Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Seg dator

Ultra

Startad av Ultra,
i Virus, skadliga program & botemedel

Rekommendera Poster

Ultra

Ultra

Postad
Postad

Hej,

 

Har en dator som börjat bli seg, speciellt på Internet. Jag vet att det är en gammal dator men den fyller sin funktion väl när den fungerar som den ska. Är det något som ser konstigt ut i loggarna?

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014
Ran by Verkstan (administrator) on MASKIN on 04-09-2014 15:51:03
Running from C:\Documents and Settings\Verkstan\Skrivbord
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Svenska
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Oracle Corporation) C:\Program\Delade filer\Java\Java Update\jusched.exe
(APN) C:\Program\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Technology Nexus AB) C:\Program\Personal\bin\Personal.exe
(Microsoft Corporation) C:\Program\Windows Desktop Search\WindowsSearch.exe
(APN LLC.) C:\Program\AskPartnerNetwork\Toolbar\apnmcp.exe
(Autodata Limited) C:\Program\Delade filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
(Oracle Corporation) C:\Program\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [soundMan] => C:\WINDOWS\SOUNDMAN.EXE [90112 2005-08-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NeroFilterCheck] => C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Adobe ARM] => C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program\Delade filer\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] => C:\Program\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-29] (APN)
HKU\S-1-5-21-2086406662-4009647907-3775310342-1006\...\Run: [Google Update] => C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-05-08] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Personal.lnk
ShortcutTarget: Personal.lnk -> C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Verkstan\Start-meny\Program\Autostart\Alliansserver.lnk
ShortcutTarget: Alliansserver.lnk -> \\Bokföring\allians\Data\AlliansPathfinder.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leta.se/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/?&uid=290&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/?&uid=290&q={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adress - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Länkar - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 217.27.161.40 217.27.161.3
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @se.nexus/Personal -> C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF Plugin: Adobe Reader -> C:\Program\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-11]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.leta.se/"
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchURL: Default -> http://www.search.ask.com/web?q={searchTerms}
CHR CustomProfile: C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-08]
CHR Extension: (Sök på Google) - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-08]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2014-08-29]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-29] (APN LLC.)
R2 Autodata Limited License Service; C:\Program\Delade filer\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2008-11-26] (Autodata Limited) [File not signed]
R2 JavaQuickStarterService; C:\Program\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 MDM; C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
S3 NBService; C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-06-29] (Nero AG)
S3 NMIndexingService; C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S3 WMPNetworkSvc; C:\Program\Windows Media Player\WMPNetwk.exe [912384 2006-11-15] (Microsoft Corporation)
S2 !SASCORE; "C:\Program\SUPERAntiSpyware\SASCORE.EXE" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3644800 2005-08-19] (Realtek Semiconductor Corp.)
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [42496 2004-04-15] (VIA Technologies, Inc.              )
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [453632 2006-01-02] (Aladdin Knowledge Systems) [File not signed]
R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2006-01-02] (Aladdin Knowledge Systems) [File not signed]
R2 Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [73216 2000-10-24] () [File not signed]
S3 Sntnlusb; C:\WINDOWS\System32\Drivers\SNTNLUSB.SYS [20288 2000-10-24] (Rainbow Technologies Inc.) [File not signed]
R0 viamraid; C:\WINDOWS\System32\DRIVERS\VIAMRAID.SYS [73600 2004-03-29] (VIA Technologies inc,.ltd)
S3 SANDRA; \??\D:\SANDRA.sys [X]
S1 SASKUTIL; \??\C:\Program\SUPERAntiSpyware\SASKUTIL.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 15:51 - 2014-09-04 15:51 - 00013467 _____ () C:\Documents and Settings\Verkstan\Skrivbord\FRST.txt
2014-09-04 15:50 - 2014-09-04 15:51 - 00000000 ____D () C:\FRST
2014-09-04 15:49 - 2014-09-04 15:49 - 01096704 _____ (Farbar) C:\Documents and Settings\Verkstan\Skrivbord\FRST.exe
2014-09-04 15:39 - 2014-09-04 15:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-09-04 15:31 - 2014-09-04 15:31 - 00009968 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-09-04 15:31 - 2014-09-04 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-09-04 15:31 - 2014-09-04 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-09-04 15:29 - 2014-09-04 15:30 - 00011586 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-09-04 15:03 - 2014-09-04 15:39 - 00013474 _____ () C:\WINDOWS\KB2922229.log
2014-09-04 15:01 - 2014-09-04 15:31 - 00013016 _____ () C:\WINDOWS\KB2929961.log
2014-09-04 15:00 - 2014-09-04 15:31 - 00013946 _____ () C:\WINDOWS\KB2930275.log
2014-08-11 08:29 - 2014-08-11 08:29 - 00000000 ____D () C:\Program\AskPartnerNetwork
2014-08-11 08:29 - 2014-08-11 08:29 - 00000000 ____D () C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\AskPartnerNetwork
2014-08-11 08:29 - 2014-08-11 08:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2014-08-11 08:29 - 2014-08-11 08:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\APN
2014-08-11 08:27 - 2014-08-11 08:27 - 00000000 ____D () C:\Program\Delade filer\Java
2014-08-11 08:27 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-11 08:27 - 2014-07-25 12:26 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-11 08:26 - 2014-08-11 08:26 - 00005737 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-11 08:26 - 2014-08-11 08:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start-meny\Program\Java
2014-08-11 08:26 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-11 08:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-11 08:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 15:52 - 2011-03-31 15:10 - 00000000 ____D () C:\Documents and Settings\Verkstan\Lokala inställningar\temp
2014-09-04 15:51 - 2014-09-04 15:51 - 00013467 _____ () C:\Documents and Settings\Verkstan\Skrivbord\FRST.txt
2014-09-04 15:51 - 2014-09-04 15:50 - 00000000 ____D () C:\FRST
2014-09-04 15:51 - 2005-11-19 10:41 - 00000000 ____D () C:\Documents and Settings\Verkstan\Skrivbord
2014-09-04 15:49 - 2014-09-04 15:49 - 01096704 _____ (Farbar) C:\Documents and Settings\Verkstan\Skrivbord\FRST.exe
2014-09-04 15:46 - 2005-08-25 17:23 - 01099968 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-04 15:45 - 2014-04-18 12:56 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP - Inloggningsmeddelande gällande när tjänsten upphör.job
2014-09-04 15:45 - 2005-11-16 18:17 - 00029204 _____ () C:\WINDOWS\system32\nvapps.xml
2014-09-04 15:45 - 2005-08-25 18:19 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-04 15:45 - 2005-08-25 18:19 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-04 15:45 - 2004-08-04 21:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-04 15:44 - 2005-08-25 18:15 - 00123728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-04 15:44 - 2005-08-25 10:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-04 15:43 - 2005-11-19 10:41 - 00000304 ___SH () C:\Documents and Settings\Verkstan\ntuser.ini
2014-09-04 15:43 - 2005-08-25 17:29 - 00032410 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-04 15:39 - 2014-09-04 15:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-09-04 15:39 - 2014-09-04 15:03 - 00013474 _____ () C:\WINDOWS\KB2922229.log
2014-09-04 15:39 - 2013-10-16 13:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-04 15:39 - 2005-08-25 18:17 - 03112668 _____ () C:\WINDOWS\FaxSetup.log
2014-09-04 15:39 - 2005-08-25 18:17 - 01514875 _____ () C:\WINDOWS\ocgen.log
2014-09-04 15:39 - 2005-08-25 18:17 - 01448572 _____ () C:\WINDOWS\iis6.log
2014-09-04 15:39 - 2005-08-25 18:17 - 01434001 _____ () C:\WINDOWS\tsoc.log
2014-09-04 15:39 - 2005-08-25 18:17 - 01014555 _____ () C:\WINDOWS\comsetup.log
2014-09-04 15:39 - 2005-08-25 18:17 - 00976032 _____ () C:\WINDOWS\msmqinst.log
2014-09-04 15:39 - 2005-08-25 18:17 - 00617504 _____ () C:\WINDOWS\ntdtcsetup.log
2014-09-04 15:39 - 2005-08-25 18:17 - 00546120 _____ () C:\WINDOWS\netfxocm.log
2014-09-04 15:39 - 2005-08-25 18:17 - 00216760 _____ () C:\WINDOWS\MedCtrOC.log
2014-09-04 15:39 - 2005-08-25 18:17 - 00189298 _____ () C:\WINDOWS\ocmsn.log
2014-09-04 15:39 - 2005-08-25 18:17 - 00156950 _____ () C:\WINDOWS\tabletoc.log
2014-09-04 15:39 - 2005-08-25 18:17 - 00156351 _____ () C:\WINDOWS\msgsocm.log
2014-09-04 15:39 - 2005-08-25 18:17 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-09-04 15:31 - 2014-09-04 15:31 - 00009968 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-09-04 15:31 - 2014-09-04 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-09-04 15:31 - 2014-09-04 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-09-04 15:31 - 2014-09-04 15:01 - 00013016 _____ () C:\WINDOWS\KB2929961.log
2014-09-04 15:31 - 2014-09-04 15:00 - 00013946 _____ () C:\WINDOWS\KB2930275.log
2014-09-04 15:31 - 2011-04-15 14:36 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-09-04 15:31 - 2005-08-25 20:28 - 00451470 _____ () C:\WINDOWS\updspapi.log
2014-09-04 15:31 - 2005-08-25 18:17 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-09-04 15:30 - 2014-09-04 15:29 - 00011586 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-09-04 15:05 - 2012-04-26 13:18 - 00000868 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-04 15:01 - 2012-05-08 15:40 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2086406662-4009647907-3775310342-1006UA.job
2014-09-04 11:01 - 2012-05-08 15:40 - 00001046 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2086406662-4009647907-3775310342-1006Core.job
2014-09-01 14:52 - 2005-11-19 10:41 - 00000000 ___HD () C:\Documents and Settings\Verkstan\Nätverket
2014-08-29 09:12 - 2005-11-19 10:41 - 00000000 ___RD () C:\Documents and Settings\Verkstan\Mina dokument
2014-08-11 08:29 - 2014-08-11 08:29 - 00000000 ____D () C:\Program\AskPartnerNetwork
2014-08-11 08:29 - 2014-08-11 08:29 - 00000000 ____D () C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\AskPartnerNetwork
2014-08-11 08:29 - 2014-08-11 08:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2014-08-11 08:29 - 2014-08-11 08:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\APN
2014-08-11 08:29 - 2005-11-17 02:14 - 00000000 ____D () C:\Program
2014-08-11 08:27 - 2014-08-11 08:27 - 00000000 ____D () C:\Program\Delade filer\Java
2014-08-11 08:27 - 2005-11-17 02:14 - 00000000 ____D () C:\Program\Delade filer
2014-08-11 08:26 - 2014-08-11 08:26 - 00005737 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-11 08:26 - 2014-08-11 08:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start-meny\Program\Java
2014-08-11 08:26 - 2013-12-02 15:40 - 00000000 ____D () C:\Program\Java
2014-08-11 08:26 - 2005-11-17 02:13 - 00000000 ___RD () C:\Documents and Settings\All Users\Start-meny\Program
2014-08-08 15:20 - 2014-04-18 12:56 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP - Månatligt meddelande gällande när tjänsten upphör.job
 
Some content of TEMP:
====================
C:\Documents and Settings\Verkstan\Lokala inställningar\temp\APNSetup.exe
C:\Documents and Settings\Verkstan\Lokala inställningar\temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Verkstan\Lokala inställningar\temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\Verkstan\Lokala inställningar\temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Verkstan\Lokala inställningar\temp\SSUPDATE.EXE
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Addition.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Det är några annonsprogram i datorn som använder internetförbindelsen och kan göra datorn seg.

 

1. Malwarebytes Anti-Malware version 1.65.0.1400

Ovanstående är en gammal version. Avinstallera den och installera den senaste versionen i stället. Låt sen programmet söka igenom datorn.
 

2. Installera ett antivirusprogram, t ex gratis Avira, Ad-Aware, AVG eller Avast, och gå igenom inställningar och aktivera så mycket som möjligt. Sök sen igenom datorn.

 

3. Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på Report-knappen.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt
 

Länk till kommentar
Dela på andra webbplatser
Ultra

Ultra

Postad
  • Trådskapare
Postad
# AdwCleaner v3.309 - Report created 08/09/2014 at 15:44:33

# Updated 02/09/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Verkstan - MASKIN

# Running from : C:\Documents and Settings\Verkstan\Skrivbord\adwcleaner_3.309.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : APNMCP

 

***** [ Files / Folders ] *****

 

File Found : C:\WINDOWS\system32\Utils.dll

Folder Found : C:\DOCUME~1\Verkstan\LOKALA~1\Temp\apn

Folder Found : C:\Documents and Settings\All Users\Application Data\apn

Folder Found : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork

Folder Found : C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

Folder Found : C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\AskPartnerNetwork

Folder Found : C:\Program\AskPartnerNetwork

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AskPartnerNetwork

Key Found : HKLM\SOFTWARE\AskPartnerNetwork

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Google Chrome v

 

[ File : C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\preferences ]

 

Found [search Provider] : hxxp://www.mekonomen.se/bil/sok/SearchProduct?filter.searchquerytext={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [1524 octets] - [08/09/2014 15:44:33]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1584 octets] ##########
Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

 

Om du vill ha kvar Mekonomen som sökmotor i Chrome tar du bort bocken framför den.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om, men om den inte gör det automatiskt så gör det själv.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s0].txt

 

2. Kör FRST och klistra in den nya FRST.txt (Addition.txt behövs inte).

Länk till kommentar
Dela på andra webbplatser
Ultra

Ultra

Postad
  • Trådskapare
Postad

Här är AdwCleaner:

 

# AdwCleaner v3.309 - Report created 09/09/2014 at 13:37:27

# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Verkstan - MASKIN
# Running from : C:\Documents and Settings\Verkstan\Skrivbord\adwcleaner_3.309.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : APNMCP
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
Folder Deleted : C:\Program\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\AskPartnerNetwork
Folder Deleted : C:\DOCUME~1\Verkstan\LOKALA~1\Temp\apn
File Deleted : C:\WINDOWS\system32\Utils.dll
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://www.mekonomen.se/bil/sok/SearchProduct?filter.searchquerytext={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1664 octets] - [08/09/2014 15:44:33]
AdwCleaner[R1].txt - [1724 octets] - [09/09/2014 13:35:23]
AdwCleaner[s0].txt - [1669 octets] - [09/09/2014 13:37:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1729 octets] ##########
Länk till kommentar
Dela på andra webbplatser
Ultra

Ultra

Postad
  • Trådskapare
Postad

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014

Ran by Verkstan (administrator) on MASKIN on 09-09-2014 14:02:31

Running from C:\Documents and Settings\Verkstan\Skrivbord

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Svenska

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe

(Oracle Corporation) C:\Program\Delade filer\Java\Java Update\jusched.exe

(Technology Nexus AB) C:\Program\Personal\bin\Personal.exe

(Microsoft Corporation) C:\Program\Windows Desktop Search\WindowsSearch.exe

(Autodata Limited) C:\Program\Delade filer\Autodata Limited Shared\Service\ADCDLicSvc.exe

(Oracle Corporation) C:\Program\Java\jre7\bin\jqs.exe

(Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [soundMan] => C:\WINDOWS\SOUNDMAN.EXE [90112 2005-08-17] (Realtek Semiconductor Corp.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [nwiz] => nwiz.exe /install

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [NeroFilterCheck] => C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)

HKLM\...\Run: [Adobe ARM] => C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program\Delade filer\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKU\S-1-5-21-2086406662-4009647907-3775310342-1006\...\Run: [Google Update] => C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-05-08] (Google Inc.)

Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.exe.lnk

ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Personal.lnk

ShortcutTarget: Personal.lnk -> C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)

Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Windows Search.lnk

ShortcutTarget: Windows Search.lnk -> C:\Program\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

Startup: C:\Documents and Settings\Verkstan\Start-meny\Program\Autostart\Alliansserver.lnk

ShortcutTarget: Alliansserver.lnk -> \\Bokföring\allians\Data\AlliansPathfinder.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leta.se/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - &Adress - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Länkar - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124959871312

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 217.27.161.40 217.27.161.3

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @se.nexus/Personal -> C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF Plugin: Adobe Reader -> C:\Program\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-11]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp

CHR StartupUrls: Default -> "hxxp://www.leta.se/"

CHR DefaultSearchKeyword: Default -> ask.com

CHR DefaultSearchURL: Default -> http://www.search.ask.com/web?q={searchTerms}

CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}

CHR CustomProfile: C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-08]

CHR Extension: (Sök på Google) - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-08]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-08]

CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx []

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Verkstan\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Autodata Limited License Service; C:\Program\Delade filer\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2008-11-26] (Autodata Limited) [File not signed]

R2 JavaQuickStarterService; C:\Program\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)

R2 MDM; C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]

S3 NBService; C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-06-29] (Nero AG)

S3 NMIndexingService; C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)

S3 WMPNetworkSvc; C:\Program\Windows Media Player\WMPNetwk.exe [912384 2006-11-15] (Microsoft Corporation)

S2 !SASCORE; "C:\Program\SUPERAntiSpyware\SASCORE.EXE" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3644800 2005-08-19] (Realtek Semiconductor Corp.)

S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)

R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [42496 2004-04-15] (VIA Technologies, Inc.              )

R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [453632 2006-01-02] (Aladdin Knowledge Systems) [File not signed]

R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2006-01-02] (Aladdin Knowledge Systems) [File not signed]

R2 Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [73216 2000-10-24] () [File not signed]

S3 Sntnlusb; C:\WINDOWS\System32\Drivers\SNTNLUSB.SYS [20288 2000-10-24] (Rainbow Technologies Inc.) [File not signed]

R0 viamraid; C:\WINDOWS\System32\DRIVERS\VIAMRAID.SYS [73600 2004-03-29] (VIA Technologies inc,.ltd)

S3 SANDRA; \??\D:\SANDRA.sys [X]

S1 SASKUTIL; \??\C:\Program\SUPERAntiSpyware\SASKUTIL.SYS [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U1 WS2IFSL; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-09 14:02 - 2014-09-09 14:03 - 00012449 _____ () C:\Documents and Settings\Verkstan\Skrivbord\FRST.txt

2014-09-09 14:00 - 2014-09-09 14:01 - 01097728 _____ (Farbar) C:\Documents and Settings\Verkstan\Skrivbord\FRST.exe

2014-09-09 13:39 - 2014-09-09 13:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2014-09-08 15:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll

2014-09-08 15:44 - 2014-09-09 13:37 - 00000000 ____D () C:\AdwCleaner

2014-09-08 15:40 - 2014-09-08 15:40 - 01370467 _____ () C:\Documents and Settings\Verkstan\Skrivbord\adwcleaner_3.309.exe

2014-09-04 16:18 - 2014-09-08 15:38 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-09-04 16:17 - 2014-09-04 16:17 - 00000000 ____D () C:\Program\Malwarebytes Anti-Malware

2014-09-04 16:17 - 2014-09-04 16:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes Anti-Malware

2014-09-04 16:17 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-09-04 15:50 - 2014-09-09 14:02 - 00000000 ____D () C:\FRST

2014-09-04 15:39 - 2014-09-04 15:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$

2014-09-04 15:31 - 2014-09-04 15:31 - 00009968 _____ () C:\WINDOWS\KB2964358-IE8.log

2014-09-04 15:31 - 2014-09-04 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$

2014-09-04 15:31 - 2014-09-04 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$

2014-09-04 15:29 - 2014-09-04 15:30 - 00011586 _____ () C:\WINDOWS\KB2936068-IE8.log

2014-09-04 15:03 - 2014-09-04 15:39 - 00013474 _____ () C:\WINDOWS\KB2922229.log

2014-09-04 15:01 - 2014-09-04 15:31 - 00013016 _____ () C:\WINDOWS\KB2929961.log

2014-09-04 15:00 - 2014-09-04 15:31 - 00013946 _____ () C:\WINDOWS\KB2930275.log

2014-08-11 08:27 - 2014-08-11 08:27 - 00000000 ____D () C:\Program\Delade filer\Java

2014-08-11 08:27 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-08-11 08:27 - 2014-07-25 12:26 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-08-11 08:26 - 2014-08-11 08:26 - 00005737 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log

2014-08-11 08:26 - 2014-08-11 08:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start-meny\Program\Java

2014-08-11 08:26 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-08-11 08:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-08-11 08:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-09 14:03 - 2014-09-09 14:02 - 00012449 _____ () C:\Documents and Settings\Verkstan\Skrivbord\FRST.txt

2014-09-09 14:03 - 2011-03-31 15:10 - 00000000 ____D () C:\Documents and Settings\Verkstan\Lokala inställningar\temp

2014-09-09 14:02 - 2014-09-04 15:50 - 00000000 ____D () C:\FRST

2014-09-09 14:02 - 2005-11-19 10:41 - 00000000 ____D () C:\Documents and Settings\Verkstan\Skrivbord

2014-09-09 14:01 - 2014-09-09 14:00 - 01097728 _____ (Farbar) C:\Documents and Settings\Verkstan\Skrivbord\FRST.exe

2014-09-09 14:01 - 2012-05-08 15:40 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2086406662-4009647907-3775310342-1006UA.job

2014-09-09 13:41 - 2005-08-25 17:23 - 01154852 _____ () C:\WINDOWS\WindowsUpdate.log

2014-09-09 13:39 - 2014-09-09 13:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2014-09-09 13:39 - 2014-04-18 12:56 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP - Inloggningsmeddelande gällande när tjänsten upphör.job

2014-09-09 13:39 - 2005-08-25 18:19 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-09-09 13:39 - 2005-08-25 18:19 - 00000050 _____ () C:\WINDOWS\wiaservc.log

2014-09-09 13:39 - 2004-08-04 21:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl

2014-09-09 13:38 - 2005-11-19 10:41 - 00000304 ___SH () C:\Documents and Settings\Verkstan\ntuser.ini

2014-09-09 13:38 - 2005-11-16 18:17 - 00029204 _____ () C:\WINDOWS\system32\nvapps.xml

2014-09-09 13:38 - 2005-08-25 17:29 - 00032406 _____ () C:\WINDOWS\SchedLgU.Txt

2014-09-09 13:38 - 2005-08-25 10:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-09-09 13:37 - 2014-09-08 15:44 - 00000000 ____D () C:\AdwCleaner

2014-09-09 13:37 - 2005-11-17 02:14 - 00000000 ____D () C:\Program

2014-09-09 13:05 - 2012-04-26 13:18 - 00000868 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-09-09 11:19 - 2005-11-19 10:41 - 00000000 ___HD () C:\Documents and Settings\Verkstan\Nätverket

2014-09-09 11:01 - 2012-05-08 15:40 - 00001046 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2086406662-4009647907-3775310342-1006Core.job

2014-09-08 15:40 - 2014-09-08 15:40 - 01370467 _____ () C:\Documents and Settings\Verkstan\Skrivbord\adwcleaner_3.309.exe

2014-09-08 15:38 - 2014-09-04 16:18 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-09-08 15:00 - 2014-04-18 12:56 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP - Månatligt meddelande gällande när tjänsten upphör.job

2014-09-08 13:39 - 2005-11-19 10:41 - 00000000 ___RD () C:\Documents and Settings\Verkstan\Mina dokument

2014-09-04 16:17 - 2014-09-04 16:17 - 00000000 ____D () C:\Program\Malwarebytes Anti-Malware

2014-09-04 16:17 - 2014-09-04 16:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes Anti-Malware

2014-09-04 16:17 - 2010-08-16 13:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-09-04 16:17 - 2005-11-17 02:13 - 00000000 ___RD () C:\Documents and Settings\All Users\Start-meny\Program

2014-09-04 15:44 - 2005-08-25 18:15 - 00123728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-09-04 15:39 - 2014-09-04 15:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$

2014-09-04 15:39 - 2014-09-04 15:03 - 00013474 _____ () C:\WINDOWS\KB2922229.log

2014-09-04 15:39 - 2013-10-16 13:21 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-09-04 15:39 - 2005-08-25 18:17 - 03112668 _____ () C:\WINDOWS\FaxSetup.log

2014-09-04 15:39 - 2005-08-25 18:17 - 01514875 _____ () C:\WINDOWS\ocgen.log

2014-09-04 15:39 - 2005-08-25 18:17 - 01448572 _____ () C:\WINDOWS\iis6.log

2014-09-04 15:39 - 2005-08-25 18:17 - 01434001 _____ () C:\WINDOWS\tsoc.log

2014-09-04 15:39 - 2005-08-25 18:17 - 01014555 _____ () C:\WINDOWS\comsetup.log

2014-09-04 15:39 - 2005-08-25 18:17 - 00976032 _____ () C:\WINDOWS\msmqinst.log

2014-09-04 15:39 - 2005-08-25 18:17 - 00617504 _____ () C:\WINDOWS\ntdtcsetup.log

2014-09-04 15:39 - 2005-08-25 18:17 - 00546120 _____ () C:\WINDOWS\netfxocm.log

2014-09-04 15:39 - 2005-08-25 18:17 - 00216760 _____ () C:\WINDOWS\MedCtrOC.log

2014-09-04 15:39 - 2005-08-25 18:17 - 00189298 _____ () C:\WINDOWS\ocmsn.log

2014-09-04 15:39 - 2005-08-25 18:17 - 00156950 _____ () C:\WINDOWS\tabletoc.log

2014-09-04 15:39 - 2005-08-25 18:17 - 00156351 _____ () C:\WINDOWS\msgsocm.log

2014-09-04 15:39 - 2005-08-25 18:17 - 00001355 _____ () C:\WINDOWS\imsins.log

2014-09-04 15:31 - 2014-09-04 15:31 - 00009968 _____ () C:\WINDOWS\KB2964358-IE8.log

2014-09-04 15:31 - 2014-09-04 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$

2014-09-04 15:31 - 2014-09-04 15:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$

2014-09-04 15:31 - 2014-09-04 15:01 - 00013016 _____ () C:\WINDOWS\KB2929961.log

2014-09-04 15:31 - 2014-09-04 15:00 - 00013946 _____ () C:\WINDOWS\KB2930275.log

2014-09-04 15:31 - 2011-04-15 14:36 - 00000000 ____D () C:\WINDOWS\ie8updates

2014-09-04 15:31 - 2005-08-25 20:28 - 00451470 _____ () C:\WINDOWS\updspapi.log

2014-09-04 15:31 - 2005-08-25 18:17 - 00001355 _____ () C:\WINDOWS\imsins.BAK

2014-09-04 15:30 - 2014-09-04 15:29 - 00011586 _____ () C:\WINDOWS\KB2936068-IE8.log

2014-08-11 08:27 - 2014-08-11 08:27 - 00000000 ____D () C:\Program\Delade filer\Java

2014-08-11 08:27 - 2005-11-17 02:14 - 00000000 ____D () C:\Program\Delade filer

2014-08-11 08:26 - 2014-08-11 08:26 - 00005737 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log

2014-08-11 08:26 - 2014-08-11 08:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start-meny\Program\Java

2014-08-11 08:26 - 2013-12-02 15:40 - 00000000 ____D () C:\Program\Java

 

Some content of TEMP:

====================

C:\Documents and Settings\Verkstan\Lokala inställningar\temp\APNSetup.exe

C:\Documents and Settings\Verkstan\Lokala inställningar\temp\jre-7u55-windows-i586-iftw.exe

C:\Documents and Settings\Verkstan\Lokala inställningar\temp\jre-7u60-windows-i586-iftw.exe

C:\Documents and Settings\Verkstan\Lokala inställningar\temp\jre-7u67-windows-i586-iftw.exe

C:\Documents and Settings\Verkstan\Lokala inställningar\temp\Quarantine.exe

C:\Documents and Settings\Verkstan\Lokala inställningar\temp\SSUPDATE.EXE

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

1.

Starta Anteckningar.

Kopiera alla rader i rutan:

CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchURL: Default -> http://www.search.as...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx []
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

2.

När man använder ett operativsystem med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida, behöver man verkligen all säkerhet man kan få. Du behöver ha ett antivirusprogram!

Länk till kommentar
Dela på andra webbplatser
Ultra

Ultra

Postad
  • Trådskapare
Postad
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014

Ran by Verkstan at 2014-09-09 15:38:49 Run:1

Running from C:\Documents and Settings\Verkstan\Skrivbord

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp

CHR DefaultSearchKeyword: Default -> ask.com

CHR DefaultSearchURL: Default -> http://www.search.as...q={searchTerms}

CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}

CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx []

*****************

 

Chrome HomePage deleted successfully.

Chrome DefaultSearchKeyword deleted successfully.

Chrome DefaultSearchURL deleted successfully.

Chrome DefaultSuggestURL deleted successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf" => Key deleted successfully.

"C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx" => File/Directory not found.

 

==== End of Fixlog ====

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser
Ultra

Ultra

Postad
  • Trådskapare
Postad
C:\AdwCleaner\Quarantine\C\Program\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\Documents and Settings\Verkstan\Lokala inställningar\temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\Documents and Settings\Verkstan\Lokala inställningar\temp\NERO13349\Toolbar.exe Win32/Toolbar.AskSBar potentially unwanted application

C:\System Volume Information\_restore{18E5BF07-C6D0-4C3D-BFA9-C4C0E55832E9}\RP924\A0032000.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Det där är inga aktiva filer utan ligger i AdwCleanders karantän, två rester från installationer och en systemåterställningspunkt. Det sistnämnda innebär att om du återställer till en tidigare tidpunkt kan Ask Toolbar komma tillbaka.

 

Hur fungerar datorn nu?

Några fler frågor innan jag skriver hur FRST mm ska avinstalleras?

Länk till kommentar
Dela på andra webbplatser
  • 3 veckor senare...
Ultra

Ultra

Postad
  • Trådskapare
Postad

Hej och ursäkta lite sen respons. Det kom en solsemester, fotledsfraktur och ett bröllop emellan ;-)

 

Nu verkar det vara "full fart" på datorn igen och inga direkta problem. Behöver jag göra något mer?

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Hej!

 

Hoppas det har varit kul och härligt trots fotleden!

 

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

 

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

 

Det är viktigt att avinstallera så att karantänmapparna tas bort.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...