Oscar
-
Innehållsantal
14 -
Gick med
-
Besökte senast
Inlägg postade av Oscar
-
-
Hej igen,
Detta verkar ha gjort susen, många härliga knep och kommandon jag inte hade en aning om hur man fick fram i Vista! Lärt mig massor. Tack!
HJT-loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:57, on 2008-10-12
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesAdobeReader 8.0Readerreader_sl.exe
C:WindowsSystem32rundll32.exe
C:WindowsRtHDVCpl.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesPanda Antivirus 2008ApVxdWin.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:WindowsPLFSetI.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesAcerAcer VCMAcerVCM.exe
C:Windowssystem32wbemunsecapp.exe
C:UsersOscarAppDataLocalTempRtkBtMnt.exe
C:Program FilesPanda Antivirus 2008WebProxy.exe
C:Program FilesAcerAcer VCMacp2HID.exe
C:Program FilesTrend MicroHijackThisoscar.exe
C:Program FilesAcerAcer VCMVC.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [skytel] Skytel.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe"
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe
O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: Acer VCM.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe
--
End of file - 7524 bytes
Mvh Oscar
-
Hej igen,
alla fem filer är scannade och postade ovan nu.
Endast en av filerna var suspekt ser det ut som.
Msnfix-filen var ingen exe-fil såvitt jag kunde se, men den är borttagen nu iaf.
Mvh Oscar
-
Fil jmcr_ms.ico mottagen 2008.10.12 13:50:22 (CET)
Resultat: 0/36 (0%)
Antivirus Version Senaste Uppdatering Resultat
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.11 -
Authentium 5.1.0.4 2008.10.11 -
Avast 4.8.1248.0 2008.10.11 -
AVG 8.0.0.161 2008.10.11 -
BitDefender 7.2 2008.10.12 -
CAT-QuickHeal 9.50 2008.10.11 -
ClamAV 0.93.1 2008.10.12 -
DrWeb 4.44.0.09170 2008.10.12 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.12 -
F-Prot 4.4.4.56 2008.10.11 -
F-Secure 8.0.14332.0 2008.10.12 -
Fortinet 3.113.0.0 2008.10.12 -
GData 19 2008.10.12 -
Ikarus T3.1.1.34.0 2008.10.12 -
K7AntiVirus 7.10.491 2008.10.11 -
Kaspersky 7.0.0.125 2008.10.12 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.12 -
NOD32 3515 2008.10.11 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.12 -
PCTools 4.4.2.0 2008.10.12 -
Prevx1 V2 2008.10.12 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.11 -
Sophos 4.34.0 2008.10.12 -
Sunbelt 3.1.1716.1 2008.10.12 -
Symantec 10 2008.10.12 -
TheHacker 6.3.1.0.108 2008.10.11 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.12 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.11 -
Övrig information
File size: 15086 bytes
Fil jmcr_mmc.ico mottagen 2008.10.12 13:53:00 (CET)
Resultat: 0/36 (0%)
Antivirus Version Senaste Uppdatering Resultat
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.11 -
Authentium 5.1.0.4 2008.10.11 -
Avast 4.8.1248.0 2008.10.11 -
AVG 8.0.0.161 2008.10.11 -
BitDefender 7.2 2008.10.12 -
CAT-QuickHeal 9.50 2008.10.11 -
ClamAV 0.93.1 2008.10.12 -
DrWeb 4.44.0.09170 2008.10.12 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.12 -
F-Prot 4.4.4.56 2008.10.11 -
F-Secure 8.0.14332.0 2008.10.12 -
Fortinet 3.113.0.0 2008.10.12 -
GData 19 2008.10.12 -
Ikarus T3.1.1.34.0 2008.10.12 -
K7AntiVirus 7.10.491 2008.10.11 -
Kaspersky 7.0.0.125 2008.10.12 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.12 -
NOD32 3515 2008.10.11 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.12 -
PCTools 4.4.2.0 2008.10.12 -
Prevx1 V2 2008.10.12 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.11 -
Sophos 4.34.0 2008.10.12 -
Sunbelt 3.1.1716.1 2008.10.12 -
Symantec 10 2008.10.12 -
TheHacker 6.3.1.0.108 2008.10.11 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.12 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.11 -
Övrig information
File size: 15086 bytes
Fil Suyin.reg mottagen 2008.10.12 13:55:27 (CET)
Resultat: 0/36 (0%)
Antivirus Version Senaste Uppdatering Resultat
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.11 -
Authentium 5.1.0.4 2008.10.11 -
Avast 4.8.1248.0 2008.10.11 -
AVG 8.0.0.161 2008.10.11 -
BitDefender 7.2 2008.10.12 -
CAT-QuickHeal 9.50 2008.10.11 -
ClamAV 0.93.1 2008.10.12 -
DrWeb 4.44.0.09170 2008.10.12 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.12 -
F-Prot 4.4.4.56 2008.10.11 -
F-Secure 8.0.14332.0 2008.10.12 -
Fortinet 3.113.0.0 2008.10.12 -
GData 19 2008.10.12 -
Ikarus T3.1.1.34.0 2008.10.12 -
K7AntiVirus 7.10.491 2008.10.11 -
Kaspersky 7.0.0.125 2008.10.12 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.12 -
NOD32 3515 2008.10.11 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.12 -
PCTools 4.4.2.0 2008.10.12 -
Prevx1 V2 2008.10.12 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.11 -
Sophos 4.34.0 2008.10.12 -
Sunbelt 3.1.1716.1 2008.10.12 -
Symantec 10 2008.10.12 -
TheHacker 6.3.1.0.108 2008.10.11 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.12 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.11 -
Övrig information
File size: 4838 bytes
(Jag tog bort msnfix-filen och tömde papperskorgen.
Det ska nog vara allt för den här gången
Mvh Oscar
-
Hej,
C:Windowsupdater.MSNFix är en "msnfix-fil" säger systemet. Den är på 48kb.
Virustotal sökningar:
Fil jmcr.sys mottagen 2008.10.12 13:42:49 (CET)
Resultat: 1/36 (2.78%)
Antivirus Version Senaste Uppdatering Resultat
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.11 -
Authentium 5.1.0.4 2008.10.11 -
Avast 4.8.1248.0 2008.10.11 -
AVG 8.0.0.161 2008.10.11 -
BitDefender 7.2 2008.10.12 -
CAT-QuickHeal 9.50 2008.10.11 -
ClamAV 0.93.1 2008.10.12 -
DrWeb 4.44.0.09170 2008.10.12 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.12 -
F-Prot 4.4.4.56 2008.10.11 -
F-Secure 8.0.14332.0 2008.10.12 -
Fortinet 3.113.0.0 2008.10.12 -
GData 19 2008.10.12 -
Ikarus T3.1.1.34.0 2008.10.12 -
K7AntiVirus 7.10.491 2008.10.11 -
Kaspersky 7.0.0.125 2008.10.12 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.12 -
NOD32 3515 2008.10.11 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.12 -
PCTools 4.4.2.0 2008.10.12 -
Prevx1 V2 2008.10.12 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.11 -
Sophos 4.34.0 2008.10.12 -
Sunbelt 3.1.1716.1 2008.10.12 -
Symantec 10 2008.10.12 -
TheHacker 6.3.1.0.108 2008.10.11 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.12 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.11 -
Övrig information
File size: 84240 bytes
Fil jmcr_xd.ico mottagen 2008.10.12 13:46:50 (CET)
Resultat: 0/36 (0%)
Antivirus Version Senaste Uppdatering Resultat
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.11 -
Authentium 5.1.0.4 2008.10.11 -
Avast 4.8.1248.0 2008.10.11 -
AVG 8.0.0.161 2008.10.11 -
BitDefender 7.2 2008.10.12 -
CAT-QuickHeal 9.50 2008.10.11 -
ClamAV 0.93.1 2008.10.12 -
DrWeb 4.44.0.09170 2008.10.12 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.12 -
F-Prot 4.4.4.56 2008.10.11 -
F-Secure 8.0.14332.0 2008.10.12 -
Fortinet 3.113.0.0 2008.10.12 -
GData 19 2008.10.12 -
Ikarus T3.1.1.34.0 2008.10.12 -
K7AntiVirus 7.10.491 2008.10.11 -
Kaspersky 7.0.0.125 2008.10.12 -
McAfee 5403 2008.10.11 -
Microsoft 1.4005 2008.10.12 -
NOD32 3515 2008.10.11 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.12 -
PCTools 4.4.2.0 2008.10.12 -
Prevx1 V2 2008.10.12 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.11 -
Sophos 4.34.0 2008.10.12 -
Sunbelt 3.1.1716.1 2008.10.12 -
Symantec 10 2008.10.12 -
TheHacker 6.3.1.0.108 2008.10.11 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.12 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.11 -
Övrig information
File size: 15086 bytes
Fler filer kommer, får inte plats med allt i samma post.
-
Hej,
updater.MSNFix är den filen som finns med liknande namn under C:Windows.
Det som saknades i Combofix:
ComboFix 08-10-11.01 - Oscar 2008-10-11 22:50:21.1 - NTFSx86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1053.18.1974 [GMT 2:00]
Running from: C:UsersOscarDesktopComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.
2008-10-10 13:36 . 2008-10-10 13:36 <KAT> d-------- C:UsersAll UsersMalwarebytes
2008-10-10 13:36 . 2008-10-10 13:36 <KAT> d-------- C:ProgramDataMalwarebytes
2008-10-10 13:36 . 2008-10-10 13:37 <KAT> d-------- C:Program FilesMalwarebytes' Anti-Malware
2008-10-10 13:36 . 2008-09-10 00:04 38,528 --a------ C:WindowsSystem32driversmbamswissarmy.sys
2008-10-10 13:36 . 2008-09-10 00:03 17,200 --a------ C:WindowsSystem32driversmbam.sys
2008-10-09 19:34 . 2008-10-09 19:34 <KAT> d-------- C:Program FilesTrend Micro
2008-10-09 19:29 . 2008-10-09 19:29 <KAT> d-------- C:Program FilesCCleaner
2008-10-09 09:46 . 2008-10-09 09:46 <KAT> d-------- C:Program FilesmIRC
2008-10-05 11:56 . 2008-10-05 11:56 <KAT> d-------- C:Program FilesPanda Security
2008-10-05 11:56 . 2008-06-19 17:24 28,544 --a------ C:WindowsSystem32driverspavboot.sys
2008-10-04 21:10 . 2008-10-04 21:10 49,152 --a------ C:Windowsupdater.MSNFix
2008-09-27 11:52 . 2008-10-02 09:53 <KAT> d-------- C:Installerade spel
2008-09-18 12:05 . 2008-09-18 12:05 14,336 --a------ C:WindowsSystem32driversPN31Snoop.sys
2008-09-18 09:45 . 2008-07-19 07:09 1,811,656 --a------ C:WindowsSystem32wuaueng.dll
2008-09-18 09:45 . 2008-07-19 05:44 1,524,736 --a------ C:WindowsSystem32wucltux.dll
2008-09-18 09:45 . 2008-07-19 07:09 563,912 --a------ C:WindowsSystem32wuapi.dll
2008-09-18 09:45 . 2008-07-18 22:08 163,904 --a------ C:WindowsSystem32wuwebv.dll
2008-09-18 09:45 . 2008-07-19 05:44 83,456 --a------ C:WindowsSystem32wudriver.dll
2008-09-18 09:45 . 2008-07-19 07:10 53,448 --a------ C:WindowsSystem32wuauclt.exe
2008-09-18 09:45 . 2008-07-19 07:10 45,768 --a------ C:WindowsSystem32wups2.dll
2008-09-18 09:45 . 2008-07-19 07:10 36,552 --a------ C:WindowsSystem32wups.dll
2008-09-18 09:45 . 2008-07-18 20:44 31,232 --a------ C:WindowsSystem32wuapp.exe
2008-09-17 20:14 . 2008-09-17 20:14 0 --ah----- C:WindowsSystem32driversMsft_User_WpdFs_01_00_00.Wdf
2008-09-14 19:11 . 2008-09-25 17:20 <KAT> d-------- C:UsersOscar.crossftp
2008-09-14 19:05 . 2008-09-14 19:05 <KAT> d-------- C:UsersAll UsersGoogle
2008-09-14 19:05 . 2008-09-14 21:29 <KAT> d-------- C:Program FilesGoogle
2008-09-14 19:03 . 2008-09-14 19:04 <KAT> d-------- C:Program FilesJava
2008-09-14 19:01 . 2008-09-14 19:01 <KAT> d-------- C:Program FilesCommon FilesJava
2008-09-14 10:52 . 2008-09-16 14:34 <KAT> d-------- C:Program FilesReClock
2008-09-14 10:37 . 2008-09-14 10:37 <KAT> d-------- C:Program FilesVistaCodecPack
2008-09-14 10:36 . 2008-09-14 10:36 <KAT> d-------- C:UsersAll UsersVistaCodecs
2008-09-14 10:36 . 2008-09-14 10:36 <KAT> d-------- C:ProgramDataVistaCodecs
2008-09-14 10:13 . 2008-09-14 10:14 <KAT> d-------- C:Program FilesMediaplayer classic
2008-09-13 20:31 . 2008-09-14 19:47 <KAT> d-------- C:Program FilesCoreCodec
2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesRealMedia
2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesOpenSource Flash Video Splitter
2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesDSP-worx
2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesDScaler5
2008-09-13 20:28 . 2008-09-13 20:28 <KAT> d-------- C:Program FilesDirectVobSub
2008-09-13 09:59 . 2008-09-13 09:59 <KAT> d-------- C:UsersAll Userssentinel
2008-09-13 09:59 . 2008-09-13 09:59 <KAT> d-------- C:ProgramDatasentinel
2008-09-13 09:58 . 2008-09-13 09:59 <KAT> d-------- C:WindowsSystem32PAV
2008-09-13 09:58 . 2008-10-11 22:33 <KAT> d-------- C:Program FilesPanda Antivirus 2008
2008-09-13 09:58 . 2007-03-15 17:38 54,832 --a------ C:WindowsSystem32pavcpl.cpl
2008-09-13 09:58 . 2007-02-15 19:02 50,736 --a------ C:WindowsSystem32avldr.dll
2008-09-13 09:58 . 2007-09-28 13:24 46,648 --a------ C:WindowsSystem32driversamm8660.sys
2008-09-13 09:58 . 2008-09-13 09:58 218 --a------ C:WindowsSystem32PavCPL.dat
2008-09-13 09:56 . 2008-09-13 09:56 <KAT> d-------- C:Program FilesCommon FilesPanda Software
2008-09-13 09:56 . 2007-07-12 13:49 178,872 --a------ C:WindowsSystem32driversPavProc.sys
2008-09-13 09:56 . 2007-05-23 15:40 38,968 --a------ C:WindowsSystem32driversShlDrv51.sys
2008-09-13 09:41 . 2008-09-13 09:41 <KAT> d-------- C:Program FilesDAEMON Tools Lite
2008-09-13 03:20 . 2008-05-06 20:10 749,568 --a------ C:WindowsAcerStore.exe
2008-09-13 03:20 . 2008-06-13 03:29 2,479 --ahs---- C:Patch.rev
2008-09-13 03:20 . 2008-09-13 03:20 1,300 --a------ C:WindowsAceStore.cfg
2008-09-13 03:19 . 2008-01-10 21:44 199,176 --a------ C:WindowsGVUni.exe
2008-09-13 03:18 . 2008-09-13 03:18 <KAT> d-------- C:WindowsUsers
2008-09-13 03:18 . 2008-04-28 16:29 3,658,752 --a------ C:WindowsSystem32driversNETw5v32.sys
2008-09-13 03:18 . 2008-04-19 02:09 2,756,608 --a------ C:WindowsSystem32NETw5r32.dll
2008-09-13 03:18 . 2008-04-19 02:08 659,456 --a------ C:WindowsSystem32NETw5c32.dll
2008-09-13 03:18 . 2007-12-04 01:11 207,368 --a------ C:WindowsUNINST32.EXE
2008-09-13 03:18 . 2006-11-03 07:29 21,264 --a------ C:WindowsSystem32driversDKbFltr.sys
2008-09-13 03:18 . 2008-09-13 03:18 1,276 --a------ C:WindowsSystem32AcerScre.cfg
2008-09-12 17:33 . 2008-04-03 22:56 1,079,840 --a------ C:WindowsSystem32nvcpluir.dll
2008-09-12 17:33 . 2008-04-03 22:56 768,544 --a------ C:WindowsSystem32nvcplui.exe
2008-09-12 17:33 . 2008-04-03 22:56 442,368 --a------ C:WindowsSystem32nvuninst.exe
2008-09-12 17:33 . 2008-04-03 22:56 420,384 --a------ C:WindowsSystem32nvcpl.cpl
2008-09-12 17:33 . 2008-04-03 22:56 313,888 --a------ C:WindowsSystem32nvexpbar.dll
2008-09-12 16:24 . 2008-09-12 16:24 <KAT> d-------- C:EGIS_Drive
2008-09-12 16:20 . 2008-09-12 16:21 <KAT> d-------- C:Program FilesFlashFXP
2008-09-12 16:00 . 2008-09-23 14:53 <KAT> dr------- C:UsersOscarVideos
2008-09-12 15:41 . 2008-09-12 15:41 717,296 --a------ C:WindowsSystem32driverssptd.sys
2008-09-12 15:23 . 2008-09-12 15:23 <KAT> d-------- C:WindowsPCHEALTH
2008-09-12 15:20 . 2008-09-12 15:20 <KAT> d-------- C:UsersAll UsersWLInstaller
2008-09-12 15:20 . 2008-09-12 15:20 <KAT> d-------- C:ProgramDataWLInstaller
2008-09-12 15:20 . 2008-09-12 15:23 <KAT> d-------- C:Program FilesWindows Live
2008-09-12 15:20 . 2008-09-12 15:23 <KAT> d--hsc--- C:Program FilesCommon FilesWindowsLiveInstaller
2008-09-12 15:10 . 2008-07-16 03:32 2,048 --a------ C:WindowsSystem32tzres.dll
2008-09-12 15:08 . 2007-11-08 11:04 11,967,524 --a------ C:WindowsSystem32korwbrkr.lex
2008-09-12 12:39 . 2008-09-12 12:39 <KAT> d-------- C:Program FilesMSXML 4.0
2008-09-12 12:36 . 2008-06-26 03:45 12,240,896 --a------ C:WindowsSystem32NlsLexicons0007.dll
2008-09-12 12:35 . 2008-09-12 12:35 <KAT> d-------- C:Program FilesuTorrent
2008-09-12 12:33 . 2008-04-26 10:08 1,314,816 --a------ C:WindowsSystem32quartz.dll
2008-09-12 12:12 . 2008-09-12 12:12 <KAT> d-------- C:UsersOscarOption
2008-09-12 12:05 . 2008-09-12 12:05 0 --a------ C:WindowsAcerStore.TAG
2008-09-12 12:02 . 2008-09-12 12:02 <KAT> d-------- C:Program FilesAcer Inc
2008-09-12 12:02 . 2008-09-12 12:02 92 --a------ C:WindowsGridV.UNI
2008-09-12 11:59 . 2008-09-15 17:46 <KAT> d-------- C:Program FilesAcer Arcade Deluxe
2008-09-12 11:55 . 2008-09-12 11:55 <KAT> d-------- C:UsersAll UserseSobi
2008-09-12 11:55 . 2008-09-12 11:55 <KAT> d-------- C:ProgramDataeSobi
2008-09-12 11:55 . 2008-10-10 08:58 <KAT> d-------- C:Program FileseSobi
2008-09-12 11:54 . 2008-02-25 16:28 238,080 --a------ C:WindowsSystem32ITEIO_64.dll
2008-09-12 11:54 . 2008-02-25 16:29 14,544 --a------ C:WindowsSystem32driversTVicPort.sys
2008-09-12 11:54 . 2008-02-25 16:29 6,080 --a------ C:WindowsSystem32driverszntport.sys
2008-09-12 11:53 . 2008-10-11 18:55 0 --a------ C:WindowsSystem32LogConfigTemp.xml
2008-09-12 11:52 . 2008-09-12 11:52 <KAT> d-------- C:UsersAll UsersYahoo! Companion
2008-09-12 11:52 . 2008-09-12 11:52 <KAT> d-------- C:ProgramDataYahoo! Companion
2008-09-12 11:52 . 2008-04-30 16:00 204,800 --a------ C:WindowsSystem32SysHook.dll
2008-09-12 11:50 . 2008-09-12 11:50 <KAT> d-------- C:Program FilesLaunch Manager
2008-09-12 11:50 . 2008-09-12 11:50 83 --a------ C:WindowsLManager.UNI
2008-09-12 11:49 . 2008-09-12 11:49 <KAT> d-------- C:Program FilesSuYin
2008-09-12 11:49 . 2007-03-29 16:48 626,688 --a------ C:WindowsImage.dll
2008-09-12 11:49 . 2008-04-25 12:09 506,368 --a------ C:WindowsAcer Crystal Eye webcam.EXE
2008-09-12 11:49 . 2007-04-20 06:30 222,382 --a------ C:WindowsAcer Crystal Eye webcam.ico
2008-09-12 11:49 . 2007-10-23 10:56 200,704 --a------ C:WindowsPLFSetI.exe
2008-09-12 11:49 . 2008-04-22 13:21 9,216 --a------ C:Windowsusbvideo_reg.exe
2008-09-12 11:49 . 2008-02-25 11:13 4,838 --a------ C:WindowsSuyin.reg
2008-09-12 11:49 . 2008-09-12 11:49 125 --a------ C:WindowsxUninstall.bat
2008-09-12 11:49 . 2007-10-29 13:35 36 --a------ C:WindowsPidList.ini
2008-09-12 11:48 . 2008-09-12 11:48 <KAT> d-------- C:WindowsSystem32RTCOM
2008-09-12 11:48 . 2008-09-12 11:48 <KAT> d-------- C:WindowsJMCR_DIR
2008-09-12 11:48 . 2008-03-14 03:48 290,816 --a------ C:WindowsRTKVADDA.EXE
2008-09-12 11:48 . 2008-04-12 03:55 84,240 --a------ C:WindowsSystem32driversjmcr.sys
2008-09-12 11:48 . 2007-10-26 19:26 15,086 --a------ C:WindowsSystem32jmcr_xd.ico
2008-09-12 11:48 . 2007-10-26 18:55 15,086 --a------ C:WindowsSystem32jmcr_ms.ico
2008-09-12 11:48 . 2007-10-26 17:58 15,086 --a------ C:WindowsSystem32jmcr_mmc.ico
2008-09-12 11:48 . 2007-11-15 01:18 553 --a------ C:WindowsUSetup.iss
2008-09-12 11:47 . 2008-09-12 11:47 <KAT> d-------- C:Program FilesRealtek
2008-09-12 11:46 . 2008-09-12 11:46 <KAT> d-------- C:CLSetup
2008-09-12 11:46 . 2008-09-12 11:46 20 --a------ C:Medion.ini
2008-09-12 11:40 . 2008-09-12 12:06 <KAT> d-------- C:UsersAll UsersNVIDIA
2008-09-12 11:40 . 2008-09-12 12:06 <KAT> d-------- C:ProgramDataNVIDIA
2008-09-12 11:39 . 2008-09-12 11:39 <KAT> dr------- C:UsersOscarSearches
2008-09-12 11:39 . 2008-09-12 16:18 <KAT> dr------- C:UsersOscarContacts
2008-09-12 11:39 . 2008-09-14 18:47 <KAT> d--hs---- C:$RECYCLE.BIN
2008-09-12 11:38 . 2008-09-17 20:41 <KAT> dr------- C:UsersOscarSaved Games
Tack igen!
Mvh Oscar
-
HJT-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:12, on 2008-10-12
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WindowsSystem32rundll32.exe
C:WindowsRtHDVCpl.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesAcerAcer VCMAcerVCM.exe
C:Program FilesAcerAcer VCMacp2HID.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesAcerEmpowering TechnologyNotificationCenterFramework.NotificationCenter.exe
C:Windowssystem32conime.exe
C:WindowsExplorer.exe
C:Program FilesPanda Antivirus 2008Apvxdwin.exe
C:Program FilesPanda Antivirus 2008WebProxy.exe
C:Program FilesInternet Explorerieuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesAcerAcer VCMVC.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesTrend MicroHijackThisoscar.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [skytel] Skytel.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe"
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe
O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: Acer VCM.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe
--
End of file - 8648 bytes
Mvh oscar
-
Hej,
skickar två inlägg då de båda loggarna innehåller för många tecken.
Combofix:
ComboFix 08-10-11.01 - Oscar 2008-10-11 22:50:21.1 - NTFSx86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1053.18.1974 [GMT 2:00]
Running from: C:UsersOscarDesktopComboFix.exe
* Created a new restore point
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 16:52 84 ----a-w C:Program Filesqtsh.txt
2008-10-10 06:58 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-10-10 06:57 --------- d-----w C:Program FilesAcer GameZone
2008-09-15 15:44 --------- d-----w C:ProgramDataCyberLink
2008-09-14 08:37 --------- d-----w C:Program FilesVistaCodecPack
2008-09-14 08:36 --------- d-----w C:ProgramDataVistaCodecs
2008-09-13 01:18 28,728 ----a-w C:Windowssystem32driversmsahci.sys
2008-09-13 01:18 21,560 ----a-w C:Windowssystem32driversatapi.sys
2008-09-12 13:36 --------- d-----w C:Program FilesMicrosoft Works
2008-09-12 13:12 --------- d-----w C:Program FilesWindows Mail
2008-09-12 10:49 --------- d-----w C:ProgramDataMicrosoft Help
2008-09-12 10:05 --------- d-----w C:ProgramDataMcAfee
2008-09-12 10:05 --------- d-----w C:Program FilesAcer
2008-09-12 09:51 --------- d-----w C:Program FilesYahoo!
2008-09-12 09:47 319,456 ----a-w C:WindowsDIFxAPI.dll
2008-09-12 09:47 315,392 ----a-w C:WindowsHideWin.exe
2008-09-12 09:44 --------- d-----w C:ProgramDataSiteAdvisor
2008-09-12 09:35 --------- d-sh--w C:ProgramDataStart-meny
2008-09-12 09:35 --------- d-sh--w C:ProgramDataSkrivbord
2008-09-12 09:35 --------- d-sh--w C:ProgramDataMallar
2008-09-12 09:35 --------- d-sh--w C:ProgramDataFavoriter
2008-09-12 09:35 --------- d-sh--w C:ProgramDataDokument
2008-09-12 09:35 --------- d-sh--w C:Program FilesDelade filer
2008-08-02 03:26 36,864 ----a-w C:WindowsSystem32cdd.dll
2008-07-31 03:32 460,288 ----a-w C:WindowsAppPatchAcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:WindowsSystem32Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:WindowsAppPatchAcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:WindowsAppPatchAcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:WindowsSystem32GameUXLegacyGDFs.dll
2008-01-21 02:43 174 --sha-w C:Program Filesdesktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersegisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOTCLSID{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:Program FilesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MsnMsgr"="C:Program FilesWindows LiveMessengerMsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="C:Program FilesDAEMON Tools Litedaemon.exe" [2008-08-08 490952]
"swg"="C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [2008-09-14 171448]
"WMPNSCFG"="C:Program FilesWindows Media PlayerWMPNSCFG.exe" [2008-01-21 202240]
"uTorrent"="C:Program FilesuTorrentuTorrent.exe" [2008-10-08 270128]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [2008-02-22 1037608]
"Adobe Reader Speed Launcher"="c:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2007-03-08 40048]
"NvCplDaemon"="C:Windowssystem32NvCpl.dll" [2008-04-03 13535776]
"NvMediaCenter"="C:Windowssystem32NvMcTray.dll" [2008-04-03 92704]
"LManager"="C:PROGRA~1LAUNCH~1LManager.exe" [2008-04-01 793096]
"eAudio"="C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe" [2008-03-07 544768]
"eDataSecurity Loader"="C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe" [2008-03-04 526896]
"ePower_DMC"="C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe" [2008-04-30 397312]
"APVXDWIN"="C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" [2007-10-04 455984]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784]
"WarReg_PopUp"="C:Program FilesAcerWR_PopUpWarReg_PopUp.exe" [2008-01-29 303104]
"PLFSetI"="C:WindowsPLFSetI.exe" [2007-10-23 200704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 C:WindowsRtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-21 C:WindowsSkyTel.exe]
C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Acer VCM.lnk - C:Program FilesAcerAcer VCMAcerVCM.exe [2008-09-12 1216512]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavldr]
2007-02-15 19:02 50736 C:WindowsSystem32avldr.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPskSvcRetail]
@="Service"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBkupTray]
--a------ 2008-04-06 22:42 34040 C:Program FilesNewTech InfosystemsNTI Backup Now 5BkupTray.exe
[HKLM~servicessharedaccessparametersfirewallpolicyDomainProfileAuthorizedApplicationsList]
"C:Program FilesFlashFXPFlashFXP.exe"= C:Program FilesFlashFXPFlashFXP.exe:*:Enabled:FlashFXP v3
[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
"{A215901A-51B1-4665-BA62-23DA081A624E}"= UDP:C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe:AgentSvc.exe
"{CDD4D48D-02D1-41B7-B7F0-C8A0DE41A02C}"= UDP:C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe:BackupSvc.exe
"{5570B819-9047-4F7D-AD41-EB39B072550A}"= TCP:C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe:AgentSvc.exe
"{0DC5CBE2-0F88-4983-8265-8081B1BDC877}"= TCP:C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe:BackupSvc.exe
"{10D2D61F-0799-4BDB-B88E-0AF97ED2A52F}"= UDP:C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe:SchedulerSvc.exe
"{F658716A-E3BB-46E9-825D-BBF74177B3DD}"= TCP:C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe:SchedulerSvc.exe
"{398233E2-5388-4CFD-897E-48B852FE7EB0}"= c:Program FilesCyberlinkPowerDirectorPDR.EXE:CyberLink PowerDirector
"{72D2556D-FCD1-4723-A05D-660DDD2BD85D}"= C:Program FilesAcerAcer VCMVC.exe:Acer VCM
"{614194BE-186C-4788-B433-84D170115FB2}"= C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:_this_program_will_be_deleted
"{1D731B58-17E7-4F8B-89EA-3AD4DEAE6450}"= C:Program FilesAcer Arcade DeluxeHomeMediaHomeMedia.exe:Acer HomeMedia
"{662456CB-37D0-457C-B57F-4A339AEB4C25}"= UDP:C:Program FilesuTorrentuTorrent.exe:µTorrent (TCP-In)
"{2F45CF1D-95B9-4131-9163-F6BFD96702DE}"= TCP:C:Program FilesuTorrentuTorrent.exe:µTorrent (UDP-In)
"{8B7D4F9F-6E32-4C9E-B2B3-23EA8D6657A0}"= C:Program FilesWindows LiveMessengerlivecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A9272C38-6B5F-4B4E-A078-971682AF2ADC}C:program filesutorrentutorrent.exe"= UDP:C:program filesutorrentutorrent.exe:µTorrent
"UDP Query User{22E79620-AFFC-4A64-ABA4-FEAE2F9E1C0A}C:program filesutorrentutorrent.exe"= TCP:C:program filesutorrentutorrent.exe:µTorrent
"{4CB61E6B-D6A7-479E-970A-7F8F9A86A9F1}"= UDP:C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeAcer Arcade Deluxe.exe:_this_program_will_be_deleted
"TCP Query User{8D13F410-8DB1-420D-9F89-5EDDEC1EAB0D}C:program filesjavajre1.6.0_07binjavaw.exe"= UDP:C:program filesjavajre1.6.0_07binjavaw.exe:Java Platform SE binary
"UDP Query User{B50B64EC-FAFD-4419-A830-D5846FD7F7C5}C:program filesjavajre1.6.0_07binjavaw.exe"= TCP:C:program filesjavajre1.6.0_07binjavaw.exe:Java Platform SE binary
"{51F761AD-F0F7-4D4F-A6DF-485F1B052ACB}"= UDP:C:Program FilesReClockConfig.exe:Configure ReClock
"{9BE143BC-B396-4DCC-9992-A229859C0949}"= TCP:C:Program FilesReClockConfig.exe:Configure ReClock
"TCP Query User{CD4FB210-0862-43DB-8D28-7959CB4F8A25}C:installerade spelempires2.exe"= UDP:C:installerade spelempires2.exe:Age of Empires II
"UDP Query User{BBF2F156-3A1B-4586-B3A5-C0983ACE591A}C:installerade spelempires2.exe"= TCP:C:installerade spelempires2.exe:Age of Empires II
"TCP Query User{0FCE1DF2-3764-460B-B8E7-BE736B515E5B}C:windowssystem32dplaysvr.exe"= UDP:C:windowssystem32dplaysvr.exe:Hjälpprogram för Microsoft DirectPlay
"UDP Query User{B617AD64-75C8-45EB-A93A-98A29FA265EB}C:windowssystem32dplaysvr.exe"= TCP:C:windowssystem32dplaysvr.exe:Hjälpprogram för Microsoft DirectPlay
"{AB8FDE28-2BB5-4349-A373-0FC7F5009998}"= UDP:C:Installerade spelciv4Colonization.exe:Sid Meier's Civilization IV Colonization
"{D8996808-ED49-475A-9582-0CF5A1D5F0C5}"= TCP:C:Installerade spelciv4Colonization.exe:Sid Meier's Civilization IV Colonization
"TCP Query User{1A414370-856A-42AB-A3D7-980AF4EF3D60}C:program filesmircmirc.exe"= UDP:C:program filesmircmirc.exe:mIRC
"UDP Query User{46FA3D1B-82BC-4654-AFBC-17C6B3CD9FA0}C:program filesmircmirc.exe"= TCP:C:program filesmircmirc.exe:mIRC
[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
"C:Program FilesFlashFXPFlashFXP.exe"= C:Program FilesFlashFXPFlashFXP.exe:*:Enabled:FlashFXP v3
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSfsu.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSfsu.exe:*:Enabled:eDSfsu
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx86encryption.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86encryption.exe:*:Enabled:encryption
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx86decryption.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86decryption.exe:*:Enabled:decryption
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSMgr.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSMgr.exe:*:Enabled:eDSMgr
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStbmngr.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStbmngr.exe:*:Enabled:eDStbmngr
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDSfsu.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDSfsu.exe:*:Enabled:eDSfsu
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx64encryption.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64encryption.exe:*:Enabled:encryption
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx64decryption.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64decryption.exe:*:Enabled:decryption
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDSMgr.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDSMgr.exe:*:Enabled:eDSMgr
"C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDStbmngr.exe"= C:Program FilesAcerEmpowering TechnologyeDataSecurityx64eDStbmngr.exe:*:Enabled:eDStbmngr
R0 pavboot;pavboot;C:Windowssystem32driverspavboot.sys [2008-06-19 28544]
R1 ShldDrv;Panda File Shield Driver;C:Windowssystem32DRIVERSShlDrv51.sys [2007-05-23 38968]
R2 AmFSM;AmFSM;C:Windowssystem32DRIVERSamm8660.sys [2007-09-28 46648]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service;C:Program FilesAcerEmpowering TechnologyServiceETService.exe [2008-03-21 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [2008-04-04 131072]
R2 PavProc;Panda Process Protection Driver;C:Windowssystem32DRIVERSPavProc.sys [2007-07-12 178872]
R2 PskSvcRetail;Panda PSK service;C:Program FilesPanda Antivirus 2008PskSvc.exe [2007-03-21 27696]
R2 RS_Service;Raw Socket Service;C:Program FilesAcerAcer VCMRS_Service.exe [2008-01-10 233472]
R3 NETw5v32;Kortdrivrutin för Windows Vista 32-bitars för Intel® Wireless WiFi Link;C:Windowssystem32DRIVERSNETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:Windowssystem32driversnvhda32v.sys [2008-04-03 43552]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:Windowssystem32DRIVERSyk60x86.sys [2008-02-21 299008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:Windowssystem32DRIVERSb57nd60x.sys [2008-01-21 179712]
S3 JMCR;JMCR;C:Windowssystem32DRIVERSjmcr.sys [2008-04-12 84240]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:Windowssystem32driverserrdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:Windowssystem32driversmegasr.sys [2008-01-21 386616]
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-eRecoveryService - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.se/
R0 -: HKLM-Main,Start Page = hxxp://sv.intl.acer.yahoo.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 22:53:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-11 22:54:29
ComboFix-quarantined-files.txt 2008-10-11 20:54:19
Pre-Run: 79 756 001 280 byte ledigt
Post-Run: 79,515,049,984 byte ledigt
293 --- E O F --- 2008-10-07 16:00:14
-
Hej,
=> McAfee Network Agent <= trodde jag var avinstallerat och borttaget.
Vad gäller Avenger följde jag instruktioner exakt och kopierade in:
Files to delete:
C:Windowsupdater.com
i textrutan, inget annat. Jag körde execute och fick startat om datorn enl. instruktion. Så långt allt väl, jag fick dock inte upp någon logga med avenger (C:avenger.txt). Den finns inte heller om jag söker efter filen. Bifogar iaf en ny HJT-logga återigen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:51, on 2008-10-11
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:Windowssystem32conime.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WindowsSystem32rundll32.exe
C:WindowsRtHDVCpl.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesPanda Antivirus 2008ApVxdWin.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:WindowsPLFSetI.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:UsersOscarAppDataLocalTempRtkBtMnt.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesAcerAcer VCMAcerVCM.exe
C:Program FilesAcerAcer VCMacp2HID.exe
C:Program FilesPanda Antivirus 2008WebProxy.exe
C:Program FilesInternet Explorerieuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Windowssystem32NOTEPAD.EXE
C:Windowssystem32SearchFilterHost.exe
C:Program FilesTrend MicroHijackThisoscar.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [skytel] Skytel.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe"
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [Windows Updater] updater.com
O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe
O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: Acer VCM.lnk = ?
O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe
--
End of file - 8880 bytes
Tack igen, Mvh Oscar
-
Hej igen,
här kommer Hjt-loggan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:26:14, on 2008-10-11
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesAdobeReader 8.0Readerreader_sl.exe
C:WindowsSystem32rundll32.exe
C:WindowsRtHDVCpl.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesPanda Antivirus 2008ApVxdWin.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:WindowsPLFSetI.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesAcerAcer VCMAcerVCM.exe
C:Windowssystem32wbemunsecapp.exe
C:UsersOscarAppDataLocalTempRtkBtMnt.exe
C:Program FilesAcerAcer VCMacp2HID.exe
C:Program FilesAcerAcer VCMVC.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesInternet Explorerieuser.exe
C:Windowssystem32conime.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesAcerEmpowering TechnologyNotificationCenterFramework.NotificationCenter.exe
C:Program FilesTrend MicroHijackThisoscar.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [skytel] Skytel.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe"
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [Windows Updater] updater.com
O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe
O4 - HKLM..Run: [PLFSetI] C:WindowsPLFSetI.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKCU..Run: [sidebar] C:Program Fileswindows sidebarsidebar.exe /autoRun
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: Acer VCM.lnk = ?
O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe
--
End of file - 8995 bytes
Mvh Oscar
-
Hej,
jag har från början helt stängt/inaktiverat alla funktioner av Windows defender. Den här gången inaktiverade jag även windows firewall. Trots detta blockeras Malwarebytes' Anti-Malware att starta upp och göra sista cleanen av de tre trojanerna efter omstart utav Windows. Citat: "Windows har blockerat ett eller flera program från att starta automatiskt." (Windows syftar här på Malwarebytes). Jag väljer då att tillåta/köra programmet via den lilla ikonen med text som dyker upp i nedre, högra hörnet av skärmen. Ändå finns virusen kvar vid nästa scan.
Jag har kört fast här och vet inte riktigt hur jag skall gå tillväga. Tycker mig ha följt Era instruktioner punktvis exakt.
Mvh Oscar
-
Nya tag!
här kommer Malwarebytes' Anti-Malware log:
Malwarebytes' Anti-Malware 1.28
Databasversion: 1248
Windows 6.0.6001 Service Pack 1
2008-10-10 13:43:18
mbam-log-2008-10-10 (13-43-18).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 40283
Förfluten tid: 1 minute(s), 43 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 3
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:UsersDefaultMy DocumentsMy MusicMy Music.url (Trojan.Zlob) -> Delete on reboot.
C:UsersDefaultMy DocumentsMy PicturesMy Pictures.url (Trojan.Zlob) -> Delete on reboot.
C:UsersDefaultMy DocumentsMy VideosMy Video.url (Trojan.Zlob) -> Delete on reboot.
Obs: dessa 3 filer finns fortfarande kvar om jag kör om snabb scan efter omstart.
Här är den nya HJT-loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:27, on 2008-10-10
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesAdobeReader 8.0Readerreader_sl.exe
C:WindowsSystem32rundll32.exe
C:WindowsRtHDVCpl.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesPanda Antivirus 2008ApVxdWin.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesuTorrentuTorrent.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesAcerAcer VCMAcerVCM.exe
C:Windowssystem32wbemunsecapp.exe
C:UsersOscarAppDataLocalTempRtkBtMnt.exe
C:Program FilesPanda Antivirus 2008WebProxy.exe
C:Program FilesAcerAcer VCMacp2HID.exe
C:Program FilesAcerAcer VCMVC.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesTrend MicroHijackThisoscar.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [skytel] Skytel.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe"
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [Windows Updater] updater.com
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKCU..Run: [sidebar] C:Program Fileswindows sidebarsidebar.exe /autoRun
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: Acer VCM.lnk = ?
O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe
--
End of file - 8800 bytes
Kommer tillbaks online först senare ikväll tyvärr, tack igen!
Mvh Oscar
-
Hej igen!
Tack så hemskt mycket för din tid, jag är oerhört tacksam! Här kommer loggan från msnfix och sedan Hijack.
MSNFix 1.749
C:UsersOscarDesktopMSNFix
Sokningen var klar pa 2008-10-09 - 23:52:33,87 By Oscar
normalt lage
************************ Kollar filer
... C:Windowsupdater.com
... C:Windowssystem32ACER.exe
************************ Kollar mappar
Inga Mappar Funna
************************ Tar bort virus filer
.. OK ... C:UsersOscarAppDataLocalTempwinlogon.exe
.. OK ... C:UsersOscarAppDataLocalTempservices.exe
.. OK ... C:Windowssystem32cftmon.exe
.. OK ... C:Windowsupdater.com
.. OK ... C:Windowssystem32ACER.exe
************************ Rensar registret
************************ Hostsclean
Cleanhosts v 0.1.0.7 By Laurent
-- Backup : C:Windowssystem32driversetchosts-20081010000854
-- original size 0.74 Kb / 20 lines
-- Start cleaning Hosts file ....
-- final size 0.74 Kb / 20 lines
-- entry Found : 0 / Entry check : 310
End .............................. 16.52 Secondes
Resten av filerna tas bort efter omstart
Inga Filer Funna
************************ Hostsclean
Cleanhosts v 0.1.0.7 By Laurent
-- Backup : C:Windowssystem32driversetchosts-20081010083745
-- original size 0.74 Kb / 20 lines
-- Start cleaning Hosts file ....
-- final size 0.74 Kb / 20 lines
-- entry Found : 0 / Entry check : 310
End .............................. 9.69 Secondes
(Jag startade om datorn och avslutade rensningen).
Nu kommer Hijack this loggen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:18, on 2008-10-10
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32conime.exe
C:Program FilesAcerEmpowering TechnologyNotificationCenterFramework.NotificationCenter.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WindowsSystem32rundll32.exe
C:WindowsRtHDVCpl.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesPanda Antivirus 2008ApVxdWin.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesAcerAcer VCMAcerVCM.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesWindows Sidebarsidebar.exe
C:UsersOscarAppDataLocalTempRtkBtMnt.exe
C:Program FilesAcerAcer VCMacp2HID.exe
C:Program FilesPanda Antivirus 2008WebProxy.exe
C:Program FilesAcerAcer VCMVC.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesInternet Explorerieuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesTrend MicroHijackThisoscar.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [skytel] Skytel.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe"
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [Windows Updater] updater.com
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKCU..Run: [sidebar] C:Program Fileswindows sidebarsidebar.exe /autoRun
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: Acer VCM.lnk = ?
O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe
--
End of file - 9053 bytes
Förresten, angående din tidigare fråga om så är http://sv.intl.acer.yahoo.com inte min startsida, det är www.google.se som är det.. och jag har för mig att jag aldrig installerat yahoo toolbar.
Tack!
Mvh Oscar
-
*********************************************
2009-01-08:
Tråden är nu låst.
Tycker du att den är felaktigt låst, var god kontakta
*********************************************
Hej,
jag klantade till det och klickade på/installerade den falska flashplayern häromdagen. Mitt panda antivirus hittar ingenting men ändå säger windows att det har blockerat något program från att autostarta varje gång jag sätter igång datorn.
Tänkte kopiera in min Hijackthis log. När loggen gjordes var windows defender inaktiverat och en CC regclean nyss gjord. Tack på förhand!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:35, on 2008-10-09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WindowsSystem32rundll32.exe
C:WindowsRtHDVCpl.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesPanda Antivirus 2008ApVxdWin.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesuTorrentuTorrent.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesAcerAcer VCMAcerVCM.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesWindows Sidebarsidebar.exe
C:UsersOscarAppDataLocalTempRtkBtMnt.exe
C:Program FilesPanda Antivirus 2008WebProxy.exe
C:Program FilesAcerAcer VCMVC.exe
C:Program FilesAcerAcer VCMacp2HID.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Windowssystem32conime.exe
C:Program FilesInternet Explorerieuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Program FilesAcerEmpowering TechnologyNotificationCenterFramework.NotificationCenter.exe
C:Program FilesTrend MicroHijackThisoscar.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.se/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:PROGRA~1FlashFXPIEFlash.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "c:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [skytel] Skytel.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [eAudio] "C:Program FilesAcerEmpowering TechnologyeAudioeAudio.exe"
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda Antivirus 2008APVXDWIN.EXE" /s
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [Windows Updater] updater.com
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKCU..Run: [sidebar] C:Program Fileswindows sidebarsidebar.exe /autoRun
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: Acer VCM.lnk = ?
O7 - HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:Program FilesPanda Antivirus 2008PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda Antivirus 2008pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:Program FilesPanda Antivirus 2008PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:Program FilesPanda Antivirus 2008PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:Program FilesAcerAcer VCMRS_Service.exe
--
End of file - 9338 bytes
Mvh Oscar
Hijackthis log - misstanke om youtube virus
i Borttagning av virus och andra skadliga program
Postad
Hej,
Nu mår datorn kanonbra! Tack så hemskt mycket, oerhört snällt!
Mvh Oscar