Startup: Ulead Photo Express 3.0 SE Kalender Checker.lnk = C: \ Program Files \ Ulead Systems \ Ulead Photo Express 3.0 SE \ CalCheck.exe
O4 - Global Startup: ScanPanel.lnk = C: \ Program Files \ Trust \ Easy Webscan 19200 \ ScanPanel \ ScnPanel.exe
O4 - Global Startup: Exif Launcher S.lnk =?
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O8 - Extra sammanhang menyobjektet: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra sammanhang menyobjektet: E & xportera till Microsoft Excel - res: / / C: \ progra ~ 1 \ mikro ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammanhang menyobjektet: Skicka till & Bluetooth - C: \ Program Files \ Belkin \ Bluetooth Software \ btsendto_ie_ctx.htm
O8 - Extra sammanhang menyobjektet: Skicka till & Bluetooth-enhet ... - C: \ Program \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O8 - Extra sammanhang menyobjektet: StumbleUpon PhotoBlog It! - Res: / / StumbleUponIEBar.dll / blogimage
Ø9 - Extra button: StumbleUpon - (75C9223A-409A-4795-A3CA-08DE6B075B4B) - C: \ Program Files \ StumbleUpon \ StumbleUponIEBar.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ mikro ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
Ø9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
Ø9 - Extra button: (inget namn) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (Checkers Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (5D6F45B3-9043-443D-a792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://update.microsoft.com/windowsu...?1177956484625
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: AVG8 Watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program \ WIDCOMM \ Bluetooth-programvara \ bin \ btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Program \ Java \ jre6 \ bin \ jqs.exe

--
End of file - 11086 bytes


Jag tror att den trojan (er) har kom från min syster att ladda ner spel till sin telefon, jag är inte säker, men de är smittar återställningen nu.