Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Net Framework....

Kalle Dator1

Startad av Kalle Dator1,
i Program - övriga

Rekommendera Poster

Cecilia

Cecilia

Postad
Postad

NIS ska stängas av för annars så kan det bli så att OTL blir förhindrad att ändra i datorn på det sätt som behövs. Vad säger du om den här beskrivningen?

If you open NIS2010 you will see, at the top right of the page, the various features that you can turn off. As you turn them off they will give you options as to what you want to do e.g. Turn off until reboot etc.
http://community.norton.com/t5/Norton-Internet-Security-Norton/temporarily-Completely-turn-off-norton-internet-security-2010/m-p/169689

Fast du vill stänga av tills vidare och inte bara tills datorn startas om. Det som behöver stängas av är realtidsskydd, sådant som hela tiden övervakar vad som händer i datorn. Det är inte nödvändigt att stänga av brandväggen.

Länk till kommentar
Dela på andra webbplatser
Kalle Dator1

Kalle Dator1

Postad
  • Trådskapare
Postad

OTL är nu kört, med nedanstående resultat. Bryr mig inte om att lägga i kodfönster, då du ändå öppnar texten:

 

All processes killed

========== OTL ==========

Service upperdev stopped successfully!

Service upperdev deleted successfully!

File C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found not found.

Service SymIMMP stopped successfully!

Service SymIMMP deleted successfully!

File C:\Windows\System32\DRIVERS\SymIM.sys File not found not found.

Service NwlnkFwd stopped successfully!

Service NwlnkFwd deleted successfully!

File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.

Service NwlnkFlt stopped successfully!

Service NwlnkFlt deleted successfully!

File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.

Service IpInIp stopped successfully!

Service IpInIp deleted successfully!

File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.

Service blbdrive stopped successfully!

Service blbdrive deleted successfully!

File C:\Windows\System32\drivers\blbdrive.sys File not found not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{A33FA729-D155-4B23-842B-2C665ECABDB6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A33FA729-D155-4B23-842B-2C665ECABDB6}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lsass not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lsass deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19744ce2-3257-11df-941d-001d609d7db8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19744ce2-3257-11df-941d-001d609d7db8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{580a86df-6fa7-11de-9ed4-001d609d7db8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580a86df-6fa7-11de-9ed4-001d609d7db8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{580a8700-6fa7-11de-9ed4-001d609d7db8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580a8700-6fa7-11de-9ed4-001d609d7db8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a7ad28b-455c-11de-aabb-001d609d7db8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a7ad28b-455c-11de-aabb-001d609d7db8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d108f52-f803-11dd-ac61-001d609d7db8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d108f52-f803-11dd-ac61-001d609d7db8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d75e198-715e-11de-9d4f-001d609d7db8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d75e198-715e-11de-9d4f-001d609d7db8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f13ffb7e-118c-11df-a5b8-001d609d7db8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f13ffb7e-118c-11df-a5b8-001d609d7db8}\ not found.

========== COMMANDS ==========

 

 

[EMPTYTEMP]

 

User: Administrator

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Engelsman

 

User: Gäst

->Temp folder emptied: 56570 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 13689508 bytes

 

User: Karl-Erik

->Temp folder emptied: 2160540372 bytes

->Temporary Internet Files folder emptied: 26900830 bytes

->Java cache emptied: 63553590 bytes

->FireFox cache emptied: 103316019 bytes

->Flash cache emptied: 3443990 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 41826396 bytes

RecycleBin emptied: 52459349 bytes

 

Total Files Cleaned = 2 352,00 mb

 

 

OTL by OldTimer - Version 3.2.9.0 log created on 07132010_184220

 

Files\Folders moved on Reboot...

C:\Windows\temp\JETE34.tmp moved successfully.

 

Registry entries deleted on Reboot...

 

------------

 

Kan du kanske ge mig en liten sammanfattning om vad som har åstadkommits och bakgrunden. Har inte riktigt hängt med - fast jag försökt - i alla loggtexter m m...

 

/Kalle

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Klistra in en ny OTL-logg för kontroll om där syns till något mer.

 

Det här sista med skriptet i OTL var i huvudsak en städning i registret där det fanns inlagt att dessa skadliga filer skulle startas automatiskt, samt lite rester kvar efter diverse avinstallationer. Dessutom togs alla tillfälliga filer bort så att du nu har 2,5 GB mer ledigt utrymme på hårddisken. :)

Var det en tillräcklig förklaring eller är det något du vill veta mer om ?

Länk till kommentar
Dela på andra webbplatser
Kalle Dator1

Kalle Dator1

Postad
  • Trådskapare
Postad

Hej, och tack för guidningen i snårskogen efter reningsbadet...

 

Säkert välbehövligt, eftersom man alldeles för sällan ger sig på att städa datorn och avinstallera / ta bort onödiga filer...

 

Ett stort tack för ditt engagemang !

 

Vad har du för åsikter om ett annat program, just för städning och rensning i registret, nämligen Uniblue/RegistryBooster ?

 

Hur gör jag nu med den föregivna trojanen "winlogo.exe" ?

 

Kollade också lite med msconfig och konstaterade att precis det programmet "lsass.exe" på angiven sökväg stod uppsatt som program att starta vid Windows-start. Kryssade av detsamma, nu finns ju inte exe-filen med sitt rätta namn..

 

Och - absolut värt att nämna - mitt besvärliga meddelande har inte återkommit, vilket känns skönt..

 

Poäng till dig..

 

Ha en underbar fortsättning på sommaren...

 

/Kalle

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Se mitt inlägg #22.

 

Klistra in en ny OTL-logg för kontroll om där syns till något mer.

 

Det är rätt ofta registerstädningsprogram ställer till oreda i datorn. Om man inte förstår vad programmen gör ska man inte använda dem.

 

Tack för alla poäng! :D

 

Ha en bra sommar! :thumbsup:

Länk till kommentar
Dela på andra webbplatser
Kalle Dator1

Kalle Dator1

Postad
  • Trådskapare
Postad
Se mitt inlägg #22

.

.

Kolla upp den där winlogon på virustotal-sidan.

 

Känner mig lite dum: "virustotal-sidan" ??

Länk till kommentar
Dela på andra webbplatser
Mats H

Mats H

Postad
Postad

Hej,

Cecilia skrev:

Finns det några andra filer i c:\users\karl-erik\appdata\roaming\microsoft\lsass?

Ditt svar: Under lsass ligger en katalog "1.0.0.0", och i denna ligger filen

winlogon.exe

 

Ladda upp den på http://www.virustotal.com/sv/

och återkom med svarslänken här i din tråd.

Tryck på Bläddraknappen, leta reda på filen och tryck Skicka fil.

Mvh

Mats H

Länk till kommentar
Dela på andra webbplatser
Kalle Dator1

Kalle Dator1

Postad
  • Trådskapare
Postad

Får till svar att filen redan är analyserad ! Men då var det ju lsass.exe som jag skickade för analys...

Är dessa filer en och samma, d v s lsass.exe och winlogon.exe

 

Men här är då länken:

 

analisis/a023a478dfab8bed1e962232c7835f0bd61a8d1cd951e9f57b3c7e7822cb8d9e-1278937761

 

Vad gör jag så med dessa filer och den katalogen, som också heter lsass ? Raderar ?

 

/Kalle

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Då är det samma fil med olika namn. Eftersom det var så dålig detektering av den vore det bra om du kan skicka den till mig och så skickar jag den vidare till antivirusföretagen. Du kan ladda upp filen på http://sprend.com/ och skicka länken du får tillbaka i ett PM till mig.

 

Klistra in en ny OTL-logg för slutkontroll.

Länk till kommentar
Dela på andra webbplatser
Kalle Dator1

Kalle Dator1

Postad
  • Trådskapare
Postad

Laddat upp winlogon.exe. Länk i retur:

 

http://sprend.com/download.jsp?FileId=92UtE3ktYjqg5yBgNtMD

 

 

Laddat upp lsass.exe. Länk i retur:

 

http://sprend.com/download.jsp?FileId=N6TEzZSqv7LhVT2JMfk4

 

 

Laddat även upp OTL.Txt. Länken i retur:

 

http://sprend.com/download.jsp?FileId=gJAYfXuDZbU4Sy2GEeNu

 

Berätta gärna vad du hittar i loggen, om du hittar något...

 

Mvh

 

/Kalle

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

OTL logfile created on: 2010-07-14 11:31:41 - Run 2

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Karl-Erik\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141,04 Gb Total Space | 83,40 Gb Free Space | 59,13% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: KARL-ERIK-DATOR

Current User Name: Karl-Erik

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Karl-Erik\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)

PRC - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\POP Peeper\POPPeeper.exe (Mortal Universe)

PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe (Genie-soft)

PRC - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)

PRC - C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe ()

PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)

PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)

PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Karl-Erik\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll (Symantec Corporation)

MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)

MOD - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100713.023\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100713.023\NAVENG.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100713.001\IDSvix86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS (Symantec Corporation)

DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)

DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (Tdsshbecr) -- C:\Windows\System32\drivers\shbecr.sys (Todos Data System AB)

DRV - (usbaudio) USB-ljuddrivrutiner (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)

DRV - (TdsNordecr) -- C:\Windows\System32\drivers\nordecr.sys (Todos Data System AB)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (TodosAgmII) -- C:\Windows\System32\drivers\AgmIIusb.sys (Todos Data System AB)

DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys (Bison Electronics. Inc. )

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

DRV - (Nokia USB Phone Parent) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)

DRV - (Nokia USB Modem) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)

DRV - (Nokia USB Generic) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=COM&range=AD&phase=8&key=IESTART

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.se/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010-05-27 06:00:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010-01-23 07:48:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-06 11:25:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-12 12:19:44 | 000,000,000 | ---D | M]

 

[2009-02-14 17:49:38 | 000,000,000 | ---D | M] -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Extensions

[2010-07-14 08:29:39 | 000,000,000 | ---D | M] -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Firefox\Profiles\uw8quv2z.default\extensions

[2010-05-27 13:20:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Firefox\Profiles\uw8quv2z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-07-05 13:12:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Firefox\Profiles\uw8quv2z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009-04-16 09:06:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Karl-Erik\AppData\Roaming\mozilla\Firefox\Profiles\uw8quv2z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-07-12 14:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007-08-28 03:39:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010-06-12 12:19:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2007-08-24 21:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009-02-14 17:49:29 | 000,001,470 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml

[2008-03-29 11:14:57 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2008-03-29 11:14:57 | 000,001,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2008-09-27 19:58:08 | 000,000,686 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png

[2008-09-27 19:58:08 | 000,000,531 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.src

[2009-02-14 17:49:29 | 000,002,670 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml

[2009-02-14 17:49:29 | 000,000,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tyda-sv-SE.xml

[2009-02-14 17:49:29 | 000,001,174 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml

[2009-02-14 17:49:29 | 000,000,647 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2009-08-06 14:20:04 | 000,000,837 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 applian.securesites.com

O1 - Hosts: 127.0.0.1 applianorders.securesites.net

O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe (Genie-soft)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found

O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found

O4 - HKCU..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKCU..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe (Mortal Universe)

O4 - HKCU..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)

O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: gfs.nb.se ([]https in Tillförlitliga platser)

O15 - HKCU\..Trusted Domains: handelsbanken.se ([]* in Tillförlitliga platser)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {E505599B-F37A-4849-A7B0-E0AAB5CB054C} https://gfs.nb.se/privat/bank/scripts/eid/NordeaSmartCard.cab (ScriptPlayerRuntime Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-07-13 18:42:20 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-07-13 10:30:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Karl-Erik\Desktop\OTL.exe

[2010-07-12 14:57:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010-07-12 14:57:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010-07-07 16:56:34 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\Desktop\GPS

[2010-07-07 15:19:05 | 000,081,920 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2pl.sys

[2010-07-07 15:19:04 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\SER9PL.sys

[2010-07-06 12:26:01 | 000,964,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70u.dll

[2010-07-06 12:26:00 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll

[2010-07-06 12:26:00 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll

[2010-07-06 12:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Fugawi

[2010-07-06 12:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fugawi

[2010-07-06 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\AppData\Local\Memory-Map-License

[2010-07-06 11:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Memory-Map-License

[2010-07-06 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\AppData\Roaming\Memory-Map

[2010-07-06 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\Documents\Map Overlays

[2010-07-06 11:13:56 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\AppData\Local\TopoGrafix

[2010-07-06 10:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\gps

[2010-07-06 10:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\SeaClear

[2010-07-06 10:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin

[2010-07-06 08:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\TrackMaker

[2010-07-06 08:46:19 | 000,000,000 | ---D | C] -- C:\Users\Karl-Erik\AppData\Local\Downloaded Installations

[2010-07-05 15:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft AutoRoute 2010

[2010-07-05 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2010-06-25 07:09:08 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010-06-25 07:09:08 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010-06-25 07:09:07 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010-06-24 06:50:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-06-24 06:50:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-06-22 20:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI Video Capture

[2010-06-22 20:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Capture

 

========== Files - Modified Within 30 Days ==========

 

[2010-07-14 11:31:43 | 003,407,872 | ---- | M] () -- C:\Users\Karl-Erik\NTUSER.DAT

[2010-07-14 11:30:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\Utökad garanti.job

[2010-07-14 11:19:12 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C22ED595-495F-4A1E-BFC6-91C7E6A6E4EE}.job

[2010-07-14 11:17:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010-07-14 11:17:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010-07-14 11:17:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-07-14 11:17:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-07-14 11:16:20 | 1878,286,336 | -HS- | M] () -- C:\hiberfil.sys

[2010-07-14 08:39:46 | 000,524,288 | -HS- | M] () -- C:\Users\Karl-Erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TMContainer00000000000000000001.regtrans-ms

[2010-07-14 08:39:46 | 000,065,536 | -HS- | M] () -- C:\Users\Karl-Erik\NTUSER.DAT{46d55a97-75fc-11df-92ee-001d609d7db8}.TM.blf

[2010-07-14 07:50:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

[2010-07-13 16:25:12 | 008,848,077 | -H-- | M] () -- C:\Users\Karl-Erik\AppData\Local\IconCache.db

[2010-07-13 10:29:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Karl-Erik\Desktop\OTL.exe

[2010-07-13 07:07:56 | 000,037,888 | ---- | M] () -- C:\Users\Karl-Erik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-13 07:02:07 | 000,653,394 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010-07-13 07:02:07 | 000,642,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010-07-13 07:02:07 | 000,140,030 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010-07-13 07:02:06 | 001,553,986 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010-07-13 07:02:06 | 000,123,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010-07-12 16:57:15 | 000,000,254 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010-07-12 12:04:45 | 000,525,824 | ---- | M] () -- C:\Users\Karl-Erik\Desktop\dds.scr

[2010-07-07 15:48:50 | 000,000,036 | ---- | M] () -- C:\Windows\iltwain.ini

[2010-07-06 11:38:58 | 000,000,060 | ---- | M] () -- C:\Users\Karl-Erik\AppData\Local\mm-device-08.ini

[2010-07-06 08:28:44 | 000,000,030 | -H-- | M] () -- C:\GPSSINFO.DAT

[2010-06-23 08:08:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

 

========== Files Created - No Company Name ==========

 

[2010-07-12 16:57:15 | 000,000,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010-07-12 12:06:13 | 000,525,824 | ---- | C] () -- C:\Users\Karl-Erik\Desktop\dds.scr

[2010-07-07 15:19:04 | 000,026,719 | ---- | C] () -- C:\Windows\System32\SERSPL.VXD

[2010-07-06 12:26:16 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini

[2010-07-06 11:38:58 | 000,000,060 | ---- | C] () -- C:\Users\Karl-Erik\AppData\Local\mm-device-08.ini

[2010-07-06 08:28:44 | 000,000,030 | -H-- | C] () -- C:\GPSSINFO.DAT

[2009-09-24 07:30:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009-03-13 14:32:57 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009-03-13 14:32:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008-11-02 12:12:23 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI

[2008-08-12 09:49:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008-05-17 10:15:37 | 001,701,648 | ---- | C] () -- C:\Windows\System32\VBA6.DLL

[2008-05-15 20:04:02 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI

[2008-03-20 14:01:05 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX5400LANG2.ini

[2008-03-05 21:15:49 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini

[2008-03-01 13:26:29 | 000,000,147 | ---- | C] () -- C:\Windows\System32\AddPort.ini

[2008-03-01 13:26:28 | 000,003,429 | R--- | C] () -- C:\Windows\System32\hptcpmon.ini

[2008-03-01 13:26:14 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agissi.dll

[2008-03-01 13:26:09 | 011,198,464 | R--- | C] () -- C:\Windows\System32\zhhp_res.dll

[2008-03-01 13:26:09 | 000,114,688 | R--- | C] () -- C:\Windows\System32\vshp2600.dll

[2008-03-01 13:24:24 | 000,000,579 | ---- | C] () -- C:\Windows\hpntwksetup.ini

[2007-08-28 12:35:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007-08-28 12:35:27 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007-08-28 12:35:18 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini

[2007-02-13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2002-03-21 14:51:52 | 000,503,808 | R--- | C] () -- C:\Windows\System32\lt_xtrans.dll

[2002-03-21 14:51:52 | 000,286,720 | R--- | C] () -- C:\Windows\System32\MrSIDD.dll

[2002-03-21 14:51:52 | 000,163,840 | R--- | C] () -- C:\Windows\System32\lt_common.dll

[2002-03-21 14:51:52 | 000,126,976 | R--- | C] () -- C:\Windows\System32\lt_trans.dll

[2002-03-21 14:51:52 | 000,069,632 | R--- | C] () -- C:\Windows\System32\lt_meta.dll

[2002-03-21 14:51:52 | 000,053,248 | R--- | C] () -- C:\Windows\System32\lt_encrypt.dll

[2002-03-21 14:51:52 | 000,020,480 | R--- | C] () -- C:\Windows\System32\lt_messagetext.dll

[2002-03-20 23:01:06 | 000,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys

[2002-03-20 23:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll

[2002-03-20 23:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll

[2002-03-20 23:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll

[2002-03-20 23:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll

[1998-06-10 01:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL

[1998-05-18 01:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI

[1998-04-24 01:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Visual Studio 2005:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Updater5:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\TechWorld:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Symantec:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\PADGen:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\My ISO Files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\My Backups:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Mina mottagna filer:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Mina Google Gadgets:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Min Garmin:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Map Overlays:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Documents\Downloads:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Underhåll:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Tidningar:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Programmering:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Internet:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\GPS:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Egna progr:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Diverse:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Karl-Erik\Desktop\Bild & Ljud:Roxio EMC Stream

< End of report >

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Loggen ser bra ut nu.

 

Nu återstår bara en sista städomgång:

 

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7:

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

 

2. Starta OTL. Tryck på knappen CleanUp! vilket medför att OTL och DDS kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar du har kvar.

 

3. Ta bort alla tillfälliga filer genom att ladda ner ATF-Cleaner på Skrivbordet:

http://www.atribune.org/ccount/click.php?id=1

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator. http://sites.google.com/site/ceblstockholm/home

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...