Har fått virus som inte går att få bort

[attigrib]

Hej,

Jag tänkte höra om det är någon som kan hjälpa mig med att få bort ett ev. virus i min dator. Har varit i kontakt med Nortonsupporten idag för att mitt Norton inte fungerade som det skulle. Efter en lång support med teknikern där så upptäckte hon att det förmodligen finns ett virus i datorn (hon såg det i listan för autostartprogrammen). Trots att hon körde Norton Power Eraser så gick det inte att få bort. Jag blev erbjuden att köpa en utökad tjänst för 999 kr för att få bort viruset, men jag tänkte inte ta erbjudandet innan jag vänt mig till forumet här för att be om hjälp. jag har fått väldigt bra hjälp och support här tidigare och hoppas på detsamma nu .

Mvh

Birgitta

 

Har kört DDS och här är loggen:

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Sanna at 17:00:48 on 2012-07-19

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2269.892 [GMT 2:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://www.google.se/

mStart Page = hxxp://home.sweetim.com

mLocal Page =

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll

uURLSearchHooks: H - No File

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit0.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: RadioBar Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} -

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [FSCRecovery] c:\program files\fujitsu siemens computers\fujitsu siemens computers recovery\FSCRecoveryReminder.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRunOnce: [719_1449261484122] "c:\users\sanna\appdata\local\logmei~1\LMIR0002.tmp_r.bat"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B90BB8C7-48E1-4FF1-A710-43A3752B5598} : DhcpNameServer = 192.168.1.1

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-22 15672]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-7-18 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-7-18 905336]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-11 821920]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-7-18 132744]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\ipsdefs\20120718.001\IDSvix86.sys [2012-7-19 382624]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-7-18 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys [2012-7-18 345208]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-7-18 138232]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-19 106656]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-10 84240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 135664]

S3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-31 30192]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 135664]

S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]

S3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2009-3-10 118784]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-19 10:46:05 -------- d-----w- c:\users\sanna\appdata\local\NPE

2012-07-18 15:59:12 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys

2012-07-18 15:59:12 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys

2012-07-18 15:59:12 345208 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys

2012-07-18 15:59:12 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys

2012-07-18 15:59:12 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys

2012-07-18 15:59:12 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys

2012-07-18 15:59:11 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys

2012-07-18 15:59:11 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys

2012-07-18 15:58:52 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005

2012-07-18 14:55:03 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-07-18 14:55:03 -------- d-----w- c:\program files\Symantec

2012-07-18 14:55:03 -------- d-----w- c:\program files\common files\Symantec Shared

2012-07-18 14:54:16 -------- d-----w- c:\windows\system32\drivers\NIS

2012-07-18 14:54:13 -------- d-----w- c:\program files\Norton Internet Security

2012-07-16 11:43:09 -------- d-----w- c:\program files\NortonInstaller

2012-07-16 11:10:57 -------- d-----w- c:\users\sanna\appdata\local\LogMeIn Rescue Applet

2012-07-15 17:26:38 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-15 17:16:07 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-15 17:16:07 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-07-15 17:16:07 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-15 17:16:07 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-15 16:36:07 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-07-15 16:36:07 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-15 16:36:07 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-15 16:35:10 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-07-15 16:35:09 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-07-15 16:35:07 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-07-15 16:35:06 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-07-15 16:35:06 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-07-15 16:35:06 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-07-15 16:35:06 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe

2012-07-15 16:35:06 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll

2012-07-15 16:35:00 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-07-15 16:35:00 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-07-15 16:35:00 1069056 ----a-w- c:\windows\system32\DWrite.dll

2012-07-15 16:34:59 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-07-15 16:34:59 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-07-15 16:34:57 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-15 16:34:48 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-07-15 16:34:38 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-15 16:34:37 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-15 16:34:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-15 16:34:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-15 16:34:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-15 16:34:11 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-15 16:34:10 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-15 16:34:10 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-15 16:22:08 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{89f7f554-c27f-4c11-8b8d-002db0b6a146}\mpengine.dll

2012-07-15 15:57:09 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-15 15:56:38 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-15 15:56:30 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-15 15:56:30 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 17:02:29,88 ===============

[Tune]

Vad ger Norton för garantier för att deras Norton Power Eraser skulle lösa problemet?

Betala 999 kr när man får gratishjälp här, då är valet enkelt. Följ denna tråd:

//eforum.idg.se/topic/218337-till-dig-med-virus-eller-andra-skadliga-program-i-datorn/

[attigrib]

Vad ger Norton för garantier för att deras Norton Power Eraser skulle lösa problemet?

Betala 999 kr när man får gratishjälp här, då är valet enkelt. Följ denna tråd:

//eforum.idg.se/topic/218337-till-dig-med-virus-eller-andra-skadliga-program-i-datorn/

 

 

Håller med dig att valet är enkelt.

Jag har följt stegen i länken du angav.

/Birgitta

 

Det verkar som filen attach inte kom med i första inlägget. Gör ett nytt försök att bifoga den.

Attach.txt

[Thirteen]

Ser i all hast att Java, OpenOffice, Adobe Reader, VLC media player samt Paint kan uppdateras EFTER att datorn har blivit genomgången av en moderator här på Eforum.

[Cecilia]

Redigera inte inlägg långt efteråt för man får inga bevakningsmejl då och det är stor risk att jag missar det.

 

Avinstallera:

Yontoo Layers - orsak http://www.systemlookup.com/CLSID/56875-YontooIEClient_dll_YontooIEClient_2_dll.html

BitTorrentBar Toolbar - http://www.systemlookup.com/CLSID/71917-tbBitT_dll_tbBit0_dll_tbBit1_dll_tbBit2_dll_prxtbBitT_dll_prxtbBit0_dll_prxtbBit1_dll_prxtbBit2_dll.html

SweetIM Toolbar for Internet Explorer - http://www.systemlookup.com/CLSID/8159-mgToolbarIE_dll.html

Java™ 6 Update 26 - Gammal version med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida.

 

Starta sedan om datorn.

Kör DDS igen och klistra in DDS.txt i ditt svar.

[attigrib]

Java går inte att avinstallera. får ett meddelande att "De gick inte att komma åt nätverksplatsen".

Yontoo Layers hittar jag inte i listan över program, varken i kontrollpanelen eller i startmenyn. Det programmet har jag avinstallerat förut, kanske är det därför det inte finns med i listan men ändå har lämnat rester efter sig?

Övriga program verkade gå bra att ta bort.

DDS-loggen kommer här:

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Sanna at 8:56:57 on 2012-07-20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2269.1498 [GMT 2:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\lpksetup.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://www.google.se/

mStart Page = hxxp://home.sweetim.com

mLocal Page =

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: RadioBar Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} -

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [FSCRecovery] c:\program files\fujitsu siemens computers\fujitsu siemens computers recovery\FSCRecoveryReminder.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B90BB8C7-48E1-4FF1-A710-43A3752B5598} : DhcpNameServer = 192.168.1.1

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-22 15672]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-7-18 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-7-18 905336]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-11 821920]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-7-18 132744]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\ipsdefs\20120718.001\IDSvix86.sys [2012-7-19 382624]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-7-18 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys [2012-7-18 345208]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-7-18 138232]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-19 106656]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-10 84240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 135664]

S3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-31 30192]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 135664]

S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]

S3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2009-3-10 118784]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-19 10:46:05 -------- d-----w- c:\users\sanna\appdata\local\NPE

2012-07-18 15:59:12 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys

2012-07-18 15:59:12 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys

2012-07-18 15:59:12 345208 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys

2012-07-18 15:59:12 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys

2012-07-18 15:59:12 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys

2012-07-18 15:59:12 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys

2012-07-18 15:59:11 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys

2012-07-18 15:59:11 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys

2012-07-18 15:58:52 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005

2012-07-18 14:55:03 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-07-18 14:55:03 -------- d-----w- c:\program files\Symantec

2012-07-18 14:55:03 -------- d-----w- c:\program files\common files\Symantec Shared

2012-07-18 14:54:16 -------- d-----w- c:\windows\system32\drivers\NIS

2012-07-18 14:54:13 -------- d-----w- c:\program files\Norton Internet Security

2012-07-16 11:43:09 -------- d-----w- c:\program files\NortonInstaller

2012-07-16 11:10:57 -------- d-----w- c:\users\sanna\appdata\local\LogMeIn Rescue Applet

2012-07-15 17:26:38 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-15 17:16:07 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-15 17:16:07 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-07-15 17:16:07 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-15 17:16:07 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-15 16:36:07 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-07-15 16:36:07 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-15 16:36:07 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-15 16:35:10 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-07-15 16:35:09 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-07-15 16:35:07 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-07-15 16:35:06 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-07-15 16:35:06 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-07-15 16:35:06 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-07-15 16:35:06 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe

2012-07-15 16:35:06 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll

2012-07-15 16:35:00 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-07-15 16:35:00 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-07-15 16:35:00 1069056 ----a-w- c:\windows\system32\DWrite.dll

2012-07-15 16:34:59 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-07-15 16:34:59 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-07-15 16:34:57 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-15 16:34:48 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-07-15 16:34:38 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-15 16:34:37 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-15 16:34:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-15 16:34:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-15 16:34:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-15 16:34:11 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-15 16:34:10 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-15 16:34:10 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-15 16:22:08 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{89f7f554-c27f-4c11-8b8d-002db0b6a146}\mpengine.dll

2012-07-15 15:57:09 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-15 15:56:38 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-15 15:56:30 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-15 15:56:30 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 9:00:40,70 ===============

[Cecilia]

Okej, då använder vi OTL för att få bort resterna.

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

 

Under Output högt upp så välj Minimal Output.

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

[attigrib]

OTL logfile created on: 2012-07-20 11:30:42 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Sanna\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,22 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 56,05% Memory free

4,65 Gb Paging File | 3,70 Gb Available in Paging File | 79,59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 92,21 Gb Total Space | 56,01 Gb Free Space | 60,75% Space Free | Partition Type: NTFS

Drive D: | 197,09 Gb Total Space | 175,71 Gb Free Space | 89,15% Space Free | Partition Type: NTFS

 

Computer Name: SANNA-DATOR | User Name: Sanna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Sanna\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_sv_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_sv_b77a5c561934e089\System.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_sv_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3076.38423__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3076.38379__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3076.38436__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3076.38415__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3076.38401__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3076.38651__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3076.38617__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3076.38580__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3076.38394__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3076.38544__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3076.38608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3076.38588__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3076.38443__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3076.38553__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3076.38546__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3076.38649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3076.38657__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3076.38594__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3076.38543__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3076.38587__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3076.38649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3076.38552__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3076.38448__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3076.38528__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3076.38402__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3076.38573__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3076.38536__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3076.38542__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3076.38572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.3036.27975__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3076.38372_sv_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3076.38632_sv_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3076.38632__90ba9c70f846762e\CLI.Component.Systemtray.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3076.38408__90ba9c70f846762e\CLI.Component.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3076.38641__90ba9c70f846762e\MOM.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3076.38639__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3076.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3076.38669__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()

MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3076.38680__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3076.38387__90ba9c70f846762e\CLI.Component.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3076.38371__90ba9c70f846762e\ATIDEMOS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3076.38369__90ba9c70f846762e\APM.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3076.38370__90ba9c70f846762e\AEM.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3076.38640__90ba9c70f846762e\CCC.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)

SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (StarOpen) -- File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (mbr) -- C:\Users\Sanna\AppData\Local\Temp\mbr.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- system32\drivers\RTKVHDA.sys File not found

DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found

DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found

DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found

DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120719.021\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120719.021\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120719.002\IDSvix86.sys (Symantec Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120711.002\BHDrvx86.sys (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1307010.005\symtdiv.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys (Symantec Corporation)

DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys (Symantec Corporation)

DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)

DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)

DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found

IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {242AB6EC-506D-4AAF-8D5B-28154C62105A}

IE - HKCU\..\SearchScopes\{0E3E07C6-DA18-4B9C-AA3B-0CB9F6D4E63A}: "URL" = http://www.google.se/search?hl=sv&source=hp&q={searchTerms}&meta=&aq=f&oq=&rlz=1I7ADFA_svSE387'>http://www.google.se/search?hl=sv&source=hp&q={searchTerms}&meta=&aq=f&oq=&rlz=1I7ADFA_svSE387

IE - HKCU\..\SearchScopes\{242AB6EC-506D-4AAF-8D5B-28154C62105A}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-15 21:40:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-15 20:14:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012-07-18 16:55:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012-07-20 08:57:12 | 000,000,000 | ---D | M]

 

[2009-10-27 23:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sanna\AppData\Roaming\mozilla\Extensions

[2009-10-27 23:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sanna\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

 

========== Chrome ==========

 

CHR - homepage: http://www.facebook.com/'>http://www.facebook.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.se/search?hl=sv&source=hp&q={searchTerms}&meta=&aq=f&oq=&rlz=1I7ADFA_sv

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.facebook.com/

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sanna\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Koji NISHIDA = C:\Users\Sanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf\2_0\

CHR - Extension: YouTube = C:\Users\Sanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Sanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Norton Identity Protection = C:\Users\Sanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Sanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found

O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll File not found

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)

O4 - HKLM..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Value error.)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B90BB8C7-48E1-4FF1-A710-43A3752B5598}: DhcpNameServer = 192.168.1.1

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Sanna\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg

O24 - Desktop BackupWallPaper: C:\Users\Sanna\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{14184281-1914-11e1-8cf4-001f160fdf08}\Shell - "" = AutoRun

O33 - MountPoints2\{14184281-1914-11e1-8cf4-001f160fdf08}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{14184290-1914-11e1-8cf4-001e101fabdd}\Shell - "" = AutoRun

O33 - MountPoints2\{14184290-1914-11e1-8cf4-001e101fabdd}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{172f43fa-3a25-11e1-815d-001e101fb681}\Shell - "" = AutoRun

O33 - MountPoints2\{172f43fa-3a25-11e1-815d-001e101fb681}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{172f4414-3a25-11e1-815d-001e101f9843}\Shell - "" = AutoRun

O33 - MountPoints2\{172f4414-3a25-11e1-815d-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2dffdafc-1e68-11e1-9d89-001e101f1ed9}\Shell - "" = AutoRun

O33 - MountPoints2\{2dffdafc-1e68-11e1-9d89-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{50db99fa-d323-11e0-9d1c-001e101f79c9}\Shell - "" = AutoRun

O33 - MountPoints2\{50db99fa-d323-11e0-9d1c-001e101f79c9}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6808b92e-3de6-11e1-afe8-001e101f8924}\Shell - "" = AutoRun

O33 - MountPoints2\{6808b92e-3de6-11e1-afe8-001e101f8924}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{69c33436-b308-11de-a84e-001f160fdf08}\Shell\AutoPLaY\coMmAnd - "" = F:\pktpv.pif

O33 - MountPoints2\{69c33436-b308-11de-a84e-001f160fdf08}\Shell\AutoRun\command - "" = F:\pktpv.pif

O33 - MountPoints2\{69c33436-b308-11de-a84e-001f160fdf08}\Shell\expLore\ComMand - "" = F:\pktpv.pif

O33 - MountPoints2\{69c33436-b308-11de-a84e-001f160fdf08}\Shell\OpEN\CoMmAnd - "" = F:\pktpv.pif

O33 - MountPoints2\{95debf78-d1af-11e0-a5a8-001f160fdf08}\Shell - "" = AutoRun

O33 - MountPoints2\{95debf78-d1af-11e0-a5a8-001f160fdf08}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{95debf89-d1af-11e0-a5a8-001e101f2500}\Shell - "" = AutoRun

O33 - MountPoints2\{95debf89-d1af-11e0-a5a8-001e101f2500}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{af6d0d05-96af-11de-92e7-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{af6d0d05-96af-11de-92e7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe

O33 - MountPoints2\{b9f4c630-b748-11de-a48f-001f160fdf08}\Shell - "" = AutoRun

O33 - MountPoints2\{b9f4c630-b748-11de-a48f-001f160fdf08}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b9f4c65e-b748-11de-a48f-001f160fdf08}\Shell - "" = AutoRun

O33 - MountPoints2\{b9f4c65e-b748-11de-a48f-001f160fdf08}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b9f4c68c-b748-11de-a48f-001f160fdf08}\Shell - "" = AutoRun

O33 - MountPoints2\{b9f4c68c-b748-11de-a48f-001f160fdf08}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b9f4c68f-b748-11de-a48f-001f160fdf08}\Shell - "" = AutoRun

O33 - MountPoints2\{b9f4c68f-b748-11de-a48f-001f160fdf08}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{c8f733a6-1905-11e1-a2c4-001f160fdf08}\Shell - "" = AutoRun

O33 - MountPoints2\{c8f733a6-1905-11e1-a2c4-001f160fdf08}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{c8f733bb-1905-11e1-a2c4-001e101f1ed9}\Shell - "" = AutoRun

O33 - MountPoints2\{c8f733bb-1905-11e1-a2c4-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-07-19 17:11:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012-07-19 17:00:48 | 000,000,000 | R--D | C] -- C:\Users\Sanna\Pictures

[2012-07-19 16:58:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sanna\Desktop\dds.com

[2012-07-19 12:46:05 | 000,000,000 | ---D | C] -- C:\Users\Sanna\AppData\Local\NPE

[2012-07-18 17:59:12 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys

[2012-07-18 17:59:12 | 000,574,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys

[2012-07-18 17:59:12 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\symtdiv.sys

[2012-07-18 17:59:12 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys

[2012-07-18 17:59:12 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\symnets.sys

[2012-07-18 17:59:12 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys

[2012-07-18 17:59:11 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys

[2012-07-18 17:59:11 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys

[2012-07-18 17:58:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1307010.005

[2012-07-18 16:55:03 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2012-07-18 16:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012-07-18 16:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012-07-18 16:54:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS

[2012-07-18 16:54:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2012-07-18 16:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security

[2012-07-16 13:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2012-07-16 13:10:57 | 000,000,000 | ---D | C] -- C:\Users\Sanna\AppData\Local\LogMeIn Rescue Applet

[2012-07-15 21:04:11 | 000,000,000 | ---D | C] -- C:\Users\Sanna\Documents\Symantec

[2012-07-15 20:10:57 | 000,000,000 | ---D | C] -- C:\Users\Sanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012-07-15 19:26:38 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012-07-15 19:04:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012-07-15 19:04:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012-07-15 19:04:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012-07-15 19:04:40 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012-07-15 19:04:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012-07-15 19:04:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012-07-15 19:04:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012-07-15 18:35:00 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2012-07-15 18:35:00 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012-07-15 18:35:00 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2012-07-15 18:34:59 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2012-07-15 18:34:59 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2012-07-15 18:34:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012-07-15 18:34:14 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012-07-15 18:34:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012-07-15 17:57:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012-07-15 17:57:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012-07-15 17:56:38 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012-07-15 17:56:38 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012-07-15 17:56:38 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012-07-15 17:56:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012-07-15 17:56:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

 

========== Files - Modified Within 30 Days ==========

 

[2012-07-20 11:27:18 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012-07-20 11:27:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-07-20 11:27:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012-07-20 11:27:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012-07-20 08:54:01 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012-07-20 08:53:45 | 2378,264,576 | -HS- | M] () -- C:\hiberfil.sys

[2012-07-19 16:58:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sanna\Desktop\dds.com

[2012-07-19 11:41:09 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012-07-19 11:40:54 | 002,411,353 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1307010.005\Cat.DB

[2012-07-18 18:03:41 | 000,034,465 | ---- | M] () -- C:\Users\Sanna\Desktop\Untitled 1.odt

[2012-07-18 17:59:19 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1307010.005\VT20120410.034

[2012-07-18 16:55:03 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2012-07-18 16:55:03 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2012-07-18 16:55:03 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2012-07-18 14:45:33 | 000,002,170 | ---- | M] () -- C:\Users\Sanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Norton Internet Security.lnk

[2012-07-17 11:38:04 | 000,002,170 | ---- | M] () -- C:\Users\Sanna\Documents\Norton Internet Security.lnk

[2012-07-16 14:08:09 | 000,000,254 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012-07-15 22:21:26 | 000,606,138 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2012-07-15 22:21:26 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012-07-15 22:21:26 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2012-07-15 22:21:26 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012-07-15 20:43:23 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie

[2012-07-15 19:57:57 | 000,346,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012-07-15 17:51:28 | 139,444,054 | ---- | M] () -- C:\Windows\MEMORY.DMP

 

========== Files Created - No Company Name ==========

 

[2012-07-19 11:39:36 | 002,411,353 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\Cat.DB

[2012-07-18 18:03:39 | 000,034,465 | ---- | C] () -- C:\Users\Sanna\Desktop\Untitled 1.odt

[2012-07-18 18:00:04 | 000,008,942 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\VT20120410.034

[2012-07-18 17:59:12 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symnetv.cat

[2012-07-18 17:59:12 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symds.cat

[2012-07-18 17:59:12 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symnet.cat

[2012-07-18 17:59:12 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.cat

[2012-07-18 17:59:12 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.cat

[2012-07-18 17:59:12 | 000,003,434 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.inf

[2012-07-18 17:59:12 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symds.inf

[2012-07-18 17:59:12 | 000,001,469 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symnetv.inf

[2012-07-18 17:59:12 | 000,001,441 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\symnet.inf

[2012-07-18 17:59:12 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.inf

[2012-07-18 17:59:12 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.inf

[2012-07-18 17:59:11 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.cat

[2012-07-18 17:59:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.cat

[2012-07-18 17:59:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\iron.cat

[2012-07-18 17:59:11 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.inf

[2012-07-18 17:59:11 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\iron.inf

[2012-07-18 17:58:52 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1307010.005\isolate.ini

[2012-07-18 16:55:03 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2012-07-18 16:55:03 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2012-07-18 16:54:53 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012-07-18 14:45:50 | 000,002,170 | ---- | C] () -- C:\Users\Sanna\Documents\Norton Internet Security.lnk

[2012-07-18 14:45:33 | 000,002,170 | ---- | C] () -- C:\Users\Sanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Norton Internet Security.lnk

[2012-07-16 14:08:09 | 000,000,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012-07-15 20:43:23 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie

[2011-11-11 14:35:38 | 000,000,000 | ---- | C] () -- C:\Users\Sanna\AppData\Local\{856BA687-AA02-4287-AACA-8C087F7232DE}

[2011-01-22 18:10:54 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe

[2011-01-22 18:10:54 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

[2010-05-14 23:55:38 | 000,023,580 | ---- | C] () -- C:\Users\Sanna\AppData\Roaming\UserTile.png

[2010-05-01 18:15:23 | 000,001,356 | ---- | C] () -- C:\Users\Sanna\AppData\Local\d3d9caps.dat

[2009-12-26 15:43:29 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2

[2009-12-26 15:43:29 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier

[2009-09-14 19:16:27 | 000,133,632 | ---- | C] () -- C:\Users\Sanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== LOP Check ==========

 

[2010-03-22 12:11:29 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Agency9

[2012-03-06 17:12:07 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\BitTorrent

[2010-07-24 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Canneverbe Limited

[2010-06-21 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Copax

[2012-07-15 18:07:58 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Dropbox

[2011-07-02 19:51:31 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\IObit

[2011-07-29 12:18:45 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Media Get LLC

[2010-05-01 16:50:25 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\NCH Swift Sound

[2010-04-04 16:08:24 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\OpenOffice.org

[2012-03-18 21:16:52 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Origin

[2010-05-14 23:55:37 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\PeerNetworking

[2010-07-29 14:25:31 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Personal

[2010-05-01 16:49:54 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Recordpad

[2010-02-20 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Roni Music

[2012-07-15 21:40:33 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Spotify

[2011-02-26 15:06:06 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Tific

[2012-07-15 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\TweakNow PowerPack 2011

[2011-07-02 19:54:15 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\TweakNow RegCleaner

[2012-07-15 18:51:29 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\Uniblue

[2011-03-28 22:48:20 | 000,000,000 | ---D | M] -- C:\Users\Sanna\AppData\Roaming\VoddlerPlayer.22AA32E1C519F8FB77514A36DC6C2AE2C623240F.1

[2012-07-20 08:52:40 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

 

< End of report >

Extras.Txt

[Brynäsarn]

Jag ser i DDS-loggen att du har en gammal java-version som har säkerhetshål,din dator kan bli

infekterad genom att du besöker en webbsida,avinstallera och hämta uppdaterad version här

http://www.java.com/sv/ när datorn är ren.

[Cecilia]

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {242AB6EC-506D-4AAF-8D5B-28154C62105A}
IE - HKCU\..\SearchScopes\{242AB6EC-506D-4AAF-8D5B-28154C62105A}: "URL" = http://search.condui...&ctid=CT1060933
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
:Commands
[CREATERESTOREPOINT]
[REBOOT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

 

Kör DDS igen och klistra in dess logg.

[attigrib]

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{242AB6EC-506D-4AAF-8D5B-28154C62105A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242AB6EC-506D-4AAF-8D5B-28154C62105A}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.

C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.

C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll moved successfully.

File C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5B291E6C-9A74-4034-971B-A4B007A0B315} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.54.0 log created on 07202012_182151

[attigrib]

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Sanna at 18:40:15 on 2012-07-20

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2269.1129 [GMT 2:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://www.google.se/

mStart Page =

mLocal Page =

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [FSCRecovery] c:\program files\fujitsu siemens computers\fujitsu siemens computers recovery\FSCRecoveryReminder.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B90BB8C7-48E1-4FF1-A710-43A3752B5598} : DhcpNameServer = 192.168.1.1

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-22 15672]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-7-18 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-7-18 905336]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-11 821920]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-7-18 132744]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.0.145\definitions\ipsdefs\20120719.002\IDSvix86.sys [2012-7-20 382624]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-7-18 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys [2012-7-18 345208]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-7-18 138232]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-19 106656]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-10 84240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 135664]

S3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-31 30192]

S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 135664]

S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]

S3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2009-3-10 118784]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-20 16:21:51 -------- d-----w- C:\_OTL

2012-07-19 10:46:05 -------- d-----w- c:\users\sanna\appdata\local\NPE

2012-07-18 15:59:12 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys

2012-07-18 15:59:12 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys

2012-07-18 15:59:12 345208 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symtdiv.sys

2012-07-18 15:59:12 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys

2012-07-18 15:59:12 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys

2012-07-18 15:59:12 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys

2012-07-18 15:59:11 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys

2012-07-18 15:59:11 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys

2012-07-18 15:58:52 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005

2012-07-18 14:55:03 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-07-18 14:55:03 -------- d-----w- c:\program files\Symantec

2012-07-18 14:55:03 -------- d-----w- c:\program files\common files\Symantec Shared

2012-07-18 14:54:16 -------- d-----w- c:\windows\system32\drivers\NIS

2012-07-18 14:54:13 -------- d-----w- c:\program files\Norton Internet Security

2012-07-16 11:43:09 -------- d-----w- c:\program files\NortonInstaller

2012-07-16 11:10:57 -------- d-----w- c:\users\sanna\appdata\local\LogMeIn Rescue Applet

2012-07-15 17:26:38 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-15 17:16:07 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-15 17:16:07 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-07-15 17:16:07 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-15 17:16:07 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-15 16:36:07 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-07-15 16:36:07 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-15 16:36:07 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-15 16:35:10 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-07-15 16:35:09 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-07-15 16:35:07 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-07-15 16:35:06 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-07-15 16:35:06 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-07-15 16:35:06 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-07-15 16:35:06 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe

2012-07-15 16:35:06 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll

2012-07-15 16:35:00 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-07-15 16:35:00 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-07-15 16:35:00 1069056 ----a-w- c:\windows\system32\DWrite.dll

2012-07-15 16:34:59 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-07-15 16:34:59 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-07-15 16:34:57 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-15 16:34:48 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-07-15 16:34:38 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-15 16:34:37 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-15 16:34:16 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-15 16:34:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-15 16:34:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-15 16:34:11 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-15 16:34:10 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-15 16:34:10 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-15 16:22:08 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{89f7f554-c27f-4c11-8b8d-002db0b6a146}\mpengine.dll

2012-07-15 15:57:09 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-07-15 15:56:38 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-07-15 15:56:30 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-07-15 15:56:30 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 18:40:42,53 ===============

Attach.txt

[Cecilia]

Jag kan inte se något skadligt i loggen nu. Hur fungerar Norton?

[attigrib]

Det som var problemet med Norton var att det inte gick att öppna programmet och det fanns ingen ikon i aktivitetsfältet. Nortonsupporten gjorde till slut så att hon stängde av "Kontroll av användarkonto". Då går programmet att öppna och en ikon dyker upp längst ner till höger i aktivitetsfältet. Men med kontrollen avstängd varnar ju datorn för att det finns en säkerhetsrisk.

Allt detta kvarstår, jag har nu testat med kontrollen av användarkonto på resp. av och det är ingen skillnad mot förut.

[Cecilia]

Att stänga av användarkontroll är definitivt en säkerhetsrisk. Sa supporten vad i listan av autostartade program som de ansåg vara ett skadligt program?

 

Var användarkontrollen avstängd när du installerade Norton?

[attigrib]

Nej, supporten sa aldrig vilket program de avsåg. Jag vet inte heller om användarkontrollen var avstängd vid installationen. Supporten kopplade upp sig mot datorn och avinstallerade det gamla och gjorde en ominstallation. Jag var inte med och tittade hela tiden. Så tyvärr kan jag inte ge dig något bra svar...

[Cecilia]

Inte för att jag vet om det hjälper men mitt förslag är att du själv avinstallerar Norton, kanske bäst med UAC avslagen. När det är klart kör du först städprogrammet för Norton, innan du aktiverar UAC, startar om datorn och installerar Norton igen.

 

Städprogrammet: https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?ct=us&lg=en&product=home&pvid=f-home&version=1&docid=kb20080828154508EN_EndUserProfile_en_us Läs de första raderna också.

 

Men det är först dags att avinstallera DDS och OTL.

 

Starta OTL.

Tryck på knappen CleanUp! och programmen kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

 

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål vilka en webbsida kan utnyttja för att lätt infektera datorn. Jag tycker att Secunias program (länk på min webbsida http://ceciliasec.wordpress.com/rad/ ) är bra på att hjälpa en att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

[attigrib]

Jag provar en avinstallation och ominstallation så får vi se. Jag bifogar en skärmdump tagen från C:\Program Files\Launch Manager. Där finns ett program som ligger på autostart "WisKeyState". Jag kommer inte ihåg men det kan ha varit det som Nortonsupporten menade var ett virus. Känner du till det programmet?

Autostart.doc

[attigrib]

Bifogar en fil med skärmdumpar (3 st) på alla program som ligger i autostart, så du kan se om det är något konstigt där.

Autostart2.doc

[attigrib]

Har nu avinstallerat och ominstallerat Norton (med UAC avstängd). Tyvärr kvarstår problemen som jag beskriver i inlägg #14 .

[Cecilia]

Launch Manager är inte något standard Windows-program. Jag skulle tro att det är något som din datortillverkare har lagt dit för det ser ut att vara program som hanterar specialfunktioner på tangentbordet och i datorn. Programmen är "tillverkade" av Wistron Corp som du kan läsa om på http://en.wikipedia.org/wiki/Wistron_Corporation

 

När det gäller Systemkonfiguration är det endast program som har en bock som kommer att startas av Windows, dvs endast de fem första och därmed inte något som ligger i mappen Launch Manager.

[Cecilia]

Vänd dig till Symantec igen då, det är helt klart att datorn inte är infekterad som de påstod.

[attigrib]

Tummen ner var inte menad till dig Cecilia utan för att det fortfarande inte fungerar trots all god hjälp jag fått...Den hjälpen är värd många

[attigrib]

Jag provar med Nortonsupporten igen då så får vi se vad de kan göra. Annars får jag väl köra med användarkontrollen avslagen om de inte kan hjälpa mig. Då kommer jag ju i alla fall åt Nortonprogrammet... Vad kan hända med användarkontrollen avslagen? Kan virus och andra otrevligheter ta sig förbi Norton obemärkt då? Jag har uppdaterat de program som behövdes nu och installerat Software Inspector.

Till sist: Tack för all hjälp så här långt Cecilia!

[Cecilia]

Jag förstod det med tummen

 

Om inte Symantec kan lösa ditt problem på något annat sätt än att stänga av användarkontrollen, tycker jag att du begär att få tillbaks pengarna för den tid som återstår och sedan byter du till något annat antivirusprogram.

 

En mycket stor del av förtjänsten att det är en lägre andel av datorer med Vista och Windows 7 som är infekterade jämfört med XP-datorer ligger i användarkontrollen. Se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows

 

Berätta gärna hur det går för det är alltid intressant att veta det.