Just nu i M3-nätverket
Gå till innehåll

Toolbar.exe = seg dator


Stud

Rekommendera Poster

Hej.

Kikade på en bekants dator/terminal  och den har varit extremt seg sista veckorna.


Fanns flera toolbar.exe  som tog stora resurser mfl i aktivitetshanteraren.
avslutade processerna, kör antivirus scan just nu. Antar den fått agera botnät kanske eftersom det tuggat så mycket minne. Det är xp 


Se printscreens på det jag kollat, vad tror ni om detta?

 

1

 

11m6tzn.png

 

2

 

vgslmr.png
 

3


2mcxgsh.png

 

 

4

 

 

10f408o.png

 

 

 

 

 

 

 

 

Länk till kommentar
Dela på andra webbplatser

  • 3 veckor senare...

Om du vill ha en genomgång av datorn följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så gott det går.

Tack.

Här svarar jag då med loggarna:

 

Det är jag som når datorn via teamviewer.

OpenVPN är legit...

 

Mvh

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Administrator (administrator) on DATOR on 28-01-2015 22:36:19
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Engelska (USA)
Internet Explorer Version 8 (Default browser: Iron)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Windows\system32\cisvc.exe
(Elo Touchsystems) C:\Windows\system32\EloSrvce.exe
(Elo Touchsystems) C:\Windows\system32\EloDkMon.exe
(Elo Touchsystems) C:\Windows\system32\EloTTray.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Realtek Semiconductor Corp.) C:\Windows\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\system32\snmp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\system32\tlntsvr.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\cidaemon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [18750976 2009-10-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-05-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANQA0A (the data entry has 97 more characters).
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,%windir%\system32\userinit.exe,
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LoginKey: C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll (Microsoft Corporation)
Winlogon\Notify\PCANotify: C:\Windows\system32\PCANotify.dll (Symantec Corporation)
Winlogon\Notify\SSOExec: %windir%\temp\sso\ssoexec.dll [X]
HKU\S-1-5-21-746137067-308236825-682003330-500\...\Run: [HW_OPENEYE_OUC_Tele2 Mobile Partner] => "C:\Program Files\Tele2 Mobile Partner\UpdateDog\ouc.exe"
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {3586b7e0-3f80-11e0-8a89-0024ee00cc30} - D:\WDSetup.exe
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {5e368a84-6095-11e2-8a96-0024ee00cc30} - E:\AutoRun.exe
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {5e368a87-6095-11e2-8a96-0024ee00cc30} - D:\AutoRun.exe
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {7a532f6c-6410-11e2-8a98-0024ee00cc30} - D:\AutoRun.exe
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {94042943-ef01-11de-91f1-806d6172696f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {aca4c5f3-0754-11df-91fc-0024ee005d62} - G:\AutoRun.exe
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {aca4c5f5-0754-11df-91fc-0024ee005d62} - F:\AutoRun.exe
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {b8d7f270-9b82-11e2-8a9d-0024ee00cc30} - D:\AutoRun.exe
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {ce877f3a-648e-11e2-8a99-0024ee00cc30} - D:\AutoRun.exe
HKU\S-1-5-21-746137067-308236825-682003330-500\...\MountPoints2: {ce877f3d-648e-11e2-8a99-0024ee00cc30} - D:\AutoRun.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Genväg till Loggfil.lnk
ShortcutTarget: Genväg till Loggfil.lnk -> C:\Arkiv\Loggfil.exe (No File)
BootExecute: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-746137067-308236825-682003330-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-746137067-308236825-682003330-500 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKU\S-1-5-21-746137067-308236825-682003330-500 -> DefaultScope {05E4D552-D46A-45D0-BFBF-8B8ABF2E8D1B} URL = http://www.google.com/search?hl=sv&q={searchTerms}
SearchScopes: HKU\S-1-5-21-746137067-308236825-682003330-500 -> {05E4D552-D46A-45D0-BFBF-8B8ABF2E8D1B} URL = http://www.google.com/search?hl=sv&q={searchTerms}
SearchScopes: HKU\S-1-5-21-746137067-308236825-682003330-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-746137067-308236825-682003330-500 -> Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
Winsock: Catalog9 04 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Winsock: Catalog9 05 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 195.67.199.21 195.67.199.23
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-22]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-11-24] (APN LLC.)
S4 DUAgent; C:\Program Files\Common Files\DUAgent.exe [123904 2004-08-31] (Microsoft Corporation) [File not signed]
R2 EloSystemService; C:\Windows\system32\EloSrvce.exe [73728 2009-07-09] (Elo Touchsystems) [File not signed]
S3 LPDSVC; C:\Windows\system32\tcpsvcs.exe [19456 2001-08-18] (Microsoft Corporation)
S3 MSIServer; C:\Windows\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [4608 2008-04-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [117248 2008-04-14] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe [8161792 2011-10-12] () [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-04-14] (The OpenVPN Project)
S3 p2pgasvc; C:\Windows\system32\p2pgasvc.dll [105472 2008-04-14] (Microsoft Corporation)
S4 POSPerformanceCounters; C:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [42056 2009-08-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\Windows\system32\MsPMSNSv.dll [27136 2008-07-14] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2008-07-14] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALiIRDA; C:\Windows\System32\drivers\alifir.sys [26624 2001-08-17] (Acer Laboratories Inc.)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-04] (Creative)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-11] (Advanced Micro Devices)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [272128 2008-07-14] (Microsoft Corporation) [File not signed]
S3 BTHprint; C:\Windows\System32\drivers\bthprint.sys [36480 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\Windows\System32\drivers\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 dpK00701; C:\Windows\System32\DRIVERS\dpK00701.sys [41856 2004-10-12] (DigitalPersona, Inc.)
R3 elomoufiltr; C:\Windows\System32\DRIVERS\elofiltr.sys [48640 2009-06-22] (Elo Touchsystems )
R3 EloUsb; C:\Windows\System32\DRIVERS\EloUsb.sys [55680 2009-06-22] (Elo Touchsystems )
R0 FBWF; C:\Windows\System32\drivers\Fbwf.sys [78464 2008-07-14] (Microsoft Corporation)
S3 irsir; C:\Windows\System32\drivers\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 mf; C:\Windows\System32\drivers\mf.sys [63744 2008-04-14] (Microsoft Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-03] (Creative Technology Ltd.)
S3 MPE; C:\Windows\System32\drivers\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\DRIVERS\mqac.sys [92544 2008-04-14] (Microsoft Corporation)
S3 MSFSIO; C:\Windows\System32\drivers\MSFSIO.sys [6016 2001-08-17] (Microsoft Corporation)
S3 MSIRCOMM; C:\Windows\System32\drivers\MSIRCOMM.sys [22016 2008-04-14] (Microsoft Corporation)
S3 MSRIFFWV; C:\Windows\System32\drivers\MSRIFFWV.sys [12416 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\drivers\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NECIRDA; C:\Windows\System32\drivers\smcirda.sys [35913 2001-08-17] (SMC)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [34064 2013-01-22] (CACE Technologies)
S3 OBOE; C:\Windows\System32\drivers\tos4mo.sys [28232 2001-08-17] (TOSHIBA Corporation)
R3 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [20736 2008-04-14] (Microsoft Corporation)
R3 Rasirda; C:\Windows\System32\drivers\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 RegFilter; C:\Windows\System32\drivers\regflt.sys [23168 2008-07-14] (Microsoft Corporation) [File not signed]
R3 RMCAST; C:\Windows\System32\Drivers\RMCast.sys [203136 2008-07-14] (Microsoft Corporation) [File not signed]
S3 scsiscan; C:\Windows\System32\drivers\scsiscan.sys [11520 2008-04-14] (Microsoft Corporation)
S3 SIERRA; C:\Windows\System32\drivers\irmk7.sys [23552 2001-08-17] (MKNet Corporation)
S3 SMCIRDA; C:\Windows\System32\drivers\smcirda.sys [35913 2001-08-17] (SMC)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 TDASYNC; C:\Windows\system32\Drivers\TDASYNC.sys [13192 2001-08-18] (Microsoft Corporation)
S3 TDIPX; C:\Windows\system32\Drivers\TDIPX.sys [21896 2001-08-18] (Microsoft Corporation)
S3 TDSPX; C:\Windows\system32\Drivers\TDSPX.sys [19464 2001-08-18] (Microsoft Corporation)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-08-17] (TeamViewer GmbH)
S3 UsbdpFP; C:\Windows\System32\DRIVERS\UsbdpFP.sys [45056 2004-10-12] (DigitalPersona, Inc.)
S3 WBFIRDMA; C:\Windows\System32\drivers\wbfirdma.sys [35871 2001-08-17] (Winbond Electronics Corp.)
S3 Atmarpc; system32\DRIVERS\atmarpc.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 22:36 - 2015-01-28 22:44 - 00016921 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-01-28 22:31 - 2015-01-28 22:38 - 00000000 ____D () C:\FRST
2015-01-28 22:23 - 2015-01-28 22:22 - 01121792 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2015-01-24 17:52 - 2015-01-24 17:27 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-24 17:52 - 2015-01-24 17:27 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-24 17:52 - 2015-01-24 17:27 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-24 17:43 - 2015-01-24 17:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-24 17:16 - 2015-01-24 17:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 22:44 - 2009-12-22 14:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-01-28 20:32 - 2013-01-21 22:38 - 00000000 ____D () C:\Program Files\Cesar Retail System
2015-01-28 16:04 - 2009-12-22 15:03 - 01810404 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 15:40 - 2009-12-22 14:11 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-25 01:40 - 2013-05-29 12:35 - 00000396 ____H () C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-01-24 17:30 - 2013-10-17 06:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 17:27 - 2014-08-10 08:54 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-24 17:27 - 2014-08-10 08:54 - 00146432 _____ (Oracle Corporation) C:\Windows\system32\javacpl.cpl
2015-01-24 17:13 - 2010-09-01 22:58 - 00000000 ____D () C:\Program Files\Java
2014-12-31 12:13 - 2013-05-29 12:28 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2008-11-21 07:03 - 2004-08-31 19:04 - 0123904 _____ (Microsoft Corporation) C:\Program Files\Common Files\DUAgent.exe
2010-09-01 23:27 - 2010-09-01 23:27 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\APNSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-8u31-windows-au.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
Länk till kommentar
Dela på andra webbplatser

Jag hoppas att datorägaren är medveten om datorn har många kända säkerhetshål som gör det lätt att infektera den från en webbsida, dels sådana som finns i XP och dels sådana som finns i gamla programversioner. XP-datorer bör inte anslutas till internet utan ominstalleras med något nyare Windows eller Linux.

 

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe

Finns det något med "Ask" i Kontrollpanelens lista över installerade program?

I så fall avinstallera det.

 

 

Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

Länk till kommentar
Dela på andra webbplatser

# AdwCleaner v4.109 - Report created 29/01/2015 at 00:53:24

# Updated 24/01/2015 by Xplode

# Database : 2015-01-26.1 [Live]

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Administrator - DATOR

# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_4.109.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : APNMCP

 

***** [ Files / Folders ] *****

 

Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\apn

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskPartnerNetwork

Folder Found : C:\Documents and Settings\All Users\Application Data\apn

Folder Found : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork

Folder Found : C:\Program Files\AskPartnerNetwork

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AskPartnerNetwork

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{41A652CA-9530-498B-80B2-D87091C0F73B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\AskPartnerNetwork

Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1500}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1500}

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5ESE&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5ESE&apn_dbr=iron.exe_0_27.0.1500.0&apn_uid=149FEFCF-5D0D-401E-BF28-F43AD7510896&itbv=12.15.5.30&doi=2014-08-10&psv=&pt=tb

 

-\\ Chromium v

 

 

*************************

 

AdwCleaner[R0].txt - [3044 octets] - [29/01/2015 00:53:24]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3104 octets] ##########
Länk till kommentar
Dela på andra webbplatser

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt

 

Hur fungerar datorn nu?

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.



×
×
  • Skapa nytt...