Atlas DM

[SteelyDan]

Hej!

 

Processorn har varit hårt belastad under även enkla operationer den senaste tiden.

Hårddisken "tuggar" konstant och jag scannade då med Panda online som fann "Atlas DM" en sk. spårningscookie. Varken Malwarebytes eller mitt norton har funnt något så "tugget" har fått pågå ett tag.

 

Nu vill jag bli av med böset

 

(DDS logg+ attach.)

 

DDS (Ver_10-03-17.01) - NTFSX64 Run by Christian at 0:19:10,86 on 2010-06-12Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3999.2395 [GMT 2:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Program Files\Acer\Acer ePower Management\ePowerSvc.exeC:\Program Files (x86)\Acer\Registration\GregHSRW.exeC:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exeC:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exeC:\Program Files (x86)\Acer\Acer VCM\RS_Service.exeC:\Program Files\Acer\Acer Updater\UpdaterService.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\PLFSetI.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\StikyNot.exeC:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exeC:\Windows\system32\igfxext.exeC:\Users\Christian\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Launch Manager\LManager.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Acer\Acer ePower Management\ePowerEvent.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Emotum\Mobile Broadband\Mobile.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exeC:\Program Files (x86)\Winamp\winamp.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Christian\Desktop\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_1810tz&r=273603101406l0463z1h5t4431d83quDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_1810tz&r=273603101406l0463z1h5t4431d83qmDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_1810tz&r=273603101406l0463z1h5t4431d83qmStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_1810tz&r=273603101406l0463z1h5t4431d83qmLocal Page = c:\windows\syswow64\blank.htmBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.7.0.12\IPSBHO.DLLBHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dlluRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [Google Update] "c:\users\christian\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exemRun: [EgisTecLiveUpdate] "c:\program files (x86)\egistec egis software update\EgisUpdate.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDEDmRun: [LManager] c:\program files (x86)\launch manager\LManager.exemRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files (x86)\acer\acer vcm\AcerVCM.exeStartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)mPolicies-system: ConsentPromptbehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptbehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlIE: Skicka bild till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLLDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cabDPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabTCP: {A1B89703-ED91-4062-A532-45F6E29BF357} = 195.54.122.211 195.54.122.221Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files (x86)\acer\acer vcm\Skype4COM.dllNotify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLLTB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FilemRun-x64: [iAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exemRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exemRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exemRun-x64: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exemRun-x64: [mwlDaemon] c:\program files (x86)\egistec\mywinlocker 3\x86\mwlDaemon.exemRun-x64: [igfxTray] c:\windows\system32\igfxtray.exemRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun-x64: [Persistence] c:\windows\system32\igfxpers.exemRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun-x64: [PLFSetI] c:\windows\PLFSetI.exeIE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm============= SERVICES / DRIVERS ===============R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2010-4-7 33800]R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-5-21 433200]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-5-21 221232]R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100429.001\BHDrvx64.sys [2010-4-29 678448]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-5-21 615040]R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100604.004\IDSviA64.sys [2010-6-9 463408]R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 22576]R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 20016]R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-5-21 150064]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1107000.00c\symtdiv.sys [2010-5-21 451120]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-10-29 844320]R2 Greg_Service;GRegService;c:\program files (x86)\acer\registration\GregHSRW.exe [2009-8-28 1150496]R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-4-16 304464]R2 MWLService;MyWinLocker Service;c:\program files (x86)\egistec\mywinlocker 3\x86\MWLService.exe [2009-9-10 305448]R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-21 126392]R2 RS_Service;Raw Socket Service;c:\program files (x86)\acer\acer vcm\RS_Service.exe [2009-10-29 253952]R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-10-29 240160]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 132656]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-5-6 114304]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-29 139264]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x64.sys [2009-10-29 57344]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-16 24664]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2009-10-29 6952960]S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-2-17 66632]S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-7 135664]S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-5-26 40448]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-10-29 52264]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-1-3 35104]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-2-17 12872]S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-19 1255736]=============== Created Last 30 ================2010-05-26 09:55:51 2048 ----a-w- c:\windows\syswow64\tzres.dll2010-05-26 09:55:51 2048 ----a-w- c:\windows\system32\tzres.dll2010-05-24 11:43:08 0 d-----w- c:\users\christ~1\appdata\roaming\Facebook2010-05-21 14:42:28 53808 ----a-r- c:\windows\system32\drivers\SymIMV.sys2010-05-19 10:32:19 0 d-----w- c:\windows\syswow64\Wat2010-05-19 10:32:17 0 d-----w- c:\windows\system32\Wat2010-05-18 12:41:03 0 d-----w- c:\users\christian\Tracing==================== Find3M ====================2010-06-03 20:47:58 617470 ----a-w- c:\windows\system32\perfh01D.dat2010-06-03 20:47:58 120802 ----a-w- c:\windows\system32\perfc01D.dat2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys2010-04-29 13:39:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys2010-04-07 17:34:46 153376 ----a-w- c:\windows\syswow64\javaws.exe2010-04-07 17:34:46 145184 ----a-w- c:\windows\syswow64\javaw.exe2010-04-07 17:34:43 411368 ----a-w- c:\windows\syswow64\deploytk.dll2010-04-07 17:34:43 145184 ----a-w- c:\windows\syswow64\java.exe2010-04-02 17:16:55 84032 ----a-w- c:\windows\War3Unin.dat2010-04-02 00:29:35 94208 ----a-w- c:\windows\ScUnin.exe2010-04-02 00:29:35 38407 ----a-w- c:\windows\scunin.dat2010-04-02 00:21:35 2829 ----a-w- c:\windows\War3Unin.pif2010-04-02 00:21:35 139264 ----a-w- c:\windows\War3Unin.exe2010-03-31 23:19:26 466456 ----a-w- c:\windows\system32\wrap_oal.dll2010-03-31 23:19:26 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll2010-03-31 23:19:26 122904 ----a-w- c:\windows\system32\OpenAL32.dll2010-03-31 23:19:26 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2009-02-10 19:23:42 192484 ----a-w- c:\program files (x86)\common files\Acer GameZone online.ico2008-01-03 15:07:26 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat2008-01-03 15:07:26 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat2008-01-03 15:07:26 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat2008-01-03 15:07:26 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe============= FINISH: 0:20:25,09 ===============

 

 

 

Tacksam för svar!

 

MVh

 

/B

Attach.txt

[Mats H]

Hej,

kan du klistra in DDS loggen i din tråd utan knappar, så blir den mera lättläst!

Tackar på förhand!

Mvh

Mats H

[SteelyDan]

Ok, redigerade så den syns.

/B

[Mats H]

Ok, redigerade så den syns.

/B

 

Tack!

Men det ska se ut så här:

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

 

Osv, då kan vi läsa rad för rad!

kan du fixa det?

Mvh

Mats H

[Cecilia]

När det gäller netstat-utskriften så är det inringade http eller https vilket är de portar som används för webbsidor, dvs det är din webbläsare som hämtar sidor från två IP-adresser som hör till Microsoft.

[SteelyDan]

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXEC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\igfxsrvc.exe'

C:\Windows\PLFSetI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Windows\system32\igfxext.exe

C:\Users\Christian\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Launch Manager\LManager.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Emotum\Mobile Broadband\Mobile.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Christian\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Christian\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_1810tz&r=273603101406l0463z1h5t4431d83quDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_1810tz&r=273603101406l0463z1h5t4431d83qmDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_1810tz&r=273603101406l0463z1h5t4431d83qmStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_1810tz&r=273603101406l0463z1h5t4431d83qmLocal Page = c:\windows\syswow64\blank.htmBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} -

c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} -

c:\program files (x86)\norton internet security\engine\17.7.0.12\IPSBHO.DLLBHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} -

c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files (x86)\java\jre6\bin\jp2ssv.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dlluRun: [sidebar]

c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [Google Update] "c:\users\christian\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exemRun: [EgisTecLiveUpdate] "

c:\program files (x86)\egistec egis software update\EgisUpdate.exe"mRun: [Adobe Reader Speed Launcher] "

c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDEDmRun: [LManager] c:\program files (x86)\launch manager\LManager.exemRun: [sunJavaUpdateSched] "

c:\program files (x86)\common files\java\java update\jusched.exe"mRun: [Adobe ARM] "

c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\acervc~1.lnk -

c:\program files (x86)\acer\acer vcm\AcerVCM.exeStartupFolder:

c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk -

c:\program files\widcomm\bluetooth software\BTTray.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)mPolicies-system: ConsentPromptbehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptbehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel -

c:\progra~2\micros~1\office12\EXCEL.EXE/3000IE: Google Sidewiki... -

c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlIE: Skicka bild till &Bluetooth-enhet... -

c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Skicka sida till &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} -

c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -

c:\program files (x86)\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

 

c:\progra~2\micros~1\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLLDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cabDPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabTCP: {A1B89703-ED91-4062-A532-45F6E29BF357} = 195.54.122.211 195.54.122.221Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

 

c:\program files (x86)\acer\acer vcm\Skype4COM.dllNotify: !SASWinLogon -

c:\program files (x86)\superantispyware\SASWINLO.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} -

c:\program files (x86)\superantispyware\SASSEH.DLLTB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FilemRun-x64: [iAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exemRun-x64: [AmIcoSinglun64]

c:\program files (x86)\amicosinglun\AmIcoSinglun64.exemRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exemRun-x64: [Acer ePower Management]

 

c:\program files\acer\acer epower management\ePowerTray.exemRun-x64: [mwlDaemon]

c:\program files (x86)\egistec\mywinlocker 3\x86\mwlDaemon.exemRun-x64: [igfxTray]

c:\windows\system32\igfxtray.exemRun-x64: [HotKeysCmds]

c:\windows\system32\hkcmd.exemRun-x64: [Persistence]

c:\windows\system32\igfxpers.exemRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun-x64: [PLFSetI]

c:\windows\PLFSetI.exeIE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} -

c:\program files\widcomm\bluetooth software\btsendto_ie.htm============= SERVICES / DRIVERS ===============R0 pavboot;pavboot;

c:\windows\system32\drivers\pavboot64.sys [2010-4-7 33800]R0 SymDS;Symantec Data Store;

c:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-5-21 433200]R0 SymEFA;Symantec Extended File Attributes;

c:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-5-21 221232]R1 BHDrvx64;BHDrvx64;

c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100429.001\BHDrvx64.sys [2010-4-29 678448]R1 ccHP;Symantec Hash Provider;

c:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-5-21 615040]R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100604.004\IDSviA64.sys [2010-6-9 463408]R1 mwlPSDFilter;mwlPSDFilter;

c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 22576]R1 mwlPSDNServ;mwlPSDNServ;

c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 20016]R1 mwlPSDVDisk;mwlPSDVDisk;

c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]R1 SymIRON;Symantec Iron Driver;

c:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-5-21 150064]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;

c:\windows\system32\drivers\nisx64\1107000.00c\symtdiv.sys [2010-5-21 451120]R1 vwififlt;Virtual WiFi Filter Driver;

c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-10-29 844320]R2 Greg_Service;GRegService;

c:\program files (x86)\acer\registration\GregHSRW.exe [2009-8-28 1150496]R2 MBAMService;MBAMService;

c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-4-16 304464]R2 MWLService;MyWinLocker Service;

c:\program files (x86)\egistec\mywinlocker 3\x86\MWLService.exe [2009-9-10 305448]R2 NIS;Norton Internet Security;

c:\program files (x86)\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-21 126392]R2 RS_Service;Raw Socket Service;

c:\program files (x86)\acer\acer vcm\RS_Service.exe [2009-10-29 253952]R2 Updater Service;Updater Service;

c:\program files\acer\acer updater\UpdaterService.exe [2009-10-29 240160]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;

c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 132656]R3 hwusbdev;Huawei DataCard USB PNP Device;

c:\windows\system32\drivers\ewusbdev.sys [2010-5-6 114304]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;

c:\windows\system32\drivers\IntcHdmi.sys [2009-10-29 139264]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);

c:\windows\system32\drivers\L1C62x64.sys [2009-10-29 57344]R3 MBAMProtector;MBAMProtector;

c:\windows\system32\drivers\mbam.sys [2010-4-16 24664]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;

c:\windows\system32\drivers\NETw5s64.sys [2009-10-29 6952960]S1 SASDIFSV;SASDIFSV;

c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]S1 SASKUTIL;SASKUTIL;

c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-2-17 66632]S2 gupdate;Google Update Service (gupdate);

c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-7 135664]S3 AmUStor;AM USB Stroage Driver;

c:\windows\system32\drivers\AmUStor.sys [2009-5-26 40448]S3 btusbflt;Bluetooth USB Filter;

c:\windows\system32\drivers\btusbflt.sys [2009-10-29 52264]S3 btwl2cap;Bluetooth L2CAP Service;

c:\windows\system32\drivers\btwl2cap.sys [2008-1-3 35104]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;

c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]S3 SASENUM;SASENUM;

c:\program files (x86)\superantispyware\SASENUM.SYS [2010-2-17 12872]S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;

c:\windows\system32\wat\WatAdminSvc.exe [2010-5-19 1255736]=============== Created Last 30 ================2010-05-26 09:55:51 2048 ----a-w-

c:\windows\syswow64\tzres.dll2010-05-26 09:55:51 2048 ----a-w- c:\windows\system32\tzres.dll2010-05-24 11:43:08 0 d-----w-

c:\users\christ~1\appdata\roaming\Facebook2010-05-21 14:42:28 53808 ----a-r-

c:\windows\system32\drivers\SymIMV.sys2010-05-19 10:32:19 0 d-----w-

c:\windows\syswow64\Wat2010-05-19 10:32:17 0 d-----w-

c:\windows\system32\Wat2010-05-18 12:41:03 0 d-----w- c:\users\christian\Tracing==================== Find3M ====================2010-06-03 20:47:58 617470 ----a-w-

c:\windows\system32\perfh01D.dat2010-06-03 20:47:58 120802 ----a-w-

c:\windows\system32\perfc01D.dat2010-05-27 07:24:13 34304 ----a-w-

c:\windows\syswow64\atmlib.dll2010-05-27 06:34:09 46080 ----a-w-

c:\windows\system32\atmlib.dll2010-05-27 04:11:32 366080 ----a-w-

c:\windows\system32\atmfd.dll2010-05-27 03:49:37 293888 ----a-w-

c:\windows\syswow64\atmfd.dll2010-05-21 05:52:30 1192960 ----a-w-

c:\windows\system32\wininet.dll2010-05-21 05:18:06 977920 ----a-w-

c:\windows\syswow64\wininet.dll2010-05-21 05:14:50 48128 ----a-w-

c:\windows\syswow64\jsproxy.dll2010-05-06 12:42:05 1225216 ----a-w-

c:\windows\syswow64\urlmon.dll2010-05-06 12:41:55 606208 ----a-w-

c:\windows\syswow64\mstime.dll2010-05-06 12:41:53 64512 ----a-w-

c:\windows\syswow64\msfeedsbs.dll2010-05-06 12:41:53 5970944 ----a-w-

c:\windows\syswow64\mshtml.dll2010-05-06 12:41:49 381440 ----a-w-

c:\windows\syswow64\iedkcs32.dll2010-05-06 12:41:49 10984448 ----a-w-

c:\windows\syswow64\ieframe.dll2010-05-01 15:07:05 3122176 ----a-w-

c:\windows\system32\win32k.sys2010-04-29 13:39:28 24664 ----a-w-

c:\windows\system32\drivers\mbam.sys2010-04-07 17:34:46 153376 ----a-w-

c:\windows\syswow64\javaws.exe2010-04-07 17:34:46 145184 ----a-w-

c:\windows\syswow64\javaw.exe2010-04-07 17:34:43 411368 ----a-w-

c:\windows\syswow64\deploytk.dll2010-04-07 17:34:43 145184 ----a-w-

c:\windows\syswow64\java.exe2010-04-02 17:16:55 84032 ----a-w-

c:\windows\War3Unin.dat2010-04-02 00:29:35 94208 ----a-w-

c:\windows\ScUnin.exe2010-04-02 00:29:35 38407 ----a-w-

c:\windows\scunin.dat2010-04-02 00:21:35 2829 ----a-w-

c:\windows\War3Unin.pif2010-04-02 00:21:35 139264 ----a-w-

c:\windows\War3Unin.exe2010-03-31 23:19:26 466456 ----a-w-

c:\windows\system32\wrap_oal.dll2010-03-31 23:19:26 444952 ----a-w-

c:\windows\syswow64\wrap_oal.dll2010-03-31 23:19:26 122904 ----a-w-

c:\windows\system32\OpenAL32.dll2010-03-31 23:19:26 109080 ----a-w-

c:\windows\syswow64\OpenAL32.dll2009-07-14 04:54:24 174 --sha-w-

c:\program files\desktop.ini2009-07-14 04:54:24 174 --sha-w-

c:\program files (x86)\desktop.ini2009-07-14 01:00:34 291294 ----a-w-

c:\windows\inf\perflib\0000\perfi.dat2009-07-14 01:00:34 291294 ----a-w-

c:\windows\inf\perflib\0000\perfh.dat2009-07-14 01:00:32 31548 ----a-w-

c:\windows\inf\perflib\0000\perfd.dat2009-07-14 01:00:32 31548 ----a-w-

c:\windows\inf\perflib\0000\perfc.dat2009-02-10 19:23:42 192484 ----a-w-

c:\program files (x86)\common files\Acer GameZone online.ico2008-01-03 15:07:26 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat2008-01-03 15:07:26 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat2008-01-03 15:07:26 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat2008-01-03 15:07:26 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe=

[SteelyDan]

Ok, tack Cecilia!

Fått för mig att det absolut inte skall stå några adresser i netstat direkt efter uppstarten. Därför reagerade jag där.

 

Mitt mobila internet modem kopplas ur, och internet kopplas ned konstant för mig.

Detta plus att hårdisken tuggar hela tiden gör mig fundersam. Atlas kanske inte är världens farligaste heller dock.

 

/B

[Mats H]

Hej,

tack för ändringen, nu lite mera lättläst.

Ser att du har Malwarebytes i datorn, kan köra en snabbskann med den.

Och återkom med en logg här från den med.

Hittar den något, återkom då med loggen innan, du eventuellt startar om datorn.

Mvh

Mats H

[Cecilia]

Atlas kanske inte är världens farligaste heller dock.

Cookies är aldrig farliga för datorn och påverkar den inte det minsta.