Gå til innhold

» Data » IKT-drift og sikkerhet

Virus, logger er med.

Enya

Av Enya
12. februar 2009 i IKT-drift og sikkerhet

Anbefalte innlegg

Enya

Enya

Skrevet 12. februar 2009

- Rapporter
- Del

Skrevet 12. februar 2009

Symptomer: Maskinen går tregt.

MBAM

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.34

Databaseversjon: 1753

Windows 6.0.6001 Service Pack 1

12.02.2009 10:15:18

mbam-log-2009-02-12 (10-15-18).txt

Skanntype: Rask Skann

Objekter skannet: 62062

Tid tilbakelagt: 15 minute(s), 8 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

Combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-02-11.02 - Hans Martin 2009-02-12 10:46:10.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3037.1965 [GMT 1:00]

Kjører fra: c:\users\Hans Martin\Downloads\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Hans Martin\AppData\Roaming\.#

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-12 til 2009-02-12 )))))))))))))))))))))))))))))))))

.

2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\Malwarebytes

2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\programdata\Malwarebytes

2009-02-12 09:38 . 2009-02-12 09:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-12 09:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-02-12 09:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-02-12 00:40 . 2009-02-12 00:40 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\Template

2009-02-12 00:39 . 2009-02-12 00:39 0 --a------ c:\users\Hans Martin\AppData\Roaming\wklnhst.dat

2009-02-11 20:48 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-11 20:48 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

2009-02-09 20:23 . 2009-02-09 20:23 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\Uniblue

2009-02-09 20:23 . 2009-02-09 20:43 <DIR> d-------- c:\users\All Users\DriverScanner

2009-02-09 20:23 . 2009-02-09 20:43 <DIR> d-------- c:\programdata\DriverScanner

2009-02-09 20:23 . 2009-02-09 20:23 <DIR> d-------- c:\program files\Uniblue

2009-02-09 20:21 . 2009-02-09 20:23 <DIR> d--h-c--- c:\users\All Users\{148D8B8A-8F96-4822-81EC-D510B626B7D5}

2009-02-09 20:21 . 2009-02-09 20:23 <DIR> d--h-c--- c:\programdata\{148D8B8A-8F96-4822-81EC-D510B626B7D5}

2009-01-22 18:02 . 2009-01-22 18:02 <DIR> d-------- c:\windows\Sun

2009-01-22 13:05 . 2009-01-22 13:06 214,821,071 --a------ c:\windows\MEMORY.DMP

2009-01-15 18:31 . 2009-01-22 12:21 <DIR> d-------- c:\users\Hans Martin\AppData\Roaming\LimeWire

2009-01-15 18:30 . 2009-01-15 18:30 <DIR> d-------- c:\program files\Java

2009-01-15 18:30 . 2009-01-15 18:30 410,984 --a------ c:\windows\System32\deploytk.dll

2009-01-15 18:27 . 2009-01-15 18:27 <DIR> d-------- c:\program files\LimeWire

2009-01-14 23:59 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-12 06:48 --------- d-----w c:\program files\Windows Mail

2009-02-05 11:32 --------- d-----w c:\program files\McAfee

2009-01-23 07:52 --------- d-----w c:\programdata\TrackMania

2009-01-17 02:22 --------- d-----w c:\program files\Google

2009-01-11 14:10 --------- d-----w c:\program files\SiteAdvisor

2009-01-01 14:13 --------- d-----w c:\program files\Steam

2008-12-31 18:22 --------- d-----w c:\users\Hans Martin\AppData\Roaming\CyberLink

2008-12-31 18:22 --------- d-----w c:\programdata\CyberLink

2008-12-31 14:22 --------- d-----w c:\users\Hans Martin\AppData\Roaming\vlc

2008-12-30 22:39 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-12-30 22:09 --------- d-----w c:\programdata\Microsoft Help

2008-12-30 21:53 --------- d-----w c:\program files\MSXML 4.0

2008-12-30 21:53 --------- d-----w c:\program files\Microsoft Works

2008-12-30 21:25 --------- d-----w c:\programdata\SiteAdvisor

2008-12-30 21:25 --------- d-----w c:\programdata\McAfee

2008-12-30 18:58 --------- d-----w c:\program files\Common Files\Steam

2008-12-30 18:38 --------- d-----w c:\program files\VideoLAN

2008-12-30 18:34 --------- d-----w c:\users\Hans Martin\AppData\Roaming\Apple Computer

2008-12-30 18:33 --------- d-----w c:\programdata\Apple Computer

2008-12-30 18:33 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-30 18:33 --------- d-----w c:\program files\iTunes

2008-12-30 18:33 --------- d-----w c:\program files\iPod

2008-12-30 18:33 --------- d-----w c:\program files\Common Files\Apple

2008-12-30 18:32 --------- d-----w c:\program files\QuickTime

2008-12-30 18:32 --------- d-----w c:\program files\Bonjour

2008-12-30 18:20 --------- d-----w c:\program files\Apple Software Update

2008-12-30 18:19 --------- d-----w c:\programdata\Apple

2008-12-30 16:14 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-12-30 16:14 --------- d-----w c:\program files\Windows Live

2008-12-30 16:11 --------- d-----w c:\programdata\WLInstaller

2008-12-30 15:04 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-30 15:04 --------- d-----w c:\programdata\Temp

2008-12-30 15:03 --------- d-----w c:\program files\Acer GameZone

2008-12-30 15:02 --------- d-----w c:\users\Hans Martin\AppData\Roaming\ATI

2008-12-30 15:02 --------- d-----w c:\programdata\ATI

2008-12-30 01:38 --------- d-----w c:\program files\AMD

2008-12-29 21:20 --------- d-----w c:\program files\Acer Incorporated

2008-12-29 21:19 --------- d-----w c:\program files\Acer Arcade Deluxe

2008-12-29 20:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2008-12-29 20:46 --------- d-----w c:\program files\Acer Inc

2008-12-29 20:45 --------- d-----w c:\program files\Apoint2K

2008-12-29 20:40 --------- d-----w c:\program files\Launch Manager

2008-12-29 20:37 --------- d-----w c:\program files\ATI Technologies

2008-12-29 20:18 --------- d-----w c:\program files\ATI

2008-12-29 19:54 --------- d-----w c:\program files\Acer

2008-12-29 19:51 --------- d-sh--w c:\programdata\Start-meny

2008-12-29 19:51 --------- d-sh--w c:\programdata\Skrivebord

2008-12-29 19:51 --------- d-sh--w c:\programdata\Programdata

2008-12-29 19:51 --------- d-sh--w c:\programdata\Maler

2008-12-29 19:51 --------- d-sh--w c:\programdata\Favoritter

2008-12-29 19:51 --------- d-sh--w c:\programdata\Dokumenter

2008-12-29 19:51 --------- d-sh--w c:\program files\Fellesfiler

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-29 24064]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-27 850440]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{88BF001A-9987-4DD2-9B09-0D1250DCB920}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{211A2D2F-B9CE-4DA3-BEE1-44529DE3BAA0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{4CEEF326-38AE-436A-AD07-37F30156BDE2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{B9E66FE4-6D43-43F7-9A2D-DE44F7B2F57F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{0CF90B2C-0E12-4B0C-A7FC-035E5E4B4B24}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{54A8E449-C730-4705-922D-01AF15F3DEAF}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{74918C60-6D94-47F5-A813-2CF39A5672AA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{1CEA23D8-6EA7-4FC2-8681-E994B5BE7D8A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{D9FAD534-8285-4065-9AA4-3556434FB2B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{3987C1E3-04CB-4619-9D5B-2A88EA3BE5DC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{9F6DCD7E-DBD8-4FA9-9BDA-C1AFE17822D9}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{8CCB968A-AA72-4E72-B5C8-3D78BCA50F9B}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{09871E04-1BD7-406A-9EB5-B65EA982FF3F}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{E32FD8C3-FD1B-4A6E-BA89-2C453029D234}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{EBEC2E1A-0234-4577-A003-137F5E901AF4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{B6E3983C-B1B8-48EA-9495-804A3EBE471C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{43D6A6D3-4C5D-43B7-B340-B9C863AD45BC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{035F5CF9-8374-48E5-93F9-3C82A57AA27F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{F9197454-8898-404D-90F0-97AE07DBB148}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-12-29 22:13:08 61424]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-29 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-22 24576]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-30 203280]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-12-29 122368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-05-23 210432]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-05-23 54784]

R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [2008-12-30 22072]

S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-29 24064]

S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-05-22 93968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c20a596-d6c2-11dd-8cfd-001eecc91e83}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-05-22 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-05-22 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

.

- - - - TOMME PEKERE FJERNET - - - -

HKLM-Run-eRecoveryService - (no file)

.

------- Tilleggsskanning -------

.

mStart Page = hxxp://no.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://no.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Hans Martin\AppData\Roaming\Mozilla\Firefox\Profiles\g8ahkw8y.default\

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-12 10:53:59

Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(3968)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\windows\System32\SysHook.dll

.

Tidspunkt ferdig: 2009-02-12 10:59:13

ComboFix-quarantined-files.txt 2009-02-12 09:58:57

Pre-Run: 68 828 147 712 byte ledig

Post-Run: 71,253,327,872 byte ledig

220 --- E O F --- 2009-02-12 07:07:43

HJT

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:02:52, on 12.02.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\Explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Windows\explorer.exe

C:\Users\Hans Martin\Downloads\test.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5530

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9667 bytes

Lenke til kommentar

Videoannonse

Annonse

norbat

norbat

Skrevet 12. februar 2009

- Rapporter
- Del

Skrevet 12. februar 2009

Loggene viser ikke noe virus, så årsaken til treg pc'n skyldes nok andre ting. En generell opprydding kan i enkelte tilfeller hjelpe litt.

1. Avinstaller programmer du ikke bruker

2. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

3. Sjekk om du kan ta bort noen programmer som starter opp sammen med windows. (Start->kjør/søk, skriv: msconfig, velg Oppstart)

4. Installer mer minne.

Lenke til kommentar

Enya

Enya

Skrevet 12. februar 2009

Forfatter

- Rapporter
- Del

Skrevet 12. februar 2009

Hmm, javel..

Takk for hjelp

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...