Problem med internet

[pinturicchio_]

Hej!

 

Jag har internet från Bredbandsbolaget. Jag har en bärbar uppkopplad trådlöst och en stationär uppkopplad med nätverkskabel, båda via modem eller vad man ska säga. Under den senaste tiden har jag haft problem med internet då det helt plötsligt slutat fungera (även TV:n och telefonen).

 

När jag ringt in har de sagt att problemet har varit att min stationära har begärt Mac-adress (tror jag de sa) för många gånger. Den senaste jag pratade med sa också att det såg väldigt konstigt ut då min stationära var uppkopplad till uppåt 20(!?) nätverk samtidigt.

 

Vad berodde det på frågade jag? Då sa han en massa olika saker. Då frågade jag om det i princip kunde vara vad som helst, då svarade han ja. När jag frågade vad jag skulle göra, då svarade att jag först borde prova installera om drivrutinerna till nätverkskortet eller kanske köpa ett nytt nätverkskort eller installera om operativsystemet.

 

Som ni kanske förstår så är jag inte direkt kunnig inom det här området, så jag har i princip ingen aning om vad jag ska göra?

 

Jag har börjat skanna hela datorn nu för att se om det finns någon trojan eller något sånt (jag skannar med avast! som jag för står inte är det bästa antivirusprogrammet så jag vet inte riktigt om det är någon bra idé till att börja med.)

 

Har ni några tips? Kan man vet exakt vad problemet är?

 

Jag har dragit ur nätverkskabeln på den stationära tillsvidare, för jag orkar inte ringa in till de och be de starta om allting därifrån så att det fungerar i några timmar som det har blivit på sistone, men jag kan ju inte ha det så hur länge som helst.

 

Det skulle var otroligt tacksam om någon kunde hjälpa mig.

 

Känns helt hopplöst som ni kanske förstår...

[Roger W]

Hej!

 

Jag har internet från Bredbandsbolaget. Jag har en bärbar uppkopplad trådlöst och en stationär uppkopplad med nätverkskabel, båda via modem eller vad man ska säga. Under den senaste tiden har jag haft problem med internet då det helt plötsligt slutat fungera (även TV:n och telefonen).

 

När jag ringt in har de sagt att problemet har varit att min stationära har begärt Mac-adress (tror jag de sa) för många gånger. Den senaste jag pratade med sa också att det såg väldigt konstigt ut då min stationära var uppkopplad till uppåt 20(!?) nätverk samtidigt.

 

Vad berodde det på frågade jag? Då sa han en massa olika saker. Då frågade jag om det i princip kunde vara vad som helst, då svarade han ja. När jag frågade vad jag skulle göra, då svarade att jag först borde prova installera om drivrutinerna till nätverkskortet eller kanske köpa ett nytt nätverkskort eller installera om operativsystemet.

 

Som ni kanske förstår så är jag inte direkt kunnig inom det här området, så jag har i princip ingen aning om vad jag ska göra?

 

Jag har börjat skanna hela datorn nu för att se om det finns någon trojan eller något sånt (jag skannar med avast! som jag för står inte är det bästa antivirusprogrammet så jag vet inte riktigt om det är någon bra idé till att börja med.)

 

Har ni några tips? Kan man vet exakt vad problemet är?

 

Jag har dragit ur nätverkskabeln på den stationära tillsvidare, för jag orkar inte ringa in till de och be de starta om allting därifrån så att det fungerar i några timmar som det har blivit på sistone, men jag kan ju inte ha det så hur länge som helst.

 

Det skulle var otroligt tacksam om någon kunde hjälpa mig.

 

Känns helt hopplöst som ni kanske förstår...

 

"Begära MAC-adress"? Nätverkskortet HAR en MAC-adress, men "begära" har jag aldrig hör ttalas om. "Uppkopplad till 20 nätverk". Nää, nog måste du ha missförstått. Den står uppkopplad till ETT nätverk. That's it.

 

BBB har ju ett "Servicecenter" man installerar på sin dator, http://www.bredbandsbolaget.se/privat/bredband/servicecenter/index.html. Testade produkten nyss, och tyvärr fungerar den inte på Windows 7. Annars är det den tekniska supporten som gäller. Börja samtalet med att berätta att du kan nada om det här.

De är jäkligt bra, pojkarna och flickorna på tekniska supporten.

[Cecilia]

Det kanske ska vara att datorn, med en viss MAC-adress, har begärt IP-adress så där 20 gånger på kort tid. Det skulle kanske kunna bero på glapp i nätverkskabeln/kontakterna så pröva med en annan kabel.

[pinturicchio_]

Efter att ha skannat igenom datorn med avast! visade det sig att det fanns tre ''hot''.

 

Det här är informationen som gick att läsa:

 

Filerna:

pic761.pif (Hot: Win32: Dropper-BSN(Trj)

pic013(2).pif (Hot: Win32: Rootkit-gen (Rtk)

pic013.pif (Hot: Win32: Rootkit-gen (Rtk)

 

Jag antar av initialerna att det är trojan och/eller rootkit. Det är ju i så fall förklaringen, eller är jag helt ute och cyklar?

[Cecilia]

Kan du få fram i vilken mapp dessa filer finns/fanns?

[pinturicchio_]

Ja, de ligger i C:/users/*/Downloads ungefär.

 

Men jag hittar inte själva Downloads-pappen när jag bläddrar den vägen. Den enda tänkbara Download-mapp som det skulle kunna handla om är den som jag har på skrivbordet - där allt sånt som jag laddar ner hamnar.

[Cecilia]

Ställ in Datorn/Utforskaren så att du kan se alla filer:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Då borde du kunna hitta C:\Användare\"anv.namn"\Downloads. En mapp på Skrivbordet borde ha sökvägen C:\Användare\"anv.namn"\skrivbord\Downloads. Men det är ju möjligt att Avast har tagit bort just de tre filerna nu. Om du hittar filerna låt bli att ta bort dem utan i så fall bör de undersökas mer.

 

Men det är inte sannolikt att filer som ligger där verkligen är något som körs, särskilt inte om det är pif-filer eftersom det är en sorts genväg.

 

Men vi kan kolla upp datorn noggrannare. Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

[pinturicchio_]

Alltså jag vågar inte ens koppla upp den datorn till internet eftersom att det skulle kunna avbryta alla mina anslutningar igen och då skulle allt sluta fungera - Telefonen, TV:n - eftersom jag har kopplat allt genom modem. Men det kanske jag måste göra nu.

 

När jag skannade igenom datorn sist hittade avast! de där tre filerna som sagt. Men efter att flyttat de filerna till karantän, startat om datorn och sedan gjort en ny skanning så har inga hot hittats.

 

Betyder det att de filerna är borta nu? Ska jag chansa och koppla upp datorn för att ladda ner och se vad DDS visar?

 

Jag orkar inte gå igenom allt det där med Bredbandsbolagets support i onödan, om du förstår vad jag menar. Kostar både mobilpengar och en massa tid.

[Cecilia]

Du kan föra över DDS resp. loggarna med hjälp av USB-minne från/till en dator som är ansluten till internet.

[pinturicchio_]

Finns det risk att USB-minnet infekteras så att den datorn som det inte är virus i sin tur också infekteras (om det nu är virus på den datorn som det är fel på)?

 

Förlåt för mina jobbiga frågor, men har vart med om att det blivit så tidigare.

[Cecilia]

Tack för alla poäng!

 

För säkerhets skull kan du på den friska datorn köra Flash Disinfector som dels ändrar inställningar i datorn för att hindra autorun-infektioner att spridas från USB-minnen och liknande och dels kan desinficera USB-minnen.

 

Spara Flash Disinfector by sUBs på Skrivbordet:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in de USB-minnen etc som kan tänkas vara infekterade. Håll nere Shift-tangenten medan du stoppar in USB-minnet etc ända till Windows har detekterat att enheten är inne för att hindra att något program på enheten körs.

När allt är klart så avsluta programmet och starta om datorn.

[pinturicchio_]

DDS (Ver_10-03-17.01) - NTFSx86

Run by Akill at 15:00:36,36 on 2010-09-02

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2036.1101 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\rundll32.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Internet Explorer\IELowutil.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\System32\mobsync.exe

C:\Users\Akill\Desktop\dds.scr

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\conime.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mDefault_Page_URL = hxxp://www.yahoo.com/

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Servicecenter Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\program files\bredbandsbolaget\servicecenter\IEFixItNowPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [bredbandsbolaget Servicecenter] "c:\program files\bredbandsbolaget\servicecenter\Bredbandsbolaget.exe"

dRunOnce: [<NO NAME>]

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0401

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0404

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0405

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0406

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0407

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0408

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0409

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang040b

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang040c

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang040d

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang040e

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0410

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0411

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0412

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0413

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0414

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0415

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0416

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0419

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang041b

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang041d

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang041f

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0424

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0804

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0816

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0c0a

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: c:\windows\system32\wpclsp.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\akill\appdata\roaming\mozilla\firefox\profiles\6mx9jz8h.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.se

FF - prefs.js: keyword.URL - hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bFlciMSa&q=

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

 

FF - user.js: browser.search.selectedEngine - Search

FF - user.js: keyword.URL - hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bFlciMSa&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-12 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-12 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-12 50256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-7 21504]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 136176]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-3 54632]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

 

============== File Associations ===============

 

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

piffile="%1" %*"

 

=============== Created Last 30 ================

 

2010-08-12 19:20:27 81920 ----a-w- c:\windows\system32\iccvid.dll

2010-08-12 19:20:22 274944 ----a-w- c:\windows\system32\schannel.dll

2010-08-12 19:20:16 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-08-12 19:20:13 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-08-12 19:19:33 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-12 19:19:32 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-12 19:19:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-12 19:19:19 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-12 19:19:19 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-12 19:19:09 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-05 20:15:29 72 ----a-w- c:\windows\setup.ini

2010-08-03 23:34:06 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-03 20:41:54 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2010-08-03 19:30:48 38848 ----a-w- c:\windows\avastSS.scr

2010-08-03 19:28:59 0 d-----w- c:\programdata\Alwil Software

 

==================== Find3M ====================

 

2010-09-02 13:00:24 51200 ----a-w- c:\windows\inf\infpub.dat

2010-09-02 13:00:24 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-08-20 16:40:27 600418 ----a-w- c:\windows\system32\perfh01D.dat

2010-08-20 16:40:27 118330 ----a-w- c:\windows\system32\perfc01D.dat

2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-05-04 17:55:31 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-05-04 17:55:31 143360 ----a-w- c:\windows\inf\infstor.dat

2008-07-07 07:20:20 174 --sha-w- c:\program files\desktop.ini

2008-02-22 17:40:07 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2008-02-22 17:40:07 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2008-02-22 17:40:07 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2008-02-22 17:40:07 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2010-05-13 00:00:04 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-02-22 18:25:51 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 15:03:13,28 ===============

 

 

De där poängen skulle blekna i jämförelse om du visste om min tacksamhet för dig Cecilia och alla andra här på Eforum som alltid är till hjälp!

 

Här är resultatet från DDS i alla fall.

Attach.txt

[Cecilia]

 

Avinstallera Java™ SE Runtime Environment 6 Update 1

 

Spara GooredFix på Skrivbordet, från en av länkarna:

http://jpshortstuff.247fixes.com/GooredFix.exe

http://downloads.securitycadets.com/GooredFix.exe

 

Dubbelklicka på programmet för att starta det.

Klicka på Yes för att starta skanningen.

Kopiera innehållet i loggen som kommer upp och den finns även på skrivbordet med namnet GooredFix.txt.

 

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Använder du Windows Messenger, alltså inte Windows Live Messenger utan ett äldre program som kom med XP?

http://www.systemlookup.com/Startup/7812-msmsgs_exe.html

[pinturicchio_]

[log]GooredFix by jpshortstuff (03.07.10.1)

Log created at 17:13 on 02/09/2010 (Akill)

Firefox version 3.6.8 (sv-SE)

 

========== GooredScan ==========

 

 

========== GooredLog ==========

 

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:09 10/10/2008]

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [22:35 05/09/2009]

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [20:56 25/12/2009]

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [20:27 28/06/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [12:46 24/08/2010]

 

C:\Users\Akill\Application Data\Mozilla\Firefox\Profiles\6mx9jz8h.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b} [13:37 03/09/2009]

{635abd67-4fe9-1b23-4f01-e679fa7484c1} [11:54 12/07/2009]

 

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:00 19/08/2009]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [11:19 08/04/2010]

 

-=E.O.F=-[/log]

 

Nej, jag använder Windows Live Messenger.

[Cecilia]

Eventuellt är tillägget/insticksmodulen RealPlayer till Firefox infekterad. Avinstallera (eller inaktivera om det inte går att avinstallera) den i Verktyg - Tillägg. På en gång kan du också avinstallera (inaktivera) de gamla Java-versionerna som innehåller säkerhetshål så att bara den med 21 i namnet blir kvar. Starta om datorn och klistra in en ny DDS-logg.

[pinturicchio_]

DDS (Ver_10-03-17.01) - NTFSx86

Run by Akill at 18:44:10,24 on 2010-09-02

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2036.906 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Akill\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mDefault_Page_URL = hxxp://www.yahoo.com/

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Servicecenter Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\program files\bredbandsbolaget\servicecenter\IEFixItNowPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

dRun: [bredbandsbolaget Servicecenter] "c:\program files\bredbandsbolaget\servicecenter\Bredbandsbolaget.exe"

dRunOnce: [<NO NAME>]

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0401

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0404

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0405

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0406

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0407

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0408

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0409

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang040b

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang040c

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang040d

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang040e

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0410

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0411

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0412

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0413

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0414

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0415

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0416

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0419

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang041b

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang041d

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang041f

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0424

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0804

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0816

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\Lang0c0a

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_21.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: c:\windows\system32\wpclsp.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\akill\appdata\roaming\mozilla\firefox\profiles\6mx9jz8h.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.se

FF - prefs.js: keyword.URL - hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bFlciMSa&q=

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

 

FF - user.js: browser.search.selectedEngine - Search

FF - user.js: keyword.URL - hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bFlciMSa&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-12 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-12 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-12 50256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-7 21504]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 136176]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-3 54632]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

 

============== File Associations ===============

 

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

piffile="%1" %*"

 

=============== Created Last 30 ================

 

2010-09-02 15:09:45 0 ----a-w- c:\windows\system32\RENA8E0.tmp

2010-09-02 15:09:45 0 ----a-w- c:\windows\system32\RENA8DF.tmp

2010-09-02 15:09:45 0 ----a-w- c:\windows\system32\RENA8DE.tmp

2010-08-12 19:20:27 81920 ----a-w- c:\windows\system32\iccvid.dll

2010-08-12 19:20:22 274944 ----a-w- c:\windows\system32\schannel.dll

2010-08-12 19:20:16 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-08-12 19:20:13 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-08-12 19:19:33 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-12 19:19:32 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-12 19:19:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-12 19:19:19 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-12 19:19:19 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-12 19:19:09 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-05 20:15:29 72 ----a-w- c:\windows\setup.ini

2010-08-03 23:34:06 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-03 20:41:54 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2010-08-03 19:30:48 38848 ----a-w- c:\windows\avastSS.scr

2010-08-03 19:28:59 0 d-----w- c:\programdata\Alwil Software

 

==================== Find3M ====================

 

2010-09-02 16:34:34 51200 ----a-w- c:\windows\inf\infpub.dat

2010-09-02 16:34:34 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-09-02 13:02:33 600418 ----a-w- c:\windows\system32\perfh01D.dat

2010-09-02 13:02:33 118330 ----a-w- c:\windows\system32\perfc01D.dat

2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-05-04 17:55:31 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-05-04 17:55:31 143360 ----a-w- c:\windows\inf\infstor.dat

2008-07-07 07:20:20 174 --sha-w- c:\program files\desktop.ini

2008-02-22 17:40:07 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2008-02-22 17:40:07 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2008-02-22 17:40:07 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2008-02-22 17:40:07 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2010-05-13 00:00:04 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-02-22 18:25:51 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 18:44:28,94 ===============

Attach.txt

[Cecilia]

Tack för poäng!

 

I Firefox adressfält skriver du:

about:config

 

Leta sedan reda på raden keyword.URL. Högerklicka på den och välj Återställ om det finns. Om inte får du välja Modifiera och skriva ett bättre val. I min dator står det så här:

http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

 

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

När det gäller Windows Messenger titta i Internet-alternativ i IE, fliken Program, knappen Hantera tillägg om du hittar något som liknar raden ovan (numret, filnamnet). I så fall ta bort eller inaktivera det.

 

Veetle TV 0.9.17

Kan Veetle tänkas påverka Internet-anslutningen på ett negativt sätt?

 

Starta Anteckningar och inifrån programmet öppna filen:

c:\windows\setup.ini

Kopiera innehållet och klistra in det i ditt svar.

[pinturicchio_]

Vid ''keyword.URL'' stod det www.sicto.com/(och sedan en massa här efter).

 

När jag hade återställt byttes sicto.com-adressen mot exakt samma som du har på din.

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} <- Jag hittade det där och inaktiverade (eftersom det inte gick att ta bort).

 

Veetle tror jag absolut inte påverkar anslutningen. Det otroligt många som använder det och så vitt jag vet har det aldrig varit något problem. Jag använder/har använt det Veetle mer på den datorn som det inte är något fel på och det har aldrig varit något problem.

 

Jag tror inte jag riktigt förstår hur det menar med det här:

''Starta Anteckningar och inifrån programmet öppna filen:

c:\windows\setup.ini

Kopiera innehållet och klistra in det i ditt svar. ''

 

Av att döma än så länge, är det något virus? Eller är allt som det ska?

[Cecilia]

Setup.ini är en fil som innehåller inställningar eller liknande. Det är så liten så den är inte skadlig i sig men den skulle möjligen kunna innehålla något som har samband med något skadligt.

 

Starta Anteckningar (Start - Program - Tillbehör).

Arkiv - Öppna

Leta reda på c:\windows\setup.ini och öppna den.

Redigera - Markera allt

Redigera - Kopiera

 

I rutan för ditt svar här i tråden högerklickar du och väljer Klistra in.

[pinturicchio_]

Det här var det enda som kom upp från setup.ini filen:

 

[groupmsmsgs]

''MSN Messenger Service''

[progman.groups]

groupmsmsgs=

[pinturicchio_]

Men kan det inte ha något med den där www.sicto.com-adressen?

 

Jag har kollat lite på internet om det där och de som har varit i kontakt på något sätt med den där sidan ''sicto.com'' har också haft problem på ett eller annat sätt.

[Cecilia]

setup.ini verkar ju vara normal.

 

Det som syntes i DDS-loggen är nu åtgärdat. sicto.com är definitivt inte något bra i alla fall.

 

Men rootkits som Avast larmade om syns inte i en DDS-logg utan då får man använda andra program.

 

1.

Spara MBRCheck.exe av a_d_13 på Skrivbordet.

Kör programmet.

Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. I det senare fallet tryck på N följt av Enter.

När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar.

 

2.

Spara Rootkit Unhooker på skrivbordet.

http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE

Dubbelklicka på programmet för att starta det (i Vista och Windows 7 högerklicka och välj Kör som administratör).

Välj fliken Report och klicka på Scan

Bocka för Drivers, Stealth, Files och Code Hooks, men avbocka de andra valen.

Tryck på OK

Vänta tills skannern är klar och då väljer du File - Save Report. Spara rapporten på Skrivbordet eller på något annat ställe där du hittar igen den. Klicka på Close

 

Öppna den sparade rapporten i Anteckningar. Klistra in innehållet i ditt svar.

 

Observera att om det kommer upp en varning "Rootkit Unhooker has detected a parasite..." så ignorera den bara.

[pinturicchio_]

[log]MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer: MSI

BIOS Manufacturer: Phoenix Technologies, LTD

System Manufacturer: HP-Pavilion

System Product Name: KQ412AA-UUW a6412.sc

Logical Drives Mask: 0x00002dfc

 

Kernel Drivers (total 138):

0x82204000 \SystemRoot\system32\ntkrnlpa.exe

0x825BD000 \SystemRoot\system32\hal.dll

0x8040F000 \SystemRoot\system32\kdcom.dll

0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x80486000 \SystemRoot\system32\PSHED.dll

0x80497000 \SystemRoot\system32\BOOTVID.dll

0x8049F000 \SystemRoot\system32\CLFS.SYS

0x804E0000 \SystemRoot\system32\CI.dll

0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys

0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x80692000 \SystemRoot\System32\Drivers\sptd.sys

0x8077A000 \SystemRoot\System32\Drivers\WMILIB.SYS

0x80783000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

0x807A9000 \SystemRoot\system32\drivers\acpi.sys

0x807EF000 \SystemRoot\system32\drivers\msisadrv.sys

0x805C0000 \SystemRoot\system32\drivers\pci.sys

0x805E7000 \SystemRoot\System32\drivers\partmgr.sys

0x80400000 \SystemRoot\system32\drivers\volmgr.sys

0x87C04000 \SystemRoot\System32\drivers\volmgrx.sys

0x87C4E000 \SystemRoot\system32\drivers\intelide.sys

0x87C55000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x87C63000 \SystemRoot\System32\drivers\mountmgr.sys

0x87C73000 \SystemRoot\system32\drivers\atapi.sys

0x87C7B000 \SystemRoot\system32\drivers\ataport.SYS

0x87C99000 \SystemRoot\system32\drivers\fltmgr.sys

0x87CCB000 \SystemRoot\system32\drivers\fileinfo.sys

0x87CDB000 \SystemRoot\System32\Drivers\ksecdd.sys

0x87E00000 \SystemRoot\system32\drivers\ndis.sys

0x87F0B000 \SystemRoot\system32\drivers\msrpc.sys

0x87F36000 \SystemRoot\system32\drivers\NETIO.SYS

0x88007000 \SystemRoot\System32\drivers\tcpip.sys

0x880F1000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x88208000 \SystemRoot\System32\Drivers\Ntfs.sys

0x88318000 \SystemRoot\system32\drivers\volsnap.sys

0x88351000 \SystemRoot\System32\Drivers\spldr.sys

0x88359000 \SystemRoot\System32\Drivers\mup.sys

0x88368000 \SystemRoot\System32\drivers\ecache.sys

0x8838F000 \SystemRoot\system32\drivers\disk.sys

0x883A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x883C1000 \SystemRoot\system32\drivers\crcdisk.sys

0x883EA000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x8810C000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x8C409000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x8CAC6000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8CB67000 \SystemRoot\System32\drivers\watchdog.sys

0x8CB73000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x883F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x8811B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x88159000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x88168000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x8817B000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x8C400000 \SystemRoot\system32\DRIVERS\PS2.sys

0x88186000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x88191000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8C405000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0x87F71000 \SystemRoot\System32\Drivers\aktiw9n2.SYS

0x88200000 \SystemRoot\system32\DRIVERS\serscan.sys

0x881BF000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x87D4C000 \SystemRoot\system32\DRIVERS\storport.sys

0x881EE000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x87FD7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x881A9000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x87D8D000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x87FEE000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x87DB0000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x87DC4000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x87DD9000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8D006000 \SystemRoot\system32\DRIVERS\mcdbus.sys

0x8D01F000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8D021000 \SystemRoot\system32\DRIVERS\ks.sys

0x8D04B000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8D055000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8D062000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x8D097000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8DA00000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x8D0B5000 \SystemRoot\system32\drivers\portcls.sys

0x8D0E2000 \SystemRoot\system32\drivers\drmk.sys

0x8DBF3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x8D107000 \SystemRoot\System32\Drivers\Null.SYS

0x8D10E000 \SystemRoot\System32\Drivers\Beep.SYS

0x8D115000 \SystemRoot\System32\drivers\vga.sys

0x8D121000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8D142000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8D14A000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8D152000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8D15D000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8D16B000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8D174000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8D18A000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x8D194000 \SystemRoot\system32\DRIVERS\smb.sys

0x8D1A8000 \SystemRoot\system32\drivers\afd.sys

0x8D1F0000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x8DC02000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8DC34000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x8DC3D000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8DC53000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8DC61000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8DC74000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8DCB0000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8DCBA000 \SystemRoot\System32\Drivers\dfsc.sys

0x8DCD1000 \SystemRoot\System32\Drivers\aswSP.SYS

0x8DCF8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x8DD0D000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8DD0F000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x8DD25000 \SystemRoot\system32\DRIVERS\udfs.sys

0x8DD60000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8DD6D000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x8DD78000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x96C20000 \SystemRoot\System32\win32k.sys

0x8DD80000 \SystemRoot\System32\drivers\Dxapi.sys

0x8DD8A000 \SystemRoot\system32\DRIVERS\monitor.sys

0x96E40000 \SystemRoot\System32\TSDDD.dll

0x96E60000 \SystemRoot\System32\cdd.dll

0x96E70000 \SystemRoot\System32\ATMFD.DLL

0x8DD99000 \SystemRoot\system32\drivers\luafv.sys

0x8DDB4000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x8DDCB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xA9C0D000 \SystemRoot\system32\drivers\spsys.sys

0xA9CBD000 \SystemRoot\system32\DRIVERS\lltdio.sys

0xA9CCD000 \SystemRoot\system32\DRIVERS\rspndr.sys

0xA9CE0000 \SystemRoot\system32\drivers\HTTP.sys

0xA9D4D000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xA9D6A000 \SystemRoot\system32\DRIVERS\bowser.sys

0xA9D83000 \SystemRoot\System32\drivers\mpsdrv.sys

0xA9D98000 \SystemRoot\system32\drivers\mrxdav.sys

0xA9DB9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xABE0E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xABE47000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xABE5F000 \SystemRoot\System32\DRIVERS\srv2.sys

0xABE86000 \SystemRoot\System32\DRIVERS\srv.sys

0xABED4000 \SystemRoot\system32\drivers\peauth.sys

0xABFB2000 \SystemRoot\System32\Drivers\secdrv.SYS

0xABFBC000 \SystemRoot\System32\drivers\tcpipreg.sys

0xABFC8000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xABFDD000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

0x8DDCE000 \SystemRoot\System32\Drivers\fastfat.SYS

0x77000000 \Windows\System32\ntdll.dll

0x10000000 \Program Files\DAEMON Tools\daemon.dll

 

Processes (total 72):

0 System Idle Process

4 System

544 C:\Windows\System32\smss.exe

612 csrss.exe

656 C:\Windows\System32\wininit.exe

668 csrss.exe

700 C:\Windows\System32\services.exe

728 C:\Windows\System32\winlogon.exe

744 C:\Windows\System32\lsass.exe

760 C:\Windows\System32\lsm.exe

912 C:\Windows\System32\svchost.exe

1000 C:\Windows\System32\svchost.exe

1044 C:\Windows\System32\svchost.exe

1144 C:\Windows\System32\svchost.exe

1208 C:\Windows\System32\svchost.exe

1224 C:\Windows\System32\svchost.exe

1320 C:\Windows\System32\audiodg.exe

1344 C:\Windows\System32\svchost.exe

1364 C:\Windows\System32\SLsvc.exe

1384 C:\Windows\System32\svchost.exe

1512 C:\Windows\System32\svchost.exe

1596 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1972 C:\Windows\System32\spoolsv.exe

1996 C:\Windows\System32\svchost.exe

984 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

1276 C:\Program Files\Bonjour\mDNSResponder.exe

1748 C:\Windows\System32\svchost.exe

908 C:\Windows\System32\svchost.exe

2136 C:\Windows\System32\svchost.exe

2228 C:\Windows\System32\svchost.exe

2328 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2372 C:\Windows\System32\svchost.exe

2484 C:\Windows\System32\svchost.exe

2536 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

2560 C:\Windows\System32\SearchIndexer.exe

2632 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

2720 WUDFHost.exe

3132 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

3736 C:\Windows\System32\dwm.exe

3796 C:\Windows\explorer.exe

3824 C:\Windows\System32\taskeng.exe

4036 C:\Program Files\Windows Defender\MSASCui.exe

2120 C:\Windows\RtHDVCpl.exe

2124 C:\hp\support\hpsysdrv.exe

1124 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

2064 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

2500 C:\Windows\System32\hkcmd.exe

2472 C:\Windows\System32\igfxpers.exe

2668 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

1448 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

920 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

2856 C:\Program Files\Windows Sidebar\sidebar.exe

1532 C:\Windows\ehome\ehtray.exe

2868 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

2460 C:\Program Files\uTorrent\uTorrent.exe

1872 C:\Program Files\Windows Media Player\wmpnscfg.exe

2548 C:\Program Files\Personal\bin\Personal.exe

580 C:\Windows\System32\wbem\unsecapp.exe

1528 WmiPrvSE.exe

3220 C:\Windows\System32\igfxsrvc.exe

3592 C:\Windows\ehome\ehmsas.exe

3844 C:\Program Files\Windows Media Player\wmpnetwk.exe

4076 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

1520 C:\Windows\System32\svchost.exe

1604 C:\Windows\System32\svchost.exe

3212 C:\Windows\System32\svchost.exe

5276 C:\Windows\System32\conime.exe

4576 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

3968 C:\Windows\System32\mobsync.exe

5412 C:\Windows\System32\SearchProtocolHost.exe

5008 C:\Windows\System32\SearchFilterHost.exe

4204 C:\Users\Akill\Desktop\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000051`e7300000 (NTFS)

 

PhysicalDrive0 Model Number: ST3360320AS, Rev: 3.CHN

 

Size Device Name MBR Status

--------------------------------------------

335 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected

SHA1: F362CE084BC77B454330005C1657154A64FB9456

 

 

Done![/log]

 

[log]RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>Drivers

==============================================

0x8C409000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7065600 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x82204000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x82204000 PnpManager 3903488 bytes

0x82204000 RAW 3903488 bytes

0x82204000 WMIxWDM 3903488 bytes

0x96C20000 Win32k 2109440 bytes

0x96C20000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Win32-drivrutin för flera användare)

0x8DA00000 C:\Windows\system32\drivers\RTKVHDA.sys 2043904 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x88208000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NTFS-drivrutin)

0x87E00000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x88007000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)

0x80692000 PCI_NTPNP3876 950272 bytes

0x80692000 C:\Windows\System32\Drivers\sptd.sys 950272 bytes

0x804E0000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xABED4000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0xA9C0D000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8CAC6000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8CB73000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x80609000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x87CDB000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x80416000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)

0xA9CE0000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-protokollstack)

0x87F71000 C:\Windows\System32\Drivers\aktiw9n2.SYS 417792 bytes

0xABE86000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x96E70000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x87C04000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8D1A8000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x807A9000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-drivrutin för NT)

0x8049F000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x87D4C000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8811B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8DC74000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x87F36000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0x8DD25000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)

0xABE0E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x88318000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Drivrutin för skuggkopior av volymer)

0x8D062000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x825BD000 ACPI_HAL 208896 bytes

0x825BD000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x87C99000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Filterhanteraren för Microsofts filsystem)

0x8DC02000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x881BF000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8D0B5000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x87F0B000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8D021000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0x8DDCE000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x8DCD1000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)

0x88368000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x805C0000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare)

0xABE5F000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x80783000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)

0x8D0E2000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x87D8D000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x883A0000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0xA9D98000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8D121000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0xA9DB9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x87C7B000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0xA9D4D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x880F1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8DD99000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Filterdrivrutin för LUA-filvirtualisering)

0xA9D6A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8D006000 C:\Windows\system32\DRIVERS\mcdbus.sys 102400 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)

0x88191000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xABE47000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8DDB4000 C:\Windows\system32\drivers\aswMonFlt.sys 94208 bytes (ALWIL Software, avast! File System Minifilter for Windows 2003/Vista)

0x8DCBA000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x87FD7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x8DD0F000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8DC3D000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8D174000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0xA9D83000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x87DC4000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8DCF8000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xABFC8000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x87DB0000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8D194000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x88168000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, Drivrutin för i8042 Port)

0xA9CCD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8DC61000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xABFDD000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x8838F000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8D097000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x80486000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformsspecifik drivrutin för maskinvarufel)

0x87CCB000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0xA9CBD000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x87C63000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x87DD9000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8810C000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8DD8A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x88359000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x805E7000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x87FEE000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x88159000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x80400000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x96E60000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8DC53000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8D15D000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x87C55000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x8DD60000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8D055000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x80685000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xABFBC000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8D115000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8CB67000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0x8DD6D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes

0x88186000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin)

0x8817B000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Musklassdrivrutin)

0x8D152000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x881A9000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x881EE000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x883F3000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x8D18A000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)

0x8DD80000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8D04B000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8DCB0000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0xABFB2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x883C1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8DBF3000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0xABFEF000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8D16B000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x96E40000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x883EA000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8077A000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8DC34000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0x87C73000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x80497000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x8DD78000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes

0x807EF000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8D142000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8D14A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x88200000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Seriell enhetsdrivrutin för Imaging)

0x88351000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x8D10E000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x87C4E000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0x8040F000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8D107000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8D1F0000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)

0x8C400000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)

0x8DDCB000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)

0x8C405000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)

0x8D01F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8DD0D000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0x8445C1E8 unknown_irp_handler 3608 bytes

0x8606C1E8 unknown_irp_handler 3608 bytes

0x861771E8 unknown_irp_handler 3608 bytes

0x8445B1E8 unknown_irp_handler 3608 bytes

0x860771E8 unknown_irp_handler 3608 bytes

0x864961E8 unknown_irp_handler 3608 bytes

0x8617A1E8 unknown_irp_handler 3608 bytes

0x844591E8 unknown_irp_handler 3608 bytes

0x856C9520 unknown_irp_handler 2784 bytes

0x8605D7A0 unknown_irp_handler 2144 bytes

0x860457A0 unknown_irp_handler 2144 bytes

0x865C07A0 unknown_irp_handler 2144 bytes

==============================================

>Stealth

==============================================

WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]

0x00C00000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x84868020 ] PID: 4076, 94208 bytes

==============================================

>Files

==============================================

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x822AC7AA-->822AC7B1 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8249590A-->8DCE6BA0 [aswSP.SYS]

ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump 0x82435905-->8DCE69C4 [aswSP.SYS]

ntkrnlpa.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x8236FDF0-->8DCE6AFE [aswSP.SYS]

ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x82434063-->8DCE3F6C [aswSP.SYS]

ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x823DB28F-->8DCE25B4 [aswSP.SYS]

[1384]svchost.exe-->advapi32.dll-->GetTokenInformation, Type: IAT modification 0x010010FC-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->InitializeSecurityDescriptor, Type: IAT modification 0x01001100-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: IAT modification 0x0100113C-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x01001130-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->RegDisablePredefinedCacheEx, Type: IAT modification 0x01001118-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->RegisterServiceCtrlHandlerW, Type: IAT modification 0x01001134-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0100112C-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x01001128-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->SetEntriesInAclW, Type: IAT modification 0x0100110C-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->SetSecurityDescriptorDacl, Type: IAT modification 0x01001110-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->SetSecurityDescriptorGroup, Type: IAT modification 0x01001108-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->SetSecurityDescriptorOwner, Type: IAT modification 0x01001104-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->SetServiceStatus, Type: IAT modification 0x01001138-->00000000 [unknown_code_page]

[1384]svchost.exe-->advapi32.dll-->StartServiceCtrlDispatcherW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->ActivateActCtx, Type: IAT modification 0x0100109C-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x01001074-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->CreateActCtxW, Type: IAT modification 0x01001008-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->DeactivateActCtx, Type: IAT modification 0x01001090-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->DelayLoadFailureHook, Type: IAT modification 0x01001018-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x01001050-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->ExpandEnvironmentStringsW, Type: IAT modification 0x01001004-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x01001084-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->GetCommandLineW, Type: IAT modification 0x0100104C-->00000000 [locale.nls]

[1384]svchost.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x01001044-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x01001038-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x01001034-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x01001098-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x01001028-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0100108C-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x0100103C-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x01001030-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->HeapFree, Type: IAT modification 0x01001068-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->HeapSetInformation, Type: IAT modification 0x01001000-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x01001080-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x0100101C-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->LCMapStringW, Type: IAT modification 0x01001010-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0100107C-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x01001078-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->LocalFree, Type: IAT modification 0x01001070-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->lstrcmpiW, Type: IAT modification 0x010010AC-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->lstrcmpW, Type: IAT modification 0x010010A4-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x01001014-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x0100102C-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->RegisterWaitForSingleObject, Type: IAT modification 0x01001020-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->ReleaseActCtx, Type: IAT modification 0x0100100C-->00000000 [svchost.exe.mui]

[1384]svchost.exe-->kernel32.dll-->SetErrorMode, Type: IAT modification 0x01001060-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->SetProcessAffinityUpdateMode, Type: IAT modification 0x01001054-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x01001024-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x01001088-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x01001040-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x01001048-->00000000 [unknown_code_page]

[1384]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: IAT modification 0x0100106C-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: IAT modification 0x01001158-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlCopySid, Type: IAT modification 0x0100114C-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlFreeHeap, Type: IAT modification 0x01001148-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlImageNtHeader, Type: IAT modification 0x01001160-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlInitializeCriticalSection, Type: IAT modification 0x0100116C-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlInitializeSid, Type: IAT modification 0x0100115C-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlLengthRequiredSid, Type: IAT modification 0x01001154-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlSetProcessIsCritical, Type: IAT modification 0x01001164-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlSubAuthorityCountSid, Type: IAT modification 0x01001150-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlSubAuthoritySid, Type: IAT modification 0x01001144-->00000000 [unknown_code_page]

[1384]svchost.exe-->ntdll.dll-->RtlUnhandledExceptionFilter, Type: IAT modification 0x01001168-->00000000 [unknown_code_page]

[2632]YahooAUService.exe-->advapi32.dll-->CreateServiceW, Type: IAT modification 0x00467054-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C8151C-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C816D0-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C81664-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]

[2632]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C81668-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C81514-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x00467088-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x00467090-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x00467004-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x00467084-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x0046707C-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]

[2632]YahooAUService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x00467138-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x004670C8-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x004670D8-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x00467250-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x004670AC-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x00467108-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004670F0-->00000000 [shimeng.dll]

[2632]YahooAUService.exe-->kernel32.dll-->MoveFileA, Type: IAT modification 0x00467254-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x6D641258-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x6D641268-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x6D641274-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x6D641254-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x6D64125C-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]

[2632]YahooAUService.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x768E1C04-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x768E1B34-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x768E1CB8-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x768E1B54-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x768E1CFC-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x768E1B2C-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x768E1B30-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x768E1B74-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x768E1CC8-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]

[2632]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D51550-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]

[2632]YahooAUService.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x4B0D1104-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x4B0D110C-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x4B0D1114-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x4B0D1110-->00000000 [AcGenral.dll]

[2632]YahooAUService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]

[4576]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040C0E4-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0040C0E0-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0040C0B0-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0040C0B8-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x768E166C-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x768E1AC4-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x768E1A50-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x768E19F0-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x768E19A8-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x768E1914-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x768E1714-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->user32.dll-->DefWindowProcW, Type: IAT modification 0x0040C268-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->user32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x77D5145C-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x0040C2A4-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [yui.dll]

[4576]Ymsgr_tray.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x0040C29C-->00000000 [yui.dll]

[/log]

 

Jag skickade de där ''hoten'' till karantän eller vad det nu heter på avast! direkt efter den första skanningen (kanske var lite dumt tänker jag nu i efterhand). Efter det har jag skannat ungefär tre gånger och då har ingenting kommit upp. Kan det vara så enkelt så att avast! tagit bort viruset? Men då skulle inte den där adressen vara kvar på Firefox?

 

(Det som också är lite konstigt, inte för att jag direkt vet vad jag pratar om exakt, men jag märkte inte några konstigheter när jag använde Firefox under den tiden då de problemen uppstod, eller ens före det. Ofta brukar ju startsidan ändras eller något sånt, men jag hade kvar www.google.com som startsida.)

[Cecilia]

Jag skickade de där ''hoten'' till karantän eller vad det nu heter på avast! direkt efter den första skanningen (kanske var lite dumt tänker jag nu i efterhand).

Nej då, om man vill kolla upp filerna mer så går det ju att återställa dem från karantänen.

 

Kan det vara så enkelt så att avast! tagit bort viruset?

Filer i downloads-mappen körs normalt inte utan det är ju vanligen installationsfiler som ligger där. Frågan är väl snarare om du har startat de där filerna för att installera något och om det då har skapats skadliga filer/inställningar på andra ställen i datorn.

 

men jag märkte inte några konstigheter när jag använde Firefox under den tiden då de problemen uppstod, eller ens före det. Ofta brukar ju startsidan ändras eller något sånt, men jag hade kvar www.google.com som startsida

keyword.URL har inte med startsidan att göra utan handlar om vad Firefox ska göra när du skriver in en webbadress den inte förstår: http://kb.mozillazine.org/Keyword.URL

 

0x8445C1E8 unknown_irp_handler 3608 bytes

0x8606C1E8 unknown_irp_handler 3608 bytes

0x861771E8 unknown_irp_handler 3608 bytes

0x8445B1E8 unknown_irp_handler 3608 bytes

0x860771E8 unknown_irp_handler 3608 bytes

0x864961E8 unknown_irp_handler 3608 bytes

0x8617A1E8 unknown_irp_handler 3608 bytes

0x844591E8 unknown_irp_handler 3608 bytes

0x856C9520 unknown_irp_handler 2784 bytes

0x8605D7A0 unknown_irp_handler 2144 bytes

0x860457A0 unknown_irp_handler 2144 bytes

0x865C07A0 unknown_irp_handler 2144 bytes

Ovanstående rader är misstänkta. Kör programmet Rootkit Unhooker igen. Om du högerklickar på motsvarande rader på fliken Drivers i programmet vad kan du välja på för alternativ?

[pinturicchio_]

Då kan jag välja mellan Properties, Dump Selected, Wipe File och Do immediately BSOD.