Just nu i M3-nätverket
Gå till innehåll

No-1

Medlem
  • Antal inlägg

    57
  • Gick med

  • Senaste besök

Om No-1

  • Medlemstitel
    Användare

Profil

  • Kön
    Man
  • Ort
    Göteborg
  1. Några tankar... Hur kommer det sig att datorn tillåter att sådana här program kommer in? Som en av de mer mjukvaruokunniga personerna så tänker jag att alla program som vill installeras oavsett om man trycker på "fel" länk eller får upp en halvskum sida med trojaner så borde det gå att få datorn att inte acceptera automatisk installation av någon sådan programvara? Vad jag förstår så är ju Flashplayer en av de större bovarna i detta men ändock? Kan man inte få Flash att "varna" vid alla automatiska körningar så att användaren måste godkänna först? Antar att det krävs en heldagsföreläsning för att förstå varför annars, om ovan inte är möjligt, t.ex. brandväggar etc inte stoppar sådant...
  2. Då antar jag att det bara återstår att säga TACK! =)
  3. Det som nu är kvar är Rougekiller samt att ikonen för aswMBR nu är helt annorlunda. aswMBR ändrade från .exe till att bli en fil för Internet Explorer med ett knepigt namn aswMBR.exe.5y6u68o. När jag kollar egenskaper så står det delhämtning .partial, så antar att jag kan ta bort den manuellt? Under C: finns också en knepig mapp med namnet 32788R22FWJFW. Den är dock tom så den bör ju givetvis också kunna tas bort manuellt?
  4. Eftersom jag kört programmen från såväl admin som mitt egna konto så finns det ibland dubbel uppsättning av vissa program på respektive skrivbord. På admin verkade allt ha tagits bort (ej ESET). Nu försöker jag rensa mitt eget konto. Här försvann endast Combofix. På mitt kontos skrivbord ligger nu aswMBR (minns ej vilket program det var), DDS, tdsskiller samt Rougekiller. Det KAN vara så att dessa programmen inte ens är körda från mitt konto och att det bara är nedladdningen som ligger där (du vet extract). Jag minns dock inte vilket program som kördes från vilket konto. Men om det bara är extracts så är de ju i såfall lätta att radera manuellt ju. ESET kan jag väl ta bort via uninstall i den mappen? De andra kvarvarande programmen då? Alla loggar, ev. filer / mappar som eventuellt inte försvann kan jag väl också radera manuellt?
  5. ========== FILES ========== C:\Users\Kristofer - 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1GTI1WW\buildings_sessions_minimum-hits[1].htm moved successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYJAVA] User: All Users User: Default User: Default User User: Kristofer ->Java cache emptied: 0 bytes User: Kristofer - 1 ->Java cache emptied: 218840 bytes User: Public Total Java Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01052013_013019
  6. Datorn tycks fungera bra trots infektionen. Det har den gjort en längre tid, ända sen själva polisbilden försvann... men det är ju ingen garanti, som synes nedan... Här kommer resultatet från ESET! C:\FRST\Quarantine\dsgsdgdsgdsgw.js JS/Agent.NID trojan C:\Users\Kristofer - 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1GTI1WW\buildings_sessions_minimum-hits[1].htm JS/Agent.NHS trojan C:\Users\Kristofer - 1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\47eccc26-75a34fe8 Win32/Reveton.O trojan
  7. Här kommer de! Jag uppdaterade faktiskt inte Combofix (programmet ville det), det hängde sig senast och det har ju fungerat sen tidigare... Combofix: ComboFix 12-12-30.01 -DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run at 20:11:21 on 2013-01-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13967 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{FBB10A48-4C68-43FC-B65E-DD076634270C} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760] R0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-27 19224] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-27 233328] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-27 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-27 189608] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 161560] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-8-27 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-8-27 126392] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 363800] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-27 356632] R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-27 789272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-3 155320] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736] . =============== Created Last 30 ================ . 2013-01-03 18:16:02 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D16D2A3-B914-430A-9F8D-51552C1EC6F7}\mpengine.dll 2013-01-02 18:05:17 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-02 17:53:04 -------- d-----w- C:\FRST 2013-01-01 18:24:25 -------- d-----w- C:\_OTL 2012-12-30 09:32:35 -------- d-----w- C:\Users\Kristofer\AppData\Local\temp 2012-12-28 23:44:08 98816 ----a-w- C:\Windows\sed.exe 2012-12-28 23:44:08 256000 ----a-w- C:\Windows\PEV.exe 2012-12-28 23:44:08 208896 ----a-w- C:\Windows\MBR.exe 2012-12-28 17:28:40 -------- d-----w- C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185} 2012-12-28 17:28:26 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal 2012-12-21 21:04:27 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 21:04:27 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 21:04:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 21:04:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-11 18:32:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ==================== Find3M ==================== . 2012-12-14 23:18:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 23:18:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll . ============= FINISH: 20:11:25,65 =============== 2013-01-03 20:07:06.8.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13973 [GMT 1:00] Körs från: c:\users\Kristofer\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Skapade en ny återställningspunkt . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\dsgsdgdsgdsgw.pad . . (((((((((((((((((((((((( Filer skapade från 2012-12-03 till 2013-01-03 )))))))))))))))))))))))))))))) . . 2013-01-03 19:09 . 2013-01-03 19:09 -------- d-----w- c:\users\Kristofer - 1\AppData\Local\temp 2013-01-03 19:09 . 2013-01-03 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-03 18:16 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D16D2A3-B914-430A-9F8D-51552C1EC6F7}\mpengine.dll 2013-01-02 18:05 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-02 17:53 . 2013-01-02 17:53 -------- d-----w- C:\FRST 2013-01-01 18:24 . 2013-01-01 18:24 -------- d-----w- C:\_OTL 2012-12-30 09:32 . 2013-01-03 19:09 -------- d-----w- c:\users\Kristofer\AppData\Local\temp 2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal 2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll 2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760] S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632] S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272] . . Innehåll i mappen 'Schemalagda aktiviteter': . 2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15] . 2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248] "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU] . ------- Extra genomsökning ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1" . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2013-01-03 20:10:40 ComboFix-quarantined-files.txt 2013-01-03 19:10 ComboFix2.txt 2012-12-30 10:54 ComboFix3.txt 2012-12-30 10:27 ComboFix4.txt 2012-12-29 16:22 ComboFix5.txt 2013-01-03 19:06 . Före genomsökningen: 552 446 492 672 byte ledigt Efter genomsökningen: 552 735 133 696 byte ledigt . - - End Of File - - C953C04C7EE1612FE4ADA651DD7065F0 DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run at 20:11:21 on 2013-01-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13967 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{FBB10A48-4C68-43FC-B65E-DD076634270C} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760] R0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-27 19224] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-27 233328] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-27 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-27 189608] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 161560] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-8-27 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-8-27 126392] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 363800] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-27 356632] R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-27 789272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-3 155320] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736] . =============== Created Last 30 ================ . 2013-01-03 18:16:02 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D16D2A3-B914-430A-9F8D-51552C1EC6F7}\mpengine.dll 2013-01-02 18:05:17 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-02 17:53:04 -------- d-----w- C:\FRST 2013-01-01 18:24:25 -------- d-----w- C:\_OTL 2012-12-30 09:32:35 -------- d-----w- C:\Users\Kristofer\AppData\Local\temp 2012-12-28 23:44:08 98816 ----a-w- C:\Windows\sed.exe 2012-12-28 23:44:08 256000 ----a-w- C:\Windows\PEV.exe 2012-12-28 23:44:08 208896 ----a-w- C:\Windows\MBR.exe 2012-12-28 17:28:40 -------- d-----w- C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185} 2012-12-28 17:28:26 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal 2012-12-21 21:04:27 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 21:04:27 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 21:04:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 21:04:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-11 18:32:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ==================== Find3M ==================== . 2012-12-14 23:18:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 23:18:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll . ============= FINISH: 20:11:25,65 =============== =)
  8. Sparade ner fixlist.txt på en helt ren dator på jobbet. Såhär blev resultatet på den infekterade: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012 Ran by SYSTEM at 2013-01-03 19:04:03 Run:1 Running from G:\ ============================================== bzhpvayj service deleted successfully. fcysqvmb service deleted successfully. ppldopsy service deleted successfully. C:\Users\All Users\dsgsdgdsgdsgw.js moved successfully. ==== End of Fixlog ====
  9. Mig veterligen är det inte hårddisken som avgör huruvida det räknas som ny dator utan främst moderkortet. Det var beskedet till mig när jag valde att bygga ny dator, och således skaffade jag mig då även Win 7. Jag har själv bytt hårddisk och installerat samma "gamla" Windows 7 på den nya hårddisken men som är ansluten till samma moderkort. Jag har även en SSD på gång som jag skall installera det redan inhandlade Win 7 på. Hur det är med uppgraderingar till Win 8 vet jag inte men det bör ju rimligen följa samma analogi som tidigare... är dock inte säker.
  10. Well here it is... Farbar Recovery Scan Tool (x64) Version: 28-12-2012 Ran by SYSTEM at 2013-01-02 19:36:38 Running from G:\ ================== Search: "bzhpvayj.sys;fcysqvmb.sys;ppldopsy.sys" =================== ====== End Of Search ======
  11. Nya tag och nu ser det fräschare ut utan att jag kopplat bort den gamla disken! Problemet är att datorn när man skall köra FRST döper om alla enhetsbeteckningarna.... men jag kan sannolikt identifiera detta som min bootdisk (d.v.s. C:) Hittar bl.a. USB 3.0. och det skvallrar om det nya moderkortet etc... I den gamla FRST fanns hur mycket gammalt skräp som helst (Abit moderkort bl.a.) som är dött och begravet på datorkyrkogården! Är det förresten "farligt" att ha den gamla disken kvar med eventuella trojaner etc. som andradisk, alltså bör jag formatera om den? Det skall ändå göras men jag undrar för nyfikenhetens skull! Således ny FRST! Vad sägs? Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012 Ran by SYSTEM at 02-01-2013 18:53:07 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6463592 2012-02-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P [1158248 2012-02-08] (Realtek Semiconductor) HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Kristofer\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.) HKU\Kristofer - 1\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.) HKU\Kristofer - 1\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\Kristofer - 1\...\Run: [spotify] "C:\Users\Kristofer - 1\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7880664 2012-10-27] (Spotify Ltd) HKU\Kristofer - 1\...\Run: [spotify Web Helper] "C:\Users\Kristofer - 1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-27] (Spotify Ltd) HKU\Kristofer - 1\...\Run: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [445624 2012-09-12] (Sony) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB) ==================== Services (Whitelisted) =================== 2 DTSAudioSvc; "C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe" [233328 2012-01-23] (DTS, Inc) 2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation) 2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe /s [123320 2011-11-07] (Symantec Corporation) 2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll" /prefetch:1 [132984 2011-11-07] (Symantec Corporation) ==================== Drivers (Whitelisted) ===================== 0 asahci64; C:\Windows\System32\Drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology) 0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation) 2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation) 1 bzhpvayj; \??\C:\Windows\system32\drivers\bzhpvayj.sys [x] 3 catchme; \??\C:\ComboFix\catchme.sys [x] 1 fcysqvmb; \??\C:\Windows\system32\drivers\fcysqvmb.sys [x] 1 ppldopsy; \??\C:\Windows\system32\drivers\ppldopsy.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-02 18:53 - 2013-01-02 18:53 - 00000000 ____D C:\FRST 2013-01-02 18:10 - 2013-01-02 18:10 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{572BF5CE-9741-4B33-8168-8E6016D155C7} 2013-01-01 23:02 - 2013-01-01 23:02 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A9B8925-AA15-4271-A66A-99584FCDEB31} 2013-01-01 19:24 - 2013-01-01 19:24 - 00000000 ____D C:\_OTL 2013-01-01 19:21 - 2013-01-01 19:21 - 00602112 ____A (OldTimer Tools) C:\Users\Kristofer\Desktop\OTL.exe 2013-01-01 11:01 - 2013-01-01 11:02 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3A84C707-D9AC-42AF-9D55-F13BDA1D78C5} 2012-12-31 10:30 - 2012-12-31 10:31 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D43BB784-0D06-415F-BDD5-F522A1F7D4C5} 2012-12-30 22:22 - 2012-12-30 22:22 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad 2012-12-30 19:19 - 2012-12-30 19:20 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F08881AC-FC92-4815-A5D2-C7AF5A9E7658} 2012-12-30 11:54 - 2012-12-30 11:54 - 00016179 ____A C:\ComboFix.txt 2012-12-30 11:17 - 2012-12-30 11:17 - 05015826 ____R (Swearware) C:\Users\Kristofer\Desktop\ComboFix.exe 2012-12-30 07:19 - 2012-12-30 07:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{37289BA3-E66C-4A31-A75F-2FB78ACA4BB2} 2012-12-29 19:19 - 2012-12-29 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{11AE976F-699C-4B5C-9D22-F792F5CB3357} 2012-12-29 15:13 - 2012-12-29 15:13 - 00002150 ____A C:\Users\Kristofer\Desktop\RKreport[5]_S_12292012_1512.txt 2012-12-29 15:07 - 2012-12-29 15:07 - 00002434 ____A C:\Users\Kristofer\Desktop\RKreport[4]_S_12292012_02d1507.txt 2012-12-29 14:23 - 2012-12-29 14:23 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\Gymförteckning 20121203.xlsx 2012-12-29 13:09 - 2012-12-29 13:09 - 00015670 ____A C:\Users\Kristofer\Desktop\Combofix1.txt 2012-12-29 01:36 - 2012-12-29 01:37 - 00004169 ____A C:\Users\Kristofer\Desktop\aswMBR.txt 2012-12-29 01:36 - 2012-12-29 01:37 - 00000512 ____A C:\Users\Kristofer\Desktop\MBR.dat 2012-12-29 01:29 - 2012-12-29 01:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8B326BBF-42D9-438B-9177-1147170704F0} 2012-12-29 01:25 - 2012-12-29 01:26 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe.5y6u68o.partial 2012-12-29 01:25 - 2012-12-29 01:25 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe 2012-12-29 01:24 - 2012-12-29 01:24 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kristofer - 1\Desktop\tdsskiller.exe 2012-12-29 00:49 - 2012-12-29 00:49 - 00015983 ____A C:\Users\Kristofer\Desktop\Combofix.txt 2012-12-29 00:44 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe 2012-12-29 00:44 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe 2012-12-29 00:44 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-12-29 00:44 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-12-29 00:44 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-12-29 00:44 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe 2012-12-29 00:44 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe 2012-12-29 00:44 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe 2012-12-29 00:42 - 2012-12-30 11:54 - 00000000 ____D C:\Qoobox 2012-12-29 00:41 - 2012-12-29 11:14 - 00000000 ____D C:\Windows\erdnt 2012-12-29 00:41 - 2012-12-29 11:10 - 05015489 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\ComboFix.exe 2012-12-29 00:34 - 2012-12-29 00:34 - 00001875 ____A C:\Users\Kristofer\Desktop\RKreport[3]_D_12292012_02d0034.txt 2012-12-29 00:33 - 2012-12-29 00:33 - 00002525 ____A C:\Users\Kristofer\Desktop\RKreport[2]_D_12292012_02d0033.txt 2012-12-28 21:07 - 2012-12-28 21:07 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport S 12282012.txt 2012-12-28 21:06 - 2012-12-28 21:06 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport[1]_S_12282012_02d2106.txt 2012-12-28 21:05 - 2012-12-29 15:07 - 00000000 ____D C:\Users\Kristofer\Desktop\RK_Quarantine 2012-12-28 21:03 - 2012-12-28 21:03 - 00688992 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\dds.scr 2012-12-28 20:58 - 2012-12-28 20:58 - 00749056 ____A C:\Users\Kristofer - 1\Desktop\RogueKillerX64.exe 2012-12-28 18:53 - 2012-12-28 18:53 - 00073374 ____A C:\Users\Kristofer\Desktop\OTL.Txt 2012-12-28 18:53 - 2012-12-28 18:53 - 00053882 ____A C:\Users\Kristofer\Desktop\Extras.Txt 2012-12-28 18:47 - 2012-12-29 11:26 - 00016369 ____A C:\Users\Kristofer\Desktop\dds.txt 2012-12-28 18:47 - 2012-12-29 11:26 - 00006950 ____A C:\Users\Kristofer\Desktop\attach.txt 2012-12-28 18:41 - 2012-12-28 18:41 - 00688992 ____R (Swearware) C:\Users\Kristofer\Desktop\dds.scr 2012-12-28 18:41 - 2012-12-28 18:41 - 00139264 ____A C:\Users\Kristofer\Desktop\SystemLook.exe 2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\Personal 2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185} 2012-12-28 16:15 - 2012-12-30 22:22 - 00002959 ____A C:\Users\All Users\dsgsdgdsgdsgw.js 2012-12-28 13:25 - 2012-12-28 13:25 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{4A0695D1-DFFD-403A-BD9B-FC2D10B563B9} 2012-12-27 15:05 - 2012-12-27 15:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5D3C71B1-FC2C-4DF5-8D95-7D831F3951C6} 2012-12-27 00:56 - 2012-12-27 00:56 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1CF05B28-2488-4506-A785-DE28DEDE9446} 2012-12-26 10:16 - 2012-12-26 10:16 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2F04F958-0B14-46E3-BAC8-93EA3BCB46A6} 2012-12-25 18:54 - 2012-12-25 18:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{05906058-5F62-47D6-978C-2B4F8733181A} 2012-12-24 10:59 - 2012-12-24 10:59 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{17F20186-798D-4292-B9F0-229C09D21EC1} 2012-12-23 16:05 - 2012-12-23 16:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5A60AF4F-3B93-4476-ACDC-2F0AA3DBEFDC} 2012-12-22 21:40 - 2012-12-22 21:40 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{A9CE1DDD-2A8D-4CF4-8E58-DC251AD514C3} 2012-12-21 22:04 - 2012-12-16 18:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-21 22:04 - 2012-12-16 15:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-21 22:04 - 2012-12-16 15:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-21 22:04 - 2012-12-16 15:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-21 22:03 - 2012-12-21 22:03 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D4913C59-6473-41E1-9184-D132D936B365} 2012-12-20 20:37 - 2012-12-20 20:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{CF664DC2-48D4-4CAB-A7C7-BBE0CEC71F87} 2012-12-19 19:27 - 2012-12-19 19:27 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{835F2E3A-7F3B-4594-B2F3-AC40E6DE27C2} 2012-12-18 20:54 - 2012-12-18 20:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1B8B8CC8-7B23-499C-8584-4FAC01E2783B} 2012-12-17 20:38 - 2012-12-17 20:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{89D409A9-7D2C-4A10-8487-02E4713D13D2} 2012-12-16 17:38 - 2012-12-16 17:38 - 00077192 ___AT C:\Users\Kristofer - 1\Desktop\Jannica 2012-12-16 12:36 - 2012-12-16 12:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F5C9C444-8A5A-4452-AF6A-76B91A2917D8} 2012-12-15 20:41 - 2012-12-15 20:41 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{ADC72E47-EE38-4FAC-929B-4CA1ADABBC61} 2012-12-15 00:17 - 2012-12-15 00:17 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7669C6EF-F14B-4B40-9F93-B87919D90676} 2012-12-13 21:26 - 2012-12-13 21:27 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8367747F-B200-40B2-B369-50761FA7B68E} 2012-12-12 19:56 - 2012-12-12 19:57 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{E101615B-D57B-4FD6-9C98-6FEDE4627827} 2012-12-11 23:31 - 2012-11-14 08:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-11 23:31 - 2012-11-14 07:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-11 23:31 - 2012-11-14 07:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-11 23:31 - 2012-11-14 07:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-11 23:31 - 2012-11-14 07:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-11 23:31 - 2012-11-14 07:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-11 23:31 - 2012-11-14 07:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-11 23:31 - 2012-11-14 06:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-11 23:31 - 2012-11-14 06:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-11 23:31 - 2012-11-14 06:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-11 23:31 - 2012-11-14 06:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-11 23:31 - 2012-11-14 06:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-11 23:31 - 2012-11-14 06:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-11 23:31 - 2012-11-14 06:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-11 23:31 - 2012-11-14 06:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-11 23:31 - 2012-11-14 06:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-11 23:31 - 2012-11-14 03:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-11 23:31 - 2012-11-14 03:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-11 23:31 - 2012-11-14 03:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-11 23:31 - 2012-11-14 02:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-11 23:31 - 2012-11-14 02:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-11 23:31 - 2012-11-14 02:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-11 23:31 - 2012-11-14 02:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-11 23:31 - 2012-11-14 02:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-11 23:31 - 2012-11-14 02:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-11 23:31 - 2012-11-14 02:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-11 23:31 - 2012-11-14 02:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-11 23:31 - 2012-11-14 02:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-11 23:31 - 2012-11-14 02:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-12-11 23:31 - 2012-11-14 02:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-11 23:31 - 2012-11-14 02:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-11 23:31 - 2012-11-14 02:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-12-11 20:00 - 2012-12-11 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2C0CE8D4-D4C8-49A2-A4F9-F6FB70D5FAAE} 2012-12-11 19:32 - 2012-11-22 04:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-12-11 19:32 - 2012-11-09 06:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-12-11 19:32 - 2012-11-09 05:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-12-11 19:32 - 2012-11-02 06:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll 2012-12-11 19:32 - 2012-11-02 06:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2012-12-11 19:32 - 2012-10-04 18:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2012-12-11 19:32 - 2012-10-04 18:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2012-12-11 19:32 - 2012-10-04 18:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2012-12-11 19:32 - 2012-10-04 18:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-12-11 19:32 - 2012-10-04 18:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2012-12-11 19:32 - 2012-10-04 18:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-12-11 19:32 - 2012-10-04 18:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2012-12-11 19:32 - 2012-10-04 17:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2012-12-11 19:32 - 2012-10-04 17:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 16:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-12-11 19:32 - 2012-10-04 15:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2012-12-11 19:32 - 2012-10-04 15:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2012-12-11 19:32 - 2012-10-04 15:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2012-12-11 19:32 - 2012-10-04 15:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2012-12-11 19:32 - 2012-10-04 15:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 15:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 15:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-12-11 19:32 - 2012-10-04 15:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-12-10 20:32 - 2012-12-10 20:32 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{C38E1182-C661-4C56-BB23-D73017BEF2B7} 2012-12-09 23:36 - 2012-12-09 23:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B13276A3-1A57-4A73-8D82-3C47B30A4A02} 2012-12-09 18:54 - 2012-12-09 18:54 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\GYM2012-12.xlsx 2012-12-09 11:35 - 2012-12-09 11:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D3D5707D-0FC1-4A8A-AC0D-1F628D45079F} 2012-12-08 22:23 - 2012-12-08 22:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{67DAA17B-DA47-4F26-B0A4-7273F5CB9370} 2012-12-08 10:23 - 2012-12-08 10:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B666FAD0-B4E2-4625-9507-934E1132DE94} 2012-12-07 20:00 - 2012-12-07 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{6C744D3A-9F1A-4C9A-B490-ADE49AE75AE0} 2012-12-06 19:19 - 2012-12-06 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{9AAB8196-AD46-426E-82CE-41FCD6E7F63F} 2012-12-05 20:28 - 2012-12-05 20:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A0D0F2C-6EB5-4B63-BF8E-20773BF0CB14} 2012-12-05 07:13 - 2012-12-05 07:14 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{52DD2F11-32C9-417B-9E39-9481CDE96F41} 2012-12-04 18:39 - 2012-12-04 18:40 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{62562F11-0A50-4009-BE94-70DD05D2C834} 2012-12-03 21:00 - 2012-12-03 21:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\dvdcss 2012-12-03 20:29 - 2012-12-03 20:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3D622C88-B53C-40C5-93FC-840E31E45FE0} ==================== One Month Modified Files and Folders ======= 2013-01-02 18:53 - 2013-01-02 18:53 - 00000000 ____D C:\FRST 2013-01-02 18:50 - 2012-08-27 19:06 - 02041010 ____A C:\Windows\WindowsUpdate.log 2013-01-02 18:34 - 2009-07-14 05:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-02 18:34 - 2009-07-14 05:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-02 18:28 - 2012-11-11 19:15 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-02 18:27 - 2012-11-11 19:15 - 00000996 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-02 18:27 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-02 18:27 - 2009-07-14 05:51 - 00041247 ____A C:\Windows\setupact.log 2013-01-02 18:17 - 2012-09-22 22:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\Spotify 2013-01-02 18:17 - 2012-09-22 22:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\Spotify 2013-01-02 18:17 - 2012-08-31 18:26 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\Skype 2013-01-02 18:10 - 2013-01-02 18:10 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{572BF5CE-9741-4B33-8168-8E6016D155C7} 2013-01-01 23:40 - 2012-09-01 20:33 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\vlc 2013-01-01 23:13 - 2012-09-04 19:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\Azureus 2013-01-01 23:02 - 2013-01-01 23:02 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A9B8925-AA15-4271-A66A-99584FCDEB31} 2013-01-01 22:18 - 2012-08-27 20:32 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\Skype 2013-01-01 19:55 - 2011-04-12 15:28 - 00625534 ____A C:\Windows\System32\perfh01D.dat 2013-01-01 19:55 - 2011-04-12 15:28 - 00123688 ____A C:\Windows\System32\perfc01D.dat 2013-01-01 19:55 - 2009-07-14 06:13 - 01466438 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-01 19:51 - 2012-08-28 17:34 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\vlc 2013-01-01 19:24 - 2013-01-01 19:24 - 00000000 ____D C:\_OTL 2013-01-01 19:21 - 2013-01-01 19:21 - 00602112 ____A (OldTimer Tools) C:\Users\Kristofer\Desktop\OTL.exe 2013-01-01 18:54 - 2012-08-28 19:30 - 00000000 ____D C:\users\Kristofer - 1 2013-01-01 11:02 - 2013-01-01 11:01 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3A84C707-D9AC-42AF-9D55-F13BDA1D78C5} 2012-12-31 10:31 - 2012-12-31 10:30 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D43BB784-0D06-415F-BDD5-F522A1F7D4C5} 2012-12-30 22:22 - 2012-12-30 22:22 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad 2012-12-30 22:22 - 2012-12-28 16:15 - 00002959 ____A C:\Users\All Users\dsgsdgdsgdsgw.js 2012-12-30 19:20 - 2012-12-30 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F08881AC-FC92-4815-A5D2-C7AF5A9E7658} 2012-12-30 11:54 - 2012-12-30 11:54 - 00016179 ____A C:\ComboFix.txt 2012-12-30 11:54 - 2012-12-29 00:42 - 00000000 ____D C:\Qoobox 2012-12-30 11:52 - 2010-11-21 04:47 - 00048850 ____A C:\Windows\PFRO.log 2012-12-30 11:52 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini 2012-12-30 11:17 - 2012-12-30 11:17 - 05015826 ____R (Swearware) C:\Users\Kristofer\Desktop\ComboFix.exe 2012-12-30 07:19 - 2012-12-30 07:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{37289BA3-E66C-4A31-A75F-2FB78ACA4BB2} 2012-12-29 22:47 - 2012-08-28 19:23 - 00000000 ____D C:\Foton 2012-12-29 19:19 - 2012-12-29 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{11AE976F-699C-4B5C-9D22-F792F5CB3357} 2012-12-29 15:13 - 2012-12-29 15:13 - 00002150 ____A C:\Users\Kristofer\Desktop\RKreport[5]_S_12292012_1512.txt 2012-12-29 15:07 - 2012-12-29 15:07 - 00002434 ____A C:\Users\Kristofer\Desktop\RKreport[4]_S_12292012_02d1507.txt 2012-12-29 15:07 - 2012-12-28 21:05 - 00000000 ____D C:\Users\Kristofer\Desktop\RK_Quarantine 2012-12-29 14:23 - 2012-12-29 14:23 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\Gymförteckning 20121203.xlsx 2012-12-29 13:09 - 2012-12-29 13:09 - 00015670 ____A C:\Users\Kristofer\Desktop\Combofix1.txt 2012-12-29 11:26 - 2012-12-28 18:47 - 00016369 ____A C:\Users\Kristofer\Desktop\dds.txt 2012-12-29 11:26 - 2012-12-28 18:47 - 00006950 ____A C:\Users\Kristofer\Desktop\attach.txt 2012-12-29 11:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF 2012-12-29 11:14 - 2012-12-29 00:41 - 00000000 ____D C:\Windows\erdnt 2012-12-29 11:10 - 2012-12-29 00:41 - 05015489 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\ComboFix.exe 2012-12-29 01:37 - 2012-12-29 01:36 - 00004169 ____A C:\Users\Kristofer\Desktop\aswMBR.txt 2012-12-29 01:37 - 2012-12-29 01:36 - 00000512 ____A C:\Users\Kristofer\Desktop\MBR.dat 2012-12-29 01:29 - 2012-12-29 01:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8B326BBF-42D9-438B-9177-1147170704F0} 2012-12-29 01:26 - 2012-12-29 01:25 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe.5y6u68o.partial 2012-12-29 01:26 - 2012-09-22 22:44 - 13138000 ____A C:\Users\Kristofer - 1\Downloads\FuturisticFractals_DLawler.themepack 2012-12-29 01:25 - 2012-12-29 01:25 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe 2012-12-29 01:24 - 2012-12-29 01:24 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kristofer - 1\Desktop\tdsskiller.exe 2012-12-29 00:49 - 2012-12-29 00:49 - 00015983 ____A C:\Users\Kristofer\Desktop\Combofix.txt 2012-12-29 00:48 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default 2012-12-29 00:37 - 2012-08-27 20:00 - 00000000 ____D C:\Users\Kristofer\Tracing 2012-12-29 00:34 - 2012-12-29 00:34 - 00001875 ____A C:\Users\Kristofer\Desktop\RKreport[3]_D_12292012_02d0034.txt 2012-12-29 00:33 - 2012-12-29 00:33 - 00002525 ____A C:\Users\Kristofer\Desktop\RKreport[2]_D_12292012_02d0033.txt 2012-12-28 21:07 - 2012-12-28 21:07 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport S 12282012.txt 2012-12-28 21:06 - 2012-12-28 21:06 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport[1]_S_12282012_02d2106.txt 2012-12-28 21:03 - 2012-12-28 21:03 - 00688992 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\dds.scr 2012-12-28 20:58 - 2012-12-28 20:58 - 00749056 ____A C:\Users\Kristofer - 1\Desktop\RogueKillerX64.exe 2012-12-28 18:53 - 2012-12-28 18:53 - 00073374 ____A C:\Users\Kristofer\Desktop\OTL.Txt 2012-12-28 18:53 - 2012-12-28 18:53 - 00053882 ____A C:\Users\Kristofer\Desktop\Extras.Txt 2012-12-28 18:41 - 2012-12-28 18:41 - 00688992 ____R (Swearware) C:\Users\Kristofer\Desktop\dds.scr 2012-12-28 18:41 - 2012-12-28 18:41 - 00139264 ____A C:\Users\Kristofer\Desktop\SystemLook.exe 2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\Personal 2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185} 2012-12-28 18:28 - 2012-08-27 19:42 - 00068328 ____A C:\Users\Kristofer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-12-28 18:28 - 2012-08-27 19:06 - 00000000 ____D C:\users\Kristofer 2012-12-28 13:25 - 2012-12-28 13:25 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{4A0695D1-DFFD-403A-BD9B-FC2D10B563B9} 2012-12-27 15:05 - 2012-12-27 15:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5D3C71B1-FC2C-4DF5-8D95-7D831F3951C6} 2012-12-27 00:56 - 2012-12-27 00:56 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1CF05B28-2488-4506-A785-DE28DEDE9446} 2012-12-26 10:16 - 2012-12-26 10:16 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2F04F958-0B14-46E3-BAC8-93EA3BCB46A6} 2012-12-25 18:54 - 2012-12-25 18:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{05906058-5F62-47D6-978C-2B4F8733181A} 2012-12-24 10:59 - 2012-12-24 10:59 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{17F20186-798D-4292-B9F0-229C09D21EC1} 2012-12-23 16:05 - 2012-12-23 16:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5A60AF4F-3B93-4476-ACDC-2F0AA3DBEFDC} 2012-12-22 21:40 - 2012-12-22 21:40 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{A9CE1DDD-2A8D-4CF4-8E58-DC251AD514C3} 2012-12-21 22:09 - 2009-07-14 05:45 - 00307616 ____A C:\Windows\System32\FNTCACHE.DAT 2012-12-21 22:03 - 2012-12-21 22:03 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D4913C59-6473-41E1-9184-D132D936B365} 2012-12-20 20:38 - 2012-12-20 20:37 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{CF664DC2-48D4-4CAB-A7C7-BBE0CEC71F87} 2012-12-19 19:27 - 2012-12-19 19:27 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{835F2E3A-7F3B-4594-B2F3-AC40E6DE27C2} 2012-12-18 20:54 - 2012-12-18 20:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1B8B8CC8-7B23-499C-8584-4FAC01E2783B} 2012-12-17 20:38 - 2012-12-17 20:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{89D409A9-7D2C-4A10-8487-02E4713D13D2} 2012-12-16 18:11 - 2012-12-21 22:04 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 17:38 - 2012-12-16 17:38 - 00077192 ___AT C:\Users\Kristofer - 1\Desktop\Jannica 2012-12-16 15:45 - 2012-12-21 22:04 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 15:13 - 2012-12-21 22:04 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-16 15:13 - 2012-12-21 22:04 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-16 12:36 - 2012-12-16 12:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F5C9C444-8A5A-4452-AF6A-76B91A2917D8} 2012-12-15 20:41 - 2012-12-15 20:41 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{ADC72E47-EE38-4FAC-929B-4CA1ADABBC61} 2012-12-15 00:18 - 2012-08-27 20:28 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-12-15 00:18 - 2012-08-27 20:28 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-12-15 00:17 - 2012-12-15 00:17 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7669C6EF-F14B-4B40-9F93-B87919D90676} 2012-12-13 21:27 - 2012-12-13 21:26 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8367747F-B200-40B2-B369-50761FA7B68E} 2012-12-12 20:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2012-12-12 19:57 - 2012-12-12 19:56 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{E101615B-D57B-4FD6-9C98-6FEDE4627827} 2012-12-11 23:32 - 2012-09-01 12:09 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-12-11 23:31 - 2012-08-28 17:04 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-12-11 20:00 - 2012-12-11 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2C0CE8D4-D4C8-49A2-A4F9-F6FB70D5FAAE} 2012-12-10 20:33 - 2012-11-03 17:26 - 00002026 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2012-12-10 20:33 - 2012-08-27 19:33 - 00196316 ____A C:\Windows\DPINST.LOG 2012-12-10 20:32 - 2012-12-10 20:32 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{C38E1182-C661-4C56-BB23-D73017BEF2B7} 2012-12-10 20:32 - 2012-08-27 19:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2012-12-09 23:36 - 2012-12-09 23:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B13276A3-1A57-4A73-8D82-3C47B30A4A02} 2012-12-09 18:54 - 2012-12-09 18:54 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\GYM2012-12.xlsx 2012-12-09 11:36 - 2012-12-09 11:35 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D3D5707D-0FC1-4A8A-AC0D-1F628D45079F} 2012-12-08 22:23 - 2012-12-08 22:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{67DAA17B-DA47-4F26-B0A4-7273F5CB9370} 2012-12-08 10:23 - 2012-12-08 10:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B666FAD0-B4E2-4625-9507-934E1132DE94} 2012-12-07 20:35 - 2012-09-04 19:26 - 00000000 ____D C:\Program Files (x86)\Vuze 2012-12-07 20:00 - 2012-12-07 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{6C744D3A-9F1A-4C9A-B490-ADE49AE75AE0} 2012-12-06 19:19 - 2012-12-06 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{9AAB8196-AD46-426E-82CE-41FCD6E7F63F} 2012-12-05 20:29 - 2012-12-05 20:28 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A0D0F2C-6EB5-4B63-BF8E-20773BF0CB14} 2012-12-05 07:14 - 2012-12-05 07:13 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{52DD2F11-32C9-417B-9E39-9481CDE96F41} 2012-12-04 18:40 - 2012-12-04 18:39 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{62562F11-0A50-4009-BE94-70DD05D2C834} 2012-12-04 06:49 - 2009-07-14 06:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-12-03 21:00 - 2012-12-03 21:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\dvdcss 2012-12-03 20:29 - 2012-12-03 20:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3D622C88-B53C-40C5-93FC-840E31E45FE0} ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-12-30 02:45:25 Restore point made on: 2013-01-01 10:00:23 Restore point made on: 2013-01-01 19:24:38 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16336.89 MB Available physical RAM: 15170.32 MB Total Pagefile: 16335.09 MB Available Pagefile: 15162.32 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:931.41 GB) (Free:514.75 GB) NTFS 3 Drive g: () (Removable) (Total:3.78 GB) (Free:3.5 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (Reserverad av systemet) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk nr Status Storlek Ledigt Dyn Gpt -------- ------------- ------- ------- --- --- Disk nr 0 Online 931 G B 0 B Disk nr 1 Online 931 G B 8 M B Disk nr 2 Online 3882 M B 0 B Partitions of Disk 0: =============== Disk 0 „r nu den valda disken. Partitionsnr Typ Storlek Start ------------- ---------------- ------- ------- Partitionsnr 1 Prim„r 100 M 1024 K Partitionsnr 2 Prim„r 931 G 101 M ================================================================================== Disk: 0 Disk 0 „r nu den valda disken. Partition 1 „r nu den valda partitionen. Partition 1 Typ : 07 Dold : Nej Aktiv : Ja Offset i byte: 1048576 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 1 Y Reserverad NTFS Partition 100 M Felfri ========================================================= Disk: 0 Disk 0 „r nu den valda disken. Partition 2 „r nu den valda partitionen. Partition 2 Typ : 07 Dold : Nej Aktiv : Nej Offset i byte: 105906176 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 2 C NTFS Partition 931 G Felfri ========================================================= Partitions of Disk 1: =============== Disk 1 „r nu den valda disken. Partitionsnr Typ Storlek Start ------------- ---------------- ------- ------- Partitionsnr 1 Prim„r 931 G 31 K ================================================================================== Disk: 1 Disk 1 „r nu den valda disken. Partition 1 „r nu den valda partitionen. Partition 1 Typ : 07 Dold : Nej Aktiv : Ja Offset i byte: 32256 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 3 NTFS Partition 931 G Felfri ========================================================= Partitions of Disk 2: =============== Disk 2 „r nu den valda disken. Partitionsnr Typ Storlek Start ------------- ---------------- ------- ------- * Partitionsnr 1 Prim„r 3882 M 0 B ================================================================================== Disk: 2 Disk 2 „r nu den valda disken. Ingen partition har valts. Ingen partition har valts. V„lj en partition och f”rs”k sedan igen. ========================================================= Last Boot: 2012-12-28 14:25 ==================== End Of Log =============================
  12. Efter mycket bråk lyckades det förhoppningsvis. Datorn tillät mig inte att köra Reparera från den infekterade användaren utan fick jag köra från administratör. Därefter frågade programmet om det var Win XP (ligger på min gamla disk = D:) som skulle repareras och det var det natruligtvis inte. Fick fråga om andra enheter men tillslut verkade den köra Local Disk d.v.s. C: efter en del bråk. Hopps det var rätt. Men dessvärre ser det skumt ut med Win XP i nedanstående logg. Jag kanske får ta ur den HD medan vi testar med FRST för detta verkar klurigt eftersom datorn själv valde den disken? Förstår inte varför det står Running from G: nedan, när det senare i listan står C: och då datorn valde Local Disk... och varför skulle det bli en annan HD än den som jag normalt bootar ifrån? (Jag kanske bör tillägga att det är den gamla "polistrojandisken" som fixades i somras som sitter som andradisk och den skall formateras. Jag har bara inte hunnit färdigställa mitt datorbygge.) Jag tror proceduren bör köras om, när jag plockat ut den gamla HD? Här är i vart fall resultatet: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012 Ran by SYSTEM at 02-01-2013 18:26:14 Running from G:\ Microsoft Windows XP Service Pack 1 (X64) OS Language: Swedish The current controlset is ControlSet003 ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK. ==================== Registry (Whitelisted) =================== HKLM\...\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe [x] HKLM\...\Run: [ABIT uGuru] C:\Program\ABIT\ABIT uGuru\uGuru.exe [1695827 2004-09-13] (ABIT Computer Corporation) HKLM\...\Run: [GuruClock] C:\Program\ABIT\ABIT uGuru\GuruClock.exe [4489280 2004-09-29] (ABIT Computer Corp.) HKLM\...\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [495616 2007-01-26] () HKLM\...\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe [676040 2011-02-22] () HKLM\...\Run: [ATICustomerCare] "C:\Program\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.) HKLM\...\Run: [soundMan] SOUNDMAN.EXE [x] HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x] HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x] HKLM\...\Run: [e-kort] C:\Program\ekort\ekort.exe /dontopenmycards /Autostart [377856 2008-12-11] (Orbiscom Ltd. All rights reserved.) HKLM\...\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2011-12-05] (Advanced Micro Devices, Inc.) HKLM\...\Run: [DivXUpdate] "C:\Program\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] () HKLM\...\Run: [MSC] "c:\Program\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKU\Administratör\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation) HKU\Default User\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation) HKU\Kristofer\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation) HKU\Kristofer\...\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation) HKU\Kristofer\...\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Kristofer\...\Run: [spotify Web Helper] "C:\Program\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-16] () HKU\Kristofer\...\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /minimized /regrun [17417392 2012-07-03] (Skype Technologies S.A.) HKU\LocalService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation) HKU\NetworkService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation) HKLM-x32\...\Winlogon: [userinit] [x] HKLM-x32\...\Winlogon: [shell] [x ] () Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation) Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation) Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation) Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation) Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation) Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation) Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation) Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation) Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) =================== 3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2012-08-02] (Adobe Systems Incorporated) 4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) 3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation) 2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [643072 2011-12-06] (ATI Technologies Inc.) 4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) 3 dmadmin; C:\Windows\System32\dmadmin.exe /com [225280 2008-04-14] (Microsoft Corporation, Veritas Software) 3 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corporation) 2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) 2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-09] (Microsoft Corporation) 3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) 3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation) 2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) 3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) 3 IDriverT; "C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-04] (Macrovision Corporation) 3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [881664 2008-07-29] (Microsoft Corporation) 3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) 2 Jamcast; "C:\Program\Jamcast\jamcastsvc.exe" [62704 2010-12-18] (Software Development Solutions, Inc.) 2 Lavasoft Ad-Aware Service; "C:\Program\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited) 4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) 3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) 2 MsMpSvc; "C:\Program\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation) 4 NetDDE; C:\Windows\System32\netdde.exe [112640 2008-04-14] (Microsoft Corporation) 4 NetDDEdsdm; C:\Windows\System32\netdde.exe [112640 2008-04-14] (Microsoft Corporation) 3 Nla; C:\Windows\System32\mswsock.dll [247296 2008-06-20] (Microsoft Corporation) 3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) 3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435712 2008-04-14] (Microsoft Corporation) 3 odserv; "C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE" [440696 2011-07-20] (Microsoft Corporation) 3 ose; "C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation) 2 PlugPlay; C:\Windows\System32\services.exe [110592 2009-02-09] (Microsoft Corporation) 2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) 3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) 3 RSVP; C:\Windows\System32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) 3 SCardSvr; C:\Windows\System32\SCardSvr.exe [98304 2008-04-14] (Microsoft Corporation) 2 Secunia PSI Agent; C:\Program\Secunia\PSI\PSIA.exe --start-service [1326176 2012-06-27] (Secunia) 2 Secunia Update Agent; C:\Program\Secunia\PSI\sua.exe --start-service [681056 2012-06-27] (Secunia) 2 Skype C2C Service; "C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-07-05] (Skype Technologies S.A.) 2 SkypeUpdate; C:\Program\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies) 3 Sony PC Companion; "C:\Program\Sony\Sony PC Companion\PCCService.exe" [155320 2012-01-18] (Avanquest Software) 2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) 3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{0197C7F7-9611-40FC-99B3-CC1A0C8B26C0} [5120 2008-04-14] (Microsoft Corporation) 3 SysmonLog; C:\Windows\System32\smlogsvc.exe [91648 2008-04-14] (Microsoft Corporation) 3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) 2 VoddlerNet; C:\Program\Voddler\service\voddler.exe [1039640 2011-02-22] (Voddler) 3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) 3 WMPNetworkSvc; "C:\Program\Windows Media Player\WMPNetwk.exe" [912384 2006-11-15] (Microsoft Corporation) 2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) 2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) 3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) 3 AppMgmt; C:\Windows\System32\appmgmts.dll [x] 4 HidServ; C:\Windows\System32\hidserv.dll [x] ==================== Drivers (Whitelisted) ===================== 4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11776 2004-08-04] (Microsoft Corporation) 3 aec; C:\Windows\System32\Drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) 3 Arp1394; C:\Windows\System32\Drivers\Arp1394.sys [60800 2008-04-13] (Microsoft Corporation) 3 ati2mtag; C:\Windows\System32\Drivers\ati2mtag.sys [7490560 2011-12-06] (ATI Technologies Inc.) 3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [100368 2011-12-20] (Advanced Micro Devices) 3 Atmarpc; C:\Windows\System32\Drivers\Atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) 3 audstub; C:\Windows\System32\Drivers\audstub.sys [3072 2001-08-17] (Microsoft Corporation) 3 BVRPMPR5; C:\Windows\System32\Drivers\BVRPMPR5.sys [49904 2010-09-27] (Avanquest Software) 4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation) 1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) 4 dmboot; C:\Windows\System32\Drivers\dmboot.sys [800000 2008-04-14] (Microsoft Corporation, Veritas Software) 4 dmio; C:\Windows\System32\Drivers\dmio.sys [153856 2008-04-14] (Microsoft Corporation, Veritas Software) 4 dmload; C:\Windows\System32\Drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) 3 DMusic; C:\Windows\System32\Drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) 1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) 0 Ftdisk; C:\Windows\System32\Drivers\Ftdisk.sys [125696 2004-08-04] (Microsoft Corporation) 3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) 3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [113664 2004-03-17] (Windows ® Server 2003 DDK provider) 3 HDAudBus; C:\Windows\System32\Drivers\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) 1 Imapi; C:\Windows\System32\Drivers\Imapi.sys [42112 2008-04-13] (Microsoft Corporation) 3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [4713472 2010-12-20] (Realtek Semiconductor Corp.) 3 Ip6Fw; C:\Windows\System32\Drivers\Ip6Fw.sys [36608 2008-04-13] (Microsoft Corporation) 3 IpInIp; C:\Windows\System32\Drivers\IpInIp.sys [20864 2008-04-13] (Microsoft Corporation) 1 IPSec; C:\Windows\System32\Drivers\IPSec.sys [75264 2008-04-13] (Microsoft Corporation) 3 kmixer; C:\Windows\System32\Drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) 3 Lavasoft Kernexplorer; \??\C:\Program\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-03-02] () 0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [64512 2011-03-02] (Lavasoft AB) 1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) 0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 3 NIC1394; C:\Windows\System32\Drivers\NIC1394.sys [61824 2008-04-13] (Microsoft Corporation) 3 NwlnkFlt; C:\Windows\System32\Drivers\NwlnkFlt.sys [12416 2004-08-04] (Microsoft Corporation) 3 NwlnkFwd; C:\Windows\System32\Drivers\NwlnkFwd.sys [32512 2004-08-04] (Microsoft Corporation) 3 PSched; C:\Windows\System32\Drivers\PSched.sys [69120 2008-04-13] (Microsoft Corporation) 3 Ptilink; C:\Windows\System32\Drivers\Ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) 0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2010-07-12] (Sonic Solutions) 3 Raspti; C:\Windows\System32\Drivers\Raspti.sys [16512 2004-08-04] (Microsoft Corporation) 1 redbook; C:\Windows\System32\Drivers\redbook.sys [58240 2008-04-14] (Microsoft Corporation) 3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-13] (Realtek Semiconductor Corporation ) 3 s0016bus; C:\Windows\System32\Drivers\s0016bus.sys [89256 2008-05-16] (MCCI Corporation) 3 s0016mdfl; C:\Windows\System32\Drivers\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation) 3 s0016mdm; C:\Windows\System32\Drivers\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation) 3 s0016mgmt; C:\Windows\System32\Drivers\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation) 3 s0016nd5; C:\Windows\System32\Drivers\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation) 3 s0016obex; C:\Windows\System32\Drivers\s0016obex.sys [110632 2008-05-16] (MCCI Corporation) 3 s0016unic; C:\Windows\System32\Drivers\s0016unic.sys [115752 2008-05-16] (MCCI Corporation) 3 sea1bus; C:\Windows\System32\Drivers\sea1bus.sys [61536 2007-02-08] (MCCI) 3 sea1mdfl; C:\Windows\System32\Drivers\sea1mdfl.sys [9360 2007-02-08] (MCCI) 3 sea1mdm; C:\Windows\System32\Drivers\sea1mdm.sys [97088 2007-02-08] (MCCI) 3 sea1mgmt; C:\Windows\System32\Drivers\sea1mgmt.sys [88624 2007-02-08] (MCCI) 3 sea1nd5; C:\Windows\System32\Drivers\sea1nd5.sys [18704 2007-02-08] (MCCI) 3 sea1obex; C:\Windows\System32\Drivers\sea1obex.sys [86432 2007-02-08] (MCCI) 3 sea1unic; C:\Windows\System32\Drivers\sea1unic.sys [90800 2007-02-08] (MCCI) 3 splitter; C:\Windows\System32\Drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) 0 sr; C:\Windows\System32\Drivers\sr.sys [73344 2008-04-14] (Microsoft Corporation) 3 swmidi; C:\Windows\System32\Drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) 3 sysaudio; C:\Windows\System32\Drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) 0 uGuru; C:\Windows\System32\Drivers\uGuru.sys [10752 2004-08-04] (ABIT Computer Corporation) 3 Update; C:\Windows\System32\Drivers\Update.sys [384768 2008-04-13] (Microsoft Corporation) 3 wdmaud; C:\Windows\System32\Drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) 0 Winflash; C:\Windows\System32\Drivers\Winflash.sys [3548 2002-09-17] () 4 Abiosdsk; [x] 4 abp480n5; [x] 4 adpu160m; [x] 4 Aha154x; [x] 4 aic78u2; [x] 4 aic78xx; [x] 4 AliIde; [x] 4 amsint; [x] 4 asc; [x] 4 asc3350p; [x] 4 asc3550; [x] 4 Atdisk; [x] 4 cd20xrnt; [x] 4 CmdIde; [x] 4 Cpqarray; [x] 4 dac2w2k; [x] 4 dac960nt; [x] 4 dpti2o; [x] 4 hpn; [x] 1 i2omgmt; [x] 4 i2omp; [x] 4 ini910u; [x] 1 lbrtfdc; [x] 4 mraid35x; [x] 1 PCIDump; [x] 3 PDCOMP; [x] 3 PDFRAME; [x] 3 PDRELI; [x] 3 PDRFRAME; [x] 4 perc2; [x] 4 perc2hib; [x] 4 ql1080; [x] 4 Ql10wnt; [x] 4 ql12160; [x] 4 ql1240; [x] 4 ql1280; [x] 4 Simbad; [x] 4 Sparrow; [x] 4 symc810; [x] 4 symc8xx; [x] 4 sym_hi; [x] 4 sym_u3; [x] 4 TosIde; [x] 4 ultra; [x] 4 ViaIde; [x] 3 WDICA; [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-02 18:26 - 2013-01-02 18:26 - 00000000 ____D C:\FRST ==================== One Month Modified Files and Folders ======= 2013-01-02 18:26 - 2013-01-02 18:26 - 00000000 ____D C:\FRST ==================== Known DLLs (Whitelisted) ================= C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\comdlg32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\imagehlp.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\lz32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\oleaut32.dll IS MISSING <==== ATTENTION! [2004-08-04 13:00] - [2008-04-14 17:04] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll C:\Windows\SysWOW64\olecli32.dll IS MISSING <==== ATTENTION! [2004-08-04 13:00] - [2008-04-14 17:04] - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll C:\Windows\SysWOW64\olecnv32.dll IS MISSING <==== ATTENTION! [2004-08-04 13:00] - [2004-08-04 13:00] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll C:\Windows\SysWOW64\olesvr32.dll IS MISSING <==== ATTENTION! [2004-08-04 13:00] - [2004-08-04 13:00] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll C:\Windows\SysWOW64\olethk32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\shell32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\url.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\urlmon.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\version.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\wininet.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\wldap32.dll IS MISSING <==== ATTENTION! ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2004-08-04 13:00] - [2008-04-14 17:05] - 0507904 ____A (Microsoft Corporation) ABD2D070BE76A9386A0A283A332E3862 C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!. C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!. C:\Windows\explorer.exe [2004-08-04 13:00] - [2008-04-14 17:05] - 1034240 ____A (Microsoft Corporation) 74BB7DCD2BFDCC0E52869DB3582CA781 C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\svchost.exe [2004-08-04 13:00] - [2008-04-14 17:05] - 0014336 ____A (Microsoft Corporation) 6CCEF19D7301D9861F90E299C798AD3F C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\services.exe [2004-08-04 13:00] - [2009-02-09 12:27] - 0110592 ____A (Microsoft Corporation) 8870B0C4A094C1CE80CEA6F85FA38FF2 C:\Windows\System32\User32.dll [2004-08-04 13:00] - [2008-04-14 17:04] - 0578560 ____A (Microsoft Corporation) E3CF0EC59316EA8E856DB1E1F442CD57 C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\userinit.exe [2004-08-04 13:00] - [2008-04-14 17:05] - 0026112 ____A (Microsoft Corporation) 317799A2E42B5EA048A8A70F482CBA9F C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 13:00] - [2008-04-14 16:36] - 0052864 ____A (Microsoft Corporation) 57187EC04878147E1F4F2D9224B12205 ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 6% Total physical RAM: 16336.89 MB Available physical RAM: 15258.72 MB Total Pagefile: 16335.09 MB Available Pagefile: 15240.84 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:931.5 GB) (Free:459.95 GB) NTFS 2 Drive e: () (Fixed) (Total:931.41 GB) (Free:514.81 GB) NTFS 4 Drive g: () (Removable) (Total:3.78 GB) (Free:3.5 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (Reserverad av systemet) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk nr Status Storlek Ledigt Dyn Gpt -------- ------------- ------- ------- --- --- Disk nr 0 Online 931 G B 0 B Disk nr 1 Online 931 G B 8 M B Disk nr 2 Online 3882 M B 0 B Partitions of Disk 0: =============== Disk 0 „r nu den valda disken. Partitionsnr Typ Storlek Start ------------- ---------------- ------- ------- Partitionsnr 1 Prim„r 100 M 1024 K Partitionsnr 2 Prim„r 931 G 101 M ================================================================================== Disk: 0 Disk 0 „r nu den valda disken. Partition 1 „r nu den valda partitionen. Partition 1 Typ : 07 Dold : Nej Aktiv : Ja Offset i byte: 1048576 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 1 Y Reserverad NTFS Partition 100 M Felfri ========================================================= Disk: 0 Disk 0 „r nu den valda disken. Partition 2 „r nu den valda partitionen. Partition 2 Typ : 07 Dold : Nej Aktiv : Nej Offset i byte: 105906176 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 2 E NTFS Partition 931 G Felfri ========================================================= Partitions of Disk 1: =============== Disk 1 „r nu den valda disken. Partitionsnr Typ Storlek Start ------------- ---------------- ------- ------- Partitionsnr 1 Prim„r 931 G 31 K ================================================================================== Disk: 1 Disk 1 „r nu den valda disken. Partition 1 „r nu den valda partitionen. Partition 1 Typ : 07 Dold : Nej Aktiv : Ja Offset i byte: 32256 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 3 C NTFS Partition 931 G Felfri ========================================================= Partitions of Disk 2: =============== Disk 2 „r nu den valda disken. Partitionsnr Typ Storlek Start ------------- ---------------- ------- ------- * Partitionsnr 1 Prim„r 3882 M 0 B ================================================================================== Disk: 2 Disk 2 „r nu den valda disken. Ingen partition har valts. Ingen partition har valts. V„lj en partition och f”rs”k sedan igen. ========================================================= ==================== End Of Log =============================
  13. Grattis till oss som har samma skit! (samma filer t.o.m.) OCH som du säger datumet, tiden stämmer exakt med smittan... Usch och fy! Hoppas man inte åker på svininfluensan också! Jag tror jag skall lära mig programmering och skicka en "fin" present till dem också! P.S. Polisen, alltså den riktiga, vill gärna ha in polisanmälan på detta eftersom det rör sig om intrång. Så det är nog bra att göra en anmälan eftersom det höjjer viljan hos polisen att göra något åt det, då mörkertalet sannolikt är stort samt att de då får en överblick över omfattningen av det hela. Detta har varit med i flera dagstidningar senaste tiden! Jag menar det räcker ju att kolla det här forumet för att förstå hur många som drabbas av skiten... D.S
  14. Problemet nu är att namnen jag kunde välja INTE har samma namn i inloggningen till själva Win. Hur ser jag vilken av de tre som är kopplade till respektive användarkonto i Win? Det fanns en som hette HomeGroupuser eller nåt också... Sedan fanns det två med mitt namn varav en hade en - 1 efteråt. Skall jag försöka välja den som är den infekterade användaren i Windows alltså? Men vilken är det?
  15. Hej! Inget av alternativen fungerade. Med skiva säger datorn: "Den här versionen av alternativ för systemåterställning är inte kompatibel med den version av Windows du försöker reparera. Försök att använda en återställningsdisk som är kompatibel med den här versionen av Windows." Det är en hel köpt version och det är samma skiva och datorkomponenter! Kanske har väsentliga Windowskomponenter ändrats i och med vårt trixande? Utan skivan så får jag endast upp vilken device jag vill boota ifrån och kan välja HD, CD etc eller Enter setup... det finns inget alternativ: Reparera. Vad göra? Kanske lättast att installera om hela Win 7 istället?
×
×
  • Skapa nytt...