*** Den stora Hijackthis-tråden ***

Mystiska saker kvarlämnade värda att undersöka/inaktivera mha msconfig.msc eller Sysinternals AUTORUNS. Det fanns även fler men du bör köra Superantispyware, Combofox och GMER efter att ha inaktivera nedanstående. Se till att avaktivera PROXY i Internetinställningarna->Anslutning->LAN

ser inget malware i loggen, hur märker du av nåt problem?

har du inte gjort en snabb scan med malwarebytes antimalware så gör det

Vad som hände var att när jag öppnade en wmw-fil så ändrades startsidan i alla browsers till "i am wired" plus att en divx-player installerades automatiskt. Jag sökte igenom med malwarebytes som hitta ett virus och tog bort det. Senare när jag gick in på en vanlig sida med java öppnades ett nytt internetfönster som försökte ansluta till nån konstig sida. Då reagerade nod32 och defender som blockerade två trojanattacker. Efter det hittade trojan defender ytterligare två hot.

Hasenfrasen, hur inaktiverar jag dessa? gör jag det i hijackthis genom att trycka på "fix checked" eller?
Citat:
Ursprungligen postat av echaufferad
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Lokal tjänst')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Nätverkstjänst')
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF15516C-2BDC-4B9C-93B2-5E524E98DA01}: NameServer = 80.67.0.2 91.213.246.2
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

portlane är din isp?

då måste vi kolla med lite loggar.
kör filen, välj scan och följ anvisningarna. hittas skadlig fil så välj cure, hittas misstänkt fil så välj skip.
posta txt filen som lägger sig under C:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

spara nån av filerna på skrivbordet och kör den. det kommer skapas två loggar, du postar innehållet från den som heter dds.txt. blir loggen lång så skicka upp den till fuskbugg.se
http://download.bleepingcomputer.com/sUBs/dds.scr
http://download.bleepingcomputer.com/sUBs/dds.com

Jag har lite funderingar över denna logg när jag körde en DDS scan av min dator:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Taeyeon at 12:32:58,26 on 2010-10-04
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.46.1053.18.4091.2267 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\SysWOW64\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Taeyeon\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Taeyeon\Documents\Deamontools\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
C:\Users\Taeyeon\Documents\Winamp\winampa.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Taeyeon\Documents\Winamp\winamp.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Taeyeon\Documents\Everest Ultimate\EVEREST Ultimate Edition\everest.exe
C:\Users\Taeyeon\Documents\FireFox\firefox.exe
C:\Users\Taeyeon\Documents\FireFox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Taeyeon\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: InternetDownloadToolBar: {376ca00c-3f95-46f7-8f04-e69906e52a1f} - c:\users\taeyeon\documents\youtube downloader\youtubedownloader\IDTB.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: InternetDownloadToolBar: {376ca00c-3f95-46f7-8f04-e69906e52a1f} - c:\users\taeyeon\documents\youtube downloader\youtubedownloader\IDTB.dll
uRun: [DAEMON Tools Lite] "c:\users\taeyeon\documents\deamontools\daemon tools lite\DTLite.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Creative Detector] "c:\program files (x86)\creative\mediasource\detector\CTDetect.exe" /R
mRun: [VitaKeyPdtWzd] "c:\program files (x86)\acer bio protection\PdtWzd.exe"
mRun: [WinampAgent] c:\users\taeyeon\documents\winamp\winampa.exe
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\sta rtup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\sta rtup\bankid~1.lnk - c:\program files (x86)\personal\bin\Personal.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xportera till Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\taeyeon\appdata\roaming\dvdvideosoftiehel pers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\taeyeon\appdata\roaming\dvdvideosoftiehel pers\youtubetomp3.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files (x86)\acer bio protection\PwdBank.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = c:\program files (x86)\acer bio protection\PwdFilterV64
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files (x86)\pixiepack codec pack\InstallerHelper.exe
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
IE-X64: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files (x86)\acer bio protection\PwdBank.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\taeyeon\appdata\roaming\mozilla\firefox\p rofiles\ssjatl48.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.p-league.jp/
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\personal\bin\np_prsnl.dll
FF - plugin: c:\program files (x86)\webzen\webzengamestarter\NPGameWebStarter.dl l
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\taeyeon\documents\opera\program\plugins\n p_gp.dll
FF - plugin: c:\users\taeyeon\documents\opera\program\plugins\N PDocBox.dll
FF - plugin: c:\users\taeyeon\documents\opera\program\plugins\n ppdf32.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

FORTS på Ovanstående inlägg:



---- FIREFOX POLICIES ----
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\users\taeyeon\documents\firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\users\taeyeon\documents\firefox\greprefs\securi ty-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\users\taeyeon\documents\firefox\greprefs\securi ty-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\users\taeyeon\documents\firefox\greprefs\securi ty-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\users\taeyeon\documents\firefox\greprefs\securi ty-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\users\taeyeon\documents\firefox\greprefs\securi ty-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("lightweightThemes.update.enabled", true);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("browser.allTabs.previews", false);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("plugins.update.notifyUser", false);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("browser.videoFeeds.handler", "ask");
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("toolbar.customization.usesheet", false);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("dom.ipc.plugins.enabled", false);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("browser.taskbar.previews.enable", false);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("browser.taskbar.previews.max", 20);
c:\users\taeyeon\documents\firefox\defaults\pref\f irefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 27136]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\x86\ekrn.exe [2009-9-11 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwf p.sys [2009-9-11 44944]
R2 HsfXAudioService;HsfXAudioService;c:\windows\syste m32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
R2 IGBASVC;EgisTec Service;c:\program files (x86)\acer bio protection\BASVC.exe [2010-5-21 3453440]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXH WAZL.sys [2010-5-21 292864]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\taeyeon\documents\everest ultimate\everest ultimate edition\kerneld.amd64 [2010-10-1 26752]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [2009-7-21 6656]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-5-14 5435904]
R3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\drivers\nuvotonhidgeneric. sys [2009-7-21 25088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-5-21 86120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-21 216064]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssflt r.sys [2010-5-22 61288]
S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VS TAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VS TDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\driver s\VSTCNXT6.SYS [2009-7-14 740864]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 50176]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-9 1255736]

FORTS på Ovanstående inlägg:





=============== Created Last 30 ================

2010-10-03 19:33:38 524288 --sha-w- c:\users\taeyeon\ntuser.dat{aa180d72-cf23-11df-9f50-001d72eb336f}.TMContainer00000000000000000002.regt rans-ms
2010-10-03 19:33:37 65536 --sha-w- c:\users\taeyeon\ntuser.dat{aa180d72-cf23-11df-9f50-001d72eb336f}.TM.blf
2010-10-03 19:33:37 524288 --sha-w- c:\users\taeyeon\ntuser.dat{aa180d72-cf23-11df-9f50-001d72eb336f}.TMContainer00000000000000000001.regt rans-ms
2010-10-02 22:15:11 0 d-----w- c:\program files\ESET
2010-09-24 14:23:48 0 d-----w- c:\program files (x86)\RapidSolution
2010-09-24 14:19:14 120 ----a-w- c:\windows\Podcasts.INI
2010-09-24 14:15:17 0 d-----w- c:\program files (x86)\PixiePack Codec Pack
2010-09-24 14:14:29 0 d-----w- c:\programdata\RapidSolution
2010-09-23 06:45:20 0 d-----w- c:\windows\pss
2010-09-09 19:46:12 0 d-----w- c:\windows\syswow64\Wat
2010-09-09 19:46:12 0 d-----w- c:\windows\system32\Wat
2010-09-09 14:43:33 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-09-09 14:42:53 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-09-09 14:42:53 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-09-09 14:42:53 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-09 14:42:53 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-09-09 14:42:53 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-09 14:42:53 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-09-09 14:42:53 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-09-09 14:42:53 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-09-09 14:42:53 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-09-09 14:42:53 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-09 13:44:00 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-09-09 13:44:00 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-09-09 13:42:59 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-09-08 09:58:51 46112 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2010-09-07 10:01:14 0 d-----w- c:\users\taeyeon\appdata\roaming\AVG9
2010-09-04 13:26:47 0 d-----w- c:\programdata\avg9
2010-09-04 13:00:28 0 d-----w- c:\users\taeyeon\appdata\roaming\Malwarebytes
2010-09-04 13:00:16 0 d-----w- c:\programdata\Malwarebytes
2010-09-04 13:00:15 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

==================== Find3M ====================

2010-09-29 14:03:50 620290 ----a-w- c:\windows\system32\perfh01D.dat
2010-09-29 14:03:50 121922 ----a-w- c:\windows\system32\perfc01D.dat
2010-09-05 15:01:14 1439076 ----a-w- c:\windows\fonts\comorimorito_4.otf
2010-09-05 15:01:14 1439076 ----a-w- c:\windows\fonts\comorimorito_3.otf
2010-09-05 15:01:14 1439076 ----a-w- c:\windows\fonts\comorimorito_2.otf
2010-09-05 15:01:14 1439076 ----a-w- c:\windows\fonts\comorimorito_1.otf
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-11 13:13:40 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-07-06 18:24:40 4608 ----a-w- c:\windows\syswow64\w95inf32.dll
2010-07-06 18:24:40 2272 ----a-w- c:\windows\syswow64\w95inf16.dll
2010-07-06 12:11:03 720896 ----a-w- c:\windows\iun6002ev.exe
2009-07-14 12:52:29 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2009-07-14 12:52:29 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2009-07-14 12:52:29 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2009-07-14 12:52:29 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f6 96639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe

============= FINISH: 12:33:38,39 ===============


Finns det något skumt här?
Jag undrar skarpt över CAXHWAZL.sys
Har scannat med ESET NOD Security, Malewarebytes och AVG, som ofc inte hittade något.
INFO: Till egenskaperna hör ju att min dator blivit seg, ljudet knastrar och mitt AudioDG.exe går i höjden, samt att System.exe gör precis likadant. Datorn segar trots att min CPU ligger på 10 -15% load (när man öppnar fönster, program etc), och så laggar ljudet mer än vanligt - som den aldrig gjort förr. Skall också tilläggas att problemen dök upp efter en systemåterställning då mina drivar fuckade upp ljudkortet, så att ljudet försvann.

jag får det till att sys filen är en drivare som hör ihop med ett modem

kolla datorn med hitman pro (finns risk för falsklarm)

starta gmer, du borde se direkt om det hittas nån misstänkt fil

Då jag varken kan skilja mellan misstänkta filer/apps från de som skall finnas där och inte, såvida det inte är alldeles uppenbart att filen är "fel" (tex. BHOTrojanBackdoor.exe), så vänder jag mig till dig.

Skall jag posta Gmer loggen här, samt med HitmanPro? Finns det en säker sida jag kan dra ned Gmer?

Gmer funkar inte på min laptop (kör med W7 Pro 64bit). Verkar inte heller finnas några bra sidor där man kan få det att funka på W7? Any ideas?

Portlane är min isp med anonine

här är ddsloggen:

DDS (Ver_10-03-17.01) - NTFSX64
Run by x at 18:10:00,17 on 2010-10-04
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.6071.4704 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\x\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.se/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_m5811&r=17360310cn 06974554l15qj401y350
uLocal Page =
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_m5811&r=17360310cn 06974554l15qj401y350
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&m=aspire_m5811&r=17360310cn 06974554l15qj401y350
mLocal Page =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [<NO NAME>]
mRun: [BackupManagerTray] "c:\program files (x86)\newtech infosystems\acer backup manager\BackupManagerTray.exe" -h -k
mRun: [EgisTecLiveUpdate] "c:\program files (x86)\egistec egis software update\EgisUpdate.exe"
mRun: [TrojanScanner] c:\program files (x86)\trojan remover\Trjscan.exe /boot
StartupFolder: c:\users\x\appdata\roaming\micros~1\windows\startm ~1\programs\startup\stardo~1.lnk - c:\program files (x86)\stardock\objectdock\ObjectDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportera till Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {DF15516C-2BDC-4B9C-93B2-5E524E98DA01} = 80.67.0.2 91.213.246.2
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

Fortsättning

================= FIREFOX ===================

FF - ProfilePath - c:\users\x\appdata\roaming\mozilla\firefox\profile s\m4iyuhzp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fl.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - google.se
FF - prefs.js: keyword.URL - hxxp://fl.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files (x86)\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExten sion.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\x\appdata\local\google\update\1.2.183.29\ npGoogleOneClick8.dll
FF - plugin: c:\users\x\appdata\roaming\facebook\npfbplugin_1_0 _3.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\driv ers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\driver s\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\driver s\mwlPSDVDisk.sys [2009-6-2 60464]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfw wfpr.sys [2009-12-18 123200]
R2 Greg_Service;GRegService;c:\program files (x86)\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-8-13 62208]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2010-1-19 2314240]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-11-18 240160]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k62x64.sys [2009-11-18 283824]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-11-18 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-16 84512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MWLService;MyWinLocker Service;c:\program files (x86)\egistec\mywinlocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2009-12-30 25088]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.s ys [2009-12-30 12288]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2009-12-30 173056]
S3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-1-21 18944]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1255736]