Enya Skrevet 12. februar 2009 Skrevet 12. februar 2009 Symptomer: Maskinen går tregt. MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.34 Databaseversjon: 1753 Windows 6.0.6001 Service Pack 1 12.02.2009 10:15:18 mbam-log-2009-02-12 (10-15-18).txt Skanntype: Rask Skann Objekter skannet: 62062 Tid tilbakelagt: 15 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 09-02-11.02 - Hans Martin 2009-02-12 10:46:10.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3037.1965 [GMT 1:00] Kjører fra: c:\users\Hans Martin\Downloads\ComboFix.exe * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Hans Martin\AppData\Roaming\.# . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-12 til 2009-02-12 ))))))))))))))))))))))))))))))))) . 2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\Malwarebytes 2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\programdata\Malwarebytes 2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-12 09:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-12 09:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-12 00:40 . 2009-02-12 00:40 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\Template 2009-02-12 00:39 . 2009-02-12 00:39 0 --a------ c:\users\Hans Martin\AppData\Roaming\wklnhst.dat 2009-02-11 20:48 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 20:48 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-09 20:23 . 2009-02-09 20:23 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\Uniblue 2009-02-09 20:23 . 2009-02-09 20:43 <DIR> d-------- c:\users\All Users\DriverScanner 2009-02-09 20:23 . 2009-02-09 20:43 <DIR> d-------- c:\programdata\DriverScanner 2009-02-09 20:23 . 2009-02-09 20:23 <DIR> d-------- c:\program files\Uniblue 2009-02-09 20:21 . 2009-02-09 20:23 <DIR> d--h-c--- c:\users\All Users\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2009-02-09 20:21 . 2009-02-09 20:23 <DIR> d--h-c--- c:\programdata\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2009-01-22 18:02 . 2009-01-22 18:02 <DIR> d-------- c:\windows\Sun 2009-01-22 13:05 . 2009-01-22 13:06 214,821,071 --a------ c:\windows\MEMORY.DMP 2009-01-15 18:31 . 2009-01-22 12:21 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\LimeWire 2009-01-15 18:30 . 2009-01-15 18:30 <DIR> d-------- c:\program files\Java 2009-01-15 18:30 . 2009-01-15 18:30 410,984 --a------ c:\windows\System32\deploytk.dll 2009-01-15 18:27 . 2009-01-15 18:27 <DIR> d-------- c:\program files\LimeWire 2009-01-14 23:59 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-12 06:48 --------- d-----w c:\program files\Windows Mail 2009-02-05 11:32 --------- d-----w c:\program files\McAfee 2009-01-23 07:52 --------- d-----w c:\programdata\TrackMania 2009-01-17 02:22 --------- d-----w c:\program files\Google 2009-01-11 14:10 --------- d-----w c:\program files\SiteAdvisor 2009-01-01 14:13 --------- d-----w c:\program files\Steam 2008-12-31 18:22 --------- d-----w c:\users\Hans Martin\AppData\Roaming\CyberLink 2008-12-31 18:22 --------- d-----w c:\programdata\CyberLink 2008-12-31 14:22 --------- d-----w c:\users\Hans Martin\AppData\Roaming\vlc 2008-12-30 22:39 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-12-30 22:09 --------- d-----w c:\programdata\Microsoft Help 2008-12-30 21:53 --------- d-----w c:\program files\MSXML 4.0 2008-12-30 21:53 --------- d-----w c:\program files\Microsoft Works 2008-12-30 21:25 --------- d-----w c:\programdata\SiteAdvisor 2008-12-30 21:25 --------- d-----w c:\programdata\McAfee 2008-12-30 18:58 --------- d-----w c:\program files\Common Files\Steam 2008-12-30 18:38 --------- d-----w c:\program files\VideoLAN 2008-12-30 18:34 --------- d-----w c:\users\Hans Martin\AppData\Roaming\Apple Computer 2008-12-30 18:33 --------- d-----w c:\programdata\Apple Computer 2008-12-30 18:33 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-30 18:33 --------- d-----w c:\program files\iTunes 2008-12-30 18:33 --------- d-----w c:\program files\iPod 2008-12-30 18:33 --------- d-----w c:\program files\Common Files\Apple 2008-12-30 18:32 --------- d-----w c:\program files\QuickTime 2008-12-30 18:32 --------- d-----w c:\program files\Bonjour 2008-12-30 18:20 --------- d-----w c:\program files\Apple Software Update 2008-12-30 18:19 --------- d-----w c:\programdata\Apple 2008-12-30 16:14 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-12-30 16:14 --------- d-----w c:\program files\Windows Live 2008-12-30 16:11 --------- d-----w c:\programdata\WLInstaller 2008-12-30 15:04 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-30 15:04 --------- d-----w c:\programdata\Temp 2008-12-30 15:03 --------- d-----w c:\program files\Acer GameZone 2008-12-30 15:02 --------- d-----w c:\users\Hans Martin\AppData\Roaming\ATI 2008-12-30 15:02 --------- d-----w c:\programdata\ATI 2008-12-30 01:38 --------- d-----w c:\program files\AMD 2008-12-29 21:20 --------- d-----w c:\program files\Acer Incorporated 2008-12-29 21:19 --------- d-----w c:\program files\Acer Arcade Deluxe 2008-12-29 20:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2008-12-29 20:46 --------- d-----w c:\program files\Acer Inc 2008-12-29 20:45 --------- d-----w c:\program files\Apoint2K 2008-12-29 20:40 --------- d-----w c:\program files\Launch Manager 2008-12-29 20:37 --------- d-----w c:\program files\ATI Technologies 2008-12-29 20:18 --------- d-----w c:\program files\ATI 2008-12-29 19:54 --------- d-----w c:\program files\Acer 2008-12-29 19:51 --------- d-sh--w c:\programdata\Start-meny 2008-12-29 19:51 --------- d-sh--w c:\programdata\Skrivebord 2008-12-29 19:51 --------- d-sh--w c:\programdata\Programdata 2008-12-29 19:51 --------- d-sh--w c:\programdata\Maler 2008-12-29 19:51 --------- d-sh--w c:\programdata\Favoritter 2008-12-29 19:51 --------- d-sh--w c:\programdata\Dokumenter 2008-12-29 19:51 --------- d-sh--w c:\program files\Fellesfiler 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-29 24064] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-27 850440] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] SetupExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{88BF001A-9987-4DD2-9B09-0D1250DCB920}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{211A2D2F-B9CE-4DA3-BEE1-44529DE3BAA0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4CEEF326-38AE-436A-AD07-37F30156BDE2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B9E66FE4-6D43-43F7-9A2D-DE44F7B2F57F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{0CF90B2C-0E12-4B0C-A7FC-035E5E4B4B24}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{54A8E449-C730-4705-922D-01AF15F3DEAF}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{74918C60-6D94-47F5-A813-2CF39A5672AA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{1CEA23D8-6EA7-4FC2-8681-E994B5BE7D8A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{D9FAD534-8285-4065-9AA4-3556434FB2B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{3987C1E3-04CB-4619-9D5B-2A88EA3BE5DC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{9F6DCD7E-DBD8-4FA9-9BDA-C1AFE17822D9}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{8CCB968A-AA72-4E72-B5C8-3D78BCA50F9B}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{09871E04-1BD7-406A-9EB5-B65EA982FF3F}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{E32FD8C3-FD1B-4A6E-BA89-2C453029D234}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{EBEC2E1A-0234-4577-A003-137F5E901AF4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B6E3983C-B1B8-48EA-9495-804A3EBE471C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{43D6A6D3-4C5D-43B7-B340-B9C863AD45BC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{035F5CF9-8374-48E5-93F9-3C82A57AA27F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F9197454-8898-404D-90F0-97AE07DBB148}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-12-29 22:13:08 61424] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-29 81504] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-22 24576] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-30 203280] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056] R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-12-29 122368] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-05-23 210432] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-05-23 54784] R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [2008-12-30 22072] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-29 24064] S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-05-22 93968] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c20a596-d6c2-11dd-8cfd-001eecc91e83}] \shell\AutoRun\command - G:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-05-22 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-05-22 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-eRecoveryService - (no file) . ------- Tilleggsskanning ------- . mStart Page = hxxp://no.intl.acer.yahoo.com mDefault_Page_URL = hxxp://no.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Hans Martin\AppData\Roaming\Mozilla\Firefox\Profiles\g8ahkw8y.default\ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-12 10:53:59 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(3968) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\System32\SysHook.dll . Tidspunkt ferdig: 2009-02-12 10:59:13 ComboFix-quarantined-files.txt 2009-02-12 09:58:57 Pre-Run: 68 828 147 712 byte ledig Post-Run: 71,253,327,872 byte ledig 220 --- E O F --- 2009-02-12 07:07:43 HJT Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:02:52, on 12.02.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Windows\explorer.exe C:\Users\Hans Martin\Downloads\test.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5530 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9667 bytes
norbat Skrevet 12. februar 2009 Skrevet 12. februar 2009 Loggene viser ikke noe virus, så årsaken til treg pc'n skyldes nok andre ting. En generell opprydding kan i enkelte tilfeller hjelpe litt. 1. Avinstaller programmer du ikke bruker 2. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. 3. Sjekk om du kan ta bort noen programmer som starter opp sammen med windows. (Start->kjør/søk, skriv: msconfig, velg Oppstart) 4. Installer mer minne.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå