Just nu i M3-nätverket
Jump to content

Net Framework....


Kalle Dator1

Recommended Posts

Kalle Dator1

Hejsan !

 

Bifogad skylt har sedan en tid tillbaka börjat att dyka upp på min laptop-skärm (Vista !) när jag är uppkopplad på internet med t ex Mozilla FireFox. Aldrig (hittills) på någon av mina andra datorer !

 

 

Informationen bakom avsedd knapp säger mig just ingenting. Vilken av de andra kontrollerna som jag klickar på, vare sig det är krysset i det ö h hörnet, "Avsluta" eller "Fortsätt" hindrar att skylten återkommer flera gånger under en session med datorn.

 

Jag har sett meddelandet som ett virusintrång eller annat skadligt för datorn om jag klickar på något...

 

Hur blir jag av med det irriterande eländet, och vad handlar det om ?

 

Jag har någonting med NET Framework installerat med anledning av 'vad vet jag'. Ska jag avinstallera detta och vad händer i så fall ?

 

Bästa hälsningar

 

/Kalle

post-4543-1277188410,3_thumb.jpg

Link to comment
Share on other sites

Hej,

Kolla att Firefox är uppdaterat, se under Hjälp, Sök efteruppdateringar.

Net.Framework är en del av Windows.

Kontrollera att dina tillägg i Firefox är uppdaterade.

Verktyg - Tillägg, kontrollera efter uppdateringar längst ned till höger, välj sedan Insticksmoduler, upprepa.

 

Kontrollerat att din dator är updaterad via Windows Update?

Mvh

Mats H

Link to comment
Share on other sites

Kompletterar med ett par frågor om Mats tips inte hjälper:

 

Vilka versioner av .NET Framework är installerade?

Är det vid besök på vissa webbsidor som felmeddelandet kommer? För felmeddelandet anger snarare att det är det program som använder sig av .NET Framework som gör något fel än att det är ett fel i själva .NET Framwork samt att Firefox av sig själv inte använder .NET Framwork.

Link to comment
Share on other sites

Kalle Dator1

Cecilia och Mats H

 

Tack för info !

 

Har ännu inte kollat alla varianter, om orsaken till detta meddelande från NET Framework, men konstaterade igår att meddelandet kommer fram, även när jag inte ligger ute på någon webbsida, utan bara använder datorn i "hemmaläge".... Så uppenbart har det inte sin grund i någon webbläsare. Ska kolla vidare efterhand...

 

Hur och var ser man info om versionen på NET Framework ?

 

MVH

 

/Kalle

Link to comment
Share on other sites

Du borde se vilka versioner som finns i datorn i Kontrollpanelen - Lägg till och ta bort program.

Link to comment
Share on other sites

  • 3 weeks later...
Kalle Dator1

Hej igen !

 

Ärendet har dröjt av olika anledningar...

 

gip:

 

Under den uppkommande info-rutan finns nedanstående information:

 

post-4543-1278836417,37_thumb.jpg

 

Information om att aktivera JIT-felsökning i stället för den 
här dialogrutan finns i slutet av det här meddelandet.

************** Undantagstext **************
System.IndexOutOfRangeException: Indexet låg utanför gränserna för matrisen.
  vid Live.Form1.Timer7_Tick(Object sender, EventArgs e)
  vid System.Windows.Forms.Timer.OnTick(EventArgs e)
  vid System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
  vid System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Inlästa sammansättningar **************
mscorlib
   Sammansättningsversion: 2.0.0.0
   Win32-version: 2.0.50727.4200 (NetFxQFE.050727-4200)
   CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
Archelaus Stub
   Sammansättningsversion: 1.0.0.0
   Win32-version: 1.0.0.0
   CodeBase: file:///C:/Users/Karl-Erik/AppData/Roaming/Microsoft/lsass/1.0.0.0/lsass.exe
----------------------------------------
Microsoft.VisualBasic
   Sammansättningsversion: 8.0.0.0
   Win32-version: 8.0.50727.4016 (NetFxQFE.050727-4000)
   CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
   Sammansättningsversion: 2.0.0.0
   Win32-version: 2.0.50727.4205 (VistaSP2GDR.050727-4200)
   CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
   Sammansättningsversion: 2.0.0.0
   Win32-version: 2.0.50727.4016 (NetFxQFE.050727-4000)
   CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
   Sammansättningsversion: 2.0.0.0
   Win32-version: 2.0.50727.4016 (NetFxQFE.050727-4000)
   CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
   Sammansättningsversion: 2.0.0.0
   Win32-version: 2.0.50727.4016 (NetFxQFE.050727-4000)
   CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Configuration
   Sammansättningsversion: 2.0.0.0
   Win32-version: 2.0.50727.4016 (NetFxQFE.050727-4000)
   CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
   Sammansättningsversion: 2.0.0.0
   Win32-version: 2.0.50727.4016 (NetFxQFE.050727-4000)
   CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
mscorlib.resources
   Sammansättningsversion: 2.0.0.0
   Win32-version: 2.0.50727.4200 (NetFxQFE.050727-4200)
   CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
System.Core
   Sammansättningsversion: 3.5.0.0
   Win32-version: 3.5.30729.1 built by: SP
   CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Windows.Forms.resources
   Sammansättningsversion: 2.0.0.0
   Win32-version: 2.0.50727.4016 (NetFxQFE.050727-4000)
   CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms.resources/2.0.0.0_sv_b77a5c561934e089/System.Windows.Forms.resources.dll
----------------------------------------

************** JIT-felsökning **************
För att aktivera JIT-felsökning (just-in-time ) måste .config-filen för
det här tillämpningsprogrammet eller datorn (machine.config) ha 
jitDebugging-värdet angivet i avsnittet system.windows.forms.
Tillämpningsprogrammet måste också vara kompilerat
med felsökning aktiverat.

Till exempel:

<configuration>
   <system.windows.forms jitDebugging="true" />
</configuration>

När JIT-felsökning är aktiverad kommer alla undantag som inte
hanteras att skickas till JIT-felsökaren som är registrerad på
datorn snarare än att hanteras av den här dialogrutan.

 

 

 

Mats H / Cecilia

 

Under Dator\C:\Windows\Microsoft.NET hittar man, enligt nedanstående bilder:

 

post-4543-1278836184,27_thumb.jpg

 

post-4543-1278836196,35_thumb.jpg

 

post-4543-1278836203,71_thumb.jpg

 

post-4543-1278836212,87_thumb.jpg

 

Frågan är hur och med vad jag eventuellt ska uppdatera .NET. Och varför sker inte denna uppdatering tillsammans med all övrig uppdatering som är ständigt återkommande ?

 

 

Mvh och tack för intresse och hjälpsamhet !

 

/Kalle

Link to comment
Share on other sites

Hej,

Net.Framework uppdateras inte speciellt ofta, men jag har fått genom Windows update.

 

Om jag förstått det hela rätt, (är lite osäker på detta), så kan man stå på en lägre nivå än den senaste versionen, beroende på vilka Applikationer man har i datorn som har stöd av Net.Framework,

och vilken version som krävs.

Mvh

Mats H

Link to comment
Share on other sites

Kalle Dator1

Jaha, Mats....

 

Och hur uppdaterar man själv NET Framework, om inte den automatiska uppdateringen sköter detta ?

Kollar jag Windows Update, får jag meddelandet att inga uppdateringar finns f n....

 

Är det säkert att det gäller just uppdatering, om man beaktar innehållet i felmeddelandet, vilket jag inte begriper mig på....

 

/Kalle

Link to comment
Share on other sites

Jag tror att det är ett "virus". Programmet som körs verkar vara:

C:/Users/Karl-Erik/AppData/Roaming/Microsoft/lsass/1.0.0.0/lsass.exe

 

lsass är en process som finns på alla datorer, men den ligger normalt inte på sökvägen ovan.

Det inträffar ett fel i programmet lsass.exe som får det att krasha. Så detta har inget att göra med att du skulle ha fel version av .Net Framework.

 

Prova att bara gå in och döpa om eller flytta filen och starta om datorn. Om du vill veta mer i detalj vad den gör kan du skicka den till mig så ska jag kolla den. Det går att göra tämligen enkelt med ett program som heter .Net Reflector.

Link to comment
Share on other sites

Kalle Dator1

Googlade lite på filnamnet och hittade diverse diskussioner om programmet (viruset ?)

.

Det skumma och farliga med en fil med dessa små bokstäver är ju om det ska vara ett litet "L" eller ett stort "I".

 

Men på ett av forumen ställs i alla fall frågan:

"lsass.exe or isass.exe - virus or system file?"

 

Jag har nu döpt om filen på min angivna sökväg och avvaktar resultatet. Skickar gärna filen, men 'be ware' om det är ett virus...

 

Kollat med Norton Insight och den godkänner filen....

 

/Kalle

Link to comment
Share on other sites

Tar gärna en titt på filen. Se PM.

Här är en tråd med samma infektion: http://social.answers.microsoft.com/Forums/en-US/w7repair/thread/4e0caca2-2ab6-4401-a697-e9938ea6328b

 

Det är väl bäst att kolla upp datorn ordentligt utifall att där finns fler skadliga filer. Ofta kommer det ju in flera filer samtidigt. Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

Kalle Dator1

OK !

 

Har nu kört dds.exe och fått loggen DDS.txt enligt nedan, samt bifogad attach.txt

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Karl-Erik at 12:08:04,01 on 2010-07-12

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.1791.948 [GMT 2:00]

 

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Karl-Erik\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

uURLSearchHooks: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll

mURLSearchHooks: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\google\google_bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll

uRun: [<NO NAME>]

uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [smpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [lsass] c:\users\karl-erik\appdata\roaming\microsoft\lsass\1.0.0.0\lsass.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [MSPService] c:\program files\cyberlink\magicsports\kernel\magicsports\MSPMirage.exe

mRun: [toolbar_eula_launcher] c:\program files\packard bell\google_eula\EULALauncher.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [GBMPro8Agent] "c:\program files\genie-soft\gbmpro8\GBMAgent.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [lsass] c:\users\karl-erik\appdata\roaming\microsoft\lsass\1.0.0.0\lsass.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\program\microsoft office\office12\EXCEL.EXE/3000

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

Trusted Zone: download.com\www

Trusted Zone: gfs.nb.se

Trusted Zone: handelsbanken.se

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E505599B-F37A-4849-A7B0-E0AAB5CB054C} - hxxps://gfs.nb.se/privat/bank/scripts/eid/NordeaSmartCard.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: ccc-core-static - msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\karl-e~1\appdata\roaming\mozilla\firefox\profiles\uw8quv2z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\users\karl-erik\appdata\roaming\mozilla\firefox\profiles\uw8quv2z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-26 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-26 173104]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-23 691248]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-26 501888]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100709.001\IDSvix86.sys [2010-7-10 344112]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-26 116784]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys [2010-5-26 339504]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-26 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-15 21504]

S3 GoogleDesktopManager-061008-081103;Google Desktop-hanteraren 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-28 29744]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-7-13 103040]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2007-10-30 24064]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2009-9-17 42368]

S3 TodosAgmII;=Driver for Todos Argos Mini II;c:\windows\system32\drivers\AgmIIusb.sys [2007-1-22 19456]

 

=============== Created Last 30 ================

 

2010-07-07 13:19:05 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys

2010-07-07 13:19:04 35892 ----a-w- c:\windows\system32\SER9PL.sys

2010-07-07 13:19:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD

2010-07-06 10:26:16 36 ----a-w- c:\windows\iltwain.ini

2010-07-06 10:26:01 964608 ----a-w- c:\windows\system32\mfc70u.dll

2010-07-06 10:26:00 974848 ----a-w- c:\windows\system32\mfc70.dll

2010-07-06 10:26:00 344064 ----a-w- c:\windows\system32\msvcr70.dll

2010-07-06 10:25:45 0 d-----w- c:\program files\common files\Fugawi

2010-07-06 10:25:44 0 d-----w- c:\program files\Fugawi

2010-07-06 09:38:58 0 d-----w- c:\users\karl-e~1\appdata\roaming\Memory-Map

2010-07-06 09:38:58 0 d-----w- c:\programdata\Memory-Map-License

2010-07-06 08:45:25 0 d-----w- c:\program files\gps

2010-07-06 08:35:23 0 d-----w- c:\program files\SeaClear

2010-07-06 08:09:17 0 d-----w- c:\program files\Garmin

2010-07-06 06:47:21 0 d-----w- c:\program files\TrackMaker

2010-07-06 06:28:44 30 ---h--w- C:\GPSSINFO.DAT

2010-07-05 13:33:42 0 d-----w- c:\program files\Microsoft AutoRoute 2010

2010-07-05 13:31:06 0 d-----w- c:\program files\MSECache

2010-06-25 05:09:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-25 05:09:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-25 05:09:07 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-25 05:09:07 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-25 05:09:07 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-24 04:50:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-24 04:50:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-22 18:24:53 0 d-----w- c:\program files\WinAVI Video Capture

2010-06-22 18:22:55 0 d-----w- c:\program files\Capture

2010-06-12 10:19:44 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-12 10:11:09 65536 --sha-w- c:\users\karl-erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TM.blf

2010-06-12 10:11:09 524288 --sha-w- c:\users\karl-erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TMContainer00000000000000000002.regtrans-ms

2010-06-12 10:11:09 524288 --sha-w- c:\users\karl-erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TMContainer00000000000000000001.regtrans-ms

 

==================== Find3M ====================

 

2010-07-07 13:19:52 51200 ----a-w- c:\windows\inf\infpub.dat

2010-07-07 13:19:52 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-07-07 13:19:49 143360 ----a-w- c:\windows\inf\infstor.dat

2010-07-05 13:45:20 653394 ----a-w- c:\windows\system32\perfh01D.dat

2010-07-05 13:45:20 140030 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-28 10:10:35 665600 ----a-w- c:\windows\inf\drvindex.dat

2007-08-28 10:39:37 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2007-08-28 10:39:37 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2007-08-28 10:39:37 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2007-08-28 10:39:37 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-11-27 07:47:48 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat

2009-11-27 07:47:48 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat

2009-11-27 07:47:48 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

2009-10-23 07:11:00 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-03-31 05:00:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008032420080331\index.dat

2008-04-14 12:00:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008041420080415\index.dat

2008-04-15 11:00:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008041520080416\index.dat

2007-08-28 10:48:45 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 12:09:25,84 ===============

 

 

Vad kan möjligen utläsas av dessa ?

 

 

Under hela den tid som jag har haft datorn igång, denna session, har icke felmeddelandet dykt upp en enda gång. Jag ändrade ju namnet på exe-filen "lsass.exe"...

 

/Kalle

Attach.txt

Link to comment
Share on other sites

Avinstallera The_Pirate_Bay Toolbar. Inte för att det är pirate bay utan pga dess spionfunktion enligt http://www.systemlookup.com/CLSID/52752-tbThe_dll_tbThe0_dll_tbThe1_dll.html

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och bläddrar fram filen du ändrade namn på, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här.

 

Om du högerklickar på den omdöpta filen och väljer Egenskaper, vad står det då för olika datum där?

 

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows

Kontrollera att den är påslagen (och i Windows 7 även på en hög nivå):

Kontrollpanelen - Säkerhetscenter - Andra säkerhetsinställningar

 

Trusted Zone: download.com\www

Är inte lämpligt att lägga download.com i tillförlitliga zonen, tycker jag, för det är för stor risk att de t ex får in en skadlig annons.

 

Det är gamla Java-versioner med säkerhetshål i datorn. Avinstallera Java™ 6 Update 7 och Java™ SE Development Kit 6 Update 7. Om du verkligen ska ha utvecklingsversionen (Development Kit) så se till att ha senaste versionen.

 

Det verkar finnas fler gamla programversioner med säkerhetshål i datorn. Låt Secunias Software Inspector kolla upp datorn.

Link to comment
Share on other sites

Kalle Dator1

Tack Cecilia !

 

Verkligen en grundlig genomgång ! Värt poäng !

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och bläddrar fram filen du ändrade namn på, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här.

 

Länken:

http://www.virustotal.com/sv/analisis/a023a478dfab8bed1e962232c7835f0bd61a8d1cd951e9f57b3c7e7822cb8d9e-1278937761

 

Om du högerklickar på den omdöpta filen och väljer Egenskaper, vad står det då för olika datum där?

 

Skapad, Ändrad och Använd: den ‎6 ‎juni ‎2010, ‏‎07:43:29

 

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras....

 

har nu slagits på !

 

Trusted Zone: download.com\www

Är inte lämpligt att lägga download.com i tillförlitliga zonen, tycker jag, för det är för stor risk att de t ex får in en skadlig annons.

 

Borttaget download com från "Tillförlitliga platser" i Internet Explorer !

 

Det är gamla Java-versioner med säkerhetshål i datorn. Avinstallera Java™ 6 Update 7 och Java™ SE Development Kit 6 Update 7. Om du verkligen ska ha utvecklingsversionen (Development Kit) så se till att ha senaste versionen.

 

Har blivit kvar sedan jag använde datorn för programutveckling !

Ovanstående avinstallationer är nu utförda !

 

Som sagt - ett stort tack för engagemanget !

 

Med vänlig hälsning

 

/Kalle

Link to comment
Share on other sites

Tack för poängen! :)

 

6 juni är mer än en månad sedan vilket gör att DDS inte visar tillräckligt mycket. OTL kan titta 90 dagar tillbaks i tiden. Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Ändra 30 days till 90.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

 

Finns det några andra filer i c:\users\karl-erik\appdata\roaming\microsoft\lsass ?

Link to comment
Share on other sites

Kalle Dator1
Finns det några andra filer i c:\users\karl-erik\appdata\roaming\microsoft\lsass ?

 

Ja ! Under lsass ligger en katalog "1.0.0.0", och i denna ligger filen

winlogon.exe

förutom lsass.exe, som jag döpt om till annat namn !

 

Här nedan OTL.txt:

OTL logfile created on: 2010-07-13 10:31:58 - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Karl-Erik\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141,04 Gb Total Space | 86,52 Gb Free Space | 61,34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KARL-ERIK-DATOR

Current User Name: Karl-Erik

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 90 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Karl-Erik\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)

PRC - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\POP Peeper\POPPeeper.exe (Mortal Universe)

PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe (Genie-soft)

PRC - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)

PRC - C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe ()

PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)

PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Karl-Erik\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)

MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100712.001\IDSvix86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100712.022\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100712.022\NAVENG.SYS (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)

DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)

DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (Tdsshbecr) -- C:\Windows\System32\drivers\shbecr.sys (Todos Data System AB)

DRV - (usbaudio) USB-ljuddrivrutiner (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)

DRV - (TdsNordecr) -- C:\Windows\System32\drivers\nordecr.sys (Todos Data System AB)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (TodosAgmII) -- C:\Windows\System32\drivers\AgmIIusb.sys (Todos Data System AB)

DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys (Bison Electronics. Inc. )

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

DRV - (Nokia USB Phone Parent) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)

DRV - (Nokia USB Modem) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)

DRV - (Nokia USB Generic) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=COM&range=AD&phase=8&key=IESTART

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.se/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010-05-27 06:00:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010-01-23 07:48:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-06 11:25:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-12 12:19:44 | 000,000,000 | ---D | M]

 

[2009-02-14 17:49:38 | 000,000,000 | ---D | M] -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Extensions

[2010-07-13 08:14:26 | 000,000,000 | ---D | M] -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Firefox\Profiles\uw8quv2z.default\extensions

[2010-05-27 13:20:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Firefox\Profiles\uw8quv2z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-07-05 13:12:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Firefox\Profiles\uw8quv2z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009-04-16 09:06:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Firefox\Profiles\uw8quv2z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-07-12 14:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007-08-28 03:39:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010-06-12 12:19:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2007-08-24 21:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009-02-14 17:49:29 | 000,001,470 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml

[2008-03-29 11:14:57 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2008-03-29 11:14:57 | 000,001,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2008-09-27 19:58:08 | 000,000,686 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png

[2008-09-27 19:58:08 | 000,000,531 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.src

[2009-02-14 17:49:29 | 000,002,670 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml

[2009-02-14 17:49:29 | 000,000,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tyda-sv-SE.xml

[2009-02-14 17:49:29 | 000,001,174 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml

[2009-02-14 17:49:29 | 000,000,647 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2009-08-06 14:20:04 | 000,000,837 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 applian.securesites.com

O1 - Hosts: 127.0.0.1 applianorders.securesites.net

O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A33FA729-D155-4B23-842B-2C665ECABDB6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe (Genie-soft)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [lsass] C:\Users\Karl-Erik\AppData\Roaming\Microsoft\lsass\1.0.0.0\lsass.exe File not found

O4 - HKLM..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found

O4 - HKCU..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKCU..\Run: [lsass] C:\Users\Karl-Erik\AppData\Roaming\Microsoft\lsass\1.0.0.0\lsass.exe File not found

O4 - HKCU..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe (Mortal Universe)

O4 - HKCU..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)

O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: gfs.nb.se ([]https in Tillförlitliga platser)

O15 - HKCU\..Trusted Domains: handelsbanken.se ([]* in Tillförlitliga platser)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {E505599B-F37A-4849-A7B0-E0AAB5CB054C} https://gfs.nb.se/privat/bank/scripts/eid/NordeaSmartCard.cab (ScriptPlayerRuntime Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{19744ce2-3257-11df-941d-001d609d7db8}\Shell - "" = AutoRun

O33 - MountPoints2\{580a86df-6fa7-11de-9ed4-001d609d7db8}\Shell - "" = AutoRun

O33 - MountPoints2\{580a8700-6fa7-11de-9ed4-001d609d7db8}\Shell - "" = AutoRun

O33 - MountPoints2\{5a7ad28b-455c-11de-aabb-001d609d7db8}\Shell - "" = AutoRun

O33 - MountPoints2\{6d108f52-f803-11dd-ac61-001d609d7db8}\Shell - "" = AutoRun

O33 - MountPoints2\{6d75e198-715e-11de-9d4f-001d609d7db8}\Shell - "" = AutoRun

O33 - MountPoints2\{f13ffb7e-118c-11df-a5b8-001d609d7db8}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010-07-13 10:30:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Karl-Erik\Desktop\OTL.exe

[2010-07-12 14:57:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010-07-12 14:57:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010-07-07 16:56:34 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\Desktop\GPS

[2010-07-07 15:19:05 | 000,081,920 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2pl.sys

[2010-07-07 15:19:04 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\SER9PL.sys

[2010-07-06 12:26:01 | 000,964,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70u.dll

[2010-07-06 12:26:00 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll

[2010-07-06 12:26:00 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll

[2010-07-06 12:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Fugawi

[2010-07-06 12:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fugawi

[2010-07-06 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\AppData\Local\Memory-Map-License

[2010-07-06 11:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Memory-Map-License

[2010-07-06 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\AppData\Roaming\Memory-Map

[2010-07-06 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\Documents\Map Overlays

[2010-07-06 11:13:56 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\AppData\Local\TopoGrafix

[2010-07-06 10:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\gps

[2010-07-06 10:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\SeaClear

[2010-07-06 10:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin

[2010-07-06 08:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\TrackMaker

[2010-07-06 08:46:19 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\AppData\Local\Downloaded Installations

[2010-07-05 15:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft AutoRoute 2010

[2010-07-05 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2010-06-25 07:09:08 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010-06-25 07:09:08 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010-06-25 07:09:07 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010-06-24 06:50:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-06-24 06:50:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-06-22 20:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI Video Capture

[2010-06-22 20:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Capture

[2010-06-12 12:19:44 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010-06-12 12:19:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010-06-12 11:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue

[2010-06-11 07:15:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010-06-11 07:15:02 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010-06-11 07:15:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010-06-11 07:14:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010-06-11 07:14:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010-06-11 07:14:43 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010-06-11 07:14:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010-06-11 07:14:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-06-11 07:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-06-11 07:14:42 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010-06-11 07:14:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010-06-11 07:14:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010-06-11 07:14:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010-06-11 07:14:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010-06-11 07:14:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010-06-11 07:14:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010-06-11 07:14:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010-06-11 07:14:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010-06-11 07:14:10 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010-05-26 07:03:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

 

========== Files - Modified Within 90 Days ==========

 

[2010-07-13 10:32:14 | 003,407,872 | ---- | M] () -- C:\Users\Karl-Erik\NTUSER.DAT

[2010-07-13 10:30:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\Utökad garanti.job

[2010-07-13 10:29:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Karl-Erik\Desktop\OTL.exe

[2010-07-13 09:50:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

[2010-07-13 09:03:11 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010-07-13 09:03:11 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010-07-13 08:40:58 | 002,110,020 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\Cat.DB

[2010-07-13 07:58:04 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C22ED595-495F-4A1E-BFC6-91C7E6A6E4EE}.job

[2010-07-13 07:07:56 | 000,037,888 | ---- | M] () -- C:\Users\Karl-Erik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-13 07:03:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-07-13 07:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-07-13 07:02:58 | 1878,286,336 | -HS- | M] () -- C:\hiberfil.sys

[2010-07-13 07:02:07 | 000,653,394 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010-07-13 07:02:07 | 000,642,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010-07-13 07:02:07 | 000,140,030 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010-07-13 07:02:06 | 001,553,986 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010-07-13 07:02:06 | 000,123,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010-07-13 07:01:45 | 000,524,288 | -HS- | M] () -- C:\Users\Karl-Erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TMContainer00000000000000000001.regtrans-ms

[2010-07-13 07:01:45 | 000,065,536 | -HS- | M] () -- C:\Users\Karl-Erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TM.blf

[2010-07-13 07:01:44 | 008,813,362 | -H-- | M] () -- C:\Users\Karl-Erik\AppData\Local\IconCache.db

[2010-07-12 16:57:15 | 000,000,254 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010-07-12 12:04:45 | 000,525,824 | ---- | M] () -- C:\Users\Karl-Erik\Desktop\dds.scr

[2010-07-07 15:48:50 | 000,000,036 | ---- | M] () -- C:\Windows\iltwain.ini

[2010-07-06 11:38:58 | 000,000,060 | ---- | M] () -- C:\Users\Karl-Erik\AppData\Local\mm-device-08.ini

[2010-07-06 08:28:44 | 000,000,030 | -H-- | M] () -- C:\GPSSINFO.DAT

[2010-06-23 08:08:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010-06-12 12:39:44 | 000,524,288 | -HS- | M] () -- C:\Users\Karl-Erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TMContainer00000000000000000002.regtrans-ms

[2010-06-12 12:04:54 | 000,524,288 | -HS- | M] () -- C:\Users\Karl-Erik\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[2010-06-12 12:04:54 | 000,065,536 | -HS- | M] () -- C:\Users\Karl-Erik\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010-06-12 10:28:39 | 000,355,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010-05-27 05:49:57 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2010-05-26 19:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010-05-26 16:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010-05-14 08:32:01 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\isolate.ini

[2010-05-06 06:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symtdiv.sys

[2010-05-06 06:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.inf

[2010-05-06 06:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.inf

[2010-05-04 07:56:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010-05-04 07:56:25 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010-05-04 07:56:25 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010-05-04 07:55:56 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010-05-04 07:55:53 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010-05-04 07:55:42 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-05-04 07:55:42 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010-05-04 07:55:42 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010-05-04 07:55:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-05-04 07:55:41 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010-05-04 07:55:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010-05-04 06:31:05 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010-05-04 06:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010-05-04 06:30:19 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010-05-04 06:30:01 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010-05-01 16:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010-04-29 07:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\ironx86.sys

[2010-04-29 07:03:51 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.cat

[2010-04-29 07:03:51 | 000,000,741 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\iron.inf

[2010-04-26 10:18:40 | 000,007,873 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.cat

[2010-04-24 13:31:04 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.inf

[2010-04-24 12:36:11 | 000,064,000 | ---- | M] () -- C:\Windows\System32\ieframe.oca

[2010-04-24 12:36:11 | 000,000,062 | ---- | M] () -- C:\Windows\VBAddin.INI

[2010-04-24 12:35:45 | 000,035,840 | ---- | M] () -- C:\Windows\System32\COMDLG32.oca

[2010-04-24 12:35:44 | 000,027,648 | ---- | M] () -- C:\Windows\System32\MSCAL.oca

[2010-04-24 12:22:04 | 000,043,008 | ---- | M] () -- C:\Windows\System32\MSMAPI32.oca

[2010-04-23 16:13:55 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010-04-22 05:02:36 | 000,007,787 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnetv.cat

[2010-04-22 05:02:36 | 000,007,368 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symnet.cat

[2010-04-22 05:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\symefa.sys

[2010-04-22 05:01:56 | 000,007,425 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\symds.cat

[2010-04-22 04:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.sys

[2010-04-22 04:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.sys

[2010-04-22 04:29:50 | 000,007,442 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.cat

[2010-04-22 04:29:50 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.cat

[2010-04-22 04:29:50 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtspx.inf

[2010-04-22 04:29:50 | 000,001,382 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1107000.00C\srtsp.inf

[2010-04-16 18:43:35 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-04-16 16:39:07 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

 

========== Files Created - No Company Name ==========

 

[2010-07-12 16:57:15 | 000,000,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010-07-12 12:06:13 | 000,525,824 | ---- | C] () -- C:\Users\Karl-Erik\Desktop\dds.scr

[2010-07-07 15:19:04 | 000,026,719 | ---- | C] () -- C:\Windows\System32\SERSPL.VXD

[2010-07-06 12:26:16 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini

[2010-07-06 11:38:58 | 000,000,060 | ---- | C] () -- C:\Users\Karl-Erik\AppData\Local\mm-device-08.ini

[2010-07-06 08:28:44 | 000,000,030 | -H-- | C] () -- C:\GPSSINFO.DAT

[2010-06-12 12:11:09 | 000,524,288 | -HS- | C] () -- C:\Users\Karl-Erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TMContainer00000000000000000002.regtrans-ms

[2010-06-12 12:11:09 | 000,524,288 | -HS- | C] () -- C:\Users\Karl-Erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TMContainer00000000000000000001.regtrans-ms

[2010-06-12 12:11:09 | 000,065,536 | -HS- | C] () -- C:\Users\Karl-Erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TM.blf

[2009-09-24 07:30:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009-03-13 14:32:57 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009-03-13 14:32:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008-11-02 12:12:23 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI

[2008-08-12 09:49:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008-05-17 10:15:37 | 001,701,648 | ---- | C] () -- C:\Windows\System32\VBA6.DLL

[2008-05-15 20:04:02 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI

[2008-03-20 14:01:05 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX5400LANG2.ini

[2008-03-05 21:15:49 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini

[2008-03-01 13:26:29 | 000,000,147 | ---- | C] () -- C:\Windows\System32\AddPort.ini

[2008-03-01 13:26:28 | 000,003,429 | R--- | C] () -- C:\Windows\System32\hptcpmon.ini

[2008-03-01 13:26:14 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agissi.dll

[2008-03-01 13:26:09 | 011,198,464 | R--- | C] () -- C:\Windows\System32\zhhp_res.dll

[2008-03-01 13:26:09 | 000,114,688 | R--- | C] () -- C:\Windows\System32\vshp2600.dll

[2008-03-01 13:24:24 | 000,000,579 | ---- | C] () -- C:\Windows\hpntwksetup.ini

[2007-08-28 12:35:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007-08-28 12:35:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007-08-28 12:35:18 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini

[2007-02-13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2002-03-21 14:51:52 | 000,503,808 | R--- | C] () -- C:\Windows\System32\lt_xtrans.dll

[2002-03-21 14:51:52 | 000,286,720 | R--- | C] () -- C:\Windows\System32\MrSIDD.dll

[2002-03-21 14:51:52 | 000,163,840 | R--- | C] () -- C:\Windows\System32\lt_common.dll

[2002-03-21 14:51:52 | 000,126,976 | R--- | C] () -- C:\Windows\System32\lt_trans.dll

[2002-03-21 14:51:52 | 000,069,632 | R--- | C] () -- C:\Windows\System32\lt_meta.dll

[2002-03-21 14:51:52 | 000,053,248 | R--- | C] () -- C:\Windows\System32\lt_encrypt.dll

[2002-03-21 14:51:52 | 000,020,480 | R--- | C] () -- C:\Windows\System32\lt_messagetext.dll

[2002-03-20 23:01:06 | 000,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys

[2002-03-20 23:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll

[2002-03-20 23:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll

[2002-03-20 23:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll

[2002-03-20 23:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll

[1998-06-10 01:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL

[1998-05-18 01:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI

[1998-04-24 01:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Visual Studio 2005:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Updater5:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\TechWorld:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Symantec:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\PADGen:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\My ISO Files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\My Backups:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Mina mottagna filer:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Mina Google Gadgets:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Min Garmin:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Map Overlays:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Downloads:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Underhåll:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Tidningar:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Programmering:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Internet:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\GPS:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Egna progr:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Diverse:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Bild & Ljud:Roxio EMC Stream

< End of report >

 

 

Bifogat Extras.txt

 

Mvh

 

/Kalle

Extras.Txt

Link to comment
Share on other sites

Under lsass ligger en katalog "1.0.0.0", och i denna ligger filen

winlogon.exe

förutom lsass.exe, som jag döpt om till annat namn !

Kolla upp den där winlogon på virustotal-sidan.

 

Återkommer när jag har gått igenom loggen.

Link to comment
Share on other sites

Viruset du har, som nu har döpt om dig till winlogon, har upphovsmannen döpt till: Archelaus RAT & DDoS'er - "The Master Of People"

 

Det är en trojan som kan fjärrstyra det mesta på din dator. Den sprider sig på många olika sätt, tex med flera olika chatklienter (MSN, Yahoo, Skype) och p2p program (torrent, kazaa, emule etc.) Så använder du någon chatklient och/eller p2p program så är det kanske läge att sluta med dem eller uppdatera dem om det går.

Link to comment
Share on other sites

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A33FA729-D155-4B23-842B-2C665ECABDB6} - No CLSID value found.
O4 - HKLM..\Run: [lsass] C:\Users\Karl-Erik\AppData\Roaming\Microsoft\lsass\1.0.0.0\lsass.exe File not found
O4 - HKCU..\Run: [lsass] C:\Users\Karl-Erik\AppData\Roaming\Microsoft\lsass\1.0.0.0\lsass.exe File not found
O9 - Extra 'Tools' menuitem : Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O33 - MountPoints2\{19744ce2-3257-11df-941d-001d609d7db8}\Shell - "" = AutoRun
O33 - MountPoints2\{580a86df-6fa7-11de-9ed4-001d609d7db8}\Shell - "" = AutoRun
O33 - MountPoints2\{580a8700-6fa7-11de-9ed4-001d609d7db8}\Shell - "" = AutoRun
O33 - MountPoints2\{5a7ad28b-455c-11de-aabb-001d609d7db8}\Shell - "" = AutoRun
O33 - MountPoints2\{6d108f52-f803-11dd-ac61-001d609d7db8}\Shell - "" = AutoRun
O33 - MountPoints2\{6d75e198-715e-11de-9d4f-001d609d7db8}\Shell - "" = AutoRun
O33 - MountPoints2\{f13ffb7e-118c-11df-a5b8-001d609d7db8}\Shell - "" = AutoRun
:Commands
[CREATERESTOREPOINT]
[emptytemp]
[Reboot]

Klistra in dem i rutan Custom Scans/Fixes.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

 

Klistra sedan in en ny OTL-logg för kontroll.

Link to comment
Share on other sites

Kalle Dator1
Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingc...opic114351.html

 

Jag är bortkollrad redan här:

    Start Norton Internet Security.

2
   In the Norton Internet Security window, in the left pane, click User Accounts.

3
   The account that you are logged on as is displayed after "you are logged on as:" 

       * If you are logged on as Supervisor, go to "To turn on or turn off Norton Internet Security."

       * If you are not logged on as Supervisor, go to line 4 of this STEP. 

4
   Click Log Off. 

5
   In the Confirm dialog box, click Yes.

6
   Click Log On.

7
   In the Log on dialog box, in the Account Name list, click Supervisor.

8
   In the Password field, type your password. 
    If you have never assigned a password to the Supervisor account, leave this field blank. 

9
   Click OK. 
    You should see the text "You are logged on as: Supervisor."

 

Fär det första så har jag NIS igång hela tiden, och behöver alltså inte starta den, enligt instruktionen.

För det andra så finns det ingenting om "User Accounts in the left pane" och ingen "left pane" att klicka på. Jag har NIS 2010 och instruktionen må ju hänvisa till en tidigare version. Vad vet jag...

 

Men jag ska alltså stoppa Norton Internet Security och helst då rycka ur internetanslutningen under tiden, kan jag tänka...

 

Nu är väl inte NIS 100% perfekt kanske, men man undrar ändå hur det kommer sig att den här trojanen inte har hittats när den smög sig in, eller varför NIS godkänner "winlogon.exe" som pålitlig vid en directscanning....

 

Brottas med att försöka avsluta NIS medan jag avvaktar svar på ovanstående...

 

/Kalle (som tillfälligtvis kör på en annan maskin...)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...