Personal Security

[Smaragd]

Har en dator med win vista och har fått in Personal Security. Programmet hindrar all nedladdning av annan programvara för att ta bort eländet. Dessutom går det inte att starta t.ex. kontrollpanelen och andra program. Vad gör jag för att bli av med detta? Är enda sättet en ominstallation av hela datorn eller finns det hjälp?

[Cecilia]

Börja med att pröva följande, om det inte räcker så finns det ytterligare saker att pröva.

 

Spara RKill av Grinler på Skrivbordet. Ladda ner det från den första av dessa länkar:

http://download.bleepingcomputer.com/grinler/rkill.com

http://download.bleepingcomputer.com/grinler/rkill.pif

http://download.bleepingcomputer.com/grinler/rkill.scr

http://download.bleepingcomputer.com/grinler/rkill.exe

 

Starta Rkill (i Vista och Windows 7 genom att högerklicka på filen och välj Kör som administratör om det valet finns).

Det blir ett svart fönster/ruta en stund om programmet lyckades köra.

Om det inte blev något svart fönster/ruta så ta bort den RKill-varianten och upprepa med nästa RKill.

 

Om du får ett meddelande om att RKill är skadligt så bry dig inte om det. Det är det skadliga programmen som inte vill bli stoppat. Lämna kvar varningen på skärmen och kör RKill en gång till.

 

Kör RKill flera gånger efter varandra tills du inte ser till det skadliga programmet längre, dock max 10 gånger. Fortsätt med resten sedan. Om du redan från början inte ser till det skadliga programmet så räcker det med 3 gånger.

 

Om inte någon av program-varianterna kan köra så berätta det.

 

Om det går bra så bör saker börja fungera så att det går att börja med DDS. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

[Smaragd]

efter att ha startat om datorn gick det att ladda ner dds.scr så här kommer en logg.

 

 

DDS (Ver_09-12-01.01) - NTFSx86

Run by Annelie at 22:13:30,88 on 2010-03-02

Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_15

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2037.974 [GMT 1:00]

 

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Windows\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\winamp toolbar\WinampTbServer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Annelie\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/webhp?sourceid=navclient&hl=sv&ie=UTF-8

uWindow Title = Internet Explorer erhållet från Dell

mDefault_Page_URL = hxxp://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=1080410

uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: &Security Update: {6551001f-a07b-40b1-8f55-b44bf35a42a6} - c:\windows\system32\win32extension.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [PersSecurity] c:\program files\perssecurity\psecurity.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

uPolicies-system: DisableTaskMgr = 1

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldsv-se.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {C8CE8EAB-8B03-484B-B348-A2442D38E7AF} - hxxp://download.intermezzon.com/3.3/designerplayer.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GOEC62~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\annelie\appdata\roaming\mozilla\firefox\profiles\tcnpoxfh.default\

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-12-6 77004]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-9 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-9 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-9 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 74480]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-10 73728]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-9 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-9 297752]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-1 203280]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-10 111616]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]

S3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-10 30192]

 

=============== Created Last 30 ================

 

2010-02-26 22:15:44 0 d-----w- c:\program files\common files\PersSecurityUninstall

2010-02-26 22:14:44 0 d-----w- c:\program files\PersSecurity

2010-02-25 14:54:59 0 d-----w- c:\programdata\WindowsSearch

2010-02-24 02:17:52 268 ---ha-w- C:\sqmdata19.sqm

2010-02-24 02:17:52 244 ---ha-w- C:\sqmnoopt19.sqm

2010-02-23 20:59:23 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-02-23 20:59:22 471552 ----a-w- c:\windows\system32\secproc.dll

2010-02-23 20:59:17 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-02-23 20:59:15 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-02-23 20:59:15 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-02-23 20:59:15 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-02-23 20:59:15 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-02-23 20:59:15 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-02-23 20:59:15 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-02-23 20:36:01 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-02-23 20:36:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-02-23 20:36:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-02-23 20:34:14 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-12 02:19:44 268 ---ha-w- C:\sqmdata18.sqm

2010-02-12 02:19:44 244 ---ha-w- C:\sqmnoopt18.sqm

2010-02-10 13:32:22 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-10 13:32:21 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-10 13:32:09 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-02-10 13:32:09 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-10 13:32:00 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-10 13:32:00 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-10 13:31:48 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-02-10 13:31:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2010-02-10 13:30:32 1314816 ----a-w- c:\windows\system32\quartz.dll

2010-02-10 13:30:31 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-02-10 13:30:31 22528 ----a-w- c:\windows\system32\msyuv.dll

2010-02-10 13:30:31 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2010-02-10 13:30:30 82944 ----a-w- c:\windows\system32\mciavi32.dll

2010-02-10 13:30:30 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-02-10 13:30:30 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-02-10 13:30:29 91136 ----a-w- c:\windows\system32\avifil32.dll

2010-02-10 13:30:29 123904 ----a-w- c:\windows\system32\msvfw32.dll

2010-02-06 17:22:22 0 d-----w- c:\users\annelie\appdata\roaming\Birdstep Technology

2010-02-06 17:21:34 0 d-----w- c:\programdata\Birdstep Technology

2010-02-06 17:20:14 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys

2010-02-06 17:20:14 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2010-02-06 17:20:14 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2010-02-06 17:20:14 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys

2010-02-06 17:20:14 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2010-02-06 17:19:51 71253 ----a-w- c:\windows\Huawei ModemsUninstall.exe

2010-02-06 17:19:51 0 d-----w- c:\program files\Huawei Modems

2010-02-06 17:19:38 0 d-----w- c:\program files\3

 

==================== Find3M ====================

 

2010-03-02 21:05:55 597836 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-02 21:05:55 117416 ----a-w- c:\windows\system32\perfc01D.dat

2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-06 17:20:14 51200 ----a-w- c:\windows\inf\infpub.dat

2010-02-06 17:20:14 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-02-06 17:20:14 143360 ----a-w- c:\windows\inf\infstor.dat

2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-11-18 02:19:19 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-09-06 15:01:35 174 --sha-w- c:\program files\desktop.ini

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2008-04-10 16:16:48 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 22:15:02,87 ===============

Attach.txt

[Cecilia]

Ladda ner Malwarebytes Anti-Malware (MBAM) från:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

Om programmet meddelar att det skulle vilja starta om datorn så gör inte det.

 

När programmet startar så välj "Utför fullständig skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

Spara Security Check by screen317 på Skrivbordet.

http://screen317.spywareinfoforum.org/SecurityCheck.exe

 

Kör Security Check (i Vista högerklicka och Kör som administratör).

 

När det är klart så kommer en loggfil upp i Anteckningar, checkup.txt, klistra in den i ditt svar.

[Smaragd]

här kommer loggen från mbam:

 

Malwarebytes' Anti-Malware 1.44

Databasversion: 3815

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

 

2010-03-03 17:35:34

mbam-log-2010-03-03 (17-35-34).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|)

Antal skannade objekt: 263939

Förfluten tid: 1 hour(s), 43 minute(s), 19 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 2

Infekterade registervärden: 1

Infekterade registerdataposter: 1

Infekterade mappar: 3

Infekterade filer: 17

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PersSecurity (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\perssecurity (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Infekterade mappar:

C:\Program Files\PersSecurity (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\PersSecurityUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\Users\Annelie\AppData\Local\Mozilla\Firefox\Profiles\tcnpoxfh.default\Cache\1C5CD6C3d01 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Annelie\Downloads\Setup_364s1(3).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Annelie\Downloads\Setup_364s1(4).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Annelie\Downloads\Setup_364s1(5).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Annelie\Downloads\Setup_364s1(6).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Annelie\Downloads\Setup_364s1(7).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Annelie\Downloads\Setup_364s1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\PersSecurityUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Computer Scan.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Help.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Personal Security.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Registration.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Security Center.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Settings.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\PersSecurity\Update.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\Users\Annelie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PersSecurity.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

C:\Users\Annelie\Desktop\Personal Security.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully.

 

 

här kommer loggen från security check:

 

Results of screen317's Security Check version 0.99.1

Windows Vista Service Pack 2 (UAC is disabled!)

``````````````````````````````

Antivirus/Firewall Check:

AVG Free 8.5

WMIC entry does not exist for antivirus; attempting automatic update.

``````````````````````````````

Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition

McAfee SiteAdvisor

Java 6 Update 15

Java SE Runtime Environment 6

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 8.1.3

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSASCui.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

`````````End of Log```````````

[Cecilia]

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows

Sätt på UAC här:

Kontrollpanelen - Säkerhetscenter - Andra säkerhetsinställningar

 

Du har en del gamla programversioner med säkerhetshål som gör att datorn kan infekteras bara genom att man besöker en skadlig eller hackad webbsida.

 

Installera en ny Java på http://www.java.com/sv/ och avinstallera därefter:

Java™ 6 Update 15 (om den finns kvar)

Java™ SE Runtime Environment 6

Ha ingen webbläsare igång under avinstallationen.

 

Avinstallera också Adobe Reader 8.1.3 och hämta den senaste versionen på http://get.adobe.com/reader/

 

Starta sedan om datorn och klistra in nya DDS-loggar för en kontroll av om något är kvar. Berätta också hur datorn fungerar nu.

[Smaragd]

Här kommer ny DDS log.

Datorn verkar fungera hyggligt men jag kan inte starta aktivitetshanteraren.

Windows säger att den avaktiverats av administratören

 

 

DDS (Ver_09-12-01.01) - NTFSx86

Run by Annelie at 18:33:18,19 on 2010-03-03

Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2037.935 [GMT 1:00]

 

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\aestsrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\STacSV.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\DRIVERS\xaudio.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\System32\bcmwltry.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Annelie\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/webhp?sourceid=navclient&hl=sv&ie=UTF-8

uWindow Title = Internet Explorer erhållet från Dell

mDefault_Page_URL = hxxp://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=1080410

uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: &Security Update: {6551001f-a07b-40b1-8f55-b44bf35a42a6} - c:\windows\system32\win32extension.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRunOnce: [uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

uPolicies-system: DisableTaskMgr = 0

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldsv-se.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {C8CE8EAB-8B03-484B-B348-A2442D38E7AF} - hxxp://download.intermezzon.com/3.3/designerplayer.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GOEC62~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\annelie\appdata\roaming\mozilla\firefox\profiles\tcnpoxfh.default\

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-12-6 77004]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-9 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-9 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-9 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 74480]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-10 73728]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-9 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-9 297752]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-1 203280]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-10 111616]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-14 135664]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]

S3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-10 30192]

 

=============== Created Last 30 ================

 

2010-03-03 17:13:23 0 d-----w- c:\programdata\NOS

2010-03-03 17:10:41 411368 ----a-w- c:\windows\system32\RENC976.tmp

2010-03-03 17:08:47 0 d-----w- c:\programdata\Sun

2010-03-02 22:12:25 0 d-----w- c:\users\annelie\appdata\roaming\Malwarebytes

2010-03-02 22:12:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-02 22:12:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-02 22:12:18 0 d-----w- c:\programdata\Malwarebytes

2010-03-02 22:12:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-25 14:54:59 0 d-----w- c:\programdata\WindowsSearch

2010-02-24 02:17:52 268 ---ha-w- C:\sqmdata19.sqm

2010-02-24 02:17:52 244 ---ha-w- C:\sqmnoopt19.sqm

2010-02-23 20:59:23 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-02-23 20:59:22 471552 ----a-w- c:\windows\system32\secproc.dll

2010-02-23 20:59:17 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-02-23 20:59:15 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-02-23 20:59:15 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-02-23 20:59:15 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-02-23 20:59:15 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-02-23 20:59:15 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-02-23 20:59:15 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-02-23 20:36:01 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-02-23 20:36:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-02-23 20:36:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-02-23 20:34:14 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-12 02:19:44 268 ---ha-w- C:\sqmdata18.sqm

2010-02-12 02:19:44 244 ---ha-w- C:\sqmnoopt18.sqm

2010-02-10 13:32:22 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-10 13:32:21 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-10 13:32:09 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-02-10 13:32:09 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-10 13:32:00 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-10 13:32:00 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-10 13:31:48 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-02-10 13:31:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2010-02-10 13:30:32 1314816 ----a-w- c:\windows\system32\quartz.dll

2010-02-10 13:30:31 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-02-10 13:30:31 22528 ----a-w- c:\windows\system32\msyuv.dll

2010-02-10 13:30:31 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2010-02-10 13:30:30 82944 ----a-w- c:\windows\system32\mciavi32.dll

2010-02-10 13:30:30 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-02-10 13:30:30 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-02-10 13:30:29 91136 ----a-w- c:\windows\system32\avifil32.dll

2010-02-10 13:30:29 123904 ----a-w- c:\windows\system32\msvfw32.dll

2010-02-06 17:22:22 0 d-----w- c:\users\annelie\appdata\roaming\Birdstep Technology

2010-02-06 17:21:34 0 d-----w- c:\programdata\Birdstep Technology

2010-02-06 17:20:14 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys

2010-02-06 17:20:14 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2010-02-06 17:20:14 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2010-02-06 17:20:14 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys

2010-02-06 17:20:14 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2010-02-06 17:19:51 71253 ----a-w- c:\windows\Huawei ModemsUninstall.exe

2010-02-06 17:19:51 0 d-----w- c:\program files\Huawei Modems

2010-02-06 17:19:38 0 d-----w- c:\program files\3

 

==================== Find3M ====================

 

2010-03-03 17:07:39 597836 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-03 17:07:39 117416 ----a-w- c:\windows\system32\perfc01D.dat

2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-06 17:20:14 51200 ----a-w- c:\windows\inf\infpub.dat

2010-02-06 17:20:14 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-02-06 17:20:14 143360 ----a-w- c:\windows\inf\infstor.dat

2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-17 16:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-18 02:19:19 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-09-06 15:01:35 174 --sha-w- c:\program files\desktop.ini

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2008-04-10 16:16:48 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 18:35:47,77 ===============

Attach.txt

[Smaragd]

hittade nya problem.

 

Datorn går inte att stänga av.Försöker man stänga av den så startar den om varje gång.

Enda sättet är att ta bort batteriet (bärbar dator) och dra ur elsladden.

 

När datorn startade om så startade Modzilla Firefox automatiskt och en varning om att datorn var osäker samt att jag borde installer och scanna med Personal Security kom upp på skärmen.

Jag valde att avbryta och att stänga Firefox. Kan inte se att Personal Security kom in igen.

 

Forfarande har aktivitetshanteraren inaktiverats av administratören.

[Cecilia]

Då är det bäst att du får köra ComboFix. Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[Smaragd]

Innan jag körde ComboFix så avinstallerade jag Firefox och AVG Antivirus Free. Varje gång Firefox startades så startades 2 flikar upp. Den ena ville uppgradera AVG och den andra uppmanade mig att ladda ner Personal security och en automatisk scanning startade. Jag fann inget sätt att ta bort detta så jag avinstallerade därför båda programmen. Istället installerade jag Internet Security 2010 som jag hade en ledig licens till liggande. Efter uppgradering och en snabbgenomsökning med Norton så följde jag dina instruktioner med ComboFix. Så här kommer loggen.

 

ComboFix 10-03-03.03 - Annelie 2010-03-03 20:45:00.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2037.1080 [GMT 1:00]

Körs från: c:\users\Annelie\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1152125842-2989970185-2137152828-500

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-2596825606-15655415-1685107035-500

c:\windows\system32\oem6.inf

c:\windows\system32\stacsv.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_STacSV

 

 

(((((((((((((((((((((((( Filer Skapade från 2010-02-03 till 2010-03-03 ))))))))))))))))))))))))))))))

.

 

2010-03-03 19:54 . 2010-03-03 20:02 -------- d-----w- c:\users\Annelie\AppData\Local\temp

2010-03-03 19:54 . 2010-03-03 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-03-03 19:12 . 2010-03-03 19:11 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-03 19:11 . 2010-03-03 19:12 -------- d-----w- c:\program files\Symantec

2010-03-03 19:10 . 2010-03-03 19:12 -------- d-----w- c:\windows\system32\drivers\NIS

2010-03-03 19:02 . 2010-03-03 19:57 -------- d-----w- c:\program files\NortonInstaller

2010-03-03 15:04 . 2010-03-03 16:20 -------- d-----w- c:\users\Annelie\AppData\Local\Microsoft Games

2010-03-02 22:12 . 2010-03-02 22:12 -------- d-----w- c:\users\Annelie\AppData\Roaming\Malwarebytes

2010-03-02 22:12 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-02 22:12 . 2010-03-02 22:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-02 22:12 . 2010-03-02 22:12 -------- d-----w- c:\programdata\Malwarebytes

2010-03-02 22:12 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-25 14:54 . 2010-02-25 14:54 -------- d-----w- c:\programdata\WindowsSearch

2010-02-23 20:59 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-02-23 20:59 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll

2010-02-23 20:59 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-02-23 20:59 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-02-23 20:59 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-02-23 20:59 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-02-23 20:59 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-02-23 20:59 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-02-23 20:59 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-02-23 20:36 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-02-23 20:36 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-02-23 20:36 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-02-23 20:34 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-10 13:32 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-10 13:32 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-10 13:32 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-02-10 13:32 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-10 13:32 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-10 13:32 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-10 13:31 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-02-10 13:31 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2010-02-10 13:30 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll

2010-02-10 13:30 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2010-02-10 13:30 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll

2010-02-10 13:30 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-02-10 13:30 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-02-10 13:30 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll

2010-02-10 13:30 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-02-10 13:30 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll

2010-02-10 13:30 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll

2010-02-06 17:22 . 2010-02-06 17:22 -------- d-----w- c:\users\Annelie\AppData\Roaming\Birdstep Technology

2010-02-06 17:21 . 2010-02-06 17:22 -------- d-----w- c:\programdata\Birdstep Technology

2010-02-06 17:20 . 2009-09-14 18:05 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys

2010-02-06 17:20 . 2009-09-14 18:05 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2010-02-06 17:20 . 2009-09-14 18:05 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2010-02-06 17:20 . 2009-09-14 18:05 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys

2010-02-06 17:20 . 2009-09-14 18:05 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2010-02-06 17:19 . 2010-02-06 17:19 -------- d-----w- c:\program files\Huawei Modems

2010-02-06 17:19 . 2010-02-06 17:19 71253 ----a-w- c:\windows\Huawei ModemsUninstall.exe

2010-02-06 17:19 . 2010-02-06 17:19 -------- d-----w- c:\program files\3

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-03 19:57 . 2008-04-10 08:43 -------- d-----w- c:\program files\Google

2010-03-03 19:18 . 2008-04-10 08:50 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-03-03 19:16 . 2010-03-03 19:16 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100303.005\naveng.sys

2010-03-03 19:16 . 2010-03-03 19:16 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100303.005\eeCtrl.sys

2010-03-03 19:16 . 2010-03-03 19:16 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100303.005\navex15.sys

2010-03-03 19:16 . 2010-03-03 19:16 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100303.005\eraser.sys

2010-03-03 19:16 . 2010-03-03 19:16 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100303.005\navex32a.dll

2010-03-03 19:16 . 2010-03-03 19:16 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100303.005\cceraser.dll

2010-03-03 19:16 . 2010-03-03 19:16 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100303.005\ecmsvr32.dll

2010-03-03 19:16 . 2010-03-03 19:16 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100303.005\naveng32.dll

2010-03-03 19:11 . 2010-03-03 19:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-03-03 19:11 . 2010-03-03 19:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-03-03 19:10 . 2009-01-06 17:42 -------- d-----w- c:\program files\Norton Internet Security

2010-03-03 19:09 . 2009-01-06 17:35 -------- d-----w- c:\programdata\Norton

2010-03-03 19:05 . 2006-11-21 05:03 597836 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-03 19:05 . 2006-11-21 05:03 117416 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-03 19:02 . 2009-01-06 17:34 -------- d-----w- c:\programdata\NortonInstaller

2010-03-03 18:42 . 2009-01-06 17:44 -------- d-----w- c:\programdata\Symantec

2010-03-03 17:53 . 2008-04-18 17:47 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-03-03 17:27 . 2008-04-10 08:31 -------- d-----w- c:\program files\Common Files\Java

2010-03-03 17:26 . 2008-04-10 08:31 -------- d-----w- c:\program files\Java

2010-03-03 17:17 . 2008-04-10 08:43 -------- d-----w- c:\program files\Common Files\Adobe

2010-02-26 23:36 . 2009-02-02 22:16 -------- d-----w- c:\users\Annelie\AppData\Roaming\Spotify

2010-02-24 08:16 . 2009-10-03 09:32 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-24 02:22 . 2008-04-16 15:52 59464 ----a-w- c:\users\Annelie\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-12 02:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-02-11 18:44 . 2010-02-11 18:44 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHRules.dll

2010-02-11 18:44 . 2010-02-11 18:44 1406352 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHEngine.dll

2010-02-11 18:44 . 2010-02-11 18:44 676912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys

2010-02-11 18:44 . 2010-02-11 18:44 536112 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys

2010-02-11 18:44 . 2010-02-11 18:44 611216 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\bbRGen.dll

2010-02-06 17:19 . 2008-04-10 08:31 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-15 18:12 . 2008-04-10 08:45 -------- d-----w- c:\programdata\CyberLink

2010-01-06 15:38 . 2010-02-23 20:36 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll

2010-01-06 15:38 . 2010-02-23 20:36 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll

2010-01-06 15:38 . 2010-02-23 20:36 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll

2010-01-06 15:38 . 2010-02-23 20:36 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll

2010-01-02 06:38 . 2010-01-22 13:12 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-22 13:12 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-22 13:12 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-22 13:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-30 09:50 . 2009-12-30 09:50 8677824 ----a-w- c:\users\Annelie\AppData\Roaming\Azureus\tmp\AZU4537348253518427375.tmp\Vuze_4.3.0.6b_win32.exe

2009-12-21 22:03 . 2009-12-21 22:03 378632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-17 16:14 . 2009-10-10 11:06 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-10 03:16 . 2010-03-03 19:12 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll

2009-12-08 02:20 . 2010-03-03 19:10 965488 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll

2008-04-10 16:16 . 2008-04-10 16:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-03 2012912]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-18 113664]

BankID s„kerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2009-10-20 939920]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-10 50688]

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-5 323646]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-08-09 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-07 14:55 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=""

"FirewallOverride"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:17,ba,0b,26,cc,54,ca,01

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2596825606-15655415-1685107035-1000]

"EnableNotificationsRef"=dword:00000001

 

R0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [2008-12-06 77004]

R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1105000.07F\symds.sys [2010-03-03 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1105000.07F\symefa.sys [2010-03-03 172592]

R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [2010-02-11 536112]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1105000.07F\cchpx86.sys [2010-03-03 501888]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100224.002\IDSvix86.sys [2010-03-03 343088]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-29 66632]

R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1105000.07F\ironx86.sys [2010-03-03 116272]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1105000.07F\symtdiv.sys [2010-03-03 340016]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-04-10 73728]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-01 203280]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [2010-03-03 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-03-03 102448]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-04-10 111616]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 12872]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 10:12]

 

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 10:12]

 

2008-05-14 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]

 

2010-03-03 c:\windows\Tasks\Norton Internet Security - Kör fullständig systemsökning - Annelie.job

- c:\program files\Norton Internet Security\Engine\17.5.0.127\navw32.exe [2010-03-03 06:08]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/webhp?sourceid=navclient&hl=sv&ie=UTF-8

IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: {C8CE8EAB-8B03-484B-B348-A2442D38E7AF} - hxxp://download.intermezzon.com/3.3/designerplayer.cab

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

 

 

 

**************************************************************************

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'Explorer.exe'(4372)

c:\program files\McAfee\SiteAdvisor\saHook.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\WLANExt.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\windows\system32\rundll32.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\conime.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Sluttid: 2010-03-03 21:09:38 - datorn startades om.

ComboFix-quarantined-files.txt 2010-03-03 20:09

 

Före genomsökningen: 163 768 926 208 byte ledigt

Efter genomsökningen: 164 564 426 752 byte ledigt

 

- - End Of File - - B935F54A96856BD646F870A9EA3F4265

[Smaragd]

Ett litet tillägg.

Nu startar aktivitetshanteraren igen.

Dock är det fortfarande så att det inte går att stänga av datorn. Det blir alltid en omstart.

[Cecilia]

Hittade Norton något vid genomsökningen?

[Smaragd]

Nej Norton hittade ingenting. Men jag körde ingen fullständig genomsökning

[Smaragd]

Rättelse: Norton hittade en hel massa internet cookies förstås. Dessa tog jag bort.

[Cecilia]

Bra att Personal Security verkar vara borta!

 

Cookies spelar ju ingen roll för datorn så det var ju bra att inget hittades även om det inte var en komplett genomsökning.

 

Avinstallera Winamp Toolbar för Firefox och för Internet Explorer.

 

Stäng av automatiska omstarter vid systemfel:

Kontrollpanelen (klassisk vy) - System - Avancerade ... till vänster - fliken Avancerat - Start och återställning Inställningar

så får du ut en blåskärm med felmeddelande om omstarterna vid avstängningen beror på systemfel.

 

Den viktiga informationen på blåskärmen är följande:

Högt upp ett felmeddelande med stora bokstäver (t ex BAD_POOL)

Långt ner rad med mest siffror (STOP...)

Under det ibland ett filnamn

[Smaragd]

WinAmp toolbar för Internet Explorer gick bra att avinstallera men för Firefox har jag inte tillräckliga administratörsrättigheter?

 

Jag har inte stängt av automatiska omstarter ännu. Skall jag göra det ändå?

[Cecilia]

Det hänger nog ihop med att du avinstallerade Firefox så bry dig inte om det så länge. Om du vill installera Firefox igen så kan du ju tänka på det.

 

Eftersom du har omstarter så stäng av automatisk omstart vid systemfel.

[Smaragd]

Nu gick det att stänga av datorn men jag fick ingen blåskärm

[Cecilia]

Då kanske det var ett tillfälligt problem som uppstod i samband med rensningarna.

 

Nu återstår bara en sista städomgång:

 

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade. Du gör det genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Skapa sedan en ny punkt.

Systemåterställningsfunktionen slår man av och på här:

XP: Högerklick på Den här datorn - Egenskaper - Systemåterställning

Vista: Högerklick på Datorn - Egenskaper - Avancerade systeminställningar - Systemskydd

Avbocka resp. sätt tillbaks bockar för alla hårddiskar (kom ihåg hur det såg ut innan)

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn. Om något fix-program är kvar efter det så fråga hur du ska ta bort det.

 

3. Ta bort alla tillfälliga filer genom att ladda ner ATF-Cleaner på Skrivbordet:

http://www.atribune.org/ccount/click.php?id=1

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator. http://sites.google.com/site/ceblstockholm/home

[Smaragd]

Malwarebytes och SecurityCheck avinstallerades inte med OTC

[Cecilia]

SecurityCheck-filen är bara att ta bort och MBAM är bra att behålla eftersom det är ett mycket bra antispionprogram.

 

Tack för poängen!

[Smaragd]

Ok, tack för all hjälp.

Skall jag återställa det där med automatisk omstart vid systemfel?

[Smaragd]

HUr gör jag med ATF Cleaner?

[Cecilia]

Ok, tack för all hjälp.

Skall jag återställa det där med automatisk omstart vid systemfel?

Du kan lämna det som det är nu. Det kan vara bra att få ut en blåskärm om det blir något annat problem med datorn.

 

HUr gör jag med ATF Cleaner?

Du kan ta bort den programfilen.

[Smaragd]

Tack igen för all hjälp. Nu stänger vi tråden