Gå til innhold

Acer Aspire 5930G skrur seg av og flere programmer har sluttet å fungere. Virus?

nilieh

Av nilieh
i IKT-drift og sikkerhet

Anbefalte innlegg

nilieh

nilieh

Skrevet
Skrevet (endret)

Hei!

 

Jeg har skrevet inn her tidligere, ang ett problem med trojanske hester som ikke ble fjernet av noen programmer. Uansett, løsning ble til slutt å prøve å fjerne dem manuelt, men problemet jeg hadde har vedvart, men virusprogrammene finner bare ingen problemer.

 

I starten gikk det litt bedre med dataen, men nå har den begynt å skru seg av ofte. Jeg aner kke om det har noe med det forrige problemet å gjøre, men tenkte jeg skulle nevne det i tilfelle..

 

Den skrur seg av om jeg f.eks spiller musikk, ser på noe på youtube, har oppe flere programmer osv - så kanskje rett og slett når den blir varm? Av og til mens jeg sitter og skiver på ett word dokument og ikke har noe som helst annet oppe også. Den skrur seg av ca hver eneste gang jeg bruker den.

Den skrur seg av og vil ikke starte opp igjen og kjører systemgjenoppretting når jeg skrur den på igjen. Den avinstallerer senest installerte programmer, men det hjelper ikke.

 

I tilegg har mange småprogrammer sluttet å fungere som f.eks webkamera, active x script i internet explorer, mange programmer vil ikke kjøres (dreamweaver + andre adobe programmer), skjermdriveren slutter å fungere og restarter seg osv osv . Jeg er så utrolig lei dette, og lurer på om det enkleste kanskje er å kjøre en recovery på den og lagre alt jeg trenger først? problemet er at jeg rett og slett ikke har noen anelse om hvordan jeg gjør det :-) Jeg er veldig oppgitt, for dette hendte med min forrige acer laptop også og jeg endte opp med å kjøpe en ny (aug 2008) og den har allerede blitt som den forrige. Den forrige hadde akkurat samme problem (mer eller mindre).

 

Håper på svar :-)

Endret av nilieh
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
nilieh

nilieh

Skrevet
  • Forfatter
Skrevet

Malwarebytes

 

Klikk for å se/fjerne innholdet nedenfor
Malwarebytes' Anti-Malware 1.36

Databaseversjon: 2072

Windows 6.0.6001 Service Pack 1

 

04.05.2009 18:29:54

mbam-log-2009-05-04 (18-29-54).txt

 

Skanntype: Rask Skann

Objekter skannet: 69707

Tid tilbakelagt: 7 minute(s), 9 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

Lenke til kommentar
nilieh

nilieh

Skrevet
  • Forfatter
Skrevet

Combofix

 

Klikk for å se/fjerne innholdet nedenfor
ComboFix 09-05-03.4 - Nina 04.05.2009 21:42.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3066.1794 [GMT 8:00]

Kjører fra: c:\users\Nina\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-04 til 2009-05-04 )))))))))))))))))))))))))))))))))

.

 

2009-04-30 14:18 . 2009-04-30 14:18 -------- d-----w c:\program files\Common Files\Macrovision Shared

2009-04-30 14:08 . 2009-04-30 15:11 -------- d-----w c:\users\Nina\Adobe CS4

2009-04-30 07:22 . 2009-04-30 07:22 -------- d-----w c:\users\Nina\Library

2009-04-30 07:22 . 2009-04-30 07:22 -------- d-----w c:\users\Nina\AppData\Roaming\com.adobe.ExMan

2009-04-30 06:49 . 2009-04-30 06:49 -------- d-----w c:\progra~2\FLEXnet

2009-04-30 06:49 . 2009-04-30 06:49 -------- d-----w c:\users\All Users\FLEXnet

2009-04-30 06:24 . 2009-04-30 06:24 -------- d-----w c:\program files\Adobe Media Player

2009-04-30 06:18 . 2009-04-30 06:18 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-04-30 05:14 . 2009-04-30 14:03 -------- d-----w c:\users\Nina\AppData\Roaming\Download Manager

2009-04-30 04:39 . 2009-04-30 04:39 -------- d-----w c:\program files\Microsoft Silverlight

2009-04-30 04:39 . 2009-04-30 04:45 -------- d--h--w c:\windows\msdownld.tmp

2009-04-30 04:31 . 2009-04-30 04:31 -------- d-----w c:\users\Nina\AppData\Local\Opera

2009-04-30 04:27 . 2009-04-30 04:27 -------- d-----w c:\program files\Opera

2009-04-10 14:04 . 2009-04-10 14:04 -------- d-----w c:\users\Nina\AppData\Roaming\McGraw-HillLicensing

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-04 13:42 . 2008-07-16 17:24 183328 ----a-w c:\users\All Users\nvModes.dat

2009-05-04 13:42 . 2008-07-16 17:24 183328 ----a-w c:\progra~2\nvModes.dat

2009-05-03 13:23 . 2008-05-13 05:59 76478 ----a-w c:\windows\system32\perfc014.dat

2009-05-03 13:23 . 2008-05-13 05:59 452326 ----a-w c:\windows\system32\perfh014.dat

2009-05-03 13:17 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT

2009-05-01 17:48 . 2008-07-16 17:25 12 ----a-w c:\windows\bthservsdp.dat

2009-04-30 14:25 . 2008-08-14 01:36 -------- d-----w c:\program files\Common Files\Adobe

2009-04-17 19:09 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-14 16:07 . 2008-09-27 14:04 680 ----a-w c:\users\Nina\AppData\Local\d3d9caps.dat

2009-04-13 10:00 . 2008-07-16 14:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-04-13 10:00 . 2008-10-04 07:34 -------- d-----w c:\program files\SUPERAntiSpyware

2009-04-13 09:14 . 2008-04-30 07:25 -------- d-----w c:\program files\Yahoo!

2009-04-13 09:13 . 2008-11-04 01:15 -------- d-----w c:\program files\a-squared Free

2009-04-06 07:32 . 2008-10-04 08:08 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 07:32 . 2008-10-04 08:08 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-28 02:34 . 2009-03-28 02:34 -------- d-----w c:\program files\iPod

2009-03-28 02:34 . 2008-07-16 13:21 -------- d-----w c:\program files\Common Files\Apple

2009-03-28 02:30 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-03-28 02:30 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-03-28 02:30 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat

2009-03-17 03:38 . 2009-04-17 09:47 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-17 03:38 . 2009-04-17 09:47 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-17 09:47 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-16 04:26 . 2008-07-16 12:09 -------- d-----w c:\program files\Windows Live

2009-03-08 11:34 . 2009-04-30 04:40 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-04-30 04:40 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-04-30 04:40 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-04-30 04:40 109056 ----a-w c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-04-30 04:40 109568 ----a-w c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-04-30 04:40 132608 ----a-w c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-04-30 04:40 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-04-30 04:40 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-04-30 04:40 103936 ----a-w c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-04-30 04:40 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-04-30 04:40 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-04-30 04:40 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-04-30 04:40 66560 ----a-w c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-04-30 04:40 169472 ----a-w c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-04-30 04:40 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-04-30 04:40 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-04-30 04:40 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-04-30 04:40 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-05 14:59 . 2009-03-05 14:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys

2009-03-05 14:59 . 2009-03-05 14:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

2009-03-03 04:46 . 2009-04-17 09:47 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-17 09:47 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:39 . 2009-04-17 09:47 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-17 09:47 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-17 09:47 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-17 09:47 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-17 09:47 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-17 09:47 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-17 09:47 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-17 09:47 17408 ----a-w c:\windows\system32\iashost.exe

2009-02-13 08:49 . 2009-04-17 09:47 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-17 09:47 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 03:10 . 2009-03-11 09:32 2033152 ----a-w c:\windows\system32\win32k.sys

2009-02-06 10:59 . 2009-02-06 10:59 308104 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 09:52 . 2009-02-06 09:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2008-11-07 15:54 . 2008-11-07 15:54 794 ----a-w c:\program files\pbhdynpx.txt

2008-11-02 11:52 . 2008-11-02 11:52 876 ----a-w c:\program files\ofqrtdc.txt

2008-11-02 10:45 . 2008-11-02 10:45 794 ----a-w c:\program files\qgbtnkre.txt

2008-11-01 15:32 . 2008-11-01 15:32 794 ----a-w c:\program files\fzkfxl.txt

2008-11-01 15:00 . 2008-11-01 15:00 794 ----a-w c:\program files\nong.txt

2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-07-17 03:07 . 2008-07-17 03:07 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885400]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-25 6111232]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

 

c:\users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-19 479232]

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-8 101440]

Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-4-7 4685824]

 

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-7-16 1216512]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-11 525664]

 

c:\users\Nina\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-19 479232]

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-8 101440]

Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-4-7 4685824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{E22A63B7-9EE9-4636-8B2C-81D1E5FDFBC4}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{D5FFF589-E133-43EA-BCB4-1D833AAB57B2}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM

"{BF4C1693-D0D9-4558-8AA9-21727ADB9C59}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{0EE929FD-8402-44EC-9710-80B632B3F4F1}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{A09D5013-1476-45F6-BC5E-237E875A406B}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{650F69A9-294B-4D16-B998-BF092F8D9D33}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{3AC00292-B1A5-41AA-927F-84D0D0A2C8DE}"= UDP:c:\program files\DNA\btdna.exe:DNA

"{362698E3-1A68-4F97-955D-F5AE5C07D86D}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{410C84BA-DAA4-4540-A608-460A44DDCD4E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent

"{7F37C677-1179-48D1-B048-402B4C3201B5}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent

"{7D2F2EEB-E511-4B4A-A716-28EA02022B91}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{2C119D0C-C262-4311-98C3-6B10A9B3DAFA}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{AC7198E3-6A67-4628-911D-07C014DAC08F}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"TCP Query User{BA5621D2-9014-4A01-B96F-943A30492E5C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{F96DD639-0EB8-4674-8D1F-0C8B950F1E4F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{76A53AFE-CC09-4E43-A4EC-2710DB8993E8}"= UDP:c:\users\Nina\Desktop\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

"{0F39BBC3-30B9-4216-B1D5-33A57CAB7686}"= TCP:c:\users\Nina\Desktop\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

"{C466E9D9-90A7-4580-9734-D1A2E2B19470}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{63FA4156-E0ED-4CAB-93D4-CFFB161CBC0E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{002EA682-2662-491F-9EAD-FA5D1CA31CC8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{48596B20-DE5D-4C00-A7DD-57374725357B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{DC175F95-B093-4F80-B9D4-526BA60AAEA1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{535B3B47-EA02-4BAF-814E-C21176EE5826}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{0DC81692-135C-4EA1-B101-FBA38C508B63}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{A6A947F5-A9A6-48EC-B03B-0E448E5B3684}"= UDP:5353:Adobe CSI CS4

"{43004191-6AD8-4991-AD58-446D5621D169}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{56DA31B2-1F86-40A0-A5AA-71D4E5171506}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

 

R0 vfkhk;vfkhk; [x]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 13:01 61424]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]

S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

S3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-03 43552]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-AdobeBridge - (no file)

 

 

.

------- Tilleggsskanning -------

.

mStart Page = hxxp://no.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-04 21:47

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'Explorer.exe'(7448)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\windows\system32\btmmhook.dll

c:\windows\System32\SysHook.dll

c:\windows\system32\btncopy.dll

.

Tidspunkt ferdig: 2009-05-04 21:50

ComboFix-quarantined-files.txt 2009-05-04 13:50

ComboFix2.txt 2008-11-03 16:12

ComboFix3.txt 2008-11-02 00:16

ComboFix4.txt 2008-10-31 01:15

ComboFix5.txt 2009-05-04 13:40

 

Pre-Run: 99 427 753 984 byte ledig

Post-Run: 99 060 936 704 byte ledig

 

270 --- E O F --- 2009-05-01 17:47

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...