Hoppa till innehåll

  • 3 sidor +
  • 1
  • 2
  • 3
  • Du kan inte starta en ny tråd
  • Du kan inte svara i tråden

Virus eller Windows har trasslat till det?

#1
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 11:27

Hej!
Jag har en netbook, som har betett sig väldigt konstigt i senaste tiden... Jag har fått en känsla (paranoia?) att det som jag jobbar med, d.v.s. OP systemet och Firefox är bara ett "skal" och under skalet händer andra saker utan min vetskap. Datorn är seg (jag menar det är BETYDLIGT långsammare än innan) och det sista droppen var, tror jag, när igår har jag sett min brandvägg i 3 olika versioner/utseende under loppet av 4timmar! Firefox har klagat på att uppdateringarna kan inte installeras p.g.a. att en annan version av programmet körs parallellt! Har installerat COMODOs TimeMachine för att när det krävs skulle kunna göra en återställning av systemet... Det är puts väck! Mbam klagar på att inte kunde installera uppdateringarna o.s.v. I natt har jag bestämt mig för en total återställning av systemet (eRecovery från hårddisken!), men EXE filen är borta det med! Listan är verkligen lång över liknande händelser! Har kört en massa scanner genom systemet (NOD, Bitdefender, Fsecure, HouseCall, Spyware S&D, Comodo CloudScan bara för att nämna ngra) som ibland hittar en eller två mindre "baciller", som de tar bort, men problemen blir fler och värre...

Jag har en viss erfarenhet av datorer, men skulle inte kalla mig för säkerhetsexpert! Är det ngn där ute, som kan hjälpa mig?
Har laddat ner DDS, som Cecilia har skrivit (förresten; är filtypen verkligen ett screensaver?) och väntar på instruktioner!

Tack på förhand!
0

#2
Medlem är utloggad   Cecilia 

  • Beroende
  • Ikon
  • Grupp: Huvudmoderator
  • Inlägg: 75 560
  • Gick med: 2003-05-06
  • Ort:Stockholm

Skrivet 24 aug 2010, 11:38

Filtypen till DDS är skärmsläckare, därför att när DDS skrevs så var det vanligt med skadliga program som förhindrade andra program att köra men skärmsläckare gick bra.
Starta DDS genom att dubbelklicka på det.
Tryck Yes/Ja om frågan om Optional Scan dyker upp.
I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil (klicka på Använd full redigerare om du inte ser hur du bifogar filer).

Om du kan hitta några loggar från programmen du kört där det framgår vad de har hittat vore det bra.
0

#3
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 12:19

Har påbörjat scanningen, men mitten av allt försvann DDS rutan. Sen dess är det tyst! Skulle jag ha stängt av AV eller brandvägg?

Vad ska jag göra nu?
0

#4
Medlem är utloggad   Cecilia 

  • Beroende
  • Ikon
  • Grupp: Huvudmoderator
  • Inlägg: 75 560
  • Gick med: 2003-05-06
  • Ort:Stockholm

Skrivet 24 aug 2010, 12:28

Försök med DDS en gång till. Om det fortfarande blir problem så kör RKill först. Spara RKill av Grinler på Skrivbordet.
http://download.blee...inler/rkill.com

Starta Rkill (i Vista och Windows 7 genom att högerklicka på filen och välj Kör som administratör om det valet finns).
Det blir ett svart fönster/ruta en stund om programmet lyckades köra.

Om du får ett meddelande om att RKill är skadligt så bry dig inte om det. Det är det skadliga programmen som inte vill bli stoppat. Lämna kvar varningen på skärmen och kör RKill en gång till.

Kör RKill flera gånger efter varandra tills du inte ser till det skadliga programmet längre, dock max 10 gånger. Om du redan från början inte ser till det skadliga programmet så räcker det med 3 gånger.
0

#5
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 12:43

Dåliga nyheter!

Varken DDS eller RKill funkar!

Försökt med att köra DDS igen, samma resultat som tidigare.
Efter det startade jag RKill, men programmet blir avbryten efter ca.5 sec! Får inget meddelande att det skulle vara skadligt, utan det avbryts abrupt.

Här är log filen (det syns att det hela självdör efter 4sec!)

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Beus on 2010-08-24 at 13:35:50.


Processes terminated by Rkill or while it was running:



Rkill completed on 2010-08-24 at 13:35:54.
0

#6
Medlem är utloggad   Cecilia 

  • Beroende
  • Ikon
  • Grupp: Huvudmoderator
  • Inlägg: 75 560
  • Gick med: 2003-05-06
  • Ort:Stockholm

Skrivet 24 aug 2010, 12:51

Om du kan hitta några loggar från programmen du kört där det framgår vad de har hittat vore det bra.

RKill ser helt enkelt ut som att det inte har hittat några processer att ta död på.

Jag börjar undra om du har något hårdvaruproblem, t ex dålig hårddisk, eftersom programfiler försvinner. Men du kan se om DDS fungerar om du startar datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn). Du kan också pröva med att byta namn på DDS till iexplore.exe.
0

#7
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 13:15

Klart att det kan vara som du säger!

Å andra sidan scanningen av både DDS (med nytt namn på scr filen) och RKill avbryts. På DOS skärmen under körningen av RKill syns ett meddelande under bråkdelen av en sekund att "Åtkomst nekad"

Jag ska testa nu felsäkert läge! Håll tummarna!
0

#8
Medlem är utloggad   Cecilia 

  • Beroende
  • Ikon
  • Grupp: Huvudmoderator
  • Inlägg: 75 560
  • Gick med: 2003-05-06
  • Ort:Stockholm

Skrivet 24 aug 2010, 13:58

Om du inte får DDS att fungera kan du pröva med OTL i stället. Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe
Stäng alla program.
Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna och att varje rad här blir en egen rad i rutan):
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


Tryck på Quick Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.
0

#9
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 15:43

Jag är tillbaka!

I felsäkert läge lyckades jag köra programmen du rekomenderade.Jag bifogar logfilerna. Jag har kört min AV i felsäkert läge, därför tog det så lång tid att komma tillbaka till tråden. Har inte hittat ngt annat än DDS, somdet har klagat över!

Här följer RKill logfilen, som inte går att skicka som bifogad fil!

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Xxxx on 2010-08-24 at 14:29:39.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Beus\Skrivbord\rkill.com


Rkill completed on 2010-08-24 at 14:29:42.

Bifogade filer

  • Bifogad fil  DDS.txt (17,06Kb)
    Antal nedladdningar: 43
  • Bifogad fil  Attach.txt (13,91Kb)
    Antal nedladdningar: 51

0

#10
Medlem är utloggad   Cecilia 

  • Beroende
  • Ikon
  • Grupp: Huvudmoderator
  • Inlägg: 75 560
  • Gick med: 2003-05-06
  • Ort:Stockholm

Skrivet 24 aug 2010, 15:54

Jag klistrar in DDS-loggen så att det blir lättare att titta på den, både nu och om man vill gå tillbaka och jämföra.


DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Beus at 14:27:02,68 on 2010-08-24
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1012.822 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Beus\Skrivbord\iExplorere.exe.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program\nyinst\proggies\security\keyscrambler\KeyScramblerIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program\nyinst\proggies\security\ccleaner\ccleaner.exe" /AUTO
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [LManager] c:\program\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Atomic Time Synchronizer] "c:\program\nyinst\proggies\annat\atsync\TimeSync.exe" /auto
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program\nyinst\proggies\security\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program\nyinst\proggies\security\comodo\firewall\comodo\comodo internet security\cfp.exe" -h
mRun: [Malwarebytes' Anti-Malware] "c:\program\nyinst\proggies\security\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"
mRun: [TMRUBottedTray] "c:\program\trend micro\rubotted\TMRUBottedTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program\nyinst\proggies\security\keyscrambler\KeyScramblerIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {086DD9F5-45CB-481C-856C-3AAEB7F6B3F1} = 156.154.70.22,156.154.71.22
TCP: {5EFC5A20-83B8-4E40-9C4A-A7531A8F007E} = 156.154.70.22,156.154.71.22
TCP: {FAAF1818-A66F-4EB8-BD4C-4C75E1AE2BCE} = 156.154.70.22,156.154.71.22
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\beus\applic~1\mozilla\firefox\profiles\2v8z5gsh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - component: c:\documents and settings\beus\application data\mozilla\firefox\profiles\2v8z5gsh.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\beus\application data\mozilla\firefox\profiles\2v8z5gsh.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npdsplay.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npqscan.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npqtplugin.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npqtplugin2.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npqtplugin3.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npqtplugin4.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npqtplugin5.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npqtplugin6.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npqtplugin7.dll
FF - plugin: c:\program\nyinst\proggies\web\browsers\opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program\personal\bin\np_prsnl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\nyinst\proggies\web\browsers\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\all.js - pref("html5.enable", false);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program\nyinst\proggies\web\browsers\firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program\nyinst\proggies\web\browsers\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-9-15 115312]
S1 avgio;avgio;c:\program\nyinst\proggies\security\avira\antivir desktop\avgio.sys [2010-5-8 11608]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 229312]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 25240]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program\nyinst\proggies\security\avira\antivir desktop\sched.exe [2010-5-8 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\program\nyinst\proggies\security\avira\antivir desktop\avguard.exe [2010-5-8 267432]
S2 AtSync;Atomic Time Synchronizer;c:\program\nyinst\proggies\annat\atsync\ats.exe [2009-9-13 433152]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-8 60936]
S2 ClientService;COMODO Time Machine Client Service;c:\program\nyinst\proggies\security\comodo\timemachine\clientservice.exe --> c:\program\nyinst\proggies\security\comodo\timemachine\ClientService.exe [?]
S2 cmdAgent;COMODO Internet Security Helper Service;c:\program\nyinst\proggies\security\comodo\firewall\comodo\comodo internet security\cmdagent.exe [2010-4-9 1778480]
S2 GtDetectSc;GtDetectSc;c:\program\option\globetrotter connect\GtDetectSc.exe [2008-4-30 200704]
S2 MBAMService;MBAMService;c:\program\nyinst\proggies\security\malwarebytes' anti-malware\mbamservice.exe [2010-3-6 304464]
S2 RUBotted;Trend Micro RUBotted Service;c:\program\trend micro\rubotted\TMRUBotted.exe [2010-8-16 582992]
S3 EnumProcessesDriver;EnumProcessesDriver;c:\windows\system32\drivers\EnumProcessesDriver.sys [2010-8-19 15888]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2009-9-13 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2009-9-13 59648]
S3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2008-5-5 254976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-6 20952]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-8-12 42368]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-8-16 206608]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-8-16 206608]

=============== Created Last 30 ================

2010-08-24 03:19:19 0 d-----w- c:\docume~1\beus\applic~1\uTorrent
2010-08-24 02:07:05 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO
2010-08-19 16:02:17 0 d-sh--w- c:\documents and settings\beus\IECompatCache
2010-08-19 14:50:34 15888 ----a-w- c:\windows\system32\drivers\EnumProcessesDriver.sys
2010-08-17 18:39:50 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-08-16 20:02:53 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-08-16 20:02:49 0 d-----w- c:\program\Trend Micro
2010-08-12 15:01:28 0 d-----w- c:\docume~1\beus\applic~1\Personal
2010-08-12 15:01:10 0 d-----w- c:\program\Personal
2010-08-12 15:00:27 42368 ----a-w- c:\windows\system32\drivers\shbecr.sys
2010-08-12 15:00:23 0 d-----w- c:\program\Handelsbankens kortläsare
2010-08-10 14:05:55 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-10 07:52:59 73728 ----a-w- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2010-08-12 14:08:17 84026 ----a-w- c:\windows\system32\perfc01D.dat
2010-08-12 14:08:17 444892 ----a-w- c:\windows\system32\perfh01D.dat
2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33:09 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02:52 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:51 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:43:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 17:13:27 278288 ----a-w- c:\windows\system32\guard32.dll
2009-09-13 10:57:03 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012009091320090914\index.dat

============= FINISH: 14:27:48,56 ===============
0

#11
Medlem är utloggad   Cecilia 

  • Beroende
  • Ikon
  • Grupp: Huvudmoderator
  • Inlägg: 75 560
  • Gick med: 2003-05-06
  • Ort:Stockholm

Skrivet 24 aug 2010, 16:12

Om du kan hitta några loggar från programmen du kört där det framgår vad de har hittat vore det bra. Alla MBAMs loggar hittar man på fliken Loggar, som exempel.

TCP: {086DD9F5-45CB-481C-856C-3AAEB7F6B3F1} = 156.154.70.22,156.154.71.22
Är det meningen att du ska använda DNS-servrar i USA?

Spara TDSSKiller på Skrivbordet:
http://support.kaspe.../tdsskiller.zip

Högerklicka och välj Extrahera alla. Se till att uppackningen sker till Skrivbordet. Alternativt så kan du använda ditt eget program för att packa upp zip-filer, se bara till att filen tdsskiller.exe hamnar på Skrivbordet.

Start - Kör
Kopiera raden som är i rutan nedan och klistra i i Kör-fältet.
"%userprofile%\skrivbord\TDSSKiller.exe" -l rapport.txt

Öppna filen "rapport" som skapades på Skrivbordet och klistra in innehållet i ditt svar.
0

#12
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 18:48

Menar du med
"Start - Kör" att jag inte ska starta Kaspersky programmet genom att dubbelklicka på ikonen utan från Startmenyn?
Ska jag klistra in det hela som står i rutan ovan? Alltså inklusiv citationstecken och svart text?

Under tiden har jag kört OTL. Logfilen klistrar jag in:

OTL logfile created on: 2010-08-24 16:49:15 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Beus\Skrivbord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1 012,00 Mb Total Physical Memory | 566,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1600 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 144,17 Gb Total Space | 126,34 Gb Free Space | 87,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TUBICA
Current User Name: Beus
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-08-24 16:44:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Beus\Skrivbord\OTL.exe
PRC - [2010-08-24 10:43:00 | 002,039,240 | ---- | M] (COMODO) -- C:\Program\NyInst\Proggies\Security\Comodo\Firewall\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010-08-24 10:42:54 | 001,778,480 | ---- | M] (COMODO) -- C:\Program\NyInst\Proggies\Security\Comodo\Firewall\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010-08-12 17:01:13 | 000,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe
PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Delade filer\Java\Java Update\jusched.exe
PRC - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program\NyInst\Proggies\Security\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010-04-29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program\NyInst\Proggies\Security\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010-04-01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program\NyInst\Proggies\Security\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-03-02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program\NyInst\Proggies\Security\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program\NyInst\Proggies\Security\Avira\AntiVir Desktop\sched.exe
PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program\NyInst\Proggies\Security\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-11-22 17:08:33 | 000,425,984 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2009-01-27 03:13:24 | 000,515,584 | ---- | M] (AtSync.com) -- C:\Program\NyInst\Proggies\Annat\AtSync\TimeSync.exe
PRC - [2009-01-23 15:08:00 | 000,433,152 | ---- | M] (LmhSoft) -- C:\Program\NyInst\Proggies\Annat\AtSync\ats.exe
PRC - [2008-11-06 11:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008-11-06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2008-05-14 05:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program\Launch Manager\QtZgAcer.EXE
PRC - [2008-04-30 17:52:36 | 000,200,704 | ---- | M] (OptionNV) -- C:\Program\Option\GlobeTrotter Connect\GtDetectSc.exe
PRC - [2008-04-15 23:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-28 09:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe


========== Modules (SafeList) ==========

MOD - [2010-08-24 16:44:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Beus\Skrivbord\OTL.exe
MOD - [2010-06-02 19:13:27 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008-04-15 23:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program\NyInst\Proggies\Security\Comodo\TimeMachine\ClientService.exe -- (ClientService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-08-24 10:42:54 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program\NyInst\Proggies\Security\Comodo\Firewall\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program\NyInst\Proggies\Security\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010-04-01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program\NyInst\Proggies\Security\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program\NyInst\Proggies\Security\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-01-23 15:08:00 | 000,433,152 | ---- | M] (LmhSoft) [Auto | Running] -- C:\Program\NyInst\Proggies\Annat\AtSync\ats.exe -- (AtSync)
SRV - [2008-11-06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2008-04-30 17:52:36 | 000,200,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)


========== Driver Services (SafeList) ==========

DRV - [2010-08-24 10:44:39 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-06-09 17:52:25 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010-06-02 19:13:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-03-01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010-02-16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-12-29 20:20:27 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-12-07 09:49:32 | 000,015,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EnumProcessesDriver.sys -- (EnumProcessesDriver)
DRV - [2009-10-04 23:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009-05-11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program\NyInst\Proggies\Security\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008-09-23 08:24:00 | 000,042,368 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\shbecr.sys -- (Tdsshbecr)
DRV - [2008-07-01 05:27:44 | 000,108,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008-05-20 17:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008-05-20 11:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-05-05 15:01:02 | 000,254,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008-04-25 03:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008-04-15 23:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008-04-15 23:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-15 23:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008-04-15 23:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008-04-15 23:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008-04-15 23:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008-04-15 23:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008-04-15 23:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008-04-15 23:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008-04-15 23:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008-04-15 23:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008-04-15 23:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008-04-15 23:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008-04-15 23:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008-04-15 23:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008-04-15 23:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008-04-14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-03-02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008-03-02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2008-02-18 16:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008-02-15 07:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008-02-08 12:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007-03-30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2005-01-13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004-12-08 08:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-945455130-1644779646-508824758-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-945455130-1644779646-508824758-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.se/"
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b2
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: orbit-orange@spielwiese.la-evento.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program\NyInst\Proggies\Web\Browsers\Firefox\components [2010-08-20 20:37:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program\NyInst\Proggies\Web\Browsers\Firefox\plugins [2010-08-20 20:37:39 | 000,000,000 | ---D | M]

[2010-07-23 19:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\Mozilla\Extensions
[2010-08-24 10:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions
[2010-08-23 09:11:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-08-10 09:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010-08-10 09:51:21 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2010-08-23 09:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010-08-10 09:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions\fastdial@telega.phpnet.us
[2010-08-23 09:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions\orbit-orange@spielwiese.la-evento.com
[2010-08-23 09:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions\orbit-orange@spielwiese.la-evento.com\chrome\browser\extensions
[2010-08-23 09:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions\orbit-orange@spielwiese.la-evento.com\chrome\browser\extensions\icons
[2010-08-23 09:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\Mozilla\Firefox\Profiles\2v8z5gsh.default\extensions\orbit-orange@spielwiese.la-evento.com\chrome\mozapps\extensions

O1 HOSTS File: ([2010-08-12 21:48:24 | 000,416,595 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program\NyInst\Proggies\Security\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O3 - HKU\S-1-5-21-945455130-1644779646-508824758-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Atomic Time Synchronizer] C:\Program\NyInst\Proggies\Annat\AtSync\TimeSync.exe (AtSync.com)
O4 - HKLM..\Run: [avgnt] C:\Program\NyInst\Proggies\Security\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Program\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program\NyInst\Proggies\Security\Comodo\Firewall\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program\NyInst\Proggies\Security\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-945455130-1644779646-508824758-1006..\Run: [ccleaner] C:\Program\NyInst\Proggies\Security\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-945455130-1644779646-508824758-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-945455130-1644779646-508824758-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program\NyInst\Proggies\Security\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.209.169.71 82.209.169.72
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Beus\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Beus\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-08-22 18:02:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9d5a0025-b693-11de-9073-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{9d5a0025-b693-11de-9073-00f1d000f1d0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9d5a0027-b693-11de-9073-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{9d5a0027-b693-11de-9073-00f1d000f1d0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2010-08-24 16:44:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Beus\Skrivbord\OTL.exe
[2010-08-24 16:26:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Beus\Recent
[2010-08-24 10:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beus\Mina dokument\Hämtade filer
[2010-08-24 05:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beus\Application Data\uTorrent
[2010-08-24 04:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010-08-23 20:08:22 | 000,087,824 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010-08-23 19:46:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-08-19 18:02:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Beus\IECompatCache
[2010-08-19 16:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokument\COMODO
[2010-08-17 20:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010-08-16 22:02:53 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
[2010-08-16 22:02:49 | 000,000,000 | ---D | C] -- C:\Program\Trend Micro
[2010-08-12 17:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beus\Application Data\Personal
[2010-08-12 17:01:10 | 000,000,000 | ---D | C] -- C:\Program\Personal
[2010-08-12 17:00:27 | 000,042,368 | ---- | C] (Todos Data System AB) -- C:\WINDOWS\System32\drivers\shbecr.sys
[2010-08-12 17:00:23 | 000,000,000 | ---D | C] -- C:\Program\Handelsbankens kortläsare
[2010-08-10 22:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Mozilla
[2010-08-10 22:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010-08-10 16:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beus\Lokala inställningar\Application Data\Threat Expert
[2010-08-10 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-08-10 16:05:55 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010-08-10 09:54:52 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Java
[2010-08-10 09:52:59 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-08-10 09:52:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-08-10 09:52:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-08-10 09:52:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-07-23 19:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Beus\Application Data\Mozilla
[2010-07-21 18:21:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Beus\PrivacIE
[2010-07-06 17:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010-07-03 19:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2010-07-01 16:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2010-08-24 16:49:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Cloud Scanner Update.job
[2010-08-24 16:44:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Beus\Skrivbord\OTL.exe
[2010-08-24 16:24:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-24 16:24:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-24 16:24:29 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-24 16:23:44 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Beus\NTUSER.DAT
[2010-08-24 16:23:44 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\Beus\ntuser.ini
[2010-08-24 16:23:39 | 001,656,336 | -H-- | M] () -- C:\Documents and Settings\Beus\Lokala inställningar\Application Data\IconCache.db
[2010-08-24 14:17:00 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010-08-24 13:33:10 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Beus\Skrivbord\rkill.com
[2010-08-24 12:00:00 | 000,000,614 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Beach Girls.job
[2010-08-24 10:48:50 | 000,003,298 | ---- | M] () -- C:\Documents and Settings\Beus\Skrivbord\Radioactive.gif
[2010-08-24 10:45:59 | 003,826,032 | ---- | M] () -- C:\Documents and Settings\Beus\Skrivbord\ComboFix.exe
[2010-08-24 10:44:39 | 000,087,824 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010-08-24 10:00:00 | 000,000,600 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Beach Girls.job
[2010-08-24 04:54:09 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\Beus\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-23 20:08:12 | 000,002,083 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\COMODO Firewall.lnk
[2010-08-23 14:22:00 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Registry Cleaner task.job
[2010-08-23 14:21:00 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Disk Cleanup task.job
[2010-08-20 06:58:45 | 000,001,084 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010-08-16 22:10:30 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\Beus\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010-08-16 22:10:29 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Opera.lnk
[2010-08-12 21:48:24 | 000,416,595 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-08-12 21:36:01 | 000,000,710 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100812-214824.backup
[2010-08-12 17:04:09 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-12 17:01:17 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk
[2010-08-12 16:08:17 | 001,016,288 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-12 16:08:17 | 000,444,892 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2010-08-12 16:08:17 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-12 16:08:17 | 000,084,026 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2010-08-12 16:08:17 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-10 16:05:55 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010-08-03 09:11:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-27 08:30:30 | 008,470,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010-07-23 19:22:01 | 000,001,913 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk
[2010-07-17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-07-17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-07-17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-07-17 02:42:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-06-30 14:33:09 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-08-24 16:24:29 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2010-08-24 13:33:09 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Beus\Skrivbord\rkill.com
[2010-08-24 10:48:50 | 000,003,298 | ---- | C] () -- C:\Documents and Settings\Beus\Skrivbord\Radioactive.gif
[2010-08-24 10:45:18 | 003,826,032 | ---- | C] () -- C:\Documents and Settings\Beus\Skrivbord\ComboFix.exe
[2010-08-23 20:08:12 | 000,002,083 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\COMODO Firewall.lnk
[2010-08-22 14:22:24 | 000,000,500 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Registry Cleaner task.job
[2010-08-22 14:21:42 | 000,000,500 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Disk Cleanup task.job
[2010-08-19 17:18:55 | 000,000,518 | ---- | C] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010-08-19 16:50:34 | 000,015,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\EnumProcessesDriver.sys
[2010-08-19 16:48:46 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Cloud Scanner Update.job
[2010-08-12 17:01:17 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk
[2010-07-23 19:22:01 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk
[2010-01-02 14:26:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Beus\Lokala inställningar\Application Data\housecall.guid.cache
[2009-12-29 20:20:26 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-11-18 16:19:50 | 000,001,084 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009-09-13 16:44:27 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Beus\Lokala inställningar\Application Data\config.ini
[2009-09-13 16:03:21 | 000,128,000 | ---- | C] () -- C:\Documents and Settings\Beus\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-13 15:19:33 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-09-13 13:05:26 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Beus\Lokala inställningar\Application Data\fusioncache.dat
[2008-08-25 12:28:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-07-31 04:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008-05-05 18:01:02 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2008-04-15 23:00:00 | 000,003,529 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008-02-15 07:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007-07-13 17:49:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2005-03-29 00:45:26 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2003-09-22 16:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini

========== LOP Check ==========

[2010-02-10 17:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010-05-08 13:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010-08-23 17:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010-08-12 21:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-11-18 15:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beach Girls\Application Data\InterVideo
[2010-08-17 17:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beach Girls\Application Data\Opera
[2010-08-19 12:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beach Girls\Application Data\Personal
[2010-08-07 17:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beach Girls\Application Data\QuickScan
[2010-08-24 09:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beach Girls\Application Data\uTorrent
[2009-09-13 13:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009-10-04 13:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\Opera
[2010-08-12 17:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\Personal
[2010-08-24 05:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beus\Application Data\uTorrent
[2009-09-13 13:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\is-5ESI9.exe:SummaryInformation
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


Nej, så vitt jag vet, har jag inte använt ngra DNS servrar någonstans!
0

#13
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 18:52

Hoppsan jag har kommit på att brandväggen kör med DNS server!?
KAn det vara det, du har hittat?
Jag kollar Mbam!

Tack för din hjälp och tid!
0

#14
Medlem är utloggad   Cecilia 

  • Beroende
  • Ikon
  • Grupp: Huvudmoderator
  • Inlägg: 75 560
  • Gick med: 2003-05-06
  • Ort:Stockholm

Skrivet 24 aug 2010, 18:52

Citat

Menar du med
"Start - Kör" att jag inte ska starta Kaspersky programmet genom att dubbelklicka på ikonen utan från Startmenyn?
Ska jag klistra in det hela som står i rutan ovan? Alltså inklusiv citationstecken och svart text?
Ja och ja.
0

#15
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 19:10

Mbam log finns bara med dagens datum. Karantenen med alla virus, som hittades, tömd! Kan inte bifoga ngt, är jag rädd för!
0

#16
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 19:18

Kaspersky´s-log är det följande:

2010/08/24 20:15:23.0906 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/24 20:15:23.0906 ================================================================================
2010/08/24 20:15:23.0906 SystemInfo:
2010/08/24 20:15:23.0906
2010/08/24 20:15:23.0906 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/24 20:15:23.0906 Product type: Workstation
2010/08/24 20:15:23.0906 ComputerName: TUBICA
2010/08/24 20:15:23.0906 UserName: Beus
2010/08/24 20:15:23.0906 Windows directory: C:\WINDOWS
2010/08/24 20:15:23.0906 System windows directory: C:\WINDOWS
2010/08/24 20:15:23.0906 Processor architecture: Intel x86
2010/08/24 20:15:23.0906 Number of processors: 2
2010/08/24 20:15:23.0906 Page size: 0x1000
2010/08/24 20:15:23.0906 Boot type: Normal boot
2010/08/24 20:15:23.0906 ================================================================================
2010/08/24 20:15:25.0265 Initialize success
2010/08/24 20:15:29.0765 ================================================================================
2010/08/24 20:15:29.0765 Scan started
2010/08/24 20:15:29.0765 Mode: Manual;
2010/08/24 20:15:29.0765 ================================================================================
2010/08/24 20:15:32.0828 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/08/24 20:15:33.0171 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/24 20:15:33.0546 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/24 20:15:33.0671 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/08/24 20:15:33.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/24 20:15:34.0156 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/24 20:15:34.0375 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/24 20:15:34.0500 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/08/24 20:15:34.0750 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/08/24 20:15:35.0000 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/08/24 20:15:35.0078 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/08/24 20:15:35.0390 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/08/24 20:15:35.0484 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/08/24 20:15:35.0875 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/08/24 20:15:36.0203 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/08/24 20:15:36.0640 AR5416 (7cae93fe5511d0c0688cfa56cf241e31) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/08/24 20:15:37.0000 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/08/24 20:15:37.0390 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/08/24 20:15:37.0656 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/08/24 20:15:37.0906 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/24 20:15:38.0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/24 20:15:38.0546 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/24 20:15:38.0781 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/24 20:15:39.0046 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program\NyInst\Proggies\Security\Avira\AntiVir Desktop\avgio.sys
2010/08/24 20:15:39.0390 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/08/24 20:15:39.0484 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/08/24 20:15:39.0875 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/24 20:15:40.0000 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/08/24 20:15:40.0046 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/24 20:15:40.0125 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/24 20:15:40.0453 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/08/24 20:15:40.0562 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/24 20:15:40.0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/24 20:15:40.0890 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/24 20:15:41.0187 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/24 20:15:41.0343 cmdGuard (d7c17cc5038773aa717864a5555465de) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2010/08/24 20:15:41.0437 cmdHlp (81ceedf3501cd5ccae3dceb204af1634) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2010/08/24 20:15:41.0812 CmdIde (4c36a458153f8d7329e96192e653cb01) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/08/24 20:15:42.0093 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/24 20:15:42.0187 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/08/24 20:15:42.0265 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/08/24 20:15:42.0343 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/08/24 20:15:42.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/24 20:15:42.0828 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/08/24 20:15:43.0109 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/24 20:15:43.0406 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/24 20:15:43.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/24 20:15:43.0640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/24 20:15:43.0906 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/08/24 20:15:44.0140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/24 20:15:44.0296 EnumProcessesDriver (3c6638f7aebf3f18a026af287af81f4b) C:\WINDOWS\system32\drivers\EnumProcessesDriver.sys
2010/08/24 20:15:44.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/24 20:15:44.0953 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/24 20:15:45.0078 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/24 20:15:45.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/24 20:15:45.0781 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/24 20:15:45.0937 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/24 20:15:46.0187 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/24 20:15:46.0390 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/24 20:15:46.0531 GT72NDISIPXP (20a940d96e69be65f9b6e4695baac6dc) C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys
2010/08/24 20:15:46.0875 GT72UBUS (1678d49ea3e76ccabde89d7b26d5061c) C:\WINDOWS\system32\DRIVERS\gt72ubus.sys
2010/08/24 20:15:47.0281 GTPTSER (346ddaefa04e49ad804ee12d4baa0ed3) C:\WINDOWS\system32\DRIVERS\gtptser.sys
2010/08/24 20:15:47.0531 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/24 20:15:47.0625 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/24 20:15:47.0968 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/08/24 20:15:48.0125 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/24 20:15:48.0453 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/24 20:15:48.0781 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/08/24 20:15:49.0140 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/24 20:15:49.0953 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/24 20:15:50.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/24 20:15:51.0031 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/08/24 20:15:51.0125 Inspect (bf141304f251563b63e64cb3c036de74) C:\WINDOWS\system32\DRIVERS\inspect.sys
2010/08/24 20:15:51.0296 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
2010/08/24 20:15:51.0718 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/24 20:15:52.0171 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/24 20:15:52.0234 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/24 20:15:52.0312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/24 20:15:52.0375 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/24 20:15:52.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/24 20:15:52.0671 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/24 20:15:52.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/24 20:15:52.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/24 20:15:52.0875 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/24 20:15:52.0968 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/24 20:15:53.0218 KeyScrambler (83a174ac30d12186e5c2e56d362d3604) C:\WINDOWS\system32\drivers\keyscrambler.sys
2010/08/24 20:15:53.0343 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/24 20:15:53.0421 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/24 20:15:53.0734 M3000Srv (8da3ac548c6ef91b284dcff1a84be3db) C:\WINDOWS\system32\Drivers\M3000KNT.sys
2010/08/24 20:15:53.0812 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/08/24 20:15:54.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/24 20:15:54.0156 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/24 20:15:54.0218 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/24 20:15:54.0312 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/24 20:15:54.0500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/24 20:15:54.0531 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/08/24 20:15:54.0578 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/24 20:15:54.0671 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/24 20:15:54.0781 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/24 20:15:54.0875 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/24 20:15:55.0031 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/24 20:15:55.0093 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/24 20:15:55.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/24 20:15:55.0218 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/24 20:15:55.0390 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/24 20:15:55.0484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/24 20:15:55.0578 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/24 20:15:55.0781 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/24 20:15:55.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/24 20:15:55.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/24 20:15:56.0093 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/24 20:15:56.0187 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/24 20:15:56.0234 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/24 20:15:56.0312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/24 20:15:56.0609 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/24 20:15:56.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/24 20:15:56.0968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/24 20:15:57.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/24 20:15:57.0093 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/24 20:15:57.0156 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/24 20:15:57.0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/24 20:15:57.0406 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/24 20:15:57.0453 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/24 20:15:57.0546 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/24 20:15:57.0609 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/24 20:15:57.0859 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/08/24 20:15:57.0906 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/08/24 20:15:58.0109 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/24 20:15:58.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/24 20:15:58.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/24 20:15:58.0468 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/08/24 20:15:58.0515 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/08/24 20:15:58.0562 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/08/24 20:15:58.0609 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/08/24 20:15:58.0671 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/08/24 20:15:58.0750 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/24 20:15:58.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/24 20:15:59.0046 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/24 20:15:59.0125 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/24 20:15:59.0218 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/24 20:15:59.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/24 20:15:59.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/24 20:15:59.0671 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/24 20:15:59.0781 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/24 20:15:59.0890 RTLE8023xp (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/08/24 20:16:00.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/24 20:16:00.0312 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/24 20:16:00.0484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/24 20:16:00.0781 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/08/24 20:16:00.0859 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/24 20:16:00.0937 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/08/24 20:16:01.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/24 20:16:01.0312 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/24 20:16:01.0312 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
2010/08/24 20:16:01.0328 sptd - detected Locked file (1)
2010/08/24 20:16:01.0453 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/24 20:16:01.0640 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/24 20:16:01.0828 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/08/24 20:16:02.0015 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/24 20:16:02.0125 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/24 20:16:02.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/24 20:16:02.0671 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/08/24 20:16:02.0718 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/08/24 20:16:02.0781 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/08/24 20:16:02.0843 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/08/24 20:16:02.0921 SynTP (409f7eeb079d6154ccb26a02e6e27844) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/24 20:16:03.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/24 20:16:03.0562 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/24 20:16:03.0828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/24 20:16:03.0968 Tdsshbecr (4a766448821359df6a0427a91782385a) C:\WINDOWS\system32\DRIVERS\shbecr.sys
2010/08/24 20:16:04.0000 Tdsshbecr - detected Rootkit.Win32.TDSS.tdl2 (0)
2010/08/24 20:16:04.0265 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/24 20:16:04.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/24 20:16:04.0781 TMPassthru (690acb48dac04e44a3d5e7654ca3260d) C:\WINDOWS\system32\DRIVERS\TMPassthru.sys
2010/08/24 20:16:04.0828 TMPassthruMP (690acb48dac04e44a3d5e7654ca3260d) C:\WINDOWS\system32\DRIVERS\TMPassthru.sys
2010/08/24 20:16:05.0015 TosIde (67b0bb00b577d37e54497e5fdfcaadc0) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/08/24 20:16:05.0140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/24 20:16:05.0187 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/08/24 20:16:05.0281 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/24 20:16:05.0718 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/24 20:16:06.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/24 20:16:06.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/24 20:16:06.0390 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/24 20:16:06.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/24 20:16:06.0921 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/24 20:16:07.0015 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/24 20:16:07.0296 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/24 20:16:07.0500 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/24 20:16:08.0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/24 20:16:08.0296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/24 20:16:08.0546 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/24 20:16:08.0671 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/24 20:16:08.0921 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/24 20:16:09.0015 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/24 20:16:09.0093 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/24 20:16:09.0328 ================================================================================
2010/08/24 20:16:09.0328 Scan finished
2010/08/24 20:16:09.0328 ================================================================================
2010/08/24 20:16:09.0406 Detected object count: 2
0

#17
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 24 aug 2010, 19:41

Vad blir nästa draget?
Ska jag klicka på "Delete" och ta bort rackaren Rootkit.Win32.TDSS.tdl2 och hoppa över den andra locked file som KAV föreslår?
0

#18
Medlem är utloggad   Cecilia 

  • Beroende
  • Ikon
  • Grupp: Huvudmoderator
  • Inlägg: 75 560
  • Gick med: 2003-05-06
  • Ort:Stockholm

Skrivet 24 aug 2010, 22:05

Citat

Ska jag klicka på "Delete" och ta bort rackaren Rootkit.Win32.TDSS.tdl2 och hoppa över den andra locked file som KAV föreslår?
Ja, det låter bra
0

#19
Medlem är utloggad   Cecilia 

  • Beroende
  • Ikon
  • Grupp: Huvudmoderator
  • Inlägg: 75 560
  • Gick med: 2003-05-06
  • Ort:Stockholm

Skrivet 24 aug 2010, 23:53

Visa inläggRedSquare, den 24 aug 2010, 18:52, sa:

Hoppsan jag har kommit på att brandväggen kör med DNS server!?
KAn det vara det, du har hittat?

Datorn använder DNS-servrar för att omvandla webbadresser, t ex eforum.idg.se, till IP-adresser, t ex 257.34.5.6. Det innebär att en av dem anropas när man surfar. Normalt använder man internet-leverantörens DNS-servrar, men man kan ställa om till andra.
0

#20
Medlem är utloggad   RedSquare 

  • Användare
  • PipPip
  • Grupp: Medlemmar
  • Inlägg: 28
  • Gick med: 2010-08-24

Skrivet 25 aug 2010, 11:45

Tack för förklaringen om DNS-server!

Kan det vara då att jag använder (istället för min internetleverantörs) COMODO´s DNS-server, som i sin tur mycket väl kan vara i USA?

Annars har jag gjort städningen med TDSSKiller och är redo för dagens grovgörat!

Hälsningar från RedSquare!
0
  • 3 sidor +
  • 1
  • 2
  • 3
  • Du kan inte starta en ny tråd
  • Du kan inte svara i tråden
1 besökare läser just nu den här tråden, varav 0 medlem(mar) och 1 gäst(er)
 
 
Senast obesvarade trådar
Prenumerera på nyheter

Du kan prenumerera på PC för Allas nyheter via rss, läs mer här.

Missa inte våra nya
smarta nyhetsbrev
Beställ direkt:


Extreme

Läs mer om nyhetsbreven här!
PC för Alla-nätverket

Pcforalla.se - Nyheter, tester och skolor dagligen.
Extreme - Grafikkort, hårdvara och överklockning.
Business - IT-nyheter och guider för småföretagaren.
Eforum - Sveriges största IT-community.

Papperstidningen


Följ oss på Facebook.

Följ oss på Twitter.