Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Misstänkt hackat hotmail-konto

Giddar

Startad av Giddar,
i Virus, skadliga program & botemedel

Rekommendera Poster

Giddar

Giddar

Postad
Postad

Hej!

 

Bakgrund:

Igår så skickades ett flertal olika epostmeddelanden från mitt hotmailkonto till några/alla (osäker på hur många det skickades till, men sex meddelanden skickades och det var flera mottagere i alla). När jag upptäckte detta efter svar från några av dem så skickade jag ett meddelande till alla och varnade dem för att klicka på länken som meddelandet bestod av. Sen bytte jag lösenord och la det åt sidan tills idag.

 

Idag så har jag sökt lite på detta forum och sökt igenom datorn på olika sätt.

1. Jag körde Malwarebytes' Anti-Malware och den hittade ingenting.

2. Sen körde jag ComboFix

3. Sen körde jag DDS

 

Det jag undrar nu är (förutom att jag ska byta fler lösenord) om jag borde vidta några ytterligare åtgärder?

 

Tack så jättemycket på förhand!

MVH /Per Jogbäck

 

Jag har för mig att man skulle skicka med loggar med log-taggen, men läste att man inte skulle det längre. Så här kommer loggarna för ComboFix och DDS (Anti-Malware hittade ingenting):

 

ComboFix 11-01-17.05 - Per 2011-01-18 19:20:01.1.2 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.46.1033.18.3967.2672 [GMT 1:00]

Körs från: c:\downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-12-18 till 2011-01-18 ))))))))))))))))))))))))))))))

.

 

2011-01-18 18:27 . 2011-01-18 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-18 18:17 . 2011-01-18 18:18 -------- d-----w- C:\32788R22FWJFW

2011-01-18 18:01 . 2011-01-18 18:01 -------- d-----w- c:\programdata\Malwarebytes

2011-01-18 18:01 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-18 18:01 . 2011-01-18 18:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-18 18:00 . 2011-01-18 18:00 -------- d-----w- c:\users\Per\AppData\Roaming\AVG10

2011-01-18 17:29 . 2011-01-18 17:29 -------- d--h--w- c:\programdata\Common Files

2011-01-18 17:27 . 2011-01-18 18:09 -------- d-----w- c:\programdata\AVG10

2011-01-18 17:14 . 2009-06-30 09:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys

2011-01-18 17:10 . 2011-01-18 17:26 -------- d-----w- c:\programdata\MFAData

2011-01-18 16:53 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32A6179B-1177-468D-AE65-D8D4EF26CFF4}\mpengine.dll

2011-01-18 16:53 . 2011-01-18 16:53 -------- d-----w- c:\program files\CCleaner

2011-01-13 20:06 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-01-13 20:06 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-01-13 20:06 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2011-01-13 20:06 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-01-13 20:06 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-01-13 20:06 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-01-13 20:06 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2011-01-13 20:06 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2011-01-13 20:06 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2011-01-13 20:06 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2011-01-07 12:13 . 2011-01-18 16:51 -------- d-----w- c:\program files (x86)\MAESTIA

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 17:08 . 2009-09-24 21:02 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-04 06:35 . 2010-12-18 08:18 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-18 08:18 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-18 08:18 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-18 08:18 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-18 08:18 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-18 08:18 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-18 08:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-18 08:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-18 08:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-18 08:18 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:17 . 2010-12-18 08:18 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:16 . 2010-12-18 08:18 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-18 08:18 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-18 08:18 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-18 08:18 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-18 08:18 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-18 08:18 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-18 08:18 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2010-11-01 19:50 . 2010-11-26 13:30 198088 ----a-r- c:\windows\system32\drivers\PCGenFAM.sys

2010-10-27 05:06 . 2010-12-18 08:18 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-27 04:32 . 2010-12-18 08:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2009-09-13 18:38 . 2009-09-13 18:38 454656 ----a-w- c:\program files (x86)\putty.exe

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"AliceConnect"="c:\program files (x86)\3\3Connect\Wilog.exe" [2009-01-22 3934744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

 

R2 Apache2.2;Apache2.2;c:\temp\xampplite\apache\bin\httpd.exe [x]

R2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MySQL51;MySQL51;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL51 [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1255736]

R3 VoddlerNet;VoddlerNet;c:\program files (x86)\Voddler\service\voddler.exe [2009-10-27 1190096]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]

S0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-11-01 198088]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-22 871408]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-11-01 331296]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]

 

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26975092-3888362798-3581374619-1001Core.job

- c:\users\Per\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-20 16:58]

 

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-26975092-3888362798-3581374619-1001UA.job

- c:\users\Per\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-20 16:58]

.

 

--------- x86-64 -----------

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Extra genomsökning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.se/

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: telia.com\cve.trust

TCP: {1C1CF713-B679-475E-BF9D-DC9C550E2DBB} = 80.251.201.177 80.251.201.178

FF - ProfilePath - c:\users\Per\AppData\Roaming\Mozilla\Firefox\Profiles\t06n6nd3.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\AskBarDis\bar\bin\askBar.dll

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\AskBarDis\bar\bin\askBar.dll

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994561-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994562-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994563-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994564-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994565-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994566-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994567-53D9-4125-87C9-F193FC689CB2} - (no file)

ShellIconOverlayIdentifiers-{C5994568-53D9-4125-87C9-F193FC689CB2} - (no file)

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL51]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-26975092-3888362798-3581374619-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

 

[HKEY_USERS\S-1-5-21-26975092-3888362798-3581374619-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Sluttid: 2011-01-18 19:29:32

ComboFix-quarantined-files.txt 2011-01-18 18:29

 

Före genomsökningen: 68 532 264 960 bytes free

Efter genomsökningen: 68 110 462 976 bytes free

 

- - End Of File - - C5B72BB17837B66F5BFB235EB1FCA13B

 

 

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Per at 19:50:22,23 on 2011-01-18

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Professional 6.1.7600.0.1252.46.1033.18.3967.2377 [GMT 1:00]

 

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Soluto\SolutoService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\3\3Connect\AutoUpdateSrv.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\notepad.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Per\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [AliceConnect] C:\Program Files (x86)\3\3Connect\Wilog.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

Trusted Zone: telia.com\cve.trust

DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/betaactivescan/cabs/as2stubie.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {1C1CF713-B679-475E-BF9D-DC9C550E2DBB} = 80.251.201.177 80.251.201.178

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\Per\AppData\Roaming\Mozilla\Firefox\Profiles\t06n6nd3.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

============= SERVICES / DRIVERS ===============

 

R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2011-1-18 33800]

R0 PCGenFAM;PCGenFAM;C:\Windows\System32\drivers\PCGenFAM.sys [2010-11-26 198088]

R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2010-11-1 331296]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-8-21 84512]

S2 Apache2.2;Apache2.2;"C:\Temp\xampplite\apache\bin\httpd.exe" -k runservice --> C:\Temp\xampplite\apache\bin\httpd.exe [?]

S2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe --> C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MySQL51;MySQL51;"C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-5 1255736]

S3 VoddlerNet;VoddlerNet;C:\Program Files (x86)\Voddler\service\voddler.exe [2009-10-27 1190096]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]

 

=============== Created Last 30 ================

 

2011-01-18 18:18:19 98816 ----a-w- C:\Windows\sed.exe

2011-01-18 18:18:19 89088 ----a-w- C:\Windows\MBR.exe

2011-01-18 18:18:19 256512 ----a-w- C:\Windows\PEV.exe

2011-01-18 18:18:19 161792 ----a-w- C:\Windows\SWREG.exe

2011-01-18 18:01:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-18 18:01:52 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-01-18 18:01:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-18 18:00:54 -------- d-----w- C:\Users\Per\AppData\Roaming\AVG10

2011-01-18 17:29:01 -------- d--h--w- C:\PROGRA~3\Common Files

2011-01-18 17:27:20 -------- d-----w- C:\PROGRA~3\AVG10

2011-01-18 17:14:38 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys

2011-01-18 17:10:40 -------- d-----w- C:\PROGRA~3\MFAData

2011-01-18 16:53:56 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{32A6179B-1177-468D-AE65-D8D4EF26CFF4}\mpengine.dll

2011-01-18 16:53:45 -------- d-----w- C:\Program Files\CCleaner

2011-01-13 20:06:25 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-01-13 20:06:25 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-01-13 20:06:25 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-01-13 20:06:24 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-01-13 20:06:24 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-01-13 20:06:24 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-01-13 20:06:24 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-01-13 20:06:23 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-01-13 20:06:23 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-01-13 20:06:23 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-01-07 12:13:37 -------- d-----w- C:\Program Files (x86)\MAESTIA

 

==================== Find3M ====================

 

2010-12-20 17:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll

2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec

2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll

2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll

2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll

2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll

2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2010-11-01 19:50:32 198088 ----a-r- C:\Windows\System32\drivers\PCGenFAM.sys

2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2009-09-13 18:38:14 454656 ----a-w- C:\Program Files (x86)\putty.exe

 

============= FINISH: 19:50:37,38 ===============

Länk till kommentar
Dela på andra webbplatser
Mats H

Mats H

Postad
Postad

Hej,

Det finns några saker kvar att göra.

Kontrollpanelen\Program, välj att avinstallera ASK Toolbar.

Kör sedan en ny DDS, och lägg till Attach.txt som skapas ihop med DDS.txt.

Använd Full Redigerare, knapp under rutan vi skriver, och Bifoga sedan fil, Attach.txt.

 

Combofix är inget man bör köra själv utan att ha kunskapen om vad det gör, eller fått rådet att göra det.

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser
Kerstin HA

Kerstin HA

Postad
Postad

Det där med kapat hotamilkonto tycks var något som florerar. Sonen fick sitt kapat för ett tag sedan och jag för 14 dagar sedan.Det gick ut mail till alla som jag hade på msn-messenger

med bara en länk som innehåll.Jak skrev naturligtvis tilla och varnade dem.

Efter kontakt med MSN så fick jag rådet att byta lösenord bara och att det skulle räcka med det.

Länk till kommentar
Dela på andra webbplatser
Giddar

Giddar

Postad
  • Trådskapare
Postad

Hej igen. Jag ser nu i loggen att det ser ut som om jag har ASK Toolbar, men i Kontrollpanelen->Program finns det inte, och sökvägen som står finns inte heller (C:\Program Files (x86)\AskBarDis), jag har kollat så de inte är dolda också.

 

Skumt!

 

Här kommmer de nya loggarna i alla fall.

 

MVH /Per

 

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Per at 20:26:13,98 on 2011-01-19

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Professional 6.1.7600.0.1252.46.1033.18.3967.2507 [GMT 1:00]

 

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Soluto\SolutoService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\3\3Connect\AutoUpdateSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Per\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [AliceConnect] C:\Program Files (x86)\3\3Connect\Wilog.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

Trusted Zone: telia.com\cve.trust

DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/betaactivescan/cabs/as2stubie.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {1C1CF713-B679-475E-BF9D-DC9C550E2DBB} = 80.251.201.177 80.251.201.178

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\Per\AppData\Roaming\Mozilla\Firefox\Profiles\t06n6nd3.default\

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Per\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

============= SERVICES / DRIVERS ===============

 

R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2011-1-18 33800]

R0 PCGenFAM;PCGenFAM;C:\Windows\System32\drivers\PCGenFAM.sys [2010-11-26 198088]

R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2010-11-1 331296]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-8-21 84512]

S2 Apache2.2;Apache2.2;"C:\Temp\xampplite\apache\bin\httpd.exe" -k runservice --> C:\Temp\xampplite\apache\bin\httpd.exe [?]

S2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe --> C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MySQL51;MySQL51;"C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-5 1255736]

S3 VoddlerNet;VoddlerNet;C:\Program Files (x86)\Voddler\service\voddler.exe [2009-10-27 1190096]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]

 

=============== Created Last 30 ================

 

2011-01-19 19:18:08 -------- d-----w- C:\Program Files (x86)\Toolbar Uninstaller

2011-01-19 18:41:18 -------- d-sh--w- C:\$RECYCLE.BIN

2011-01-18 18:18:19 98816 ----a-w- C:\Windows\sed.exe

2011-01-18 18:18:19 89088 ----a-w- C:\Windows\MBR.exe

2011-01-18 18:18:19 256512 ----a-w- C:\Windows\PEV.exe

2011-01-18 18:18:19 161792 ----a-w- C:\Windows\SWREG.exe

2011-01-18 18:01:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-18 18:01:52 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-01-18 18:01:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-01-18 18:00:54 -------- d-----w- C:\Users\Per\AppData\Roaming\AVG10

2011-01-18 17:29:01 -------- d--h--w- C:\PROGRA~3\Common Files

2011-01-18 17:27:20 -------- d-----w- C:\PROGRA~3\AVG10

2011-01-18 17:14:38 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys

2011-01-18 17:10:40 -------- d-----w- C:\PROGRA~3\MFAData

2011-01-18 16:53:56 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{32A6179B-1177-468D-AE65-D8D4EF26CFF4}\mpengine.dll

2011-01-18 16:53:45 -------- d-----w- C:\Program Files\CCleaner

2011-01-13 20:06:25 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-01-13 20:06:25 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-01-13 20:06:25 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-01-13 20:06:24 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-01-13 20:06:24 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-01-13 20:06:24 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-01-13 20:06:24 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-01-13 20:06:23 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-01-13 20:06:23 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-01-13 20:06:23 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-01-07 12:13:37 -------- d-----w- C:\Program Files (x86)\MAESTIA

 

==================== Find3M ====================

 

2010-12-20 17:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll

2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec

2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll

2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll

2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll

2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll

2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2010-11-01 19:50:32 198088 ----a-r- C:\Windows\System32\drivers\PCGenFAM.sys

2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2009-09-13 18:38:14 454656 ----a-w- C:\Program Files (x86)\putty.exe

 

============= FINISH: 20:26:27,58 ===============

DDS.txt

Attach.txt

Länk till kommentar
Dela på andra webbplatser
Giddar

Giddar

Postad
  • Trådskapare
Postad

Den Toolbar Uninstallermappen skapades nog av det program som jag hittade här, nedladdningen startas automatiskt så testa inte om du är osäker på innehållet. Jag ville bara visa vad det är...

 

http://www.decomputeur.nl/Download/Program/1-Toolbar-Uninstaller-1.0.0.1.html?chk=5aefd537e3f46c47e301b1904b4a4dde&no_html=1

 

Jag provade för att se om den kunde hitta ask toolbar, men det kunde inte den heller. Jag avinstallerade det direkt men det ligger en loggfil kvar i den mappen, jag bifogar den, det står bara att den startade scanning efter toolbars och avslutade igen, den hittade inga.

 

HiJackThis säger också att det finns några rester kvar, men filerna saknas:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:31:14, on 2011-01-20

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\3\3Connect\AutoUpdateSrv.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (file missing)

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [AliceConnect] C:\Program Files (x86)\3\3Connect\Wilog.exe

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/betaactivescan/cabs/as2stubie.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1C1CF713-B679-475E-BF9D-DC9C550E2DBB}: NameServer = 80.251.201.177 80.251.201.178

O17 - HKLM\System\CS1\Services\Tcpip\..\{1C1CF713-B679-475E-BF9D-DC9C550E2DBB}: NameServer = 80.251.201.177 80.251.201.178

O17 - HKLM\System\CS2\Services\Tcpip\..\{1C1CF713-B679-475E-BF9D-DC9C550E2DBB}: NameServer = 80.251.201.177 80.251.201.178

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apache2.2 - Unknown owner - C:\Temp\xampplite\apache\bin\httpd.exe (file missing)

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MySQL - Unknown owner - C:\Temp\xampplite\mysql\bin\mysqld.exe (file missing)

O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VoddlerNet - Voddler - C:\Program Files (x86)\Voddler\service\voddler.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

 

--

End of file - 6795 bytes

Toolbar Uninstaller logfile.txt

Länk till kommentar
Dela på andra webbplatser
Mats H

Mats H

Postad
Postad

Hej,

ja man kan se att ASK är borta här i loggen.

Kör kommandot: sc delete ASKUpgrade

i kommandotolken, högerklicka och kör som admin., tar bort rester.

 

Sedan avinstallera följande gamla Java versioner:

inaktivera/avinstallera i tilläggen i Firefox

Java 6 Update 20, 21 och 22

sedan Kontrollpanelen\Program

Java 6 Update 17

Java 6 Update 22

Installera ny Java: http://www.java.com/sv/

 

Starta om datorn.

Städning:

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

Vista och Windows 7:

Högerklick på Datorn - se Systemskydd i vänstermarginalen.

Tryck på Skapa.

http://windows.microsoft.com/sv-SE/windows7/Create-a-restore-point

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

http://windows.microsoft.com/sv-SE/windows-vista/Delete-files-using-Disk-Cleanup

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn. Ta bort DDS-programmet och dess loggar.

Om något är kvar efter det så fråga hur du ska ta bort det.

 

3. Ta bort alla tillfälliga filer genom att ladda ner TFC-Cleaner på Skrivbordet:

http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på TFC-Cleaner.exe för att starta programmet.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

http://sites.google.com/site/ceblstockholm/home

 

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser
Giddar

Giddar

Postad
  • Trådskapare
Postad

Tack så mycket för hjälpen!

 

Jag ska ordna detta så snart jag kommer hem från jobbet. Personligen undrar jag lite över hur ASK kan ha installerats, jag brukar inte ha för vana att installera sådana, men nu är det ju fler i hushållet än det varit tidigare. :) Hursomhelst är det en fråga för en annan tråd.

 

Återigen, tack så mycket!

 

MVH /Per

Länk till kommentar
Dela på andra webbplatser
Mats H

Mats H

Postad
Postad

Hej,

vid installation av program, ganska ofta, finns en liten ruta att markera ur! (Install Ask Toolbar),

givetvis är den imarkerad från början, så det är lätt hänt om man inte är observant.

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...