Skit i datorn...

[Ultra]

Hej Cecilia,

 

Tack för all hjälp, jag glömde det sist och sen kome det lite semester emellan...

 

Datorn har nog fungerat bra sen dess det enda är att det har varit problem med mejlkontot som finns på denna burk. Enl. webhotellet så hade e-postkontot blivit "hackat" och de bytte inloggningsuppgifter några dagar efter vi hade avslutat rensningen. Helt plötsligt så kom det tusentals mejl och felmedelanden om mejl som hade skickats till alla möjliga adresser. Efter att ha rensat bort dessa (de dök upp stötvis under ca en vecka) och bytt inloggningsuppgifter så började det ebba ut och det blev färre och färre till att slut knappt vara några alls. Sen häromdagen så var det samma sak igen och vi bytte inloggningsuppgifter igen och det verkar som att det försvann då.

 

Kan vi ha fått någon ny skit i datorn nu? Jag bifogar DDS-loggarna så kanske du/ni kan avgöra om det behövs åtgärda något.

 

Mvh

 

 

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1

Run by Tomas Stenlund at 14:04:57 on 2012-08-09

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1088 [GMT 2:00]

.

AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

FW: Norman Security Suite *Enabled*

.

============== Running Processes ===============

.

C:\Program\Norman\Npm\Bin\elogsvc.exe

C:\Program\Norman\Ngs\Bin\Nnf.exe

C:\Program\Norman\Ngs\Bin\Nprosec.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\Program\Norman\npm\bin\nvoy.exe

svchost.exe

svchost.exe

C:\Program\Norman\npf\bin\npfsvc32.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norman\Nvc\bin\nhs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Secunia\PSI\PSIA.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program\Norman\Npm\Bin\scheduler.exe

C:\Program\Norman\Npm\Bin\Njeeves.exe

C:\Program\Secunia\PSI\sua.exe

C:\Program\Norman\Nvc\Bin\nvcoas.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Logitech\MediaLife\MediaLifeService.exe

C:\Program\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe

C:\Program\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe

C:\Program\Norman\Npm\Bin\ZLH.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe

C:\Program\Norman\Nvc\Bin\cclaw.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\Yahoo!\Messenger\YahooMessenger.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Secunia\PSI\psi_tray.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\Yahoo!\Messenger\YahooMessenger.exe

C:\Program\Norman\npm\bin\niu.exe

\\Bokföring\c\Allians\Allians\Data\AlliansPathfinder.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program\yahoo!\search protection\ysp.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn1\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [LDM] c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uRun: [WMPNSCFG] c:\program\windows media player\WMPNSCFG.exe

uRun: [Messenger (Yahoo!)] "c:\program\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [soundMAXPnP] c:\program\analog devices\soundmax\SMax4PNP.exe

mRun: [MediaLifeService] "c:\program\logitech\medialife\MediaLifeService.exe"

mRun: [MMTray] "c:\program\musicmatch\musicmatch jukebox\mm_tray.exe"

mRun: [mmtask] "c:\program\musicmatch\musicmatch jukebox\mmtask.exe"

mRun: [nmctxth] "c:\program\delade filer\pure networks shared\platform\nmctxth.exe"

mRun: [Linksys Wireless Manager] "c:\program\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1053

mRun: [Norman ZANDA] "c:\program\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH

mRun: [AppleSyncNotifier] c:\program\delade filer\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\allian~1.lnk - \\bokföring\c\allians\allians\data\AlliansPathfinder.exe

StartupFolder: c:\docume~1\tomass~1\start-~1\program\autost~1\flipto~1.lnk - c:\program\fliptoast\fliptoast.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\acroba~1.lnk - c:\program\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~2.lnk - c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~1.lnk - c:\program\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\micros~1.lnk - c:\program\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\personal.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\secuni~1.lnk - c:\program\secunia\psi\psi_tray.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program\oracle\javafx 2.1 runtime\bin\jp2iexp.dll

IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program\yahoo!\search protection\ysp.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127129685578

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{188CA1A0-EAC7-42AE-B1A6-AC3854AE4924} : DhcpNameServer = 192.168.2.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program\delade filer\microsoft shared\web folders\PKMCDO.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program\delade filer\pure networks shared\platform\puresp4.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-9-23 46816]

R1 NGS;Norman General Security Driver;c:\program\norman\ngs\bin\ngs.sys [2010-9-23 26744]

R1 NPROSEC;Norman Security driver;c:\program\norman\ngs\bin\nprosec.sys [2010-9-23 91136]

R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [2010-9-23 457048]

R2 BBDemon;Backbone Service;c:\program\dassault systemes\b20\intel_a\code\bin\CATSysDemon.exe [2010-1-9 36864]

R2 Ndiskio;Ndiskio;c:\program\norman\nse\bin\ndiskio.sys [2010-9-23 22880]

R2 NHS;Norman Hash Server;c:\program\norman\nvc\bin\nhs.exe [2012-5-14 793520]

R2 NNFSVC;Norman Network Filtering service;c:\program\norman\ngs\bin\nnf.exe [2010-9-23 231216]

R2 Norman ZANDA;Norman ZANDA;c:\program\norman\npm\bin\zanda.exe [2010-5-18 431320]

R2 NPFSvc32;Norman Personal Firewall Service;c:\program\norman\npf\bin\npfsvc32.exe [2012-5-23 356904]

R2 NPROSECSVC;Norman Security service;c:\program\norman\ngs\bin\nprosec.exe [2010-9-23 90144]

R2 nregsec;Norman Registry Security driver;c:\program\norman\ngs\bin\nregsec.sys [2010-9-23 61496]

R2 NVOY;Norman Resource Provider;c:\program\norman\npm\bin\nvoy.exe [2010-9-23 100936]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program\secunia\psi\psia.exe --start-service --> c:\program\secunia\psi\PSIA.exe --start-service [?]

R2 Secunia Update Agent;Secunia Update Agent;c:\program\secunia\psi\sua.exe --start-service --> c:\program\secunia\psi\sua.exe --start-service [?]

R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2010-9-23 53928]

R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program\norman\ngs\bin\nnetsecc.sys [2010-8-18 53160]

R3 nsesvc;Norman Scanner Engine Service;c:\program\norman\nse\bin\nsesvc.exe [2010-9-23 288072]

R3 nvcoas;Norman Virus Control on-access component;c:\program\norman\nvc\bin\nvcoas.exe [2012-7-4 287312]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 Scheduler;Norman Scheduler Service;c:\program\norman\npm\bin\scheduler.exe [2010-9-23 99312]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2012-7-1 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 250056]

S3 DCamUSBIntel;Digi-Microscope;c:\windows\system32\drivers\TP6800.SYS [2010-7-7 210924]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2012-7-1 136176]

S3 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-24 16688]

S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-9-2 644096]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2010-5-3 23040]

.

=============== Created Last 30 ================

.

2023-04-03 13:06:00 135168 ----a-w- c:\windows\system32\vbSendMail.dll

2012-07-11 17:11:30 9231560 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2012-08-02 18:11:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-02 18:11:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-05 08:22:13 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-27 12:42:01 46816 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys

2012-06-13 13:55:19 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:49:58 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:49:58 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:34 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19:24 23064 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 13:18:58 17648 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:03 602112 ----a-w- c:\windows\system32\crypt32.dll

2012-05-15 15:36:14 832512 ----a-w- c:\windows\system32\wininet.dll

.

============= FINISH: 14:06:23,35 ===============

attach.txt

[Cecilia]

Har du stängt av systemåterställningsfunktionen? Den kan vara bra att ha ibland. Visserligen är det ont om utrymme på C: men det går kanske att ta bort något annat eller få mer ledigt utrymme genom att köra Diskrensning.

 

Rapporterar inte Secunia PSI att det finns program med säkerhetshål i datorn?

 

Det är ju viktigt att ha ett långt och svårgissat lösenord till mejlkontot och dessutom ett som man inte använder någon annanstans. PC för Alla har ett antal gånger skrivit vad man bör tänka på när man väljer lösenord.

 

2023-04-03 13:06:00 135168 ----a-w- c:\windows\system32\vbSendMail.dll

Vet du vad det är?

Det verkar vara något som kan användas för att skicka mejl.