Kontroll av användarkonto

[joscariot]

I dag har jag haft en pop-up med jämna mellanrum som säger att Windows vill kontrollera mitt användarnamn inför en uppdatering, kan man lita på att det är windows som ligger bakom?

 

 

Tacksam för svar

 

Johan

 

[Cecilia]

Nej, Microsoft har inget behov av något användarnamn för att lägga ut uppdateringar på Windows Update och Windows vet ju redan vilket användarnamn du är inloggad med.

 

Menar du att popupen kommer i webbläsaren eller på skrivbordet?

 

[joscariot]

Hej Cecilia!

 

Det var nog du som var hjälpsam för två år sedan också när jag hade worm-problem. Popuppen dyker upp soom en... popup med windows logga och trycker man på mer information så står det att man ska godkänna att windows kontrollerar lösenord/kod.

 

Johan

 

 

 

[joscariot]

När man trycker fortsätt dyker detta upp

 

 

Johan

 

[bild raderad 2009-12-03 19:10:37 av joscariot]

[joscariot]

Jag kunde inte ladda ned skärmbilden men det som dyker upp är en installation för Adobe Flash player från Adobe Systems Incorporated, är den äkta så laddar jag väl ned den men i och med att den är så jobbigt återkommande verkar det skumt.

 

 

[Cecilia]

Du kan lägga upp skärmbilden på t ex http://pici.se/

 

Det finns många falska Flash-installationer så sådana ska man inte installera på något annat sätt än direkt på Adobes webbsida.

 

[joscariot]

OK, men går det att bli av med den irriterande popuppen?

 

 

Johan

 

[Cecilia]

Om det inte är så att den dyker upp på vissa webbsidor så antar jag att det beror på något olämpligt i datorn.

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet (i Vista högerklicka och Kör som administratör).

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar bifogar du de två loggarna DSS.txt och Attach.txt på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen nappen i Besvara-fönstret

Upprepa med nästa logg.

 

[joscariot]

Nu har jag försökt att klistra in loggarna flera gånger men bara misslyckats, huyr exakt bär man sig åt, jag har sparat dem på skrivbordet?

 

Johan

 

[Cecilia]

Öppna DDS.txt i Anteckningar, vilket är vad som borde hända när du dubbelklickar på den, markera hela texten (Redigera - Markera allt), kopiera hela texten (Redigera - Kopiera).

Därefter trycker du på Besvara på mitt inlägg och i det nya fönstret så trycker du på LOG-knappen, därefter högerklickar du i skrivfältet och väljer Klistra in och slutligen trycker du på LOG-knappen igen.

 

Sedan gör du likadant med nästa logg.

 

[joscariot]

[log]

DDS (Ver_09-12-01.01) - NTFSx86

Run by Joscariot at 20:19:06,75 on 2009-12-03

Internet Explorer: 8.0.6001.18828

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2038.914 [GMT 1:00]

 

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Users\JOSCAR~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\igfxsrvc.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Joscariot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJD2GUXO\dds[1].scr

C:\Windows\system32\conime.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com

uStart Page = hxxp://www.eniro.se/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://sv.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://sv.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [Acer Tour Reminder]

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Acer Tour]

mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [eRecoveryService]

mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [skytel] Skytel.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\users\joscar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\windows\system32\VetRedir.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {71376C27-343A-4076-A4FC-DE8309A3DEDD} = 130.244.127.161 130.244.127.169

Notify: igfxcui - igfxdev.dll

 

============= SERVICES / DRIVERS ===============

 

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]

 

=============== Created Last 30 ================

 

2009-11-29 22:23:28 0 d-----w- c:\programdata\Real

2009-11-28 00:49:14 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 21:03:35 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-25 21:03:34 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-25 21:03:22 714240 ----a-w- c:\windows\system32\timedate.cpl

2009-11-17 16:16:36 0 d-----w- c:\program files\Windows Portable Devices

2009-11-17 16:08:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-11-17 16:07:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-17 00:05:35 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-11-17 00:04:17 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-11-17 00:04:17 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-11-17 00:04:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-11-12 20:48:28 2036736 ----a-w- c:\windows\system32\win32k.sys

2009-11-12 20:48:20 355328 ----a-w- c:\windows\system32\WSDApi.dll

2009-11-05 16:25:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb

 

==================== Find3M ====================

 

2009-12-03 13:40:38 597836 ----a-w- c:\windows\system32\perfh01D.dat

2009-12-03 13:40:38 117416 ----a-w- c:\windows\system32\perfc01D.dat

2009-12-02 14:17:17 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys

2009-12-02 14:17:17 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-12-02 14:17:17 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-12-02 14:17:17 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-12-02 14:17:17 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-12-02 14:17:17 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys

2009-11-17 16:16:31 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-17 16:16:31 51200 ----a-w- c:\windows\inf\infpub.dat

2009-11-17 16:16:31 143360 ----a-w- c:\windows\inf\infstrng.dat

2009-11-17 16:16:31 143360 ----a-w- c:\windows\inf\infstor.dat

2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-28 09:38:23 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-10-28 09:38:21 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-14 19:27:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll

2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll

2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll

2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll

2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll

2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll

2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe

2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll

2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll

2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll

2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll

2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll

2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll

2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll

2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll

2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll

2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll

2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll

2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv

2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2009-09-19 22:20:40 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont

2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe

2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2008-07-23 20:50:42 174 --sha-w- c:\program files\desktop.ini

2007-10-18 04:14:16 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2007-10-18 04:14:16 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2007-10-18 04:14:16 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2007-10-18 04:14:16 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

 

============= FINISH: 20:22:56,37 ===============

[/log][log]

DDS (Ver_09-12-01.01) - NTFSx86

Run by Joscariot at 20:19:06,75 on 2009-12-03

Internet Explorer: 8.0.6001.18828

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2038.914 [GMT 1:00]

 

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Users\JOSCAR~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\igfxsrvc.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Joscariot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJD2GUXO\dds[1].scr

C:\Windows\system32\conime.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com

uStart Page = hxxp://www.eniro.se/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://sv.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://sv.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [Acer Tour Reminder]

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Acer Tour]

mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [eRecoveryService]

mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [skytel] Skytel.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\users\joscar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\windows\system32\VetRedir.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {71376C27-343A-4076-A4FC-DE8309A3DEDD} = 130.244.127.161 130.244.127.169

Notify: igfxcui - igfxdev.dll

 

============= SERVICES / DRIVERS ===============

 

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]

 

=============== Created Last 30 ================

 

2009-11-29 22:23:28 0 d-----w- c:\programdata\Real

2009-11-28 00:49:14 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 21:03:35 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-25 21:03:34 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-25 21:03:22 714240 ----a-w- c:\windows\system32\timedate.cpl

2009-11-17 16:16:36 0 d-----w- c:\program files\Windows Portable Devices

2009-11-17 16:08:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-11-17 16:07:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-17 00:05:35 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-11-17 00:04:17 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-11-17 00:04:17 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-11-17 00:04:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-11-12 20:48:28 2036736 ----a-w- c:\windows\system32\win32k.sys

2009-11-12 20:48:20 355328 ----a-w- c:\windows\system32\WSDApi.dll

2009-11-05 16:25:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb

 

==================== Find3M ====================

 

2009-12-03 13:40:38 597836 ----a-w- c:\windows\system32\perfh01D.dat

2009-12-03 13:40:38 117416 ----a-w- c:\windows\system32\perfc01D.dat

2009-12-02 14:17:17 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys

2009-12-02 14:17:17 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-12-02 14:17:17 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-12-02 14:17:17 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-12-02 14:17:17 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-12-02 14:17:17 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys

2009-11-17 16:16:31 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-17 16:16:31 51200 ----a-w- c:\windows\inf\infpub.dat

2009-11-17 16:16:31 143360 ----a-w- c:\windows\inf\infstrng.dat

2009-11-17 16:16:31 143360 ----a-w- c:\windows\inf\infstor.dat

2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-28 09:38:23 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-10-28 09:38:21 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-14 19:27:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll

2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll

2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll

2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll

2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll

2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll

2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe

2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll

2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll

2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll

2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll

2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll

2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll

2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll

2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll

2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll

2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll

2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll

2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv

2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2009-09-19 22:20:40 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont

2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe

2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2008-07-23 20:50:42 174 --sha-w- c:\program files\desktop.ini

2007-10-18 04:14:16 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2007-10-18 04:14:16 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2007-10-18 04:14:16 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2007-10-18 04:14:16 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

 

============= FINISH: 20:22:56,37 ===============

[/log]

 

[joscariot]

Hejsan Cecilia!

Nu verkar det ha funkat, skillnaden idag mot igår var att jag tryckte två log mellan utklippen, hur ger jag dig poäng föresten?

 

 

 

Johan

 

[Cecilia]

Poäng är inte så viktigt, det viktiga är att du blir nöjd. Men annars så hittar du texten Poäng i högra övre hörnet av inläggen och det är bara att klicka på den.

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här. Upprepa med nästa filnamn.

c:\windows\system32\win32k.sys

 

Du har klistrat in samma logg två gånger så om du klistrar in Attach-loggen också så blir det bra.

 

[joscariot]

http://www.virustotal.com/sv/analisis/46f48468f9722c42ca83c7386f6eafe5a2a9d1bf1f061b39a2e9e869b418d380-1259862672

 

I vanlig ordning vet jag inte om det är rätt som jag har gjort men här under bör attachefilen vara och över är det svar jag fick när Virustotal kollade min c:\windows\system32\win32k.sys.

 

 

Johan

 

[log]

DDS (Ver_09-12-01.01) - NTFSx86

Run by Joscariot at 20:19:06,75 on 2009-12-03

Internet Explorer: 8.0.6001.18828

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2038.914 [GMT 1:00]

 

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Users\JOSCAR~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\igfxsrvc.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Joscariot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJD2GUXO\dds[1].scr

C:\Windows\system32\conime.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com

uStart Page = hxxp://www.eniro.se/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://sv.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://sv.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [Acer Tour Reminder]

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Acer Tour]

mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [eRecoveryService]

mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [skytel] Skytel.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\users\joscar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\windows\system32\VetRedir.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {71376C27-343A-4076-A4FC-DE8309A3DEDD} = 130.244.127.161 130.244.127.169

Notify: igfxcui - igfxdev.dll

 

============= SERVICES / DRIVERS ===============

 

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]

 

=============== Created Last 30 ================

 

2009-11-29 22:23:28 0 d-----w- c:\programdata\Real

2009-11-28 00:49:14 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 21:03:35 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-25 21:03:34 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-25 21:03:22 714240 ----a-w- c:\windows\system32\timedate.cpl

2009-11-17 16:16:36 0 d-----w- c:\program files\Windows Portable Devices

2009-11-17 16:08:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-11-17 16:07:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-17 00:05:35 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-11-17 00:04:17 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-11-17 00:04:17 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-11-17 00:04:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-11-12 20:48:28 2036736 ----a-w- c:\windows\system32\win32k.sys

2009-11-12 20:48:20 355328 ----a-w- c:\windows\system32\WSDApi.dll

2009-11-05 16:25:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb

 

==================== Find3M ====================

 

2009-12-03 13:40:38 597836 ----a-w- c:\windows\system32\perfh01D.dat

2009-12-03 13:40:38 117416 ----a-w- c:\windows\system32\perfc01D.dat

2009-12-02 14:17:17 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys

2009-12-02 14:17:17 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-12-02 14:17:17 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-12-02 14:17:17 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-12-02 14:17:17 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-12-02 14:17:17 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys

2009-11-17 16:16:31 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-17 16:16:31 51200 ----a-w- c:\windows\inf\infpub.dat

2009-11-17 16:16:31 143360 ----a-w- c:\windows\inf\infstrng.dat

2009-11-17 16:16:31 143360 ----a-w- c:\windows\inf\infstor.dat

2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-28 09:38:23 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-10-28 09:38:21 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-14 19:27:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll

2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll

2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll

2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll

2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll

2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll

2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe

2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll

2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll

2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll

2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll

2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll

2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll

2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll

2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll

2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll

2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll

2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll

2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv

2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2009-09-19 22:20:40 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont

2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe

2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2008-07-23 20:50:42 174 --sha-w- c:\program files\desktop.ini

2007-10-18 04:14:16 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2007-10-18 04:14:16 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2007-10-18 04:14:16 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2007-10-18 04:14:16 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

 

============= FINISH: 20:22:56,37 ===============

[/log]

 

[joscariot]

Jag såg nu att DDS och attachefilen innehåller samma sak

 

 

 

Johan

 

[Cecilia]

Kör om DDS så att du får ut nya loggar.

 

[joscariot]

[log]

DDS (Ver_09-12-01.01) - NTFSx86

Run by Joscariot at 21:55:25,63 on 2009-12-04

Internet Explorer: 8.0.6001.18828

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2038.776 [GMT 1:00]

 

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Windows\system32\taskeng.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Users\JOSCAR~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe

C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Joscariot\Desktop\dds2.scr

C:\Windows\system32\conime.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com

uStart Page = hxxp://www.eniro.se/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://sv.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://sv.intl.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [Acer Tour Reminder]

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Acer Tour]

mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [eRecoveryService]

mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [skytel] Skytel.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\users\joscar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\windows\system32\VetRedir.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {71376C27-343A-4076-A4FC-DE8309A3DEDD} = 130.244.127.161 130.244.127.169

Notify: igfxcui - igfxdev.dll

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-13 64288]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]

 

=============== Created Last 30 ================

 

2009-11-29 22:23:28 0 d-----w- c:\programdata\Real

2009-11-28 00:49:14 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 21:03:35 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-25 21:03:34 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-25 21:03:22 714240 ----a-w- c:\windows\system32\timedate.cpl

2009-11-17 16:16:36 0 d-----w- c:\program files\Windows Portable Devices

2009-11-17 16:08:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-11-17 16:07:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-17 00:05:35 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-11-17 00:04:17 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-11-17 00:04:17 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-11-17 00:04:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-11-12 20:48:28 2036736 ----a-w- c:\windows\system32\win32k.sys

2009-11-12 20:48:20 355328 ----a-w- c:\windows\system32\WSDApi.dll

2009-11-05 16:25:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb

 

==================== Find3M ====================

 

2009-12-04 08:22:35 597836 ----a-w- c:\windows\system32\perfh01D.dat

2009-12-04 08:22:35 117416 ----a-w- c:\windows\system32\perfc01D.dat

2009-12-02 14:17:17 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys

2009-12-02 14:17:17 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-12-02 14:17:17 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-12-02 14:17:17 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-12-02 14:17:17 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-12-02 14:17:17 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys

2009-11-17 16:16:31 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-17 16:16:31 51200 ----a-w- c:\windows\inf\infpub.dat

2009-11-17 16:16:31 143360 ----a-w- c:\windows\inf\infstrng.dat

2009-11-17 16:16:31 143360 ----a-w- c:\windows\inf\infstor.dat

2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-28 09:38:23 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-10-28 09:38:21 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-14 19:27:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll

2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll

2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll

2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll

2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll

2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll

2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe

2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll

2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll

2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll

2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll

2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll

2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll

2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll

2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll

2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll

2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll

2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll

2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv

2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2009-09-19 22:20:40 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont

2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe

2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2008-07-23 20:50:42 174 --sha-w- c:\program files\desktop.ini

2007-10-18 04:14:16 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2007-10-18 04:14:16 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2007-10-18 04:14:16 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2007-10-18 04:14:16 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

 

============= FINISH: 21:58:55,33 ===============

[/log][log]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-12-01.01)

 

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2008-03-31 20:23:44

System Uptime: 2009-12-04 09:13:56 (12 hours ago)

 

Motherboard: Acer | | Calado

Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz | U2E1 | 1600/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 70 GiB total, 35,282 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 64,062 GiB free.

E: is CDROM ()

F: is CDROM (CDFS)

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Broadcom NetLink Gigabit Ethernet

Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&28AF476&0&00E0

Manufacturer: Broadcom

Name: Broadcom NetLink Gigabit Ethernet

PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&28AF476&0&00E0

Service: b57nd60x

 

==== Installed Programs ======================

 

Acer Arcade Deluxe

Acer Crystal Eye webcam

Acer eAudio Management

Acer eDataSecurity Management

Acer eLock Management

Acer Empowering Technology

Acer eNet Management

Acer ePower Management

Acer ePresentation Management

Acer eSettings Management

Acer GridVista

Acer Mobility Center Plug-In

Acer Tour

Activation Assistant for the 2007 Microsoft Office suites

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.7

Adobe Shockwave Player 11.5

Apple Application Support

Apple Software Update

Broadcom Gigabit Integrated Controller

CA Anti-Virus

Canon iP3600 series användarregistrering

Canon iP3600 series Printer Driver

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Edison Bokföring

Google Toolbar for Internet Explorer

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Inkjet Printer/Scanner Extended Survey Program

Inloggningsassistent för Windows Live ID

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Java 6 Update 17

Java 6 Update 5

Java 6 Update 7

Launch Manager

LightScribe 1.4.142.1

Microsoft .NET Framework 3.5 Language Pack SP1 - sve

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel 2007 Help Uppdatering (KB963678)

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.4

Microsoft Office OneNote MUI (Swedish) 2007

Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Word 2007 Help Uppdatering (KB963665)

Microsoft Office Word MUI (Swedish) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mobile Connect

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

OGA Notifier 2.0.0048.0

OpenOffice.org 3.0

Orion

PDF-XChange 3

PowerProducer 3.72

QuickTime

RealPlayer

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB973704)

Security Update for Microsoft Office Excel 2007 (KB973593)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

SPCS Administration 500

Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve

Synaptics Pointing Device Driver

TypingMaster Pro

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Word 2007 (KB974561)

WIDCOMM Bluetooth Software 6.0.1.3900

VideoLAN VLC media player 0.8.6h

Windows Live installer

Windows Live Mail

Windows Live Messenger

WinRAR archiver

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Yahoo! Toolbar

 

==== End Of File ===========================

[/log]

 

[Cecilia]

Innehåller inte CA Internet Security Suite en brandvägg? För det ser inte ut som att det är någon brandvägg igång i datorn.

 

Är det senaste versionen av CA Internet Security? Den verkar inte ha något skydd mot rootkit-infektioner och det bör man verkligen ha numera.

 

2009-11-29 22:23:28 0 d-----w- c:\programdata\Real

Är det sedan ovanstående tidpunkt som dessa användarkontroll-fönster dyker upp?

 

Det är två gamla Java-versioner med säkerhetshål i datorn.Avinstallera:

Java™ 6 Update 5

Java™ 6 Update 7

 

Men det syns inte till något där så vi får kolla lite djupare. Ladda ner Malwarebytes Anti-Malware (MBAM) från:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.[/log]

 

[joscariot]

Hejsan Cecilia!

 

Nu har jag avinstallerat Java 5 och 7 samt kört malware som inte hittade något illasinnat. Nu kommer även en popup upp som säger att jag ska uppdatera till Java 17, som jag enligt kontrollpanelen redan har plus den gamla vanliga. Bör jag även avisnstallera Java 17?

 

Johan

 

[log]Malwarebytes' Anti-Malware 1.42

Databasversion: 3302

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18828

 

2009-12-06 01:45:19

mbam-log-2009-12-06 (01-45-19).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 96767

Förfluten tid: 29 minute(s), 9 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

[Cecilia]

som jag enligt kontrollpanelen redan har plus den gamla vanliga.

Vad menar du med "den gamla vanliga"?

 

Är det något som är svårt att förstå med mina andra frågor?

 

[joscariot]

Hej igen Cecilia!

 

 

Den gamla vanliga är den popuppen som gjorde att jag tog kontakt med E-forum från början, dvs att nu kommer det fram två popupper, en som vill att jag ska installera Java 6 update 17 som jag enligt kontrollpanelen redan har samt den gamla vanliga, ett installationsprogram för tillägg i internet explorer. Brandvägg ska ligga i windows säkerhetscenter och är aktiverat och ska ta emot uppdateringar. CA security center skall vara uppdaterat. Allt funkar men likväl dyker dessa popups upp.

 

Johan

 

[Cecilia]

Du får nog ta och ladda upp skärmdumpar så jag ser hur det ser ut. Du har inte heller svarat på om det har med webbläsaren att göra.

 

[joscariot]

Jag skrev ju att det är internet explorer som vill installera något plus att Java vill installera Java 6 update 17 som jag enligt kotrollpanelen redan har. Print screen har inte funkat hittills så jag har inte kunnat få fram någon skärmdump men däremot har jag återgett dem så tydligt som möjligt. Skärmen blir svart sen dyker en pop up upp och den vet jag inte hur jag gör för att kopiera då den låser resten av systemet tills man trycker på avbryt.

 

Johan

 

[Cecilia]

Okej, nu skrev du ju mycket bättre, (nästan) svart och allt annat låses ute. Det kommer inte från Internet Explorer utan från Windows. Jag hade kanske förstått det från början om det här inte hade legat i forumet för Windows XP som ju inte har UAC (User Access Control, Användarkontroll). Jag trycker på Moderator-knappen och ber moderatorn flytta tråden till Vista-forumet.

 

Det är något program som behöver fulla rättigheter till datorn och frågar om du vill ge programmet det. Det är normalt vid installationer, avinstallationer och liknande.

 

Alternativ 1: Ett lösenord efterfrågas i popupen

Har du ändrat till konto från ett administratörskonto till ett vanligt användarkonto? Det är lösenordet till administratörskontot som efterfrågas.

 

Alternativ 2: En av knapparna är Fortsätt

Har du just slagit på UAC i Säkerhetscentret eftersom du inte känner igen den sen tidigare?

 

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows