Oscar
-
Innehållsantal
14 -
Gick med
-
Besökte senast
Allt postat av Oscar
-
Hej, Nu mår datorn kanonbra! Tack så hemskt mycket, oerhört snällt! Mvh Oscar
-
Hej igen, Detta verkar ha gjort susen, många härliga knep och kommandon jag inte hade en aning om hur man fick fram i Vista! Lärt mig massor. Tack! HJT-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:30:57, on 2008-10-12 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32Dwm.exe C:Windowssystem32taskeng.exe C:WindowsExplorer.EXE C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesAdobeReader 8.0Readerreader_sl.exe C:WindowsSystem32rundll32.exe C:WindowsRtHDVCpl.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesPanda Antivirus 2008ApVxdWin.exe C:Program FilesJavajre1.6.0_07binjusched.exe C:WindowsPLFSetI.exe C:Program FilesWindows LiveMessengermsnmsgr.exe C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Program FilesAcerAcer VCMAcerVCM.exe C:Windowssystem32wbemunsecapp.exe C:UsersOscarAppDataLocalTempRtkBtMnt.exe C:Program FilesPanda Antivirus 2008WebProxy.exe C:Program FilesAcerAcer VCMacp2HID.exe C:Program FilesTrend MicroHijackThisoscar.exe C:Program FilesAcerAcer VCMVC.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM..Run: [skytel] Skytel.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe" O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe" O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe" O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - Global Startup: Acer VCM.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe -- End of file - 7524 bytes Mvh Oscar
-
Hej igen, alla fem filer är scannade och postade ovan nu. Endast en av filerna var suspekt ser det ut som. Msnfix-filen var ingen exe-fil såvitt jag kunde se, men den är borttagen nu iaf. Mvh Oscar
-
Fil jmcr_ms.ico mottagen 2008.10.12 13:50:22 (CET) Resultat: 0/36 (0%) Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.10.10.1 2008.10.10 - AntiVir 7.8.1.34 2008.10.11 - Authentium 5.1.0.4 2008.10.11 - Avast 4.8.1248.0 2008.10.11 - AVG 8.0.0.161 2008.10.11 - BitDefender 7.2 2008.10.12 - CAT-QuickHeal 9.50 2008.10.11 - ClamAV 0.93.1 2008.10.12 - DrWeb 4.44.0.09170 2008.10.12 - eSafe 7.0.17.0 2008.10.08 - eTrust-Vet 31.6.6141 2008.10.10 - Ewido 4.0 2008.10.12 - F-Prot 4.4.4.56 2008.10.11 - F-Secure 8.0.14332.0 2008.10.12 - Fortinet 3.113.0.0 2008.10.12 - GData 19 2008.10.12 - Ikarus T3.1.1.34.0 2008.10.12 - K7AntiVirus 7.10.491 2008.10.11 - Kaspersky 7.0.0.125 2008.10.12 - McAfee 5403 2008.10.11 - Microsoft 1.4005 2008.10.12 - NOD32 3515 2008.10.11 - Norman 5.80.02 2008.10.10 - Panda 9.0.0.4 2008.10.12 - PCTools 4.4.2.0 2008.10.12 - Prevx1 V2 2008.10.12 - Rising 20.65.42.00 2008.10.10 - SecureWeb-Gateway 6.7.6 2008.10.11 - Sophos 4.34.0 2008.10.12 - Sunbelt 3.1.1716.1 2008.10.12 - Symantec 10 2008.10.12 - TheHacker 6.3.1.0.108 2008.10.11 - TrendMicro 8.700.0.1004 2008.10.10 - VBA32 3.12.8.6 2008.10.12 - ViRobot 2008.10.10.1416 2008.10.10 - VirusBuster 4.5.11.0 2008.10.11 - Övrig information File size: 15086 bytes Fil jmcr_mmc.ico mottagen 2008.10.12 13:53:00 (CET) Resultat: 0/36 (0%) Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.10.10.1 2008.10.10 - AntiVir 7.8.1.34 2008.10.11 - Authentium 5.1.0.4 2008.10.11 - Avast 4.8.1248.0 2008.10.11 - AVG 8.0.0.161 2008.10.11 - BitDefender 7.2 2008.10.12 - CAT-QuickHeal 9.50 2008.10.11 - ClamAV 0.93.1 2008.10.12 - DrWeb 4.44.0.09170 2008.10.12 - eSafe 7.0.17.0 2008.10.08 - eTrust-Vet 31.6.6141 2008.10.10 - Ewido 4.0 2008.10.12 - F-Prot 4.4.4.56 2008.10.11 - F-Secure 8.0.14332.0 2008.10.12 - Fortinet 3.113.0.0 2008.10.12 - GData 19 2008.10.12 - Ikarus T3.1.1.34.0 2008.10.12 - K7AntiVirus 7.10.491 2008.10.11 - Kaspersky 7.0.0.125 2008.10.12 - McAfee 5403 2008.10.11 - Microsoft 1.4005 2008.10.12 - NOD32 3515 2008.10.11 - Norman 5.80.02 2008.10.10 - Panda 9.0.0.4 2008.10.12 - PCTools 4.4.2.0 2008.10.12 - Prevx1 V2 2008.10.12 - Rising 20.65.42.00 2008.10.10 - SecureWeb-Gateway 6.7.6 2008.10.11 - Sophos 4.34.0 2008.10.12 - Sunbelt 3.1.1716.1 2008.10.12 - Symantec 10 2008.10.12 - TheHacker 6.3.1.0.108 2008.10.11 - TrendMicro 8.700.0.1004 2008.10.10 - VBA32 3.12.8.6 2008.10.12 - ViRobot 2008.10.10.1416 2008.10.10 - VirusBuster 4.5.11.0 2008.10.11 - Övrig information File size: 15086 bytes Fil Suyin.reg mottagen 2008.10.12 13:55:27 (CET) Resultat: 0/36 (0%) Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.10.10.1 2008.10.10 - AntiVir 7.8.1.34 2008.10.11 - Authentium 5.1.0.4 2008.10.11 - Avast 4.8.1248.0 2008.10.11 - AVG 8.0.0.161 2008.10.11 - BitDefender 7.2 2008.10.12 - CAT-QuickHeal 9.50 2008.10.11 - ClamAV 0.93.1 2008.10.12 - DrWeb 4.44.0.09170 2008.10.12 - eSafe 7.0.17.0 2008.10.08 - eTrust-Vet 31.6.6141 2008.10.10 - Ewido 4.0 2008.10.12 - F-Prot 4.4.4.56 2008.10.11 - F-Secure 8.0.14332.0 2008.10.12 - Fortinet 3.113.0.0 2008.10.12 - GData 19 2008.10.12 - Ikarus T3.1.1.34.0 2008.10.12 - K7AntiVirus 7.10.491 2008.10.11 - Kaspersky 7.0.0.125 2008.10.12 - McAfee 5403 2008.10.11 - Microsoft 1.4005 2008.10.12 - NOD32 3515 2008.10.11 - Norman 5.80.02 2008.10.10 - Panda 9.0.0.4 2008.10.12 - PCTools 4.4.2.0 2008.10.12 - Prevx1 V2 2008.10.12 - Rising 20.65.42.00 2008.10.10 - SecureWeb-Gateway 6.7.6 2008.10.11 - Sophos 4.34.0 2008.10.12 - Sunbelt 3.1.1716.1 2008.10.12 - Symantec 10 2008.10.12 - TheHacker 6.3.1.0.108 2008.10.11 - TrendMicro 8.700.0.1004 2008.10.10 - VBA32 3.12.8.6 2008.10.12 - ViRobot 2008.10.10.1416 2008.10.10 - VirusBuster 4.5.11.0 2008.10.11 - Övrig information File size: 4838 bytes (Jag tog bort msnfix-filen och tömde papperskorgen. Det ska nog vara allt för den här gången Mvh Oscar
-
Hej, C:Windowsupdater.MSNFix är en "msnfix-fil" säger systemet. Den är på 48kb. Virustotal sökningar: Fil jmcr.sys mottagen 2008.10.12 13:42:49 (CET) Resultat: 1/36 (2.78%) Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.10.10.1 2008.10.10 - AntiVir 7.8.1.34 2008.10.11 - Authentium 5.1.0.4 2008.10.11 - Avast 4.8.1248.0 2008.10.11 - AVG 8.0.0.161 2008.10.11 - BitDefender 7.2 2008.10.12 - CAT-QuickHeal 9.50 2008.10.11 - ClamAV 0.93.1 2008.10.12 - DrWeb 4.44.0.09170 2008.10.12 - eSafe 7.0.17.0 2008.10.08 - eTrust-Vet 31.6.6141 2008.10.10 - Ewido 4.0 2008.10.12 - F-Prot 4.4.4.56 2008.10.11 - F-Secure 8.0.14332.0 2008.10.12 - Fortinet 3.113.0.0 2008.10.12 - GData 19 2008.10.12 - Ikarus T3.1.1.34.0 2008.10.12 - K7AntiVirus 7.10.491 2008.10.11 - Kaspersky 7.0.0.125 2008.10.12 - McAfee 5403 2008.10.11 - Microsoft 1.4005 2008.10.12 - NOD32 3515 2008.10.11 - Norman 5.80.02 2008.10.10 - Panda 9.0.0.4 2008.10.12 - PCTools 4.4.2.0 2008.10.12 - Prevx1 V2 2008.10.12 - Rising 20.65.42.00 2008.10.10 - SecureWeb-Gateway 6.7.6 2008.10.11 - Sophos 4.34.0 2008.10.12 - Sunbelt 3.1.1716.1 2008.10.12 - Symantec 10 2008.10.12 - TheHacker 6.3.1.0.108 2008.10.11 - TrendMicro 8.700.0.1004 2008.10.10 - VBA32 3.12.8.6 2008.10.12 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics) ViRobot 2008.10.10.1416 2008.10.10 - VirusBuster 4.5.11.0 2008.10.11 - Övrig information File size: 84240 bytes Fil jmcr_xd.ico mottagen 2008.10.12 13:46:50 (CET) Resultat: 0/36 (0%) Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.10.10.1 2008.10.10 - AntiVir 7.8.1.34 2008.10.11 - Authentium 5.1.0.4 2008.10.11 - Avast 4.8.1248.0 2008.10.11 - AVG 8.0.0.161 2008.10.11 - BitDefender 7.2 2008.10.12 - CAT-QuickHeal 9.50 2008.10.11 - ClamAV 0.93.1 2008.10.12 - DrWeb 4.44.0.09170 2008.10.12 - eSafe 7.0.17.0 2008.10.08 - eTrust-Vet 31.6.6141 2008.10.10 - Ewido 4.0 2008.10.12 - F-Prot 4.4.4.56 2008.10.11 - F-Secure 8.0.14332.0 2008.10.12 - Fortinet 3.113.0.0 2008.10.12 - GData 19 2008.10.12 - Ikarus T3.1.1.34.0 2008.10.12 - K7AntiVirus 7.10.491 2008.10.11 - Kaspersky 7.0.0.125 2008.10.12 - McAfee 5403 2008.10.11 - Microsoft 1.4005 2008.10.12 - NOD32 3515 2008.10.11 - Norman 5.80.02 2008.10.10 - Panda 9.0.0.4 2008.10.12 - PCTools 4.4.2.0 2008.10.12 - Prevx1 V2 2008.10.12 - Rising 20.65.42.00 2008.10.10 - SecureWeb-Gateway 6.7.6 2008.10.11 - Sophos 4.34.0 2008.10.12 - Sunbelt 3.1.1716.1 2008.10.12 - Symantec 10 2008.10.12 - TheHacker 6.3.1.0.108 2008.10.11 - TrendMicro 8.700.0.1004 2008.10.10 - VBA32 3.12.8.6 2008.10.12 - ViRobot 2008.10.10.1416 2008.10.10 - VirusBuster 4.5.11.0 2008.10.11 - Övrig information File size: 15086 bytes Fler filer kommer, får inte plats med allt i samma post.
-
Hej, updater.MSNFix är den filen som finns med liknande namn under C:Windows. Det som saknades i Combofix: ComboFix 08-10-11.01 - Oscar 2008-10-11 22:50:21.1 - NTFSx86 Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1053.18.1974 [GMT 2:00] Running from: C:UsersOscarDesktopComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 ))))))))))))))))))))))))))))))) . 2008-10-10 13:36 . 2008-10-10 13:36 <KAT> d-------- C:UsersAll UsersMalwarebytes 2008-10-10 13:36 . 2008-10-10 13:36 <KAT> d-------- C:ProgramDataMalwarebytes 2008-10-10 13:36 . 2008-10-10 13:37 <KAT> d-------- C:Program FilesMalwarebytes' Anti-Malware 2008-10-10 13:36 . 2008-09-10 00:04 38,528 --a------ C:WindowsSystem32driversmbamswissarmy.sys 2008-10-10 13:36 . 2008-09-10 00:03 17,200 --a------ C:WindowsSystem32driversmbam.sys 2008-10-09 19:34 . 2008-10-09 19:34 <KAT> d-------- C:Program FilesTrend Micro 2008-10-09 19:29 . 2008-10-09 19:29 <KAT> d-------- C:Program FilesCCleaner 2008-10-09 09:46 . 2008-10-09 09:46 <KAT> d-------- C:Program FilesmIRC 2008-10-05 11:56 . 2008-10-05 11:56 <KAT> d-------- C:Program FilesPanda Security 2008-10-05 11:56 . 2008-06-19 17:24 28,544 --a------ C:WindowsSystem32driverspavboot.sys 2008-10-04 21:10 . 2008-10-04 21:10 49,152 --a------ C:Windowsupdater.MSNFix 2008-09-27 11:52 . 2008-10-02 09:53 <KAT> d-------- C:Installerade spel 2008-09-18 12:05 . 2008-09-18 12:05 14,336 --a------ C:WindowsSystem32driversPN31Snoop.sys 2008-09-18 09:45 . 2008-07-19 07:09 1,811,656 --a------ C:WindowsSystem32wuaueng.dll 2008-09-18 09:45 . 2008-07-19 05:44 1,524,736 --a------ C:WindowsSystem32wucltux.dll 2008-09-18 09:45 . 2008-07-19 07:09 563,912 --a------ C:WindowsSystem32wuapi.dll 2008-09-18 09:45 . 2008-07-18 22:08 163,904 --a------ C:WindowsSystem32wuwebv.dll 2008-09-18 09:45 . 2008-07-19 05:44 83,456 --a------ C:WindowsSystem32wudriver.dll 2008-09-18 09:45 . 2008-07-19 07:10 53,448 --a------ C:WindowsSystem32wuauclt.exe 2008-09-18 09:45 . 2008-07-19 07:10 45,768 --a------ C:WindowsSystem32wups2.dll 2008-09-18 09:45 . 2008-07-19 07:10 36,552 --a------ C:WindowsSystem32wups.dll 2008-09-18 09:45 . 2008-07-18 20:44 31,232 --a------ C:WindowsSystem32wuapp.exe 2008-09-17 20:14 . 2008-09-17 20:14 0 --ah----- C:WindowsSystem32driversMsft_User_WpdFs_01_00_00.Wdf 2008-09-14 19:11 . 2008-09-25 17:20 <KAT> d-------- C:UsersOscar.crossftp 2008-09-14 19:05 . 2008-09-14 19:05 <KAT> d-------- C:UsersAll UsersGoogle 2008-09-14 19:05 . 2008-09-14 21:29 <KAT> d-------- C:Program FilesGoogle 2008-09-14 19:03 . 2008-09-14 19:04 <KAT> d-------- C:Program FilesJava 2008-09-14 19:01 . 2008-09-14 19:01 <KAT> d-------- C:Program FilesCommon FilesJava 2008-09-14 10:52 . 2008-09-16 14:34 <KAT> d-------- C:Program FilesReClock 2008-09-14 10:37 . 2008-09-14 10:37 <KAT> d-------- C:Program FilesVistaCodecPack 2008-09-14 10:36 . 2008-09-14 10:36 <KAT> d-------- C:UsersAll UsersVistaCodecs 2008-09-14 10:36 . 2008-09-14 10:36 <KAT> d-------- C:ProgramDataVistaCodecs 2008-09-14 10:13 . 2008-09-14 10:14 <KAT> d-------- C:Program FilesMediaplayer classic 2008-09-13 20:31 . 2008-09-14 19:47 <KAT> d-------- C:Program FilesCoreCodec 2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesRealMedia 2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesOpenSource Flash Video Splitter 2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesDSP-worx 2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesDScaler5 2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesDirectVobSub 2008-09-13 09:59 . 2008-09-13 09:59 <KAT> d-------- C:UsersAll Userssentinel 2008-09-13 09:59 . 2008-09-13 09:59 <KAT> d-------- C:ProgramDatasentinel 2008-09-13 09:58 . 2008-09-13 09:59 <KAT> d-------- C:WindowsSystem32PAV 2008-09-13 09:58 . 2008-10-11 22:33 <KAT> d-------- C:Program FilesPanda Antivirus 2008 2008-09-13 09:58 . 2007-03-15 17:38 54,832 --a------ C:WindowsSystem32pavcpl.cpl 2008-09-13 09:58 . 2007-02-15 19:02 50,736 --a------ C:WindowsSystem32avldr.dll 2008-09-13 09:58 . 2007-09-28 13:24 46,648 --a------ C:WindowsSystem32driversamm8660.sys 2008-09-13 09:58 . 2008-09-13 09:58 218 --a------ C:WindowsSystem32PavCPL.dat 2008-09-13 09:56 . 2008-09-13 09:56 <KAT> d-------- C:Program FilesCommon FilesPanda Software 2008-09-13 09:56 . 2007-07-12 13:49 178,872 --a------ C:WindowsSystem32driversPavProc.sys 2008-09-13 09:56 . 2007-05-23 15:40 38,968 --a------ C:WindowsSystem32driversShlDrv51.sys 2008-09-13 09:41 . 2008-09-13 09:41 <KAT> d-------- C:Program FilesDAEMON Tools Lite 2008-09-13 03:20 . 2008-05-06 20:10 749,568 --a------ C:WindowsAcerStore.exe 2008-09-13 03:20 . 2008-06-13 03:29 2,479 --ahs---- C:Patch.rev 2008-09-13 03:20 . 2008-09-13 03:20 1,300 --a------ C:WindowsAceStore.cfg 2008-09-13 03:19 . 2008-01-10 21:44 199,176 --a------ C:WindowsGVUni.exe 2008-09-13 03:18 . 2008-09-13 03:18 <KAT> d-------- C:WindowsUsers 2008-09-13 03:18 . 2008-04-28 16:29 3,658,752 --a------ C:WindowsSystem32driversNETw5v32.sys 2008-09-13 03:18 . 2008-04-19 02:09 2,756,608 --a------ C:WindowsSystem32NETw5r32.dll 2008-09-13 03:18 . 2008-04-19 02:08 659,456 --a------ C:WindowsSystem32NETw5c32.dll 2008-09-13 03:18 . 2007-12-04 01:11 207,368 --a------ C:WindowsUNINST32.EXE 2008-09-13 03:18 . 2006-11-03 07:29 21,264 --a------ C:WindowsSystem32driversDKbFltr.sys 2008-09-13 03:18 . 2008-09-13 03:18 1,276 --a------ C:WindowsSystem32AcerScre.cfg 2008-09-12 17:33 . 2008-04-03 22:56 1,079,840 --a------ C:WindowsSystem32nvcpluir.dll 2008-09-12 17:33 . 2008-04-03 22:56 768,544 --a------ C:WindowsSystem32nvcplui.exe 2008-09-12 17:33 . 2008-04-03 22:56 442,368 --a------ C:WindowsSystem32nvuninst.exe 2008-09-12 17:33 . 2008-04-03 22:56 420,384 --a------ C:WindowsSystem32nvcpl.cpl 2008-09-12 17:33 . 2008-04-03 22:56 313,888 --a------ C:WindowsSystem32nvexpbar.dll 2008-09-12 16:24 . 2008-09-12 16:24 <KAT> d-------- C:EGIS_Drive 2008-09-12 16:20 . 2008-09-12 16:21 <KAT> d-------- C:Program FilesFlashFXP 2008-09-12 16:00 . 2008-09-23 14:53 <KAT> dr------- C:UsersOscarVideos 2008-09-12 15:41 . 2008-09-12 15:41 717,296 --a------ C:WindowsSystem32driverssptd.sys 2008-09-12 15:23 . 2008-09-12 15:23 <KAT> d-------- C:WindowsPCHEALTH 2008-09-12 15:20 . 2008-09-12 15:20 <KAT> d-------- C:UsersAll UsersWLInstaller 2008-09-12 15:20 . 2008-09-12 15:20 <KAT> d-------- C:ProgramDataWLInstaller 2008-09-12 15:20 . 2008-09-12 15:23 <KAT> d-------- C:Program FilesWindows Live 2008-09-12 15:20 . 2008-09-12 15:23 <KAT> d--hsc--- C:Program FilesCommon FilesWindowsLiveInstaller 2008-09-12 15:10 . 2008-07-16 03:32 2,048 --a------ C:WindowsSystem32tzres.dll 2008-09-12 15:08 . 2007-11-08 11:04 11,967,524 --a------ C:WindowsSystem32korwbrkr.lex 2008-09-12 12:39 . 2008-09-12 12:39 <KAT> d-------- C:Program FilesMSXML 4.0 2008-09-12 12:36 . 2008-06-26 03:45 12,240,896 --a------ C:WindowsSystem32NlsLexicons0007.dll 2008-09-12 12:35 . 2008-09-12 12:35 <KAT> d-------- C:Program FilesuTorrent 2008-09-12 12:33 . 2008-04-26 10:08 1,314,816 --a------ C:WindowsSystem32quartz.dll 2008-09-12 12:12 . 2008-09-12 12:12 <KAT> d-------- C:UsersOscarOption 2008-09-12 12:05 . 2008-09-12 12:05 0 --a------ C:WindowsAcerStore.TAG 2008-09-12 12:02 . 2008-09-12 12:02 <KAT> d-------- C:Program FilesAcer Inc 2008-09-12 12:02 . 2008-09-12 12:02 92 --a------ C:WindowsGridV.UNI 2008-09-12 11:59 . 2008-09-15 17:46 <KAT> d-------- C:Program FilesAcer Arcade Deluxe 2008-09-12 11:55 . 2008-09-12 11:55 <KAT> d-------- C:UsersAll UserseSobi 2008-09-12 11:55 . 2008-09-12 11:55 <KAT> d-------- C:ProgramDataeSobi 2008-09-12 11:55 . 2008-10-10 08:58 <KAT> d-------- C:Program FileseSobi 2008-09-12 11:54 . 2008-02-25 16:28 238,080 --a------ C:WindowsSystem32ITEIO_64.dll 2008-09-12 11:54 . 2008-02-25 16:29 14,544 --a------ C:WindowsSystem32driversTVicPort.sys 2008-09-12 11:54 . 2008-02-25 16:29 6,080 --a------ C:WindowsSystem32driverszntport.sys 2008-09-12 11:53 . 2008-10-11 18:55 0 --a------ C:WindowsSystem32LogConfigTemp.xml 2008-09-12 11:52 . 2008-09-12 11:52 <KAT> d-------- C:UsersAll UsersYahoo! Companion 2008-09-12 11:52 . 2008-09-12 11:52 <KAT> d-------- C:ProgramDataYahoo! Companion 2008-09-12 11:52 . 2008-04-30 16:00 204,800 --a------ C:WindowsSystem32SysHook.dll 2008-09-12 11:50 . 2008-09-12 11:50 <KAT> d-------- C:Program FilesLaunch Manager 2008-09-12 11:50 . 2008-09-12 11:50 83 --a------ C:WindowsLManager.UNI 2008-09-12 11:49 . 2008-09-12 11:49 <KAT> d-------- C:Program FilesSuYin 2008-09-12 11:49 . 2007-03-29 16:48 626,688 --a------ C:WindowsImage.dll 2008-09-12 11:49 . 2008-04-25 12:09 506,368 --a------ C:WindowsAcer Crystal Eye webcam.EXE 2008-09-12 11:49 . 2007-04-20 06:30 222,382 --a------ C:WindowsAcer Crystal Eye webcam.ico 2008-09-12 11:49 . 2007-10-23 10:56 200,704 --a------ C:WindowsPLFSetI.exe 2008-09-12 11:49 . 2008-04-22 13:21 9,216 --a------ C:Windowsusbvideo_reg.exe 2008-09-12 11:49 . 2008-02-25 11:13 4,838 --a------ C:WindowsSuyin.reg 2008-09-12 11:49 . 2008-09-12 11:49 125 --a------ C:WindowsxUninstall.bat 2008-09-12 11:49 . 2007-10-29 13:35 36 --a------ C:WindowsPidList.ini 2008-09-12 11:48 . 2008-09-12 11:48 <KAT> d-------- C:WindowsSystem32RTCOM 2008-09-12 11:48 . 2008-09-12 11:48 <KAT> d-------- C:WindowsJMCR_DIR 2008-09-12 11:48 . 2008-03-14 03:48 290,816 --a------ C:WindowsRTKVADDA.EXE 2008-09-12 11:48 . 2008-04-12 03:55 84,240 --a------ C:WindowsSystem32driversjmcr.sys 2008-09-12 11:48 . 2007-10-26 19:26 15,086 --a------ C:WindowsSystem32jmcr_xd.ico 2008-09-12 11:48 . 2007-10-26 18:55 15,086 --a------ C:WindowsSystem32jmcr_ms.ico 2008-09-12 11:48 . 2007-10-26 17:58 15,086 --a------ C:WindowsSystem32jmcr_mmc.ico 2008-09-12 11:48 . 2007-11-15 01:18 553 --a------ C:WindowsUSetup.iss 2008-09-12 11:47 . 2008-09-12 11:47 <KAT> d-------- C:Program FilesRealtek 2008-09-12 11:46 . 2008-09-12 11:46 <KAT> d-------- C:CLSetup 2008-09-12 11:46 . 2008-09-12 11:46 20 --a------ C:Medion.ini 2008-09-12 11:40 . 2008-09-12 12:06 <KAT> d-------- C:UsersAll UsersNVIDIA 2008-09-12 11:40 . 2008-09-12 12:06 <KAT> d-------- C:ProgramDataNVIDIA 2008-09-12 11:39 . 2008-09-12 11:39 <KAT> dr------- C:UsersOscarSearches 2008-09-12 11:39 . 2008-09-12 16:18 <KAT> dr------- C:UsersOscarContacts 2008-09-12 11:39 . 2008-09-14 18:47 <KAT> d--hs---- C:$RECYCLE.BIN 2008-09-12 11:38 . 2008-09-17 20:41 <KAT> dr------- C:UsersOscarSaved Games Tack igen! Mvh Oscar
-
HJT-log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:36:12, on 2008-10-12 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32Dwm.exe C:Windowssystem32taskeng.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:WindowsSystem32rundll32.exe C:WindowsRtHDVCpl.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesJavajre1.6.0_07binjusched.exe C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Windowssystem32wbemunsecapp.exe C:Program FilesAcerAcer VCMAcerVCM.exe C:Program FilesAcerAcer VCMacp2HID.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesAcerEmpowering TechnologyNotificationCenterFramework.NotificationCenter.exe C:Windowssystem32conime.exe C:WindowsExplorer.exe C:Program FilesPanda Antivirus 2008Apvxdwin.exe C:Program FilesPanda Antivirus 2008WebProxy.exe C:Program FilesInternet Explorerieuser.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe C:Program FilesWindows LiveMessengermsnmsgr.exe C:Program FilesAcerAcer VCMVC.exe C:Windowssystem32SearchFilterHost.exe C:Program FilesTrend MicroHijackThisoscar.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM..Run: [skytel] Skytel.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe" O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe" O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe" O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - Global Startup: Acer VCM.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing) O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe -- End of file - 8648 bytes Mvh oscar
-
Hej, skickar två inlägg då de båda loggarna innehåller för många tecken. Combofix: ComboFix 08-10-11.01 - Oscar 2008-10-11 22:50:21.1 - NTFSx86 Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1053.18.1974 [GMT 2:00] Running from: C:UsersOscarDesktopComboFix.exe * Created a new restore point (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-11 16:52 84 ----a-w C:Program Filesqtsh.txt 2008-10-10 06:58 --------- d--h--w C:Program FilesInstallShield Installation Information 2008-10-10 06:57 --------- d-----w C:Program FilesAcer GameZone 2008-09-15 15:44 --------- d-----w C:ProgramDataCyberLink 2008-09-14 08:37 --------- d-----w C:Program FilesVistaCodecPack 2008-09-14 08:36 --------- d-----w C:ProgramDataVistaCodecs 2008-09-13 01:18 28,728 ----a-w C:Windowssystem32driversmsahci.sys 2008-09-13 01:18 21,560 ----a-w C:Windowssystem32driversatapi.sys 2008-09-12 13:36 --------- d-----w C:Program FilesMicrosoft Works 2008-09-12 13:12 --------- d-----w C:Program FilesWindows Mail 2008-09-12 10:49 --------- d-----w C:ProgramDataMicrosoft Help 2008-09-12 10:05 --------- d-----w C:ProgramDataMcAfee 2008-09-12 10:05 --------- d-----w C:Program FilesAcer 2008-09-12 09:51 --------- d-----w C:Program FilesYahoo! 2008-09-12 09:47 319,456 ----a-w C:WindowsDIFxAPI.dll 2008-09-12 09:47 315,392 ----a-w C:WindowsHideWin.exe 2008-09-12 09:44 --------- d-----w C:ProgramDataSiteAdvisor 2008-09-12 09:35 --------- d-sh--w C:ProgramDataStart-meny 2008-09-12 09:35 --------- d-sh--w C:ProgramDataSkrivbord 2008-09-12 09:35 --------- d-sh--w C:ProgramDataMallar 2008-09-12 09:35 --------- d-sh--w C:ProgramDataFavoriter 2008-09-12 09:35 --------- d-sh--w C:ProgramDataDokument 2008-09-12 09:35 --------- d-sh--w C:Program FilesDelade filer 2008-08-02 03:26 36,864 ----a-w C:WindowsSystem32cdd.dll 2008-07-31 03:32 460,288 ----a-w C:WindowsAppPatchAcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:WindowsSystem32Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:WindowsAppPatchAcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:WindowsAppPatchAcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:WindowsSystem32GameUXLegacyGDFs.dll 2008-01-21 02:43 174 --sha-w C:Program Filesdesktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersegisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOTCLSID{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 23:38 121392 --a------ C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "MsnMsgr"="C:Program FilesWindows LiveMessengerMsnMsgr.Exe" [2007-10-18 5724184] "DAEMON Tools Lite"="C:Program FilesDAEMON Tools Litedaemon.exe" [2008-08-08 490952] "swg"="C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [2008-09-14 171448] "WMPNSCFG"="C:Program FilesWindows Media PlayerWMPNSCFG.exe" [2008-01-21 202240] "uTorrent"="C:Program FilesuTorrentuTorrent.exe" [2008-10-08 270128] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [2008-02-22 1037608] "Adobe Reader Speed Launcher"="c:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2007-03-08 40048] "NvCplDaemon"="C:Windowssystem32NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="C:Windowssystem32NvMcTray.dll" [2008-04-03 92704] "LManager"="C:PROGRA~1LAUNCH~1LManager.exe" [2008-04-01 793096] "eAudio"="C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe" [2008-03-07 544768] "eDataSecurity Loader"="C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe" [2008-04-30 397312] "APVXDWIN"="C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" [2007-10-04 455984] "SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784] "WarReg_PopUp"="C:Program FilesAcerWR_PopUpWarReg_PopUp.exe" [2008-01-29 303104] "PLFSetI"="C:WindowsPLFSetI.exe" [2007-10-23 200704] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 C:WindowsRtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-11-21 C:WindowsSkyTel.exe] C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup Acer VCM.lnk - C:Program FilesAcerAcer VCMAcerVCM.exe [2008-09-12 1216512] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr] 2007-02-15 19:02 50736 C:WindowsSystem32avldr.dll [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail] @="Service" [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBkupTray] --a------ 2008-04-06 22:42 34040 C:Program FilesNewTech InfosystemsNTI Backup Now 5BkupTray.exe [HKLM~servicessharedaccessparametersfirewallpolicyDomainProfileAuthorizedApplicationsList] "C:Program FilesFlashFXPFlashFXP.exe"= C:Program FilesFlashFXPFlashFXP.exe:*:Enabled:FlashFXP v3 [HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules] "{A215901A-51B1-4665-BA62-23DA081A624E}"= UDP:C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe:AgentSvc.exe "{CDD4D48D-02D1-41B7-B7F0-C8A0DE41A02C}"= UDP:C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe:BackupSvc.exe "{5570B819-9047-4F7D-AD41-EB39B072550A}"= TCP:C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe:AgentSvc.exe "{0DC5CBE2-0F88-4983-8265-8081B1BDC877}"= TCP:C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe:BackupSvc.exe "{10D2D61F-0799-4BDB-B88E-0AF97ED2A52F}"= UDP:C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe:SchedulerSvc.exe "{F658716A-E3BB-46E9-825D-BBF74177B3DD}"= TCP:C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe:SchedulerSvc.exe "{398233E2-5388-4CFD-897E-48B852FE7EB0}"= c:Program FilesCyberlinkPowerDirectorPDR.EXE:CyberLink PowerDirector "{72D2556D-FCD1-4723-A05D-660DDD2BD85D}"= C:Program FilesAcerAcer VCMVC.exe:Acer VCM "{614194BE-186C-4788-B433-84D170115FB2}"= C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:_this_program_will_be_deleted "{1D731B58-17E7-4F8B-89EA-3AD4DEAE6450}"= C:Program FilesAcer Arcade DeluxeHomeMediaHomeMedia.exe:Acer HomeMedia "{662456CB-37D0-457C-B57F-4A339AEB4C25}"= UDP:C:Program FilesuTorrentuTorrent.exe:µTorrent (TCP-In) "{2F45CF1D-95B9-4131-9163-F6BFD96702DE}"= TCP:C:Program FilesuTorrentuTorrent.exe:µTorrent (UDP-In) "{8B7D4F9F-6E32-4C9E-B2B3-23EA8D6657A0}"= C:Program FilesWindows LiveMessengerlivecall.exe:Windows Live Messenger (Phone) "TCP Query User{A9272C38-6B5F-4B4E-A078-971682AF2ADC}C:program filesutorrentutorrent.exe"= UDP:C:program filesutorrentutorrent.exe:µTorrent "UDP Query User{22E79620-AFFC-4A64-ABA4-FEAE2F9E1C0A}C:program filesutorrentutorrent.exe"= TCP:C:program filesutorrentutorrent.exe:µTorrent "{4CB61E6B-D6A7-479E-970A-7F8F9A86A9F1}"= UDP:C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:_this_program_will_be_deleted "TCP Query User{8D13F410-8DB1-420D-9F89-5EDDEC1EAB0D}C:program filesjavajre1.6.0_07binjavaw.exe"= UDP:C:program filesjavajre1.6.0_07binjavaw.exe:Java Platform SE binary "UDP Query User{B50B64EC-FAFD-4419-A830-D5846FD7F7C5}C:program filesjavajre1.6.0_07binjavaw.exe"= TCP:C:program filesjavajre1.6.0_07binjavaw.exe:Java Platform SE binary "{51F761AD-F0F7-4D4F-A6DF-485F1B052ACB}"= UDP:C:Program FilesReClockConfig.exe:Configure ReClock "{9BE143BC-B396-4DCC-9992-A229859C0949}"= TCP:C:Program FilesReClockConfig.exe:Configure ReClock "TCP Query User{CD4FB210-0862-43DB-8D28-7959CB4F8A25}C:installerade spelempires2.exe"= UDP:C:installerade spelempires2.exe:Age of Empires II "UDP Query User{BBF2F156-3A1B-4586-B3A5-C0983ACE591A}C:installerade spelempires2.exe"= TCP:C:installerade spelempires2.exe:Age of Empires II "TCP Query User{0FCE1DF2-3764-460B-B8E7-BE736B515E5B}C:windowssystem32dplaysvr.exe"= UDP:C:windowssystem32dplaysvr.exe:Hjälpprogram för Microsoft DirectPlay "UDP Query User{B617AD64-75C8-45EB-A93A-98A29FA265EB}C:windowssystem32dplaysvr.exe"= TCP:C:windowssystem32dplaysvr.exe:Hjälpprogram för Microsoft DirectPlay "{AB8FDE28-2BB5-4349-A373-0FC7F5009998}"= UDP:C:Installerade spelciv4Colonization.exe:Sid Meier's Civilization IV Colonization "{D8996808-ED49-475A-9582-0CF5A1D5F0C5}"= TCP:C:Installerade spelciv4Colonization.exe:Sid Meier's Civilization IV Colonization "TCP Query User{1A414370-856A-42AB-A3D7-980AF4EF3D60}C:program filesmircmirc.exe"= UDP:C:program filesmircmirc.exe:mIRC "UDP Query User{46FA3D1B-82BC-4654-AFBC-17C6B3CD9FA0}C:program filesmircmirc.exe"= TCP:C:program filesmircmirc.exe:mIRC [HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList] "C:Program FilesFlashFXPFlashFXP.exe"= C:Program FilesFlashFXPFlashFXP.exe:*:Enabled:FlashFXP v3 "C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSfsu.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSfsu.exe:*:Enabled:eDSfsu "C:Program FilesAcerEmpowering TechnologyeDataSecurityx86encryption.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86encryption.exe:*:Enabled:encryption "C:Program FilesAcerEmpowering TechnologyeDataSecurityx86decryption.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86decryption.exe:*:Enabled:decryption "C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSMgr.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSMgr.exe:*:Enabled:eDSMgr "C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStbmngr.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStbmngr.exe:*:Enabled:eDStbmngr "C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDSfsu.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDSfsu.exe:*:Enabled:eDSfsu "C:Program FilesAcerEmpowering TechnologyeDataSecurityx64encryption.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64encryption.exe:*:Enabled:encryption "C:Program FilesAcerEmpowering TechnologyeDataSecurityx64decryption.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64decryption.exe:*:Enabled:decryption "C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDSMgr.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDSMgr.exe:*:Enabled:eDSMgr "C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDStbmngr.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDStbmngr.exe:*:Enabled:eDStbmngr R0 pavboot;pavboot;C:Windowssystem32driverspavboot.sys [2008-06-19 28544] R1 ShldDrv;Panda File Shield Driver;C:Windowssystem32DRIVERSShlDrv51.sys [2007-05-23 38968] R2 AmFSM;AmFSM;C:Windowssystem32DRIVERSamm8660.sys [2007-09-28 46648] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe [2008-03-03 16384] R2 ETService;Empowering Technology Service;C:Program FilesAcerEmpowering TechnologyServiceETService.exe [2008-03-21 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe [2008-04-06 50424] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [2008-04-04 131072] R2 PavProc;Panda Process Protection Driver;C:Windowssystem32DRIVERSPavProc.sys [2007-07-12 178872] R2 PskSvcRetail;Panda PSK service;C:Program FilesPanda Antivirus 2008PskSvc.exe [2007-03-21 27696] R2 RS_Service;Raw Socket Service;C:Program FilesAcerAcer VCMRS_Service.exe [2008-01-10 233472] R3 NETw5v32;Kortdrivrutin för Windows Vista 32-bitars för Intel® Wireless WiFi Link;C:Windowssystem32DRIVERSNETw5v32.sys [2008-04-28 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:Windowssystem32driversnvhda32v.sys [2008-04-03 43552] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:Windowssystem32DRIVERSyk60x86.sys [2008-02-21 299008] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:Windowssystem32DRIVERSb57nd60x.sys [2008-01-21 179712] S3 JMCR;JMCR;C:Windowssystem32DRIVERSjmcr.sys [2008-04-12 84240] S4 ErrDev;Microsoft Hardware Error Device Driver;C:Windowssystem32driverserrdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR;C:Windowssystem32driversmegasr.sys [2008-01-21 386616] *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKLM-Run-eRecoveryService - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.se/ R0 -: HKLM-Main,Start Page = hxxp://sv.intl.acer.yahoo.com . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-11 22:53:45 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-11 22:54:29 ComboFix-quarantined-files.txt 2008-10-11 20:54:19 Pre-Run: 79 756 001 280 byte ledigt Post-Run: 79,515,049,984 byte ledigt 293 --- E O F --- 2008-10-07 16:00:14
-
Hej, => McAfee Network Agent <= trodde jag var avinstallerat och borttaget. Vad gäller Avenger följde jag instruktioner exakt och kopierade in: Files to delete: C:Windowsupdater.com i textrutan, inget annat. Jag körde execute och fick startat om datorn enl. instruktion. Så långt allt väl, jag fick dock inte upp någon logga med avenger (C:avenger.txt). Den finns inte heller om jag söker efter filen. Bifogar iaf en ny HJT-logga återigen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:04:51, on 2008-10-11 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32Dwm.exe C:Windowssystem32taskeng.exe C:WindowsExplorer.EXE C:Windowssystem32conime.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:WindowsSystem32rundll32.exe C:WindowsRtHDVCpl.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesPanda Antivirus 2008ApVxdWin.exe C:Program FilesJavajre1.6.0_07binjusched.exe C:WindowsPLFSetI.exe C:Program FilesDAEMON Tools Litedaemon.exe C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:UsersOscarAppDataLocalTempRtkBtMnt.exe C:Windowssystem32wbemunsecapp.exe C:Program FilesAcerAcer VCMAcerVCM.exe C:Program FilesAcerAcer VCMacp2HID.exe C:Program FilesPanda Antivirus 2008WebProxy.exe C:Program FilesInternet Explorerieuser.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe C:Windowssystem32NOTEPAD.EXE C:Windowssystem32SearchFilterHost.exe C:Program FilesTrend MicroHijackThisoscar.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM..Run: [skytel] Skytel.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe" O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe" O4 - HKLM..Run: [Windows Updater] updater.com O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe" O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - Global Startup: Acer VCM.lnk = ? O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing) O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe -- End of file - 8880 bytes Tack igen, Mvh Oscar
-
Hej igen, här kommer Hjt-loggan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:26:14, on 2008-10-11 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32taskeng.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesAdobeReader 8.0Readerreader_sl.exe C:WindowsSystem32rundll32.exe C:WindowsRtHDVCpl.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesPanda Antivirus 2008ApVxdWin.exe C:Program FilesJavajre1.6.0_07binjusched.exe C:WindowsPLFSetI.exe C:Program FilesWindows LiveMessengermsnmsgr.exe C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesAcerAcer VCMAcerVCM.exe C:Windowssystem32wbemunsecapp.exe C:UsersOscarAppDataLocalTempRtkBtMnt.exe C:Program FilesAcerAcer VCMacp2HID.exe C:Program FilesAcerAcer VCMVC.exe C:Windowssystem32SearchFilterHost.exe C:Program FilesInternet Explorerieuser.exe C:Windowssystem32conime.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesAcerEmpowering TechnologyNotificationCenterFramework.NotificationCenter.exe C:Program FilesTrend MicroHijackThisoscar.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM..Run: [skytel] Skytel.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe" O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe" O4 - HKLM..Run: [Windows Updater] updater.com O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe" O4 - HKCU..Run: [sidebar] C:Program Fileswindows sidebarsidebar.exe /autoRun O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - Global Startup: Acer VCM.lnk = ? O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing) O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe -- End of file - 8995 bytes Mvh Oscar
-
Hej, jag har från början helt stängt/inaktiverat alla funktioner av Windows defender. Den här gången inaktiverade jag även windows firewall. Trots detta blockeras Malwarebytes' Anti-Malware att starta upp och göra sista cleanen av de tre trojanerna efter omstart utav Windows. Citat: "Windows har blockerat ett eller flera program från att starta automatiskt." (Windows syftar här på Malwarebytes). Jag väljer då att tillåta/köra programmet via den lilla ikonen med text som dyker upp i nedre, högra hörnet av skärmen. Ändå finns virusen kvar vid nästa scan. Jag har kört fast här och vet inte riktigt hur jag skall gå tillväga. Tycker mig ha följt Era instruktioner punktvis exakt. Mvh Oscar
-
Nya tag! här kommer Malwarebytes' Anti-Malware log: Malwarebytes' Anti-Malware 1.28 Databasversion: 1248 Windows 6.0.6001 Service Pack 1 2008-10-10 13:43:18 mbam-log-2008-10-10 (13-43-18).txt Skanningstyp: Snabb skanning Antal skannade objekt: 40283 Förfluten tid: 1 minute(s), 43 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 3 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: C:UsersDefaultMy DocumentsMy MusicMy Music.url (Trojan.Zlob) -> Delete on reboot. C:UsersDefaultMy DocumentsMy PicturesMy Pictures.url (Trojan.Zlob) -> Delete on reboot. C:UsersDefaultMy DocumentsMy VideosMy Video.url (Trojan.Zlob) -> Delete on reboot. Obs: dessa 3 filer finns fortfarande kvar om jag kör om snabb scan efter omstart. Här är den nya HJT-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:12:27, on 2008-10-10 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32taskeng.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesAdobeReader 8.0Readerreader_sl.exe C:WindowsSystem32rundll32.exe C:WindowsRtHDVCpl.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesPanda Antivirus 2008ApVxdWin.exe C:Program FilesJavajre1.6.0_07binjusched.exe C:Program FilesWindows LiveMessengermsnmsgr.exe C:Program FilesDAEMON Tools Litedaemon.exe C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Program FilesuTorrentuTorrent.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesAcerAcer VCMAcerVCM.exe C:Windowssystem32wbemunsecapp.exe C:UsersOscarAppDataLocalTempRtkBtMnt.exe C:Program FilesPanda Antivirus 2008WebProxy.exe C:Program FilesAcerAcer VCMacp2HID.exe C:Program FilesAcerAcer VCMVC.exe C:Windowssystem32SearchFilterHost.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesTrend MicroHijackThisoscar.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM..Run: [skytel] Skytel.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe" O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe" O4 - HKLM..Run: [Windows Updater] updater.com O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe" O4 - HKCU..Run: [sidebar] C:Program Fileswindows sidebarsidebar.exe /autoRun O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - Global Startup: Acer VCM.lnk = ? O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing) O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe -- End of file - 8800 bytes Kommer tillbaks online först senare ikväll tyvärr, tack igen! Mvh Oscar
-
Hej igen! Tack så hemskt mycket för din tid, jag är oerhört tacksam! Här kommer loggan från msnfix och sedan Hijack. MSNFix 1.749 C:UsersOscarDesktopMSNFix Sokningen var klar pa 2008-10-09 - 23:52:33,87 By Oscar normalt lage ************************ Kollar filer ... C:Windowsupdater.com ... C:Windowssystem32ACER.exe ************************ Kollar mappar Inga Mappar Funna ************************ Tar bort virus filer .. OK ... C:UsersOscarAppDataLocalTempwinlogon.exe .. OK ... C:UsersOscarAppDataLocalTempservices.exe .. OK ... C:Windowssystem32cftmon.exe .. OK ... C:Windowsupdater.com .. OK ... C:Windowssystem32ACER.exe ************************ Rensar registret ************************ Hostsclean Cleanhosts v 0.1.0.7 By Laurent -- Backup : C:Windowssystem32driversetchosts-20081010000854 -- original size 0.74 Kb / 20 lines -- Start cleaning Hosts file .... -- final size 0.74 Kb / 20 lines -- entry Found : 0 / Entry check : 310 End .............................. 16.52 Secondes Resten av filerna tas bort efter omstart Inga Filer Funna ************************ Hostsclean Cleanhosts v 0.1.0.7 By Laurent -- Backup : C:Windowssystem32driversetchosts-20081010083745 -- original size 0.74 Kb / 20 lines -- Start cleaning Hosts file .... -- final size 0.74 Kb / 20 lines -- entry Found : 0 / Entry check : 310 End .............................. 9.69 Secondes (Jag startade om datorn och avslutade rensningen). Nu kommer Hijack this loggen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:47:18, on 2008-10-10 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32taskeng.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Windowssystem32conime.exe C:Program FilesAcerEmpowering TechnologyNotificationCenterFramework.NotificationCenter.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:WindowsSystem32rundll32.exe C:WindowsRtHDVCpl.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesPanda Antivirus 2008ApVxdWin.exe C:Program FilesJavajre1.6.0_07binjusched.exe C:Program FilesWindows LiveMessengermsnmsgr.exe C:Program FilesDAEMON Tools Litedaemon.exe C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesAcerAcer VCMAcerVCM.exe C:Windowssystem32wbemunsecapp.exe C:Program FilesWindows Sidebarsidebar.exe C:UsersOscarAppDataLocalTempRtkBtMnt.exe C:Program FilesAcerAcer VCMacp2HID.exe C:Program FilesPanda Antivirus 2008WebProxy.exe C:Program FilesAcerAcer VCMVC.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesInternet Explorerieuser.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe C:Windowssystem32SearchFilterHost.exe C:Program FilesTrend MicroHijackThisoscar.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM..Run: [skytel] Skytel.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe" O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe" O4 - HKLM..Run: [Windows Updater] updater.com O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe" O4 - HKCU..Run: [sidebar] C:Program Fileswindows sidebarsidebar.exe /autoRun O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - Global Startup: Acer VCM.lnk = ? O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing) O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe -- End of file - 9053 bytes Förresten, angående din tidigare fråga om så är http://sv.intl.acer.yahoo.com inte min startsida, det är www.google.se som är det.. och jag har för mig att jag aldrig installerat yahoo toolbar. Tack! Mvh Oscar
-
********************************************* 2009-01-08: Tråden är nu låst. Tycker du att den är felaktigt låst, var god kontakta Malou ********************************************* Hej, jag klantade till det och klickade på/installerade den falska flashplayern häromdagen. Mitt panda antivirus hittar ingenting men ändå säger windows att det har blockerat något program från att autostarta varje gång jag sätter igång datorn. Tänkte kopiera in min Hijackthis log. När loggen gjordes var windows defender inaktiverat och en CC regclean nyss gjord. Tack på förhand! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:38:35, on 2008-10-09 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32taskeng.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesWindows DefenderMSASCui.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:WindowsSystem32rundll32.exe C:WindowsRtHDVCpl.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesPanda Antivirus 2008ApVxdWin.exe C:Program FilesJavajre1.6.0_07binjusched.exe C:Program FilesWindows LiveMessengermsnmsgr.exe C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Program FilesuTorrentuTorrent.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesAcerAcer VCMAcerVCM.exe C:Windowssystem32wbemunsecapp.exe C:Program FilesWindows Sidebarsidebar.exe C:UsersOscarAppDataLocalTempRtkBtMnt.exe C:Program FilesPanda Antivirus 2008WebProxy.exe C:Program FilesAcerAcer VCMVC.exe C:Program FilesAcerAcer VCMacp2HID.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Windowssystem32conime.exe C:Program FilesInternet Explorerieuser.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe C:Program FilesAcerEmpowering TechnologyNotificationCenterFramework.NotificationCenter.exe C:Program FilesTrend MicroHijackThisoscar.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:PROGRA~1FlashFXPIEFlash.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM..Run: [skytel] Skytel.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe" O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe" O4 - HKLM..Run: [Windows Updater] updater.com O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe" O4 - HKCU..Run: [sidebar] C:Program Fileswindows sidebarsidebar.exe /autoRun O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - Global Startup: Acer VCM.lnk = ? O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing) O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe -- End of file - 9338 bytes Mvh Oscar