Hur får jag bort Yahoo som startsida ?

[kallekill]

Jag använder google chrome, men när jag startar den så dyker yaahoo upp som en extraflik, jag vill inte ha den, har provat o gå in i kontrollpanelen o ta bort den där, men den finns inte där, hur gör jag för att få bort Yahoo ???

 

Tacksam för svar snarast

[MatsLo]

Har du gått in o Chromes inställningar? det är de tre st vågräta linjerna längst upp till höger i Webläsaren(Chrome) precis under X som stänger webläsaren.

Där finns en mängd olika alternativ

[kallekill]

Har du gått in o Chromes inställningar? det är de tre st vågräta linjerna längst upp till höger i Webläsaren(Chrome) precis under X som stänger webläsaren.

Där finns en mängd olika alternativ

Jo jag har varit inne där o ändrat oxå , men det hjälper inte tyvärr

[jannejanne]

Byt webbläsare.

[Cecilia]

Jag använder google chrome, men när jag startar den så dyker yaahoo upp som en extraflik, jag vill inte ha den, har provat o gå in i kontrollpanelen o ta bort den där, men den finns inte där, hur gör jag för att få bort Yahoo ???

 

Tacksam för svar snarast

Vi kan ju se om OTL visar något särskilt när det gäller Chrome.

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

 

Tryck på Quick Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

[kallekill]

Vi kan ju se om OTL visar något särskilt när det gäller Chrome.

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

 

Tryck på Quick Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

 

OTL logfile created on: 2013-03-11 23:33:37 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Staffan\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,41% Memory free

4,22 Gb Paging File | 3,05 Gb Available in Paging File | 72,23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139,61 Gb Total Space | 46,57 Gb Free Space | 33,36% Space Free | Partition Type: NTFS

Drive D: | 9,44 Gb Total Space | 2,81 Gb Free Space | 29,74% Space Free | Partition Type: NTFS

 

Computer Name: STAFFAN-DATOR | User Name: Staffan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013-03-11 23:33:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Staffan\Downloads\OTL (1).exe

PRC - [2013-03-07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST

 

 

Software\Avast\AvastSvc.exe

PRC - [2013-02-21 06:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2012-12-29 01:38:28 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Staffan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012-04-17 13:44:12 | 001,333,144 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe

PRC - [2012-01-18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-01-19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007-10-03 23:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

PRC - [2007-10-03 23:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013-02-21 06:23:44 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll

MOD - [2013-02-21 06:23:43 | 012,637,136 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll

MOD - [2013-02-21 06:23:42 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll

MOD - [2013-02-21 06:22:48 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll

MOD - [2007-08-20 13:10:18 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll

MOD - [2007-02-28 01:02:36 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

MOD - [2007-02-28 01:02:36 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013-02-27 21:34:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-01-18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007-10-03 23:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON)

SRV - [2007-03-05 18:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2013-03-07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013-03-07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2013-03-07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013-03-07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013-03-07 00:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2013-03-07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013-03-07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013-03-07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012-10-30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2012-01-18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2008-09-28 09:39:00 | 000,042,368 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\shbecr.sys -- (Tdsshbecr)

DRV - [2007-07-10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007-06-25 12:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007-06-19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007-05-30 23:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)

DRV - [2007-04-23 22:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006-06-28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=HP&pf=laptop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=HP&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=81&bd=HP&pf=laptop

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{361A4AE6-8267-420C-B0F0-3A812BE17A1B}: "URL" = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934'>http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934'>http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934'>http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934'>http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934'>http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934'>http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934'>http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

IE - HKLM\..\SearchScopes\{6816773C-272C-4CEB-8266-DEEC9C722664}: "URL" = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

IE - HKLM\..\SearchScopes\{7BF28C13-2F80-4D70-B5B3-951C54D1DD4C}: "URL" = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

IE - HKLM\..\SearchScopes\{B243DE1D-51FC-49DE-B067-45DB6E0E20E3}: "URL" = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://se.search.yahoo.com?type=198484&fr=spigot-yhp-ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {CE62E358-C701-4D87-925F-57E42FF0AC39}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{361A4AE6-8267-420C-B0F0-3A812BE17A1B}: "URL" = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

IE - HKCU\..\SearchScopes\{6816773C-272C-4CEB-8266-DEEC9C722664}: "URL" = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

IE - HKCU\..\SearchScopes\{7BF28C13-2F80-4D70-B5B3-951C54D1DD4C}: "URL" = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

IE - HKCU\..\SearchScopes\{B243DE1D-51FC-49DE-B067-45DB6E0E20E3}: "URL" = http://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934

IE - HKCU\..\SearchScopes\{CE62E358-C701-4D87-925F-57E42FF0AC39}: "URL" = http://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-08 10:48:47 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.se/webhp?source=search_app

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll

CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\

CHR - Extension: Domain Error Assistant = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\

CHR - Extension: avast! WebRep = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

CHR - Extension: Savings-Slider = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\

CHR - Extension: Yontoo = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\

CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\

CHR - Extension: Gmail = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe /scan File not found

O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Staffan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.216.65.11 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD73AC4-1106-47B8-ABA9-DFC5DF1191B3}: DhcpNameServer = 81.216.65.11 192.168.0.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005-09-11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013-03-11 17:24:13 | 000,000,000 | ---D | C] -- C:\Users\Staffan\AppData\Roaming\Malwarebytes

[2013-03-11 17:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013-03-11 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013-03-11 17:23:26 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013-03-11 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013-03-08 15:23:42 | 000,000,000 | ---D | C] -- C:\Users\Staffan\AppData\Roaming\Apple Computer

[2013-03-08 13:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

[2013-03-08 13:57:25 | 000,000,000 | ---D | C] -- C:\Users\Staffan\AppData\Roaming\IObit

[2013-03-08 13:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2013-03-08 13:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2013-03-08 13:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot

[2013-03-08 13:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY

[2013-03-08 13:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix

[2013-03-08 13:43:41 | 000,000,000 | ---D | C] -- C:\Users\Staffan\AppData\Local\Citrix

[2013-03-07 23:23:52 | 000,000,000 | ---D | C] -- C:\Users\Staffan\AppData\Roaming\Skype

[2013-03-07 23:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Skype

[2013-03-07 23:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2013-03-07 00:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro

[2013-03-06 23:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Cyber Snipa

[2013-03-06 23:17:58 | 000,000,000 | ---D | C] -- C:\Users\Staffan\AppData\Local\WinZip

[2013-03-06 23:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip

[2013-03-06 23:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2013-03-06 23:15:19 | 000,000,000 | ---D | C] -- C:\Users\Staffan\AppData\Local\AVG Secure Search

[2013-03-06 23:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search

[2013-03-06 23:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

[2013-03-06 23:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search

[2013-02-13 23:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2013-02-10 01:43:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2013-02-10 01:43:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2013-02-10 01:43:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013-03-11 23:34:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-03-11 23:27:00 | 000,000,984 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013-03-11 22:58:45 | 000,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2013-03-11 22:58:05 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013-03-11 22:57:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013-03-11 22:57:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013-03-11 22:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-03-11 22:57:46 | 2137,014,272 | -HS- | M] () -- C:\hiberfil.sys

[2013-03-11 17:23:29 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013-03-08 10:48:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013-03-08 07:38:38 | 000,665,314 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2013-03-08 07:38:38 | 000,655,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013-03-08 07:38:38 | 000,149,914 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2013-03-08 07:38:38 | 000,128,834 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013-03-08 07:32:43 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013-03-08 00:07:52 | 001,048,587 | ---- | M] () -- C:\Users\Staffan\Documents\amcap.lnk.avi.avi

[2013-03-07 23:50:41 | 009,964,032 | ---- | M] () -- C:\Users\Staffan\Documents\amcap.lnk.avi

[2013-03-07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2013-03-07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2013-03-07 00:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013-03-07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2013-03-07 00:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2013-03-07 00:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013-03-07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2013-03-07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2013-03-07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2013-03-07 00:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013-02-17 15:00:57 | 000,282,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013-02-13 23:17:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2013-02-13 23:17:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2013-02-13 19:03:43 | 000,005,648 | ---- | M] () -- C:\Users\Staffan\AppData\Local\d3d9caps.dat

[2013-02-12 21:37:26 | 000,000,943 | ---- | M] () -- C:\Users\Staffan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013-02-12 20:56:48 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2013-02-12 20:56:48 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2013-02-12 20:56:34 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013-03-11 17:23:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013-03-08 13:46:13 | 000,735,072 | ---- | C] () -- C:\Users\Staffan\Documents\AA_v3 (1).exe

[2013-03-08 10:48:49 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013-03-08 10:48:49 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013-03-08 00:07:52 | 001,048,587 | ---- | C] () -- C:\Users\Staffan\Documents\amcap.lnk.avi.avi

[2013-03-07 23:48:14 | 009,964,032 | ---- | C] () -- C:\Users\Staffan\Documents\amcap.lnk.avi

[2013-02-13 23:17:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2013-02-13 23:17:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2013-02-12 20:56:34 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013-02-12 20:31:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2013-02-12 20:31:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012-11-25 17:26:33 | 000,000,318 | ---- | C] () -- C:\Users\Staffan\AppData\Roaming\wklnhst.dat

[2012-08-10 16:48:31 | 000,142,003 | ---- | C] () -- C:\Windows\hppins20.dat

[2012-08-10 16:47:40 | 000,016,655 | ---- | C] () -- C:\Windows\hppmdl20.dat

[2012-08-05 10:59:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2012-08-04 23:04:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2012-08-04 23:04:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2012-07-20 14:17:12 | 000,005,648 | ---- | C] () -- C:\Users\Staffan\AppData\Local\d3d9caps.dat

[2012-07-05 17:55:59 | 000,000,095 | ---- | C] () -- C:\Users\Staffan\AppData\Local\fusioncache.dat

[2012-06-25 21:07:07 | 000,015,360 | ---- | C] () -- C:\Users\Staffan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-01-18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2012-01-18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2012-01-18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2012-01-18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

 

========== ZeroAccess Check ==========

 

[2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2012-12-29 03:01:15 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\DC++

[2012-10-30 19:19:41 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\ErrorTeck

[2012-08-10 17:02:21 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\Image Zone Express

[2012-11-18 01:17:28 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\ImpleoIT

[2013-03-08 13:57:26 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\IObit

[2012-10-30 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\licenses

[2012-11-02 22:51:09 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\PCMM2009

[2012-11-02 22:52:07 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\PCMM2012

[2012-06-28 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\Personal

[2012-08-10 17:02:21 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\Printer Info Cache

[2013-02-09 01:25:09 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\Spotify

[2012-11-25 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\Template

[2013-02-13 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\Staffan\AppData\Roaming\uTorrent

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

Extras text hittar jag inte ???

[Cecilia]

1. Det är nog något av dina olämpliga tillägg i Chrome som lägger dit Yahoo:

 

CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\

CHR - Extension: Domain Error Assistant = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\

CHR - Extension: Savings-Slider = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\

CHR - Extension: Yontoo = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\

CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\

 

Avinstallera ovanstående 5 tillägg genom att följa http://support.google.com/chrome/bin/answer.py?hl=sv&answer=113907

 

2.

[2013-03-08 13:46:13 | 000,735,072 | ---- | C] () -- C:\Users\Staffan\Documents\AA_v3 (1).exe

[2013-03-08 13:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY

[2013-03-08 13:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix

[2013-03-08 13:43:41 | 000,000,000 | ---D | C] -- C:\Users\Staffan\AppData\Local\Citrix

Har du blivit uppringd av någon som påstår sig komma från Microsoft eller annat företag och säger att din dator har problem?

Det ser ut som sådant som de bedragarna brukar lägga in för att komma åt datorn.

[kallekill]

1. Det är nog något av dina olämpliga tillägg i Chrome som lägger dit Yahoo:

 

CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\

CHR - Extension: Domain Error Assistant = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\

CHR - Extension: Savings-Slider = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\

CHR - Extension: Yontoo = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\

CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Staffan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\

 

Avinstallera ovanstående 5 tillägg genom att följa http://support.googl...v&answer=113907

 

2.

[2013-03-08 13:46:13 | 000,735,072 | ---- | C] () -- C:\Users\Staffan\Documents\AA_v3 (1).exe

[2013-03-08 13:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY

[2013-03-08 13:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix

[2013-03-08 13:43:41 | 000,000,000 | ---D | C] -- C:\Users\Staffan\AppData\Local\Citrix

Har du blivit uppringd av någon som påstår sig komma från Microsoft eller annat företag och säger att din dator har problem?

Det ser ut som sådant som de bedragarna brukar lägga in för att komma åt datorn.

 

 

Ja i fredags ringde en person o sa att dom ringer ifrån Microsoft, o att jag har problem med min dator, tyvärr höll jag på att gå på det hela, för det lät mkt trovärdigt, hur får jag bort det ?

[Cecilia]

Installerat program för fjärrstyrning blev gjort i alla fall. Hittar du något med Citrix i Kontrollpanelens lista över installerade program?

Avinstallera det då.

 

Spara RougueKiller på Skrivbordet.

http://www.sur-la-toile.com/RogueKiller/

Stäng av alla program.

Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

 

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

 

Vänta tills "Prescan" har avslutats.

Klicka på "Scan"-knappen uppe till höger.

Vänta tills skanningen är klar.

En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar.

[kallekill]

Installerat program för fjärrstyrning blev gjort i alla fall. Hittar du något med Citrix i Kontrollpanelens lista över installerade program?

Avinstallera det då.

 

Spara RougueKiller på Skrivbordet.

http://www.sur-la-toile.com/RogueKiller/

Stäng av alla program.

Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

 

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

 

Vänta tills "Prescan" har avslutats.

Klicka på "Scan"-knappen uppe till höger.

Vänta tills skanningen är klar.

En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar.

RogueKiller V8.5.3 [Mar 13 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/'>http://www.geekstogo.com/forum/files/file/413-roguekiller/'>http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php'>http://tigzy.geekstogo.com/roguekiller.php'>http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/'>http://tigzyrk.blogspot.com/'>http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Staffan [Admin rights]

Mode : Scan -- Date : 03/13/2013 22:31:32

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

::1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD1600BEKT-00F3T0 +++++

--- User ---

[MBR] c0c31f9314d932f3919f9ac7aa4fecc9

[bSP] 89120432d55b23d8674fd4b8d6f4483e : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 142957 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292777984 | Size: 9665 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1]_S_03132013_02d2231.txt >>

RKreport[1]_S_03132013_02d2231.txt

 

 

 

RogueKiller V8.5.3 [Mar 13 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Staffan [Admin rights]

Mode : Scan -- Date : 03/13/2013 22:31:32

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

::1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD1600BEKT-00F3T0 +++++

--- User ---

[MBR] c0c31f9314d932f3919f9ac7aa4fecc9

[bSP] 89120432d55b23d8674fd4b8d6f4483e : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 142957 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292777984 | Size: 9665 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1]_S_03132013_02d2231.txt >>

RKreport[1]_S_03132013_02d2231.txt

 

 

RogueKiller V8.5.3 [Mar 13 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Staffan [Admin rights]

Mode : Scan -- Date : 03/13/2013 22:31:32

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

::1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD1600BEKT-00F3T0 +++++

--- User ---

[MBR] c0c31f9314d932f3919f9ac7aa4fecc9

[bSP] 89120432d55b23d8674fd4b8d6f4483e : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 142957 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292777984 | Size: 9665 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1]_S_03132013_02d2231.txt >>

RKreport[1]_S_03132013_02d2231.txt

 

 

 

Så här ser det ut

[Cecilia]

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

[kallekill]

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Tvärr hamnade inte loggen på skrivbordet, den kom bara upp, men nu är den försvunnen

 

följande felmeddelande fick jag , programmet misslyckades med att installera en eller flera komponenter i en netscape eller mozilla-baserad webbläsare felkod 10003.

 

när jag försökte komm ut på nätet stod det, ett försök att utföra en icke tillåten åtgärd på en registernyckel som markerats för borttagning, det markerade objektet är inte tillgängligt, det kan ha flyttats eller bytt namn. vill du ta bort objektet ? Ja Nej Yahoo kommer fortfarande upp i en flik i hop med goggle.

[Cecilia]

Starta om datorn en gång till för det brukar få bort felmeddelandet du får nu.

 

Kolla sedan efter filen ComboFix.txt i mappen C:\. Det är loggfilen.