Just nu i M3-nätverket
Gå till innehåll
Mackey

Oönskad extra reklam på webbsidor

Rekommendera Poster

Hej!

 

Jag får oönskad extrareklam på webbsidor, ibland som en banner övsrst på sidan och ibland som nya sidor.

 

Först kommer "Meddelande från webbsida" (bifogas) som jag måste stänga innan jag kan göra något annat och sedan kommer reklamen.

post-43407-1276425567,2_thumb.jpg

 

Bara störande, inte akut.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Även om det bara är reklamen du märker så kan det ju pågå annan aktivitet i bakgrunden. Det är ju inte precis resurskrävande att skicka ut lösenord till någon på internet.

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hej!

 

Jag får inte köra programmet dds.scr på datorn. Kan inte riktigt komma på varför.

Fins det något annat program jag kan köra istället.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Hej!

 

Jag får inte köra programmet dds.scr på datorn. Kan inte riktigt komma på varför.

Fins det något annat program jag kan köra istället.

 

Du är kanske bara "Användare" på datorn du sitter vid?

I så fall kan du säkert högerklicka på programikonen. Välj "Kör som Administratör..." och logga in med lösenordet för "Adminkontot". Om sådant finns?!

Redigerad av Stefan Eklinder

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hej!

 

Jag får inte köra programmet dds.scr på datorn. Kan inte riktigt komma på varför.

Fins det något annat program jag kan köra istället.

Kan du tänkas vara skadliga program som stoppar DDS, det händer då och då. Se om det här funkar:

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista/Windows 7 högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Testade att byta namn och filtyp på dds.scr till test.exe och då gick det bra.

Klistrar in loggfilen som Cecilia sa och bifogar den andra filen.

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by mald at 15:30:31,34 on 2010-06-19

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2038.946 [GMT 2:00]

 

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program\Symantec\Symantec Endpoint Protection\Smc.exe

svchost.exe

svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program\TAC\VPN Client\cvpnd.exe

C:\Program\Wave Systems Corp\Common\DataServer.exe

C:\Program\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

C:\WINDOWS\system32\DWRCS.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Citrix\ICA Client\ssonsvr.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program\CDBurnerXP\NMSAccessU.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\DWRCST.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program\Apoint\Apoint.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Garmin\gStart.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program\Citrix\ICA Client\PNAMAIN.EXE

C:\Program\Symantec\Backup Exec\DLO\DLOClientu.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\AcroTray.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Nokia\Nokia PC Suite 7\PcSync2.exe

C:\Program\Delade filer\Nokia\MPAPI\MPAPI3s.exe

C:\Program\TAC\VPN Client\vpngui.exe

C:\Program\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\PC Connectivity Solution\Transports\NclIrSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Documents and Settings\mald\Skrivbord\Slaskmapp\test.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://delphi.tac.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre1.6.0_05\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: flvpronetwork: {e541ba03-a817-206a-3875-da4c9d0cc650} - c:\windows\system32\wZ6DZFLN0YVn.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [gStart] c:\garmin\gStart.exe

uRun: [WMPNSCFG] c:\program\windows media player\WMPNSCFG.exe

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [sony Ericsson PC Suite] "c:\program\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon

uRun: [PC Suite Tray] "c:\program\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe

mRun: [Apoint] c:\program\apoint\Apoint.exe

mRun: [DVDLauncher] "c:\program\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program\dell\quickset\quickset.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [TacsInv] c:\windows\tacslilo.exe /nt

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [ccApp] "c:\program\delade filer\symantec shared\ccApp.exe"

mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1044-f000-ba7e-100000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\citrix~1.lnk - c:\windows\installer\{388c130b-0079-46b4-a0d5-dc2dd7a89a7b}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\embass~1.lnk - c:\program\wave systems corp\services manager\secure update\AutoUpdate.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\symant~1.lnk - c:\program\symantec\backup exec\dlo\DLOClientu.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\tacvpn~1.lnk - c:\program\tac\vpn client\vpngui.exe

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: Konvertera länkmål till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera länkmål till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera markering till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera markering till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera valda länkar till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Konvertera valda länkar till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.se/SnapfishActivia.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152101835723

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218720466980

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab

DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.ne.se/jsp/download/fonts/setup.exe

DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f009.mail.spray.se/app/uploader/FileUploader.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

 

============= SERVICES / DRIVERS ===============

 

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]

R2 ccEvtMgr;Symantec Event Manager;c:\program\delade filer\symantec shared\ccSvcHst.exe [2010-6-9 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program\delade filer\symantec shared\ccSvcHst.exe [2010-6-9 108392]

R2 DLOChangeJournalSvc;Symantec Backup Exec Desktop Agent Change Journal Reader;c:\program\symantec\backup exec\dlo\DLOChangeLogSvcu.exe [2009-11-25 472440]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-10 90112]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-9 1831024]

R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\delade filer\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-30 102448]

R3 NAVENG;NAVENG;c:\program\delade~1\symant~1\virusd~1\20100618.051\NAVENG.SYS [2010-6-19 85552]

R3 NAVEX15;NAVEX15;c:\program\delade~1\symant~1\virusd~1\20100618.051\NAVEX15.SYS [2010-6-19 1347504]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-20 27632]

R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-1-2 189792]

S1 mferkdk;VSCore mferkdk;\??\c:\program\mcafee\virusscan enterprise\mferkdk.sys --> c:\program\mcafee\virusscan enterprise\mferkdk.sys [?]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-1-29 135664]

S2 TacsLiloSrv;TacsLiloSrv;c:\windows\TacsLiloS.exe [2006-7-5 514048]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-4-22 23888]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-9-20 13224]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-20 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-20 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-20 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-20 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-20 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-20 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-20 115752]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-9-15 14336]

 

============== File Associations ===============

 

.scr=DWGTrueViewScriptFile

 

=============== Created Last 30 ================

 

2010-06-09 06:24:55 67472 ----a-w- c:\windows\system32\drivers\Teefer2.sys

2010-06-07 10:01:56 0 d-----w- c:\windows\ie8updates

2010-06-07 06:40:51 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-07 06:40:51 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-07 06:40:50 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-07 06:40:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-07 06:40:49 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-05 10:21:15 26 ----a-w- c:\windows\Zone.Identifier

2010-06-05 10:21:14 132608 ----a-w- c:\documents and settings\mald\infoblad postutskick inkl prov.doc

2010-05-31 22:05:52 0 d-sh--w- c:\documents and settings\mald\IECompatCache

2010-05-31 22:03:56 0 d-sh--w- c:\documents and settings\mald\PrivacIE

2010-05-31 22:01:16 0 d-sh--w- c:\documents and settings\mald\IETldCache

2010-05-31 21:55:36 0 dc-h--w- c:\windows\ie8

2010-05-31 19:35:45 398 ---ha-w- C:\aaw7boot.cmd

2010-05-31 18:15:26 0 d-----w- c:\program\Lavasoft

2010-05-23 14:54:56 120750 ----a-w- c:\windows\system32\-MC__-RlXFLCH-8.exe

2010-05-23 14:54:23 0 d-----w- c:\program\FLV Direct Player

 

==================== Find3M ====================

 

2010-06-15 14:45:13 85146 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-15 14:45:13 447712 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-10 09:38:15 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2010-06-09 06:30:34 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-06-09 06:30:34 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-06-09 06:30:34 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-06-09 06:30:34 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-06-09 06:24:54 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys

2010-05-18 03:27:10 1630208 ----a-w- c:\windows\system32\wZ6DZFLN0YVn.dll

 

============= FINISH: 15:30:46,82 ===============

Attach.txt

Redigerad av Cecilia
Tog bort log-taggar (från Log-knappen) eftersom de gjorde loggen oläslig /Cecilia, moderator

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

:thumbsup: En annan möjlig väg att komma vidare.

 

Så vitt jag kan förstå är det programmet:

2010-05-23 14:54:23 0 d-----w- c:\program\FLV Direct Player

som innehåller annonsvisningsfilerna. Avinstallera (med webbläsarna avstängda) FLV Direct Player.

 

Det är gamla Java-versioner med säkerhetshål i datorn. Installera en ny från http://www.java.com/sv/ och därefter avinstallera följande när inga webbläsare är igång:

Java 2 Runtime Environment, SE v1.4.2_03

Java™ 6 Update 3

Java™ 6 Update 5

 

Starta sedan om datorn och klistra in en ny DDS.txt så får vi se vad som är kvar.

 

Är det en företagsdator eftersom du har ett antivirusprogram som är avsett för företag?

Jag undrar eftersom det finns en del program som är olämpliga att använda i datorer med inställningar för företagsmiljö och andra som inte är gratis för företag.

Redigerad av Cecilia

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Då blev det så här.

 

Och ja, det är en företagsdator som används även privat. Jag tänkte inte på det.

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by mald at 4:17:47,43 on 2010-06-22

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2038.1391 [GMT 2:00]

 

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program\Symantec\Symantec Endpoint Protection\Smc.exe

svchost.exe

svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program\TAC\VPN Client\cvpnd.exe

C:\Program\Wave Systems Corp\Common\DataServer.exe

C:\Program\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

C:\WINDOWS\system32\DWRCS.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program\CDBurnerXP\NMSAccessU.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\system32\DWRCST.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program\Apoint\Apoint.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\windows\tacslilo.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Garmin\gStart.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program\Citrix\ICA Client\PNAMAIN.EXE

C:\Program\Symantec\Backup Exec\DLO\DLOClientu.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclIrSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Documents and Settings\mald\Skrivbord\Slaskmapp\test.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://delphi.tac.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: flvpronetwork: {e541ba03-a817-206a-3875-da4c9d0cc650} - c:\windows\system32\wZ6DZFLN0YVn.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [gStart] c:\garmin\gStart.exe

uRun: [WMPNSCFG] c:\program\windows media player\WMPNSCFG.exe

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [sony Ericsson PC Suite] "c:\program\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon

uRun: [PC Suite Tray] "c:\program\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

mRun: [Apoint] c:\program\apoint\Apoint.exe

mRun: [DVDLauncher] "c:\program\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program\dell\quickset\quickset.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [TacsInv] c:\windows\tacslilo.exe /nt

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [ccApp] "c:\program\delade filer\symantec shared\ccApp.exe"

mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1044-f000-ba7e-100000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\citrix~1.lnk - c:\windows\installer\{388c130b-0079-46b4-a0d5-dc2dd7a89a7b}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\embass~1.lnk - c:\program\wave systems corp\services manager\secure update\AutoUpdate.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\symant~1.lnk - c:\program\symantec\backup exec\dlo\DLOClientu.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\tacvpn~1.lnk - c:\program\tac\vpn client\vpngui.exe

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: Konvertera länkmål till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera länkmål till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera markering till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera markering till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera valda länkar till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Konvertera valda länkar till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.se/SnapfishActivia.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152101835723

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218720466980

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab

DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.ne.se/jsp/download/fonts/setup.exe

DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f009.mail.spray.se/app/uploader/FileUploader.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

 

============= SERVICES / DRIVERS ===============

 

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]

R2 ccEvtMgr;Symantec Event Manager;c:\program\delade filer\symantec shared\ccSvcHst.exe [2010-6-9 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program\delade filer\symantec shared\ccSvcHst.exe [2010-6-9 108392]

R2 DLOChangeJournalSvc;Symantec Backup Exec Desktop Agent Change Journal Reader;c:\program\symantec\backup exec\dlo\DLOChangeLogSvcu.exe [2009-11-25 472440]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-10 90112]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-9 1831024]

R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\delade filer\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-30 102448]

R3 NAVENG;NAVENG;c:\program\delade~1\symant~1\virusd~1\20100621.022\NAVENG.SYS [2010-6-22 85552]

R3 NAVEX15;NAVEX15;c:\program\delade~1\symant~1\virusd~1\20100621.022\NAVEX15.SYS [2010-6-22 1347504]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-20 27632]

S1 mferkdk;VSCore mferkdk;\??\c:\program\mcafee\virusscan enterprise\mferkdk.sys --> c:\program\mcafee\virusscan enterprise\mferkdk.sys [?]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-1-29 135664]

S2 TacsLiloSrv;TacsLiloSrv;c:\windows\TacsLiloS.exe [2006-7-5 514048]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-4-22 23888]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-9-20 13224]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-20 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-20 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-20 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-20 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-20 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-20 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-20 115752]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-9-15 14336]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-1-2 189792]

 

============== File Associations ===============

 

.scr=DWGTrueViewScriptFile

 

=============== Created Last 30 ================

 

2010-06-22 02:15:06 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-22 02:15:06 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-22 02:07:28 0 d-----w- C:\tacsinvtmp

2010-06-09 06:24:55 67472 ----a-w- c:\windows\system32\drivers\Teefer2.sys

2010-06-07 10:01:56 0 d-----w- c:\windows\ie8updates

2010-06-07 06:40:51 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-07 06:40:51 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-07 06:40:50 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-07 06:40:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-07 06:40:49 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-05 10:21:15 26 ----a-w- c:\windows\Zone.Identifier

2010-06-05 10:21:14 132608 ----a-w- c:\documents and settings\mald\infoblad postutskick inkl prov.doc

2010-05-31 22:05:52 0 d-sh--w- c:\documents and settings\mald\IECompatCache

2010-05-31 22:03:56 0 d-sh--w- c:\documents and settings\mald\PrivacIE

2010-05-31 22:01:16 0 d-sh--w- c:\documents and settings\mald\IETldCache

2010-05-31 21:55:36 0 dc-h--w- c:\windows\ie8

2010-05-31 19:35:45 398 ---ha-w- C:\aaw7boot.cmd

2010-05-31 18:15:26 0 d-----w- c:\program\Lavasoft

2010-05-23 14:54:56 120750 ----a-w- c:\windows\system32\-MC__-RlXFLCH-8.exe

 

==================== Find3M ====================

 

2010-06-15 14:45:13 85146 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-15 14:45:13 447712 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-10 09:38:15 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2010-06-09 06:30:34 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-06-09 06:30:34 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-06-09 06:30:34 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-06-09 06:30:34 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-06-09 06:24:54 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys

2010-05-18 03:27:10 1630208 ----a-w- c:\windows\system32\wZ6DZFLN0YVn.dll

 

============= FINISH: 4:18:44,09 ===============

Redigerad av Cecilia
Tog bort log-taggar (från Log-knappen) eftersom de gjorde loggen oläslig /Cecilia, moderator

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

c:\windows\tacslilo.exe

c:\windows\TacsLiloS.exe

c:\windows\system32\wZ6DZFLN0YVn.dll

 

Om du vet vad det är för program behöver du förstås inte kontrollera dem på virustotal-sidan.

 

Start - Kör

skriv in:

sc delete vsdatant

 

Webbläsartillägget är fortfarande kvar. Ladda ner från en av länkarna:

http://test.trendsecure.com/portal/en-US/_download/HJTInstall.exe (bästa alternativet)

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

http://test.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Här kommer länlken till wZ6DZFLN0YVn.dll

 

http://www.virustotal.com/sv/analisis/4d4d20e2fd914593daadd4f7223f78229b38cf9417c80324e773e3c7c2fe0306-1277197256

 

De två exe-filerna har med jobbet att göra.

 

Och loggfilen...

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:21:50, on 2010-06-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\TAC\VPN Client\cvpnd.exe

C:\Program\Wave Systems Corp\Common\DataServer.exe

C:\Program\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

C:\WINDOWS\system32\DWRCS.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program\CDBurnerXP\NMSAccessU.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

C:\Program\Citrix\ICA Client\ssonsvr.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\DWRCST.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program\Apoint\Apoint.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Apoint\Apntex.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Garmin\gStart.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program\Citrix\ICA Client\PNAMAIN.EXE

C:\Program\Symantec\Backup Exec\DLO\DLOClientu.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclIrSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://delphi.tac.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: flvpronetwork - {e541ba03-a817-206a-3875-da4c9d0cc650} - C:\WINDOWS\system32\wZ6DZFLN0YVn.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [TacsInv] c:\windows\tacslilo.exe /nt

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Citrix XenApp.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Symantec Backup Exec Desktop Agent.lnk = C:\Program\Symantec\Backup Exec\DLO\DLOClientu.exe

O4 - Global Startup: TAC VPN Client.lnk = C:\Program\TAC\VPN Client\vpngui.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera länkmål till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera valda länkar till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konvertera valda länkar till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://delphi.tac.com

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.se/SnapfishActivia.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152101835723

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218720466980

O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab

O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.ne.se/jsp/download/fonts/setup.exe

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.spray.se/app/uploader/FileUploader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = main.root.tac.com

O17 - HKLM\Software\..\Telephony: DomainName = main.root.tac.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = main.root.tac.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = main.root.tac.com

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program\TAC\VPN Client\cvpnd.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program\Wave Systems Corp\Common\DataServer.exe

O23 - Service: Symantec Backup Exec Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program\CDBurnerXP\NMSAccessU.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: ServiceLayer - Nokia - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: TacsLiloSrv - TAC Svenska AB - C:\WINDOWS\TacsLiloS.exe

O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

--

End of file - 14395 bytes

[/log]

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skanna med HijackThis och bocka för:

 

O2 - BHO: flvpronetwork - {e541ba03-a817-206a-3875-da4c9d0cc650} - C:\WINDOWS\system32\wZ6DZFLN0YVn.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Ta bort filen:

C:\WINDOWS\system32\wZ6DZFLN0YVn.dll

 

Starta om och så en ny DDS-logg.

Hur fungerar surfningen nu?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

DDS-loggen blev som nedan.

 

Filen jag skulle ta bort hittade jag inte, kan det vara så att Hijack This tog bort den?

 

Surfandet verkar funka bra, får inga "reklamerbjuddanden" direkt i alla fall. Jag har inte använt datorn så mycket de senste dagarna eftersom jag är sjuk.

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by mald at 15:49:00,50 on 2010-06-22

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2038.1421 [GMT 2:00]

 

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program\Symantec\Symantec Endpoint Protection\Smc.exe

svchost.exe

svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program\TAC\VPN Client\cvpnd.exe

C:\Program\Wave Systems Corp\Common\DataServer.exe

C:\Program\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

C:\WINDOWS\system32\DWRCS.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program\CDBurnerXP\NMSAccessU.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\DWRCST.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program\Apoint\Apoint.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\windows\tacslilo.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Apoint\HidFind.exe

C:\Program\Apoint\Apntex.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Garmin\gStart.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe

C:\Program\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program\Citrix\ICA Client\PNAMAIN.EXE

C:\Program\Symantec\Backup Exec\DLO\DLOClientu.exe

C:\Documents and Settings\mald\Skrivbord\Slaskmapp\test.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclIrSrv.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://delphi.tac.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [gStart] c:\garmin\gStart.exe

uRun: [WMPNSCFG] c:\program\windows media player\WMPNSCFG.exe

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background

uRun: [sony Ericsson PC Suite] "c:\program\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon

uRun: [PC Suite Tray] "c:\program\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

mRun: [Apoint] c:\program\apoint\Apoint.exe

mRun: [DVDLauncher] "c:\program\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Dell QuickSet] c:\program\dell\quickset\quickset.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [TacsInv] c:\windows\tacslilo.exe /nt

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [ccApp] "c:\program\delade filer\symantec shared\ccApp.exe"

mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1044-f000-ba7e-100000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\citrix~1.lnk - c:\windows\installer\{388c130b-0079-46b4-a0d5-dc2dd7a89a7b}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\embass~1.lnk - c:\program\wave systems corp\services manager\secure update\AutoUpdate.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\symant~1.lnk - c:\program\symantec\backup exec\dlo\DLOClientu.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\tacvpn~1.lnk - c:\program\tac\vpn client\vpngui.exe

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: Konvertera länkmål till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera länkmål till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera markering till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera markering till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera valda länkar till Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Konvertera valda länkar till befintlig PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.se/SnapfishActivia.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152101835723

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218720466980

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab

DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.ne.se/jsp/download/fonts/setup.exe

DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f009.mail.spray.se/app/uploader/FileUploader.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

 

============= SERVICES / DRIVERS ===============

 

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]

R2 ccEvtMgr;Symantec Event Manager;c:\program\delade filer\symantec shared\ccSvcHst.exe [2010-6-9 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program\delade filer\symantec shared\ccSvcHst.exe [2010-6-9 108392]

R2 DLOChangeJournalSvc;Symantec Backup Exec Desktop Agent Change Journal Reader;c:\program\symantec\backup exec\dlo\DLOChangeLogSvcu.exe [2009-11-25 472440]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-10 90112]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-9 1831024]

R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 2944]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\delade filer\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-30 102448]

R3 NAVENG;NAVENG;c:\program\delade~1\symant~1\virusd~1\20100621.038\NAVENG.SYS [2010-6-22 85552]

R3 NAVEX15;NAVEX15;c:\program\delade~1\symant~1\virusd~1\20100621.038\NAVEX15.SYS [2010-6-22 1347504]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-20 27632]

S1 mferkdk;VSCore mferkdk;\??\c:\program\mcafee\virusscan enterprise\mferkdk.sys --> c:\program\mcafee\virusscan enterprise\mferkdk.sys [?]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-1-29 135664]

S2 TacsLiloSrv;TacsLiloSrv;c:\windows\TacsLiloS.exe [2006-7-5 514048]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-4-22 23888]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-9-20 13224]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-20 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-20 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-20 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-20 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-20 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-20 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-20 115752]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-9-15 14336]

 

============== File Associations ===============

 

.scr=DWGTrueViewScriptFile

 

=============== Created Last 30 ================

 

2010-06-22 09:20:26 0 d-----w- c:\program\Trend Micro

2010-06-22 02:15:06 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-22 02:15:06 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-22 02:07:28 0 d-----w- C:\tacsinvtmp

2010-06-09 06:24:55 67472 ----a-w- c:\windows\system32\drivers\Teefer2.sys

2010-06-07 10:01:56 0 d-----w- c:\windows\ie8updates

2010-06-07 06:40:51 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-07 06:40:51 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-07 06:40:50 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-07 06:40:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-07 06:40:49 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-05 10:21:15 26 ----a-w- c:\windows\Zone.Identifier

2010-06-05 10:21:14 132608 ----a-w- c:\documents and settings\mald\infoblad postutskick inkl prov.doc

2010-05-31 22:05:52 0 d-sh--w- c:\documents and settings\mald\IECompatCache

2010-05-31 22:03:56 0 d-sh--w- c:\documents and settings\mald\PrivacIE

2010-05-31 22:01:16 0 d-sh--w- c:\documents and settings\mald\IETldCache

2010-05-31 21:55:36 0 dc-h--w- c:\windows\ie8

2010-05-31 19:35:45 398 ---ha-w- C:\aaw7boot.cmd

2010-05-31 18:15:26 0 d-----w- c:\program\Lavasoft

2010-05-23 14:54:56 120750 ----a-w- c:\windows\system32\-MC__-RlXFLCH-8.exe

 

==================== Find3M ====================

 

2010-06-15 14:45:13 85146 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-15 14:45:13 447712 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-10 09:38:15 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2010-06-09 06:30:34 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-06-09 06:30:34 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-06-09 06:30:34 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-06-09 06:30:34 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-06-09 06:24:54 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys

 

============= FINISH: 15:50:36,59 ===============

Redigerad av Cecilia
Tog bort log-taggar (från Log-knappen) eftersom de gjorde loggen oläslig /Cecilia, moderator

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Filen är borta enligt loggen så troligen lyckades HijackThis med att ta bort filen också.

 

Nu återstår bara en sista städomgång:

 

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7:

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

 

2. Ta bort DDS-programmet och dess loggar..

 

3. Ta bort alla tillfälliga filer genom att ladda ner ATF-Cleaner på Skrivbordet:

http://www.atribune.org/ccount/click.php?id=1

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hej Cecilia!

 

Tack för all hjälp. Allt verkar funka bra nu och jag får ingen reklam (förutom den som finns på alla webbsidor förstås).

 

Du är en hjältinna!

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...