Just nu i M3-nätverket
Gå till innehåll

No-1

Medlem
  • Antal inlägg

    57
  • Gick med

  • Senaste besök

Foruminlägg postade av No-1


  1. Några tankar...

     

    Hur kommer det sig att datorn tillåter att sådana här program kommer in? Som en av de mer mjukvaruokunniga personerna så tänker jag att alla program som vill installeras oavsett om man trycker på "fel" länk eller får upp en halvskum sida med trojaner så borde det gå att få datorn att inte acceptera automatisk installation av någon sådan programvara?

     

    Vad jag förstår så är ju Flashplayer en av de större bovarna i detta men ändock? Kan man inte få Flash att "varna" vid alla automatiska körningar så att användaren måste godkänna först?

     

    Antar att det krävs en heldagsföreläsning för att förstå varför annars, om ovan inte är möjligt, t.ex. brandväggar etc inte stoppar sådant...


  2. Det som nu är kvar är Rougekiller samt att ikonen för aswMBR nu är helt annorlunda. aswMBR ändrade från .exe till att bli en fil för Internet Explorer med ett knepigt namn aswMBR.exe.5y6u68o. När jag kollar egenskaper så står det delhämtning .partial, så antar att jag kan ta bort den manuellt?

     

     

    Under C: finns också en knepig mapp med namnet 32788R22FWJFW. Den är dock tom så den bör ju givetvis också kunna tas bort manuellt?


  3. Eftersom jag kört programmen från såväl admin som mitt egna konto så finns det ibland dubbel uppsättning av vissa program på respektive skrivbord. På admin verkade allt ha tagits bort (ej ESET). Nu försöker jag rensa mitt eget konto. Här försvann endast Combofix. På mitt kontos skrivbord ligger nu aswMBR (minns ej vilket program det var), DDS, tdsskiller samt Rougekiller. Det KAN vara så att dessa programmen inte ens är körda från mitt konto och att det bara är nedladdningen som ligger där (du vet extract). Jag minns dock inte vilket program som kördes från vilket konto. Men om det bara är extracts så är de ju i såfall lätta att radera manuellt ju.

     

    ESET kan jag väl ta bort via uninstall i den mappen? De andra kvarvarande programmen då?

     

    Alla loggar, ev. filer / mappar som eventuellt inte försvann kan jag väl också radera manuellt?


  4. ========== FILES ==========

    C:\Users\Kristofer - 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1GTI1WW\buildings_sessions_minimum-hits[1].htm moved successfully.

    ========== COMMANDS ==========

    Restore point Set: OTL Restore Point

     

    [EMPTYJAVA]

     

    User: All Users

     

    User: Default

     

    User: Default User

     

    User: Kristofer

    ->Java cache emptied: 0 bytes

     

    User: Kristofer - 1

    ->Java cache emptied: 218840 bytes

     

    User: Public

     

    Total Java Files Cleaned = 0,00 mb

     

     

    OTL by OldTimer - Version 3.2.69.0 log created on 01052013_013019


  5. Datorn tycks fungera bra trots infektionen. Det har den gjort en längre tid, ända sen själva polisbilden försvann... men det är ju ingen garanti, som synes nedan...

     

     

    Här kommer resultatet från ESET!

     

    C:\FRST\Quarantine\dsgsdgdsgdsgw.js JS/Agent.NID trojan

    C:\Users\Kristofer - 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1GTI1WW\buildings_sessions_minimum-hits[1].htm JS/Agent.NHS trojan

    C:\Users\Kristofer - 1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\47eccc26-75a34fe8 Win32/Reveton.O trojan


  6. Här kommer de! Jag uppdaterade faktiskt inte Combofix (programmet ville det), det hängde sig senast och det har ju fungerat sen tidigare...

     

     

    Combofix:

     

    ComboFix 12-12-30.01 -DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

    Run at 20:11:21 on 2013-01-03

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13967 [GMT 1:00]

    .

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\atieclxx.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

    C:\Program Files\Intel\iCLS Client\HeciServer.exe

    C:\Windows\system32\IProsetMonitor.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\System32\WUDFHost.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Personal\bin\Personal.exe

    C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Windows\System32\svchost.exe -k swprv

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

    mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

    mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

    uPolicies-Explorer: NoDrives = dword:0

    mPolicies-Explorer: NoDrives = dword:0

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    TCP: NameServer = 192.168.1.1

    TCP: Interfaces\{FBB10A48-4C68-43FC-B65E-DD076634270C} : DHCPNameServer = 192.168.1.1

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    SSODL: WebCheck - <orphaned>

    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

    x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P

    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey

    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

    x64-SSODL: WebCheck - <orphaned>

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]

    R0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-27 19224]

    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]

    R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-27 233328]

    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-27 13592]

    R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

    R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-27 189608]

    R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 161560]

    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-8-27 123320]

    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-8-27 126392]

    R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 363800]

    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

    R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-27 356632]

    R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-27 789272]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

    S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-3 155320]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

    S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736]

    .

    =============== Created Last 30 ================

    .

    2013-01-03 18:16:02 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D16D2A3-B914-430A-9F8D-51552C1EC6F7}\mpengine.dll

    2013-01-02 18:05:17 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2013-01-02 17:53:04 -------- d-----w- C:\FRST

    2013-01-01 18:24:25 -------- d-----w- C:\_OTL

    2012-12-30 09:32:35 -------- d-----w- C:\Users\Kristofer\AppData\Local\temp

    2012-12-28 23:44:08 98816 ----a-w- C:\Windows\sed.exe

    2012-12-28 23:44:08 256000 ----a-w- C:\Windows\PEV.exe

    2012-12-28 23:44:08 208896 ----a-w- C:\Windows\MBR.exe

    2012-12-28 17:28:40 -------- d-----w- C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185}

    2012-12-28 17:28:26 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal

    2012-12-21 21:04:27 46080 ----a-w- C:\Windows\System32\atmlib.dll

    2012-12-21 21:04:27 367616 ----a-w- C:\Windows\System32\atmfd.dll

    2012-12-21 21:04:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

    2012-12-21 21:04:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

    2012-12-11 18:32:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    .

    ==================== Find3M ====================

    .

    2012-12-14 23:18:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-12-14 23:18:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

    .

    ============= FINISH: 20:11:25,65 ===============

    2013-01-03 20:07:06.8.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13973 [GMT 1:00]

    Körs från: c:\users\Kristofer\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Skapade en ny återställningspunkt

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\programdata\dsgsdgdsgdsgw.pad

    .

    .

    (((((((((((((((((((((((( Filer skapade från 2012-12-03 till 2013-01-03 ))))))))))))))))))))))))))))))

    .

    .

    2013-01-03 19:09 . 2013-01-03 19:09 -------- d-----w- c:\users\Kristofer - 1\AppData\Local\temp

    2013-01-03 19:09 . 2013-01-03 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp

    2013-01-03 18:16 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D16D2A3-B914-430A-9F8D-51552C1EC6F7}\mpengine.dll

    2013-01-02 18:05 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2013-01-02 17:53 . 2013-01-02 17:53 -------- d-----w- C:\FRST

    2013-01-01 18:24 . 2013-01-01 18:24 -------- d-----w- C:\_OTL

    2012-12-30 09:32 . 2013-01-03 19:09 -------- d-----w- c:\users\Kristofer\AppData\Local\temp

    2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal

    2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe

    2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll

    2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

    2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

    .

    .

    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Not* tomma poster & legitima standardposter visas inte.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]

    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

    "StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

    R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

    R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]

    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

    S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

    S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]

    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]

    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]

    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]

    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]

    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]

    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]

    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

    S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]

    S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]

    .

    .

    Innehåll i mappen 'Schemalagda aktiviteter':

    .

    2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]

    "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]

    "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]

    .

    ------- Extra genomsökning -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.1.1

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"

    .

    --------------------- LÅSTA REGISTERNYCKLAR ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

    @="?????????????????? v1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

    @="?????????????????? v2"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Sluttid: 2013-01-03 20:10:40

    ComboFix-quarantined-files.txt 2013-01-03 19:10

    ComboFix2.txt 2012-12-30 10:54

    ComboFix3.txt 2012-12-30 10:27

    ComboFix4.txt 2012-12-29 16:22

    ComboFix5.txt 2013-01-03 19:06

    .

    Före genomsökningen: 552 446 492 672 byte ledigt

    Efter genomsökningen: 552 735 133 696 byte ledigt

    .

    - - End Of File - - C953C04C7EE1612FE4ADA651DD7065F0

     

     

     

    DDS:

     

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

    Run at 20:11:21 on 2013-01-03

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13967 [GMT 1:00]

    .

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\atieclxx.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

    C:\Program Files\Intel\iCLS Client\HeciServer.exe

    C:\Windows\system32\IProsetMonitor.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\System32\WUDFHost.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Personal\bin\Personal.exe

    C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Windows\System32\svchost.exe -k swprv

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

    mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

    mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

    uPolicies-Explorer: NoDrives = dword:0

    mPolicies-Explorer: NoDrives = dword:0

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    TCP: NameServer = 192.168.1.1

    TCP: Interfaces\{FBB10A48-4C68-43FC-B65E-DD076634270C} : DHCPNameServer = 192.168.1.1

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    SSODL: WebCheck - <orphaned>

    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

    x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P

    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey

    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

    x64-SSODL: WebCheck - <orphaned>

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]

    R0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-27 19224]

    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]

    R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-27 233328]

    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-27 13592]

    R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

    R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-27 189608]

    R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 161560]

    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-8-27 123320]

    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-8-27 126392]

    R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 363800]

    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

    R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-27 356632]

    R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-27 789272]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

    S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-3 155320]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

    S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736]

    .

    =============== Created Last 30 ================

    .

    2013-01-03 18:16:02 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D16D2A3-B914-430A-9F8D-51552C1EC6F7}\mpengine.dll

    2013-01-02 18:05:17 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2013-01-02 17:53:04 -------- d-----w- C:\FRST

    2013-01-01 18:24:25 -------- d-----w- C:\_OTL

    2012-12-30 09:32:35 -------- d-----w- C:\Users\Kristofer\AppData\Local\temp

    2012-12-28 23:44:08 98816 ----a-w- C:\Windows\sed.exe

    2012-12-28 23:44:08 256000 ----a-w- C:\Windows\PEV.exe

    2012-12-28 23:44:08 208896 ----a-w- C:\Windows\MBR.exe

    2012-12-28 17:28:40 -------- d-----w- C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185}

    2012-12-28 17:28:26 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal

    2012-12-21 21:04:27 46080 ----a-w- C:\Windows\System32\atmlib.dll

    2012-12-21 21:04:27 367616 ----a-w- C:\Windows\System32\atmfd.dll

    2012-12-21 21:04:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

    2012-12-21 21:04:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

    2012-12-11 18:32:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    .

    ==================== Find3M ====================

    .

    2012-12-14 23:18:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-12-14 23:18:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

    .

    ============= FINISH: 20:11:25,65 ===============

     

     

    =)


  7. Sparade ner fixlist.txt på en helt ren dator på jobbet.

     

    Såhär blev resultatet på den infekterade:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012

    Ran by SYSTEM at 2013-01-03 19:04:03 Run:1

    Running from G:\

     

    ==============================================

     

    bzhpvayj service deleted successfully.

    fcysqvmb service deleted successfully.

    ppldopsy service deleted successfully.

    C:\Users\All Users\dsgsdgdsgdsgw.js moved successfully.

     

    ==== End of Fixlog ====

     

     


  8. Hej,

    Läste inlägget och det verkar kunna lösa mitt problem. Jag har nämligen köpt Windows 8 upgrade, har Windows 7 Ultimate och upptäckte att min hårddisk var för liten. Köpte en större (Intel 520 Series 240GB SSD) och tänkte flytta över alltihopa till den. Hur flyttar jag allt som ligger på "C" och gör den nya hårddisken till "C"?

     

    Jag oroar mig också för om Microsoft kommer att betrakta den nya hårddisken som en ny dator/användare?

     

    Någon som vet?

     

    Mvh

    Mats

     

    Mig veterligen är det inte hårddisken som avgör huruvida det räknas som ny dator utan främst moderkortet. Det var beskedet till mig när jag valde att bygga ny dator, och således skaffade jag mig då även Win 7. Jag har själv bytt hårddisk och installerat samma "gamla" Windows 7 på den nya hårddisken men som är ansluten till samma moderkort. Jag har även en SSD på gång som jag skall installera det redan inhandlade Win 7 på. Hur det är med uppgraderingar till Win 8 vet jag inte men det bör ju rimligen följa samma analogi som tidigare... är dock inte säker.


  9. Nya tag och nu ser det fräschare ut utan att jag kopplat bort den gamla disken! Problemet är att datorn när man skall köra FRST döper om alla enhetsbeteckningarna.... men jag kan sannolikt identifiera detta som min bootdisk (d.v.s. C:) Hittar bl.a. USB 3.0. och det skvallrar om det nya moderkortet etc... I den gamla FRST fanns hur mycket gammalt skräp som helst (Abit moderkort bl.a.) som är dött och begravet på datorkyrkogården!

     

    Är det förresten "farligt" att ha den gamla disken kvar med eventuella trojaner etc. som andradisk, alltså bör jag formatera om den? Det skall ändå göras men jag undrar för nyfikenhetens skull!

     

    Således ny FRST! Vad sägs?

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012

    Ran by SYSTEM at 02-01-2013 18:53:07

    Running from G:\

    Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish

    The current controlset is ControlSet001

     

    ==================== Registry (Whitelisted) ===================

     

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6463592 2012-02-10] (Realtek Semiconductor)

    HKLM\...\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P [1158248 2012-02-08] (Realtek Semiconductor)

    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]

    HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-26] (Intel Corporation)

    HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [284440 2012-02-01] (Intel Corporation)

    HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)

    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

    HKU\Kristofer\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.)

    HKU\Kristofer - 1\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.)

    HKU\Kristofer - 1\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

    HKU\Kristofer - 1\...\Run: [spotify] "C:\Users\Kristofer - 1\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7880664 2012-10-27] (Spotify Ltd)

    HKU\Kristofer - 1\...\Run: [spotify Web Helper] "C:\Users\Kristofer - 1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-27] (Spotify Ltd)

    HKU\Kristofer - 1\...\Run: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [445624 2012-09-12] (Sony)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    Startup: C:\Users\All Users\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

    ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

     

    ==================== Services (Whitelisted) ===================

     

    2 DTSAudioSvc; "C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe" [233328 2012-01-23] (DTS, Inc)

    2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)

    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)

    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

    2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe /s [123320 2011-11-07] (Symantec Corporation)

    2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll" /prefetch:1 [132984 2011-11-07] (Symantec Corporation)

     

    ==================== Drivers (Whitelisted) =====================

     

    0 asahci64; C:\Windows\System32\Drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)

    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)

    2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)

    1 bzhpvayj; \??\C:\Windows\system32\drivers\bzhpvayj.sys [x]

    3 catchme; \??\C:\ComboFix\catchme.sys [x]

    1 fcysqvmb; \??\C:\Windows\system32\drivers\fcysqvmb.sys [x]

    1 ppldopsy; \??\C:\Windows\system32\drivers\ppldopsy.sys [x]

     

    ==================== NetSvcs (Whitelisted) ====================

     

     

    ==================== One Month Created Files and Folders ========

     

    2013-01-02 18:53 - 2013-01-02 18:53 - 00000000 ____D C:\FRST

    2013-01-02 18:10 - 2013-01-02 18:10 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{572BF5CE-9741-4B33-8168-8E6016D155C7}

    2013-01-01 23:02 - 2013-01-01 23:02 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A9B8925-AA15-4271-A66A-99584FCDEB31}

    2013-01-01 19:24 - 2013-01-01 19:24 - 00000000 ____D C:\_OTL

    2013-01-01 19:21 - 2013-01-01 19:21 - 00602112 ____A (OldTimer Tools) C:\Users\Kristofer\Desktop\OTL.exe

    2013-01-01 11:01 - 2013-01-01 11:02 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3A84C707-D9AC-42AF-9D55-F13BDA1D78C5}

    2012-12-31 10:30 - 2012-12-31 10:31 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D43BB784-0D06-415F-BDD5-F522A1F7D4C5}

    2012-12-30 22:22 - 2012-12-30 22:22 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

    2012-12-30 19:19 - 2012-12-30 19:20 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F08881AC-FC92-4815-A5D2-C7AF5A9E7658}

    2012-12-30 11:54 - 2012-12-30 11:54 - 00016179 ____A C:\ComboFix.txt

    2012-12-30 11:17 - 2012-12-30 11:17 - 05015826 ____R (Swearware) C:\Users\Kristofer\Desktop\ComboFix.exe

    2012-12-30 07:19 - 2012-12-30 07:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{37289BA3-E66C-4A31-A75F-2FB78ACA4BB2}

    2012-12-29 19:19 - 2012-12-29 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{11AE976F-699C-4B5C-9D22-F792F5CB3357}

    2012-12-29 15:13 - 2012-12-29 15:13 - 00002150 ____A C:\Users\Kristofer\Desktop\RKreport[5]_S_12292012_1512.txt

    2012-12-29 15:07 - 2012-12-29 15:07 - 00002434 ____A C:\Users\Kristofer\Desktop\RKreport[4]_S_12292012_02d1507.txt

    2012-12-29 14:23 - 2012-12-29 14:23 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\Gymförteckning 20121203.xlsx

    2012-12-29 13:09 - 2012-12-29 13:09 - 00015670 ____A C:\Users\Kristofer\Desktop\Combofix1.txt

    2012-12-29 01:36 - 2012-12-29 01:37 - 00004169 ____A C:\Users\Kristofer\Desktop\aswMBR.txt

    2012-12-29 01:36 - 2012-12-29 01:37 - 00000512 ____A C:\Users\Kristofer\Desktop\MBR.dat

    2012-12-29 01:29 - 2012-12-29 01:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8B326BBF-42D9-438B-9177-1147170704F0}

    2012-12-29 01:25 - 2012-12-29 01:26 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe.5y6u68o.partial

    2012-12-29 01:25 - 2012-12-29 01:25 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe

    2012-12-29 01:24 - 2012-12-29 01:24 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kristofer - 1\Desktop\tdsskiller.exe

    2012-12-29 00:49 - 2012-12-29 00:49 - 00015983 ____A C:\Users\Kristofer\Desktop\Combofix.txt

    2012-12-29 00:44 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe

    2012-12-29 00:44 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe

    2012-12-29 00:44 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

    2012-12-29 00:44 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

    2012-12-29 00:44 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

    2012-12-29 00:44 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe

    2012-12-29 00:44 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe

    2012-12-29 00:44 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe

    2012-12-29 00:42 - 2012-12-30 11:54 - 00000000 ____D C:\Qoobox

    2012-12-29 00:41 - 2012-12-29 11:14 - 00000000 ____D C:\Windows\erdnt

    2012-12-29 00:41 - 2012-12-29 11:10 - 05015489 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\ComboFix.exe

    2012-12-29 00:34 - 2012-12-29 00:34 - 00001875 ____A C:\Users\Kristofer\Desktop\RKreport[3]_D_12292012_02d0034.txt

    2012-12-29 00:33 - 2012-12-29 00:33 - 00002525 ____A C:\Users\Kristofer\Desktop\RKreport[2]_D_12292012_02d0033.txt

    2012-12-28 21:07 - 2012-12-28 21:07 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport S 12282012.txt

    2012-12-28 21:06 - 2012-12-28 21:06 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport[1]_S_12282012_02d2106.txt

    2012-12-28 21:05 - 2012-12-29 15:07 - 00000000 ____D C:\Users\Kristofer\Desktop\RK_Quarantine

    2012-12-28 21:03 - 2012-12-28 21:03 - 00688992 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\dds.scr

    2012-12-28 20:58 - 2012-12-28 20:58 - 00749056 ____A C:\Users\Kristofer - 1\Desktop\RogueKillerX64.exe

    2012-12-28 18:53 - 2012-12-28 18:53 - 00073374 ____A C:\Users\Kristofer\Desktop\OTL.Txt

    2012-12-28 18:53 - 2012-12-28 18:53 - 00053882 ____A C:\Users\Kristofer\Desktop\Extras.Txt

    2012-12-28 18:47 - 2012-12-29 11:26 - 00016369 ____A C:\Users\Kristofer\Desktop\dds.txt

    2012-12-28 18:47 - 2012-12-29 11:26 - 00006950 ____A C:\Users\Kristofer\Desktop\attach.txt

    2012-12-28 18:41 - 2012-12-28 18:41 - 00688992 ____R (Swearware) C:\Users\Kristofer\Desktop\dds.scr

    2012-12-28 18:41 - 2012-12-28 18:41 - 00139264 ____A C:\Users\Kristofer\Desktop\SystemLook.exe

    2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\Personal

    2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185}

    2012-12-28 16:15 - 2012-12-30 22:22 - 00002959 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

    2012-12-28 13:25 - 2012-12-28 13:25 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{4A0695D1-DFFD-403A-BD9B-FC2D10B563B9}

    2012-12-27 15:05 - 2012-12-27 15:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5D3C71B1-FC2C-4DF5-8D95-7D831F3951C6}

    2012-12-27 00:56 - 2012-12-27 00:56 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1CF05B28-2488-4506-A785-DE28DEDE9446}

    2012-12-26 10:16 - 2012-12-26 10:16 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2F04F958-0B14-46E3-BAC8-93EA3BCB46A6}

    2012-12-25 18:54 - 2012-12-25 18:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{05906058-5F62-47D6-978C-2B4F8733181A}

    2012-12-24 10:59 - 2012-12-24 10:59 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{17F20186-798D-4292-B9F0-229C09D21EC1}

    2012-12-23 16:05 - 2012-12-23 16:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5A60AF4F-3B93-4476-ACDC-2F0AA3DBEFDC}

    2012-12-22 21:40 - 2012-12-22 21:40 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{A9CE1DDD-2A8D-4CF4-8E58-DC251AD514C3}

    2012-12-21 22:04 - 2012-12-16 18:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

    2012-12-21 22:04 - 2012-12-16 15:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

    2012-12-21 22:04 - 2012-12-16 15:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

    2012-12-21 22:04 - 2012-12-16 15:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

    2012-12-21 22:03 - 2012-12-21 22:03 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D4913C59-6473-41E1-9184-D132D936B365}

    2012-12-20 20:37 - 2012-12-20 20:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{CF664DC2-48D4-4CAB-A7C7-BBE0CEC71F87}

    2012-12-19 19:27 - 2012-12-19 19:27 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{835F2E3A-7F3B-4594-B2F3-AC40E6DE27C2}

    2012-12-18 20:54 - 2012-12-18 20:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1B8B8CC8-7B23-499C-8584-4FAC01E2783B}

    2012-12-17 20:38 - 2012-12-17 20:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{89D409A9-7D2C-4A10-8487-02E4713D13D2}

    2012-12-16 17:38 - 2012-12-16 17:38 - 00077192 ___AT C:\Users\Kristofer - 1\Desktop\Jannica

    2012-12-16 12:36 - 2012-12-16 12:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F5C9C444-8A5A-4452-AF6A-76B91A2917D8}

    2012-12-15 20:41 - 2012-12-15 20:41 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{ADC72E47-EE38-4FAC-929B-4CA1ADABBC61}

    2012-12-15 00:17 - 2012-12-15 00:17 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7669C6EF-F14B-4B40-9F93-B87919D90676}

    2012-12-13 21:26 - 2012-12-13 21:27 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8367747F-B200-40B2-B369-50761FA7B68E}

    2012-12-12 19:56 - 2012-12-12 19:57 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{E101615B-D57B-4FD6-9C98-6FEDE4627827}

    2012-12-11 23:31 - 2012-11-14 08:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

    2012-12-11 23:31 - 2012-11-14 07:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

    2012-12-11 23:31 - 2012-11-14 07:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

    2012-12-11 23:31 - 2012-11-14 07:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

    2012-12-11 23:31 - 2012-11-14 07:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

    2012-12-11 23:31 - 2012-11-14 07:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

    2012-12-11 23:31 - 2012-11-14 07:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

    2012-12-11 23:31 - 2012-11-14 06:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

    2012-12-11 23:31 - 2012-11-14 06:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

    2012-12-11 23:31 - 2012-11-14 06:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

    2012-12-11 23:31 - 2012-11-14 06:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

    2012-12-11 23:31 - 2012-11-14 06:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

    2012-12-11 23:31 - 2012-11-14 06:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

    2012-12-11 23:31 - 2012-11-14 06:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

    2012-12-11 23:31 - 2012-11-14 06:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

    2012-12-11 23:31 - 2012-11-14 06:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

    2012-12-11 23:31 - 2012-11-14 03:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2012-12-11 23:31 - 2012-11-14 03:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2012-12-11 23:31 - 2012-11-14 03:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2012-12-11 23:31 - 2012-11-14 02:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2012-12-11 23:31 - 2012-11-14 02:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2012-12-11 23:31 - 2012-11-14 02:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2012-12-11 23:31 - 2012-11-14 02:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

    2012-12-11 23:31 - 2012-11-14 02:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2012-12-11 23:31 - 2012-11-14 02:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

    2012-12-11 23:31 - 2012-11-14 02:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2012-12-11 23:31 - 2012-11-14 02:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2012-12-11 23:31 - 2012-11-14 02:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2012-12-11 23:31 - 2012-11-14 02:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2012-12-11 23:31 - 2012-11-14 02:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

    2012-12-11 23:31 - 2012-11-14 02:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2012-12-11 23:31 - 2012-11-14 02:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2012-12-11 20:00 - 2012-12-11 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2C0CE8D4-D4C8-49A2-A4F9-F6FB70D5FAAE}

    2012-12-11 19:32 - 2012-11-22 04:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

    2012-12-11 19:32 - 2012-11-09 06:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

    2012-12-11 19:32 - 2012-11-09 05:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

    2012-12-11 19:32 - 2012-11-02 06:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

    2012-12-11 19:32 - 2012-11-02 06:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

    2012-12-11 19:32 - 2012-10-04 18:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

    2012-12-11 19:32 - 2012-10-04 18:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

    2012-12-11 19:32 - 2012-10-04 18:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

    2012-12-11 19:32 - 2012-10-04 18:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

    2012-12-11 19:32 - 2012-10-04 18:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

    2012-12-11 19:32 - 2012-10-04 18:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

    2012-12-11 19:32 - 2012-10-04 18:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

    2012-12-11 19:32 - 2012-10-04 17:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

    2012-12-11 19:32 - 2012-10-04 17:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 16:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

    2012-12-11 19:32 - 2012-10-04 15:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

    2012-12-11 19:32 - 2012-10-04 15:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

    2012-12-11 19:32 - 2012-10-04 15:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

    2012-12-11 19:32 - 2012-10-04 15:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

    2012-12-11 19:32 - 2012-10-04 15:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 15:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 15:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

    2012-12-11 19:32 - 2012-10-04 15:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

    2012-12-10 20:32 - 2012-12-10 20:32 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{C38E1182-C661-4C56-BB23-D73017BEF2B7}

    2012-12-09 23:36 - 2012-12-09 23:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B13276A3-1A57-4A73-8D82-3C47B30A4A02}

    2012-12-09 18:54 - 2012-12-09 18:54 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\GYM2012-12.xlsx

    2012-12-09 11:35 - 2012-12-09 11:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D3D5707D-0FC1-4A8A-AC0D-1F628D45079F}

    2012-12-08 22:23 - 2012-12-08 22:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{67DAA17B-DA47-4F26-B0A4-7273F5CB9370}

    2012-12-08 10:23 - 2012-12-08 10:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B666FAD0-B4E2-4625-9507-934E1132DE94}

    2012-12-07 20:00 - 2012-12-07 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{6C744D3A-9F1A-4C9A-B490-ADE49AE75AE0}

    2012-12-06 19:19 - 2012-12-06 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{9AAB8196-AD46-426E-82CE-41FCD6E7F63F}

    2012-12-05 20:28 - 2012-12-05 20:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A0D0F2C-6EB5-4B63-BF8E-20773BF0CB14}

    2012-12-05 07:13 - 2012-12-05 07:14 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{52DD2F11-32C9-417B-9E39-9481CDE96F41}

    2012-12-04 18:39 - 2012-12-04 18:40 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{62562F11-0A50-4009-BE94-70DD05D2C834}

    2012-12-03 21:00 - 2012-12-03 21:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\dvdcss

    2012-12-03 20:29 - 2012-12-03 20:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3D622C88-B53C-40C5-93FC-840E31E45FE0}

     

    ==================== One Month Modified Files and Folders =======

     

    2013-01-02 18:53 - 2013-01-02 18:53 - 00000000 ____D C:\FRST

    2013-01-02 18:50 - 2012-08-27 19:06 - 02041010 ____A C:\Windows\WindowsUpdate.log

    2013-01-02 18:34 - 2009-07-14 05:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2013-01-02 18:34 - 2009-07-14 05:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2013-01-02 18:28 - 2012-11-11 19:15 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2013-01-02 18:27 - 2012-11-11 19:15 - 00000996 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2013-01-02 18:27 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

    2013-01-02 18:27 - 2009-07-14 05:51 - 00041247 ____A C:\Windows\setupact.log

    2013-01-02 18:17 - 2012-09-22 22:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\Spotify

    2013-01-02 18:17 - 2012-09-22 22:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\Spotify

    2013-01-02 18:17 - 2012-08-31 18:26 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\Skype

    2013-01-02 18:10 - 2013-01-02 18:10 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{572BF5CE-9741-4B33-8168-8E6016D155C7}

    2013-01-01 23:40 - 2012-09-01 20:33 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\vlc

    2013-01-01 23:13 - 2012-09-04 19:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\Azureus

    2013-01-01 23:02 - 2013-01-01 23:02 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A9B8925-AA15-4271-A66A-99584FCDEB31}

    2013-01-01 22:18 - 2012-08-27 20:32 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\Skype

    2013-01-01 19:55 - 2011-04-12 15:28 - 00625534 ____A C:\Windows\System32\perfh01D.dat

    2013-01-01 19:55 - 2011-04-12 15:28 - 00123688 ____A C:\Windows\System32\perfc01D.dat

    2013-01-01 19:55 - 2009-07-14 06:13 - 01466438 ____A C:\Windows\System32\PerfStringBackup.INI

    2013-01-01 19:51 - 2012-08-28 17:34 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\vlc

    2013-01-01 19:24 - 2013-01-01 19:24 - 00000000 ____D C:\_OTL

    2013-01-01 19:21 - 2013-01-01 19:21 - 00602112 ____A (OldTimer Tools) C:\Users\Kristofer\Desktop\OTL.exe

    2013-01-01 18:54 - 2012-08-28 19:30 - 00000000 ____D C:\users\Kristofer - 1

    2013-01-01 11:02 - 2013-01-01 11:01 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3A84C707-D9AC-42AF-9D55-F13BDA1D78C5}

    2012-12-31 10:31 - 2012-12-31 10:30 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D43BB784-0D06-415F-BDD5-F522A1F7D4C5}

    2012-12-30 22:22 - 2012-12-30 22:22 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

    2012-12-30 22:22 - 2012-12-28 16:15 - 00002959 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

    2012-12-30 19:20 - 2012-12-30 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F08881AC-FC92-4815-A5D2-C7AF5A9E7658}

    2012-12-30 11:54 - 2012-12-30 11:54 - 00016179 ____A C:\ComboFix.txt

    2012-12-30 11:54 - 2012-12-29 00:42 - 00000000 ____D C:\Qoobox

    2012-12-30 11:52 - 2010-11-21 04:47 - 00048850 ____A C:\Windows\PFRO.log

    2012-12-30 11:52 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini

    2012-12-30 11:17 - 2012-12-30 11:17 - 05015826 ____R (Swearware) C:\Users\Kristofer\Desktop\ComboFix.exe

    2012-12-30 07:19 - 2012-12-30 07:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{37289BA3-E66C-4A31-A75F-2FB78ACA4BB2}

    2012-12-29 22:47 - 2012-08-28 19:23 - 00000000 ____D C:\Foton

    2012-12-29 19:19 - 2012-12-29 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{11AE976F-699C-4B5C-9D22-F792F5CB3357}

    2012-12-29 15:13 - 2012-12-29 15:13 - 00002150 ____A C:\Users\Kristofer\Desktop\RKreport[5]_S_12292012_1512.txt

    2012-12-29 15:07 - 2012-12-29 15:07 - 00002434 ____A C:\Users\Kristofer\Desktop\RKreport[4]_S_12292012_02d1507.txt

    2012-12-29 15:07 - 2012-12-28 21:05 - 00000000 ____D C:\Users\Kristofer\Desktop\RK_Quarantine

    2012-12-29 14:23 - 2012-12-29 14:23 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\Gymförteckning 20121203.xlsx

    2012-12-29 13:09 - 2012-12-29 13:09 - 00015670 ____A C:\Users\Kristofer\Desktop\Combofix1.txt

    2012-12-29 11:26 - 2012-12-28 18:47 - 00016369 ____A C:\Users\Kristofer\Desktop\dds.txt

    2012-12-29 11:26 - 2012-12-28 18:47 - 00006950 ____A C:\Users\Kristofer\Desktop\attach.txt

    2012-12-29 11:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF

    2012-12-29 11:14 - 2012-12-29 00:41 - 00000000 ____D C:\Windows\erdnt

    2012-12-29 11:10 - 2012-12-29 00:41 - 05015489 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\ComboFix.exe

    2012-12-29 01:37 - 2012-12-29 01:36 - 00004169 ____A C:\Users\Kristofer\Desktop\aswMBR.txt

    2012-12-29 01:37 - 2012-12-29 01:36 - 00000512 ____A C:\Users\Kristofer\Desktop\MBR.dat

    2012-12-29 01:29 - 2012-12-29 01:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8B326BBF-42D9-438B-9177-1147170704F0}

    2012-12-29 01:26 - 2012-12-29 01:25 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe.5y6u68o.partial

    2012-12-29 01:26 - 2012-09-22 22:44 - 13138000 ____A C:\Users\Kristofer - 1\Downloads\FuturisticFractals_DLawler.themepack

    2012-12-29 01:25 - 2012-12-29 01:25 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe

    2012-12-29 01:24 - 2012-12-29 01:24 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kristofer - 1\Desktop\tdsskiller.exe

    2012-12-29 00:49 - 2012-12-29 00:49 - 00015983 ____A C:\Users\Kristofer\Desktop\Combofix.txt

    2012-12-29 00:48 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default

    2012-12-29 00:37 - 2012-08-27 20:00 - 00000000 ____D C:\Users\Kristofer\Tracing

    2012-12-29 00:34 - 2012-12-29 00:34 - 00001875 ____A C:\Users\Kristofer\Desktop\RKreport[3]_D_12292012_02d0034.txt

    2012-12-29 00:33 - 2012-12-29 00:33 - 00002525 ____A C:\Users\Kristofer\Desktop\RKreport[2]_D_12292012_02d0033.txt

    2012-12-28 21:07 - 2012-12-28 21:07 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport S 12282012.txt

    2012-12-28 21:06 - 2012-12-28 21:06 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport[1]_S_12282012_02d2106.txt

    2012-12-28 21:03 - 2012-12-28 21:03 - 00688992 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\dds.scr

    2012-12-28 20:58 - 2012-12-28 20:58 - 00749056 ____A C:\Users\Kristofer - 1\Desktop\RogueKillerX64.exe

    2012-12-28 18:53 - 2012-12-28 18:53 - 00073374 ____A C:\Users\Kristofer\Desktop\OTL.Txt

    2012-12-28 18:53 - 2012-12-28 18:53 - 00053882 ____A C:\Users\Kristofer\Desktop\Extras.Txt

    2012-12-28 18:41 - 2012-12-28 18:41 - 00688992 ____R (Swearware) C:\Users\Kristofer\Desktop\dds.scr

    2012-12-28 18:41 - 2012-12-28 18:41 - 00139264 ____A C:\Users\Kristofer\Desktop\SystemLook.exe

    2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\Personal

    2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185}

    2012-12-28 18:28 - 2012-08-27 19:42 - 00068328 ____A C:\Users\Kristofer\AppData\Local\GDIPFONTCACHEV1.DAT

    2012-12-28 18:28 - 2012-08-27 19:06 - 00000000 ____D C:\users\Kristofer

    2012-12-28 13:25 - 2012-12-28 13:25 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{4A0695D1-DFFD-403A-BD9B-FC2D10B563B9}

    2012-12-27 15:05 - 2012-12-27 15:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5D3C71B1-FC2C-4DF5-8D95-7D831F3951C6}

    2012-12-27 00:56 - 2012-12-27 00:56 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1CF05B28-2488-4506-A785-DE28DEDE9446}

    2012-12-26 10:16 - 2012-12-26 10:16 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2F04F958-0B14-46E3-BAC8-93EA3BCB46A6}

    2012-12-25 18:54 - 2012-12-25 18:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{05906058-5F62-47D6-978C-2B4F8733181A}

    2012-12-24 10:59 - 2012-12-24 10:59 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{17F20186-798D-4292-B9F0-229C09D21EC1}

    2012-12-23 16:05 - 2012-12-23 16:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5A60AF4F-3B93-4476-ACDC-2F0AA3DBEFDC}

    2012-12-22 21:40 - 2012-12-22 21:40 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{A9CE1DDD-2A8D-4CF4-8E58-DC251AD514C3}

    2012-12-21 22:09 - 2009-07-14 05:45 - 00307616 ____A C:\Windows\System32\FNTCACHE.DAT

    2012-12-21 22:03 - 2012-12-21 22:03 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D4913C59-6473-41E1-9184-D132D936B365}

    2012-12-20 20:38 - 2012-12-20 20:37 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{CF664DC2-48D4-4CAB-A7C7-BBE0CEC71F87}

    2012-12-19 19:27 - 2012-12-19 19:27 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{835F2E3A-7F3B-4594-B2F3-AC40E6DE27C2}

    2012-12-18 20:54 - 2012-12-18 20:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1B8B8CC8-7B23-499C-8584-4FAC01E2783B}

    2012-12-17 20:38 - 2012-12-17 20:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{89D409A9-7D2C-4A10-8487-02E4713D13D2}

    2012-12-16 18:11 - 2012-12-21 22:04 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

    2012-12-16 17:38 - 2012-12-16 17:38 - 00077192 ___AT C:\Users\Kristofer - 1\Desktop\Jannica

    2012-12-16 15:45 - 2012-12-21 22:04 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

    2012-12-16 15:13 - 2012-12-21 22:04 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

    2012-12-16 15:13 - 2012-12-21 22:04 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

    2012-12-16 12:36 - 2012-12-16 12:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F5C9C444-8A5A-4452-AF6A-76B91A2917D8}

    2012-12-15 20:41 - 2012-12-15 20:41 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{ADC72E47-EE38-4FAC-929B-4CA1ADABBC61}

    2012-12-15 00:18 - 2012-08-27 20:28 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2012-12-15 00:18 - 2012-08-27 20:28 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2012-12-15 00:17 - 2012-12-15 00:17 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7669C6EF-F14B-4B40-9F93-B87919D90676}

    2012-12-13 21:27 - 2012-12-13 21:26 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8367747F-B200-40B2-B369-50761FA7B68E}

    2012-12-12 20:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

    2012-12-12 19:57 - 2012-12-12 19:56 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{E101615B-D57B-4FD6-9C98-6FEDE4627827}

    2012-12-11 23:32 - 2012-09-01 12:09 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

    2012-12-11 23:31 - 2012-08-28 17:04 - 00000000 ____D C:\Users\All Users\Microsoft Help

    2012-12-11 20:00 - 2012-12-11 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2C0CE8D4-D4C8-49A2-A4F9-F6FB70D5FAAE}

    2012-12-10 20:33 - 2012-11-03 17:26 - 00002026 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

    2012-12-10 20:33 - 2012-08-27 19:33 - 00196316 ____A C:\Windows\DPINST.LOG

    2012-12-10 20:32 - 2012-12-10 20:32 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{C38E1182-C661-4C56-BB23-D73017BEF2B7}

    2012-12-10 20:32 - 2012-08-27 19:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

    2012-12-09 23:36 - 2012-12-09 23:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B13276A3-1A57-4A73-8D82-3C47B30A4A02}

    2012-12-09 18:54 - 2012-12-09 18:54 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\GYM2012-12.xlsx

    2012-12-09 11:36 - 2012-12-09 11:35 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D3D5707D-0FC1-4A8A-AC0D-1F628D45079F}

    2012-12-08 22:23 - 2012-12-08 22:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{67DAA17B-DA47-4F26-B0A4-7273F5CB9370}

    2012-12-08 10:23 - 2012-12-08 10:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B666FAD0-B4E2-4625-9507-934E1132DE94}

    2012-12-07 20:35 - 2012-09-04 19:26 - 00000000 ____D C:\Program Files (x86)\Vuze

    2012-12-07 20:00 - 2012-12-07 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{6C744D3A-9F1A-4C9A-B490-ADE49AE75AE0}

    2012-12-06 19:19 - 2012-12-06 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{9AAB8196-AD46-426E-82CE-41FCD6E7F63F}

    2012-12-05 20:29 - 2012-12-05 20:28 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A0D0F2C-6EB5-4B63-BF8E-20773BF0CB14}

    2012-12-05 07:14 - 2012-12-05 07:13 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{52DD2F11-32C9-417B-9E39-9481CDE96F41}

    2012-12-04 18:40 - 2012-12-04 18:39 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{62562F11-0A50-4009-BE94-70DD05D2C834}

    2012-12-04 06:49 - 2009-07-14 06:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT

    2012-12-03 21:00 - 2012-12-03 21:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\dvdcss

    2012-12-03 20:29 - 2012-12-03 20:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3D622C88-B53C-40C5-93FC-840E31E45FE0}

     

    ==================== Known DLLs (Whitelisted) =================

     

     

    ==================== Bamital & volsnap Check =================

     

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\SysWOW64\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\SysWOW64\explorer.exe => MD5 is legit

    C:\Windows\System32\svchost.exe => MD5 is legit

    C:\Windows\SysWOW64\svchost.exe => MD5 is legit

    C:\Windows\System32\services.exe => MD5 is legit

    C:\Windows\System32\User32.dll => MD5 is legit

    C:\Windows\SysWOW64\User32.dll => MD5 is legit

    C:\Windows\System32\userinit.exe => MD5 is legit

    C:\Windows\SysWOW64\userinit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

     

    ==================== EXE ASSOCIATION =====================

     

    HKLM\...\.exe: exefile => OK

    HKLM\...\exefile\DefaultIcon: %1 => OK

    HKLM\...\exefile\open\command: "%1" %* => OK

     

    ==================== Restore Points =========================

     

    Restore point made on: 2012-12-30 02:45:25

    Restore point made on: 2013-01-01 10:00:23

    Restore point made on: 2013-01-01 19:24:38

     

    ==================== Memory info ===========================

     

    Percentage of memory in use: 7%

    Total physical RAM: 16336.89 MB

    Available physical RAM: 15170.32 MB

    Total Pagefile: 16335.09 MB

    Available Pagefile: 15162.32 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.89 MB

     

    ==================== Partitions =============================

     

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:514.75 GB) NTFS

    3 Drive g: () (Removable) (Total:3.78 GB) (Free:3.5 GB) FAT32

    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    5 Drive y: (Reserverad av systemet) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

     

    Disk nr Status Storlek Ledigt Dyn Gpt

    -------- ------------- ------- ------- --- ---

    Disk nr 0 Online 931 G B 0 B

    Disk nr 1 Online 931 G B 8 M B

    Disk nr 2 Online 3882 M B 0 B

     

     

    Partitions of Disk 0:

    ===============

     

    Disk 0 „r nu den valda disken.

     

    Partitionsnr Typ Storlek Start

    ------------- ---------------- ------- -------

    Partitionsnr 1 Prim„r 100 M 1024 K

    Partitionsnr 2 Prim„r 931 G 101 M

     

    ==================================================================================

     

    Disk: 0

    Disk 0 „r nu den valda disken.

     

    Partition 1 „r nu den valda partitionen.

     

    Partition 1

    Typ : 07

    Dold : Nej

    Aktiv : Ja

    Offset i byte: 1048576

     

    Volymnr Enh Etikett Fils. Typ Storlek Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volymnr 1 Y Reserverad NTFS Partition 100 M Felfri

     

    =========================================================

     

    Disk: 0

    Disk 0 „r nu den valda disken.

     

    Partition 2 „r nu den valda partitionen.

     

    Partition 2

    Typ : 07

    Dold : Nej

    Aktiv : Nej

    Offset i byte: 105906176

     

    Volymnr Enh Etikett Fils. Typ Storlek Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volymnr 2 C NTFS Partition 931 G Felfri

     

    =========================================================

     

    Partitions of Disk 1:

    ===============

     

    Disk 1 „r nu den valda disken.

     

    Partitionsnr Typ Storlek Start

    ------------- ---------------- ------- -------

    Partitionsnr 1 Prim„r 931 G 31 K

     

    ==================================================================================

     

    Disk: 1

    Disk 1 „r nu den valda disken.

     

    Partition 1 „r nu den valda partitionen.

     

    Partition 1

    Typ : 07

    Dold : Nej

    Aktiv : Ja

    Offset i byte: 32256

     

    Volymnr Enh Etikett Fils. Typ Storlek Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volymnr 3 NTFS Partition 931 G Felfri

     

    =========================================================

     

    Partitions of Disk 2:

    ===============

     

    Disk 2 „r nu den valda disken.

     

    Partitionsnr Typ Storlek Start

    ------------- ---------------- ------- -------

    * Partitionsnr 1 Prim„r 3882 M 0 B

     

    ==================================================================================

     

    Disk: 2

    Disk 2 „r nu den valda disken.

     

    Ingen partition har valts.

     

    Ingen partition har valts.

    V„lj en partition och f”rs”k sedan igen.

     

    =========================================================

     

    Last Boot: 2012-12-28 14:25

     

    ==================== End Of Log =============================


  10. Efter mycket bråk lyckades det förhoppningsvis. Datorn tillät mig inte att köra Reparera från den infekterade användaren utan fick jag köra från administratör. Därefter frågade programmet om det var Win XP (ligger på min gamla disk = D:) som skulle repareras och det var det natruligtvis inte. Fick fråga om andra enheter men tillslut verkade den köra Local Disk d.v.s. C: efter en del bråk.

     

    Hopps det var rätt. Men dessvärre ser det skumt ut med Win XP i nedanstående logg.

     

    Jag kanske får ta ur den HD medan vi testar med FRST för detta verkar klurigt eftersom datorn själv valde den disken?

     

    Förstår inte varför det står Running from G: nedan, när det senare i listan står C: och då datorn valde Local Disk... och varför skulle det bli en annan HD än den som jag normalt bootar ifrån? (Jag kanske bör tillägga att det är den gamla "polistrojandisken" som fixades i somras som sitter som andradisk och den skall formateras. Jag har bara inte hunnit färdigställa mitt datorbygge.)

     

    Jag tror proceduren bör köras om, när jag plockat ut den gamla HD?

     

    Här är i vart fall resultatet:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012

    Ran by SYSTEM at 02-01-2013 18:26:14

    Running from G:\

    Microsoft Windows XP Service Pack 1 (X64) OS Language: Swedish

    The current controlset is ControlSet003

     

    ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.

    ==================== Registry (Whitelisted) ===================

     

    HKLM\...\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe [x]

    HKLM\...\Run: [ABIT uGuru] C:\Program\ABIT\ABIT uGuru\uGuru.exe [1695827 2004-09-13] (ABIT Computer Corporation)

    HKLM\...\Run: [GuruClock] C:\Program\ABIT\ABIT uGuru\GuruClock.exe [4489280 2004-09-29] (ABIT Computer Corp.)

    HKLM\...\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [495616 2007-01-26] ()

    HKLM\...\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe [676040 2011-02-22] ()

    HKLM\...\Run: [ATICustomerCare] "C:\Program\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)

    HKLM\...\Run: [soundMan] SOUNDMAN.EXE [x]

    HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x]

    HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]

    HKLM\...\Run: [e-kort] C:\Program\ekort\ekort.exe /dontopenmycards /Autostart [377856 2008-12-11] (Orbiscom Ltd. All rights reserved.)

    HKLM\...\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

    HKLM\...\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2011-12-05] (Advanced Micro Devices, Inc.)

    HKLM\...\Run: [DivXUpdate] "C:\Program\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()

    HKLM\...\Run: [MSC] "c:\Program\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)

    HKU\Administratör\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)

    HKU\Default User\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)

    HKU\Kristofer\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)

    HKU\Kristofer\...\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)

    HKU\Kristofer\...\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

    HKU\Kristofer\...\Run: [spotify Web Helper] "C:\Program\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-16] ()

    HKU\Kristofer\...\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /minimized /regrun [17417392 2012-07-03] (Skype Technologies S.A.)

    HKU\LocalService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)

    HKU\NetworkService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)

    HKLM-x32\...\Winlogon: [userinit] [x]

    HKLM-x32\...\Winlogon: [shell] [x ] ()

    Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)

    Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)

    Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)

    Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)

    Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)

    Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)

    Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)

    Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)

    Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)

    Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)

    Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

     

    ==================== Services (Whitelisted) ===================

     

    3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2012-08-02] (Adobe Systems Incorporated)

    4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)

    3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)

    2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [643072 2011-12-06] (ATI Technologies Inc.)

    4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)

    3 dmadmin; C:\Windows\System32\dmadmin.exe /com [225280 2008-04-14] (Microsoft Corporation, Veritas Software)

    3 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corporation)

    2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)

    2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-09] (Microsoft Corporation)

    3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)

    3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)

    2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)

    3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)

    3 IDriverT; "C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-04] (Macrovision Corporation)

    3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [881664 2008-07-29] (Microsoft Corporation)

    3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)

    2 Jamcast; "C:\Program\Jamcast\jamcastsvc.exe" [62704 2010-12-18] (Software Development Solutions, Inc.)

    2 Lavasoft Ad-Aware Service; "C:\Program\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)

    4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)

    3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)

    2 MsMpSvc; "C:\Program\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)

    4 NetDDE; C:\Windows\System32\netdde.exe [112640 2008-04-14] (Microsoft Corporation)

    4 NetDDEdsdm; C:\Windows\System32\netdde.exe [112640 2008-04-14] (Microsoft Corporation)

    3 Nla; C:\Windows\System32\mswsock.dll [247296 2008-06-20] (Microsoft Corporation)

    3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

    3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435712 2008-04-14] (Microsoft Corporation)

    3 odserv; "C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE" [440696 2011-07-20] (Microsoft Corporation)

    3 ose; "C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)

    2 PlugPlay; C:\Windows\System32\services.exe [110592 2009-02-09] (Microsoft Corporation)

    2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

    3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)

    3 RSVP; C:\Windows\System32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation)

    3 SCardSvr; C:\Windows\System32\SCardSvr.exe [98304 2008-04-14] (Microsoft Corporation)

    2 Secunia PSI Agent; C:\Program\Secunia\PSI\PSIA.exe --start-service [1326176 2012-06-27] (Secunia)

    2 Secunia Update Agent; C:\Program\Secunia\PSI\sua.exe --start-service [681056 2012-06-27] (Secunia)

    2 Skype C2C Service; "C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-07-05] (Skype Technologies S.A.)

    2 SkypeUpdate; C:\Program\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies)

    3 Sony PC Companion; "C:\Program\Sony\Sony PC Companion\PCCService.exe" [155320 2012-01-18] (Avanquest Software)

    2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)

    3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{0197C7F7-9611-40FC-99B3-CC1A0C8B26C0} [5120 2008-04-14] (Microsoft Corporation)

    3 SysmonLog; C:\Windows\System32\smlogsvc.exe [91648 2008-04-14] (Microsoft Corporation)

    3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)

    2 VoddlerNet; C:\Program\Voddler\service\voddler.exe [1039640 2011-02-22] (Voddler)

    3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)

    3 WMPNetworkSvc; "C:\Program\Windows Media Player\WMPNetwk.exe" [912384 2006-11-15] (Microsoft Corporation)

    2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)

    2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)

    3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)

    3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]

    4 HidServ; C:\Windows\System32\hidserv.dll [x]

     

    ==================== Drivers (Whitelisted) =====================

     

    4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11776 2004-08-04] (Microsoft Corporation)

    3 aec; C:\Windows\System32\Drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)

    3 Arp1394; C:\Windows\System32\Drivers\Arp1394.sys [60800 2008-04-13] (Microsoft Corporation)

    3 ati2mtag; C:\Windows\System32\Drivers\ati2mtag.sys [7490560 2011-12-06] (ATI Technologies Inc.)

    3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [100368 2011-12-20] (Advanced Micro Devices)

    3 Atmarpc; C:\Windows\System32\Drivers\Atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)

    3 audstub; C:\Windows\System32\Drivers\audstub.sys [3072 2001-08-17] (Microsoft Corporation)

    3 BVRPMPR5; C:\Windows\System32\Drivers\BVRPMPR5.sys [49904 2010-09-27] (Avanquest Software)

    4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation)

    1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation)

    4 dmboot; C:\Windows\System32\Drivers\dmboot.sys [800000 2008-04-14] (Microsoft Corporation, Veritas Software)

    4 dmio; C:\Windows\System32\Drivers\dmio.sys [153856 2008-04-14] (Microsoft Corporation, Veritas Software)

    4 dmload; C:\Windows\System32\Drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.)

    3 DMusic; C:\Windows\System32\Drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)

    1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)

    0 Ftdisk; C:\Windows\System32\Drivers\Ftdisk.sys [125696 2004-08-04] (Microsoft Corporation)

    3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)

    3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [113664 2004-03-17] (Windows ® Server 2003 DDK provider)

    3 HDAudBus; C:\Windows\System32\Drivers\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)

    1 Imapi; C:\Windows\System32\Drivers\Imapi.sys [42112 2008-04-13] (Microsoft Corporation)

    3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [4713472 2010-12-20] (Realtek Semiconductor Corp.)

    3 Ip6Fw; C:\Windows\System32\Drivers\Ip6Fw.sys [36608 2008-04-13] (Microsoft Corporation)

    3 IpInIp; C:\Windows\System32\Drivers\IpInIp.sys [20864 2008-04-13] (Microsoft Corporation)

    1 IPSec; C:\Windows\System32\Drivers\IPSec.sys [75264 2008-04-13] (Microsoft Corporation)

    3 kmixer; C:\Windows\System32\Drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)

    3 Lavasoft Kernexplorer; \??\C:\Program\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-03-02] ()

    0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [64512 2011-03-02] (Lavasoft AB)

    1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation)

    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)

    3 NIC1394; C:\Windows\System32\Drivers\NIC1394.sys [61824 2008-04-13] (Microsoft Corporation)

    3 NwlnkFlt; C:\Windows\System32\Drivers\NwlnkFlt.sys [12416 2004-08-04] (Microsoft Corporation)

    3 NwlnkFwd; C:\Windows\System32\Drivers\NwlnkFwd.sys [32512 2004-08-04] (Microsoft Corporation)

    3 PSched; C:\Windows\System32\Drivers\PSched.sys [69120 2008-04-13] (Microsoft Corporation)

    3 Ptilink; C:\Windows\System32\Drivers\Ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.)

    0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2010-07-12] (Sonic Solutions)

    3 Raspti; C:\Windows\System32\Drivers\Raspti.sys [16512 2004-08-04] (Microsoft Corporation)

    1 redbook; C:\Windows\System32\Drivers\redbook.sys [58240 2008-04-14] (Microsoft Corporation)

    3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-13] (Realtek Semiconductor Corporation )

    3 s0016bus; C:\Windows\System32\Drivers\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)

    3 s0016mdfl; C:\Windows\System32\Drivers\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)

    3 s0016mdm; C:\Windows\System32\Drivers\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)

    3 s0016mgmt; C:\Windows\System32\Drivers\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)

    3 s0016nd5; C:\Windows\System32\Drivers\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)

    3 s0016obex; C:\Windows\System32\Drivers\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)

    3 s0016unic; C:\Windows\System32\Drivers\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)

    3 sea1bus; C:\Windows\System32\Drivers\sea1bus.sys [61536 2007-02-08] (MCCI)

    3 sea1mdfl; C:\Windows\System32\Drivers\sea1mdfl.sys [9360 2007-02-08] (MCCI)

    3 sea1mdm; C:\Windows\System32\Drivers\sea1mdm.sys [97088 2007-02-08] (MCCI)

    3 sea1mgmt; C:\Windows\System32\Drivers\sea1mgmt.sys [88624 2007-02-08] (MCCI)

    3 sea1nd5; C:\Windows\System32\Drivers\sea1nd5.sys [18704 2007-02-08] (MCCI)

    3 sea1obex; C:\Windows\System32\Drivers\sea1obex.sys [86432 2007-02-08] (MCCI)

    3 sea1unic; C:\Windows\System32\Drivers\sea1unic.sys [90800 2007-02-08] (MCCI)

    3 splitter; C:\Windows\System32\Drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)

    0 sr; C:\Windows\System32\Drivers\sr.sys [73344 2008-04-14] (Microsoft Corporation)

    3 swmidi; C:\Windows\System32\Drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)

    3 sysaudio; C:\Windows\System32\Drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)

    0 uGuru; C:\Windows\System32\Drivers\uGuru.sys [10752 2004-08-04] (ABIT Computer Corporation)

    3 Update; C:\Windows\System32\Drivers\Update.sys [384768 2008-04-13] (Microsoft Corporation)

    3 wdmaud; C:\Windows\System32\Drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)

    0 Winflash; C:\Windows\System32\Drivers\Winflash.sys [3548 2002-09-17] ()

    4 Abiosdsk; [x]

    4 abp480n5; [x]

    4 adpu160m; [x]

    4 Aha154x; [x]

    4 aic78u2; [x]

    4 aic78xx; [x]

    4 AliIde; [x]

    4 amsint; [x]

    4 asc; [x]

    4 asc3350p; [x]

    4 asc3550; [x]

    4 Atdisk; [x]

    4 cd20xrnt; [x]

    4 CmdIde; [x]

    4 Cpqarray; [x]

    4 dac2w2k; [x]

    4 dac960nt; [x]

    4 dpti2o; [x]

    4 hpn; [x]

    1 i2omgmt; [x]

    4 i2omp; [x]

    4 ini910u; [x]

    1 lbrtfdc; [x]

    4 mraid35x; [x]

    1 PCIDump; [x]

    3 PDCOMP; [x]

    3 PDFRAME; [x]

    3 PDRELI; [x]

    3 PDRFRAME; [x]

    4 perc2; [x]

    4 perc2hib; [x]

    4 ql1080; [x]

    4 Ql10wnt; [x]

    4 ql12160; [x]

    4 ql1240; [x]

    4 ql1280; [x]

    4 Simbad; [x]

    4 Sparrow; [x]

    4 symc810; [x]

    4 symc8xx; [x]

    4 sym_hi; [x]

    4 sym_u3; [x]

    4 TosIde; [x]

    4 ultra; [x]

    4 ViaIde; [x]

    3 WDICA; [x]

     

    ==================== NetSvcs (Whitelisted) ====================

     

     

    ==================== One Month Created Files and Folders ========

     

    2013-01-02 18:26 - 2013-01-02 18:26 - 00000000 ____D C:\FRST

     

     

    ==================== One Month Modified Files and Folders =======

     

    2013-01-02 18:26 - 2013-01-02 18:26 - 00000000 ____D C:\FRST

     

     

    ==================== Known DLLs (Whitelisted) =================

     

    C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\comdlg32.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\imagehlp.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\lz32.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\oleaut32.dll IS MISSING <==== ATTENTION!

    [2004-08-04 13:00] - [2008-04-14 17:04] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll

    C:\Windows\SysWOW64\olecli32.dll IS MISSING <==== ATTENTION!

    [2004-08-04 13:00] - [2008-04-14 17:04] - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll

    C:\Windows\SysWOW64\olecnv32.dll IS MISSING <==== ATTENTION!

    [2004-08-04 13:00] - [2004-08-04 13:00] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll

    C:\Windows\SysWOW64\olesvr32.dll IS MISSING <==== ATTENTION!

    [2004-08-04 13:00] - [2004-08-04 13:00] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll

    C:\Windows\SysWOW64\olethk32.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\shell32.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\url.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\urlmon.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\version.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\wininet.dll IS MISSING <==== ATTENTION!

    C:\Windows\SysWOW64\wldap32.dll IS MISSING <==== ATTENTION!

     

    ==================== Bamital & volsnap Check =================

     

    C:\Windows\System32\winlogon.exe

    [2004-08-04 13:00] - [2008-04-14 17:05] - 0507904 ____A (Microsoft Corporation) ABD2D070BE76A9386A0A283A332E3862

     

    C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.

    C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.

    C:\Windows\explorer.exe

    [2004-08-04 13:00] - [2008-04-14 17:05] - 1034240 ____A (Microsoft Corporation) 74BB7DCD2BFDCC0E52869DB3582CA781

     

    C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.

    C:\Windows\System32\svchost.exe

    [2004-08-04 13:00] - [2008-04-14 17:05] - 0014336 ____A (Microsoft Corporation) 6CCEF19D7301D9861F90E299C798AD3F

     

    C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.

    C:\Windows\System32\services.exe

    [2004-08-04 13:00] - [2009-02-09 12:27] - 0110592 ____A (Microsoft Corporation) 8870B0C4A094C1CE80CEA6F85FA38FF2

     

    C:\Windows\System32\User32.dll

    [2004-08-04 13:00] - [2008-04-14 17:04] - 0578560 ____A (Microsoft Corporation) E3CF0EC59316EA8E856DB1E1F442CD57

     

    C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.

    C:\Windows\System32\userinit.exe

    [2004-08-04 13:00] - [2008-04-14 17:05] - 0026112 ____A (Microsoft Corporation) 317799A2E42B5EA048A8A70F482CBA9F

     

    C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.

    C:\Windows\System32\Drivers\volsnap.sys

    [2004-08-04 13:00] - [2008-04-14 16:36] - 0052864 ____A (Microsoft Corporation) 57187EC04878147E1F4F2D9224B12205

     

     

    ==================== EXE ASSOCIATION =====================

     

    HKLM\...\.exe: exefile => OK

    HKLM\...\exefile\DefaultIcon: %1 => OK

    HKLM\...\exefile\open\command: "%1" %* => OK

     

    ==================== Restore Points =========================

     

     

    ==================== Memory info ===========================

     

    Percentage of memory in use: 6%

    Total physical RAM: 16336.89 MB

    Available physical RAM: 15258.72 MB

    Total Pagefile: 16335.09 MB

    Available Pagefile: 15240.84 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.9 MB

     

    ==================== Partitions =============================

     

    1 Drive c: () (Fixed) (Total:931.5 GB) (Free:459.95 GB) NTFS

    2 Drive e: () (Fixed) (Total:931.41 GB) (Free:514.81 GB) NTFS

    4 Drive g: () (Removable) (Total:3.78 GB) (Free:3.5 GB) FAT32

    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    6 Drive y: (Reserverad av systemet) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

     

    Disk nr Status Storlek Ledigt Dyn Gpt

    -------- ------------- ------- ------- --- ---

    Disk nr 0 Online 931 G B 0 B

    Disk nr 1 Online 931 G B 8 M B

    Disk nr 2 Online 3882 M B 0 B

     

     

    Partitions of Disk 0:

    ===============

     

    Disk 0 „r nu den valda disken.

     

    Partitionsnr Typ Storlek Start

    ------------- ---------------- ------- -------

    Partitionsnr 1 Prim„r 100 M 1024 K

    Partitionsnr 2 Prim„r 931 G 101 M

     

    ==================================================================================

     

    Disk: 0

    Disk 0 „r nu den valda disken.

     

    Partition 1 „r nu den valda partitionen.

     

    Partition 1

    Typ : 07

    Dold : Nej

    Aktiv : Ja

    Offset i byte: 1048576

     

    Volymnr Enh Etikett Fils. Typ Storlek Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volymnr 1 Y Reserverad NTFS Partition 100 M Felfri

     

    =========================================================

     

    Disk: 0

    Disk 0 „r nu den valda disken.

     

    Partition 2 „r nu den valda partitionen.

     

    Partition 2

    Typ : 07

    Dold : Nej

    Aktiv : Nej

    Offset i byte: 105906176

     

    Volymnr Enh Etikett Fils. Typ Storlek Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volymnr 2 E NTFS Partition 931 G Felfri

     

    =========================================================

     

    Partitions of Disk 1:

    ===============

     

    Disk 1 „r nu den valda disken.

     

    Partitionsnr Typ Storlek Start

    ------------- ---------------- ------- -------

    Partitionsnr 1 Prim„r 931 G 31 K

     

    ==================================================================================

     

    Disk: 1

    Disk 1 „r nu den valda disken.

     

    Partition 1 „r nu den valda partitionen.

     

    Partition 1

    Typ : 07

    Dold : Nej

    Aktiv : Ja

    Offset i byte: 32256

     

    Volymnr Enh Etikett Fils. Typ Storlek Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volymnr 3 C NTFS Partition 931 G Felfri

     

    =========================================================

     

    Partitions of Disk 2:

    ===============

     

    Disk 2 „r nu den valda disken.

     

    Partitionsnr Typ Storlek Start

    ------------- ---------------- ------- -------

    * Partitionsnr 1 Prim„r 3882 M 0 B

     

    ==================================================================================

     

    Disk: 2

    Disk 2 „r nu den valda disken.

     

    Ingen partition har valts.

     

    Ingen partition har valts.

    V„lj en partition och f”rs”k sedan igen.

     

    =========================================================

    ==================== End Of Log =============================


  11. Grattis till oss som har samma skit! (samma filer t.o.m.) OCH som du säger datumet, tiden stämmer exakt med smittan... Usch och fy! Hoppas man inte åker på svininfluensan också! :D

     

    Jag tror jag skall lära mig programmering och skicka en "fin" present till dem också! :P

     

    P.S. Polisen, alltså den riktiga, vill gärna ha in polisanmälan på detta eftersom det rör sig om intrång. Så det är nog bra att göra en anmälan eftersom det höjjer viljan hos polisen att göra något åt det, då mörkertalet sannolikt är stort samt att de då får en överblick över omfattningen av det hela. Detta har varit med i flera dagstidningar senaste tiden! Jag menar det räcker ju att kolla det här forumet för att förstå hur många som drabbas av skiten... D.S


  12. Problemet nu är att namnen jag kunde välja INTE har samma namn i inloggningen till själva Win. Hur ser jag vilken av de tre som är kopplade till respektive användarkonto i Win? Det fanns en som hette HomeGroupuser eller nåt också... Sedan fanns det två med mitt namn varav en hade en - 1 efteråt.

     

    Skall jag försöka välja den som är den infekterade användaren i Windows alltså?

     

     

    Men vilken är det?


  13. Hej!

     

    Inget av alternativen fungerade. Med skiva säger datorn: "Den här versionen av alternativ för systemåterställning är inte kompatibel med den version av Windows du försöker reparera. Försök att använda en återställningsdisk som är kompatibel med den här versionen av Windows."

     

    Det är en hel köpt version och det är samma skiva och datorkomponenter! Kanske har väsentliga Windowskomponenter ändrats i och med vårt trixande?

     

    Utan skivan så får jag endast upp vilken device jag vill boota ifrån och kan välja HD, CD etc eller Enter setup... det finns inget alternativ: Reparera.

     

    Vad göra?

     

    Kanske lättast att installera om hela Win 7 istället?


  14. Ingen fara!

     

    Jag är tacksam för hjälpen!

     

     

    OTL:

     

     

    ========== FILES ==========

    File c:\windows\system32\drivers\ppldopsy.sys not found.

    ========== COMMANDS ==========

    Restore point Set: OTL Restore Point

     

    OTL by OldTimer - Version 3.2.69.0 log created on 01012013_192425


  15. Nja alltså Xperialurarna från samma tidsperiod har sannolikt samma grundinstallerade program och det är endast ett fåtal appar t.ex. Facebook, Flashplayer och en del tillverkarsepcifika appar såsom Smartconnect etc. som inte går att flytta och som är förinstallerade (däremot går vissa av dem att radera). Det telefonminne som därefter är över räcker naturligtvis till att behålla de förinstallerade apparna samt att genomföra uppgraderingar av dessa, annars vore telefonen oanvändbar redan från början.

     

    Redan när jag köpte min telefon så var det en av väldigt få som endast hade 320 Mb telefonminne (lagringsutrymme). Samsung Galaxy SII och iPhone 4s som var de jag också sneglade på hade redan då flera Gb i telefonminne, vilket naturligtvis låg Xperian i fatet. Modellen Neo som pinglan100 har, har samma storlek på telefonminnet som min Xperia Arc S så det råder ingen tvekan om att vi har samma problem och jag kan försäkra att lösningen ovan avhjälper felet. Nya Xperia V har däremot 8 Gb interminne och precis som Laso menar så går ju tekniken framåt. Numera finns det nog inga high-end telefoner, om vi kan benämna dessa så, som har under Gb i internminne.

     

    Jag förstod faktiskt inte riktigt hur App2SD skulle underlätta eftersom all den infon redan finns i telefonerna från början? Såväl nyttjande av minne (telefonminne eller SD-kort), vad som tar upp plats, storlek på de respektive apparna, deras cacheminne samt storlek på data etc. finns direkt i samma meny. Dessutom så kräver det ju en installation av ytterligare en app och det utrymmet har hon ju inte nu, i vart fall inte i själva telefonminnet.

     

    App2SD tilltrots så kräver väl ändå den appen att man går in i telefonens egna inställningar för att ta bort t.ex. cacheminne och dylikt och detta har man som sagt redan full kontroll över i ovan beskrivna procedur.


  16. Hej!

     

    Jag sitter också med en Xperia, modellen Arc S. Vet inte om du har denna men det är sannolikt samma problem.

     

    Den modellen har vad jag förstått lite telefonminne, vilket gör att den snabbt fylls upp, trots att minneskortet är tomt. Det första du bör göra är att flytta de program du kan till minneskortet. Gå in på Inställningar - > Lagring. Där får du upp en översikt hur de olika installerade programmen inkl foton etc. är sparade och var de tar upp plats. Jag har t.ex. 420 Mb telefonminne men 341 Mb appar, vilket gör att jag tidvis drabbas av samma problem som dig, då det bara återstår en bråkdel av telefonminnet. Detta trots att jag flyttat merparten till SD-minneskortet. Kolla först hur mycket ledigt telefonminne du har enl ovanstående.

     

    Gå därefter åter tillbaka till Inställningar och välj Appar. Markera Hämtade överst i menyn. Du får upp en översikt över alla hämtade appar. Därefter kan du gå in på respektive app och kolla hur den är sparad på telefonen, antingen i telefonminnet eller på SD-minneskortet. Om du t.ex. klickar på Adboe Flash player (som är min första app) så får du upp info om appen. På den sidan kan jag också OM det går (alla appar kan inte flyttas) att välja Flytta till SD-kort. Adobe Flash kan INTE flyttas men du förstår nog principen. Upprepa för samtliga appar du hämtat. Jag har dock personligen valt att ha kvar en del appar jag använder frekvent i telefonminnet eftersom jag antar att det är snabbare än SD-minneskortet.

     

    Du kan också ta en titt på vilka appar som Körs (istället för att välja Hämtade i det valet, enl. ovan), men där är jag mer osäker på om det hjälper att avsluta några. Jag brukar avsluta appar som jag vet inte används just nu, t.ex. Youtube. Dock verkar min telefon ibland direkt återstarta några per automatik och varför vet jag dessvärre inte.

     

    I samma bild som Flytta till SD-kort finns dessutom två rutor till: Rensa data och Rensa cacheminne. Rensa data tar bort dina inställningar i varje app så gör INTE det med appar där du vill spara dina inställningar och definitivt inte i appar som används av hela telefonen som t.ex. grundinställningar. Gör bara detta i appar som du känner till! Jag brukar dock själv radera det mesta i de appar som jag känner igen för att frigöra minne, men det får du som sagt avgöra själv.

     

    Det andra bättre sättet som också frigör betydligt mer minne är att trycka Radera cacheminne. Jag brukar på t.ex. YouTubeappen hitta enorma mängder cacheminne som enbart tar upp plats. Detta raderar jag alltid. Jag har också sett att en del appar såsom t.ex Skype och WhatsApp också tar upp stora mängder cacheminne (flera Mb). Så för att frigöra minne följ det jag skrivit och utvärdera själv vad du vågar radera eller inte. Det fungerar varje gång för min del! Jag brukar få felet när telefonen vill uppdatera stora appar (t.ex. Google Maps) eftersom det kräver mycket tillgängligt telefonminne. Tyvärr hjälper det förmodligen INTE att du tar bort foton etc. för de lagras sannolikt på SD-minneskortet redan från början och det är inte de som är flaskhalsen.

     

    Tyvärr är nackdelen med denna telefon att den har så lite telefonminne, vilket jag iofs visste när jag köpte eftersom jag satsade på att få den bästa kameran istället. I dagsläget bör alla nya telefoner vara utrustade med mycket mer telefonminne så jag tror problemet är i princip obefintligt numera. Detta är dock en sak man bör kolla upp när man en gång köper ny telefon!

     

    mvh

    Kristoffer


  17. Jo jag försöker igen men kodningen är ANSI, och filen sparas som CFScript... hmm...

     

    Skall allt sparas på de olika raderna? Det blir samma rad i anteckningar, jag kanske missförstått dig... det där med att inte dela upp?

    Jag har nu gjort en ny körning som var exakt som det du skrev tidigare dvs med varje rad uppdelad enligt din skrift.

     

     

    ComboFix 12-12-30.01 - 2012-12-30 11:49:13.7.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.14232 [GMT 1:00]

    Körs från: c:\users\Kristofer\Desktop\ComboFix.exe

    Kommandoväxlar som använts :: c:\users\Kristofer\Desktop\CFScript.txt

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((( Filer skapade från 2012-11-28 till 2012-12-30 ))))))))))))))))))))))))))))))

    .

    .

    2012-12-30 10:51 . 2012-12-30 10:51 -------- d-----w- c:\users\Kristofer - 1\AppData\Local\temp

    2012-12-30 10:51 . 2012-12-30 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-12-30 09:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EEE9DCF-0876-462E-90B5-AE7535E3C41F}\mpengine.dll

    2012-12-30 09:32 . 2012-12-30 10:51 -------- d-----w- c:\users\Kristofer\AppData\Local\temp

    2012-12-29 12:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal

    2012-12-28 15:15 . 2012-12-28 15:15 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js

    2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

    2012-12-03 20:00 . 2012-12-03 20:00 -------- d-----w- c:\users\Kristofer - 1\AppData\Roaming\dvdcss

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe

    2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll

    2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

    2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

    2012-10-04 16:40 . 2012-12-11 18:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2012-10-03 17:56 . 2012-11-16 21:44 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-10-03 17:44 . 2012-11-16 21:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

    2012-10-03 17:44 . 2012-11-16 21:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

    2012-10-03 17:44 . 2012-11-16 21:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

    2012-10-03 17:44 . 2012-11-16 21:44 18944 ----a-w- c:\windows\system32\netevent.dll

    2012-10-03 17:44 . 2012-11-16 21:44 216576 ----a-w- c:\windows\system32\ncsi.dll

    2012-10-03 17:42 . 2012-11-16 21:44 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

    2012-10-03 16:42 . 2012-11-16 21:44 18944 ----a-w- c:\windows\SysWow64\netevent.dll

    2012-10-03 16:42 . 2012-11-16 21:44 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

    2012-10-03 16:42 . 2012-11-16 21:44 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

    2012-10-03 16:07 . 2012-11-16 21:44 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2012-10-02 18:15 . 2012-10-02 18:16 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

    .

    .

    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Not* tomma poster & legitima standardposter visas inte.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]

    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

    "StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R1 ppldopsy;ppldopsy;c:\windows\system32\drivers\ppldopsy.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]

    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]

    R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

    R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

    R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]

    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

    S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

    S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]

    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]

    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]

    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]

    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

    S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]

    S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]

    .

    .

    Innehåll i mappen 'Schemalagda aktiviteter':

    .

    2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]

    "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]

    "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]

    .

    ------- Extra genomsökning -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.1.1

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"

    .

    --------------------- LÅSTA REGISTERNYCKLAR ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

    @="?????????????????? v1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

    @="?????????????????? v2"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Andra processer som körs ------------------------

    .

    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    .

    **************************************************************************

    .

    Sluttid: 2012-12-30 11:54:14 - datorn startades om.

    ComboFix-quarantined-files.txt 2012-12-30 10:54

    ComboFix2.txt 2012-12-30 10:27

    ComboFix3.txt 2012-12-29 16:22

    ComboFix4.txt 2012-12-29 12:08

    ComboFix5.txt 2012-12-30 10:48

    .

    Före genomsökningen: 566 570 848 256 byte ledigt

    Efter genomsökningen: 566 371 213 312 byte ledigt

    .

    - - End Of File - - F6C3895A91D8DA7B4DF36DF5527C6B0A


  18. Sådärja! Då var den komplett:

     

    ComboFix 12-12-30.01 - 2012-12-30 11:20:51.6.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.14161 [GMT 1:00]

    Körs från: c:\users\Kristofer\Desktop\ComboFix.exe

    Kommandoväxlar som använts :: c:\users\Kristofer\Desktop\CFScript.txt

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((( Filer skapade från 2012-11-28 till 2012-12-30 ))))))))))))))))))))))))))))))

    .

    .

    2012-12-30 10:23 . 2012-12-30 10:23 -------- d-----w- c:\users\Kristofer - 1\AppData\Local\temp

    2012-12-30 10:23 . 2012-12-30 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-12-30 09:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EEE9DCF-0876-462E-90B5-AE7535E3C41F}\mpengine.dll

    2012-12-30 09:32 . 2012-12-30 10:23 -------- d-----w- c:\users\Kristofer\AppData\Local\temp

    2012-12-29 12:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal

    2012-12-28 15:15 . 2012-12-28 15:15 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js

    2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

    2012-12-03 20:00 . 2012-12-03 20:00 -------- d-----w- c:\users\Kristofer - 1\AppData\Roaming\dvdcss

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe

    2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll

    2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

    2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

    2012-10-04 16:40 . 2012-12-11 18:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2012-10-03 17:56 . 2012-11-16 21:44 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-10-03 17:44 . 2012-11-16 21:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

    2012-10-03 17:44 . 2012-11-16 21:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

    2012-10-03 17:44 . 2012-11-16 21:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

    2012-10-03 17:44 . 2012-11-16 21:44 18944 ----a-w- c:\windows\system32\netevent.dll

    2012-10-03 17:44 . 2012-11-16 21:44 216576 ----a-w- c:\windows\system32\ncsi.dll

    2012-10-03 17:42 . 2012-11-16 21:44 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

    2012-10-03 16:42 . 2012-11-16 21:44 18944 ----a-w- c:\windows\SysWow64\netevent.dll

    2012-10-03 16:42 . 2012-11-16 21:44 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

    2012-10-03 16:42 . 2012-11-16 21:44 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

    2012-10-03 16:07 . 2012-11-16 21:44 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2012-10-02 18:15 . 2012-10-02 18:16 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

    .

    .

    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Not* tomma poster & legitima standardposter visas inte.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]

    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

    "StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R1 ppldopsy;ppldopsy;c:\windows\system32\drivers\ppldopsy.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

    R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

    R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]

    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

    S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

    S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]

    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]

    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]

    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]

    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]

    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]

    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]

    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

    S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]

    S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]

    .

    .

    Innehåll i mappen 'Schemalagda aktiviteter':

    .

    2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]

    "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]

    "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]

    .

    ------- Extra genomsökning -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.1.1

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"

    .

    --------------------- LÅSTA REGISTERNYCKLAR ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

    @="?????????????????? v1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

    @="?????????????????? v2"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Andra processer som körs ------------------------

    .

    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    .

    **************************************************************************

    .

    Sluttid: 2012-12-30 11:27:06 - datorn startades om.

    ComboFix-quarantined-files.txt 2012-12-30 10:27

    ComboFix2.txt 2012-12-29 16:22

    ComboFix3.txt 2012-12-29 12:08

    ComboFix4.txt 2012-12-28 23:48

    .

    Före genomsökningen: 566 523 473 920 byte ledigt

    Efter genomsökningen: 566 491 975 680 byte ledigt

    .

    - - End Of File - - 0894E83C9F5E499B8F5B3E69C5E5FB67


  19. Här kommer vad MSE hittade och tog bort:

     

     

    Exploit:Win32/CVE-2011-3402.B

     

    Objekt:

     

    file:C:\Users\Kristofer- 1\AppData\Local\Microsoft\Windows\Temporary InternetFiles\Low\Content.IE5\JYCD3SK7\64size_font[1].eot

     

     

     

     

    Trojan:Win32/Meredrop

     

    Objekt:

    file:C:\Qoobox\Quarantine\C\Users\Kristofer- 1\wgsdgsdgdsgsd.exe.vir

     

     

    Combofix började efter körningen åter at flimmra och jag var tvungen att bytakonto till admin för att få bort det problemet. Internet lade också av på adminkontot så jag startade om och nu funkar det. Frågan är om jag skall köra Combon som admin istället? Det kanske är det som strular eftersom jag på användarkonto är tvingad att ange administratörslösenordet för att köra programmet. Det är kanske detta som låser Combo så det flimmrar eftersom det startar sig självt vid den automatiska omstarten?

     

     

    Combon är återigen inte fullständig men ser ut såhär:

     

    ComboFix 12-12-29.02 - 2012-12-30 10:30:19.5.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.12450 [GMT 1:00]

    Körs från: C:\Users\Kristofer - 1\Desktop\ComboFix.exe

    Kommandoväxlar som använts :: C:\Users\Kristofer - 1\Desktop\CFScript.txt

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

     

    (((((((((((((((((((((((( Filer skapade från 2012-11-28 till 2012-12-30 ))))))))))))))))))))))))))))))

     

     

    2012-12-30 09:32:35 . 2012-12-30 09:32:35 -------- d-----w- C:\Users\Kristofer\AppData\Local\temp

    2012-12-30 09:32:35 . 2012-12-30 09:32:35 -------- d-----w- C:\Users\Default\AppData\Local\temp

    2012-12-29 18:17:03 . 2012-11-08 17:24:30 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53BC700C-B3A5-450B-A9BE-584E74224824}\mpengine.dll

    2012-12-29 12:47:33 . 2012-11-08 17:24:30 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-12-28 17:28:26 . 2012-12-28 17:28:27 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal

    2012-12-28 15:15:54 . 2012-12-28 15:15:54 2959 ----a-w- C:\ProgramData\dsgsdgdsgdsgw.js

    2012-12-21 21:04:27 . 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\system32\atmlib.dll

    2012-12-21 21:04:27 . 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\system32\atmfd.dll

    2012-12-21 21:04:27 . 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

    2012-12-21 21:04:26 . 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

    2012-12-03 20:00:49 . 2012-12-03 20:00:49 -------- d-----w- C:\Users\Kristofer - 1\AppData\Roaming\dvdcss

    .

     

     

    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

     

    2012-12-14 23:18:06 . 2012-08-27 19:28:20 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-12-14 23:18:06 . 2012-08-27 19:28:20 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-12-11 22:32:12 . 2012-09-01 11:09:45 67413224 ----a-w- C:\Windows\system32\MRT.exe

    2012-11-28 21:06:04 . 2012-11-28 21:06:12 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll

    2012-10-16 08:38:37 . 2012-11-27 20:07:39 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38:34 . 2012-11-27 20:07:39 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39:52 . 2012-11-27 20:07:39 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

    2012-10-09 18:17:13 . 2012-11-16 21:44:52 55296 ----a-w- C:\Windows\system32\dhcpcsvc6.dll

    2012-10-09 18:17:13 . 2012-11-16 21:44:52 226816 ----a-w- C:\Windows\system32\dhcpcore6.dll

    2012-10-09 17:40:31 . 2012-11-16 21:44:52 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

    2012-10-09 17:40:31 . 2012-11-16 21:44:52 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

    2012-10-04 16:40:23 . 2012-12-11 18:32:11 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

    2012-10-03 17:56:54 . 2012-11-16 21:44:44 1914248 ----a-w- C:\Windows\system32\drivers\tcpip.sys

    2012-10-03 17:44:21 . 2012-11-16 21:44:44 70656 ----a-w- C:\Windows\system32\nlaapi.dll

    2012-10-03 17:44:21 . 2012-11-16 21:44:44 303104 ----a-w- C:\Windows\system32\nlasvc.dll

    2012-10-03 17:44:17 . 2012-11-16 21:44:44 246272 ----a-w- C:\Windows\system32\netcorehc.dll

    2012-10-03 17:44:17 . 2012-11-16 21:44:44 18944 ----a-w- C:\Windows\system32\netevent.dll

    2012-10-03 17:44:16 . 2012-11-16 21:44:44 216576 ----a-w- C:\Windows\system32\ncsi.dll

    2012-10-03 17:42:16 . 2012-11-16 21:44:44 569344 ----a-w- C:\Windows\system32\iphlpsvc.dll

    2012-10-03 16:42:24 . 2012-11-16 21:44:44 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

    2012-10-03 16:42:24 . 2012-11-16 21:44:44 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

    2012-10-03 16:42:23 . 2012-11-16 21:44:44 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

    2012-10-03 16:07:26 . 2012-11-16 21:44:44 45568 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys

    2012-10-02 18:15:54 . 2012-10-02 18:16:04 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

     

     

    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

     

     

    *Not* tomma poster & legitima standardposter visas inte.

    REGEDIT4

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2012-11-09 10:27:12 17877168]

    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 17:14:26 291608]

    "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 10:43:52 56088]

    "StartCCC"="C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 11:44:16 642216]

    "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 20:51:36 35768]

    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]

    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]

     

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

    BankID säkerhetsprogram.lnk - C:\Program Files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

     

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

     

    R1 ppldopsy;ppldopsy;C:\Windows\system32\drivers\ppldopsy.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]

    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 10:21:24 160944]

    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 20:03:48 128456]

    R3 NisSrv;Microsoft Nätverkskontroll;c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 19:21:48 368896]

    R3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 12:38:28 155320]

    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]

    R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]

    R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-29 21:03:42 1255736]

    S0 asahci64;asahci64;C:\Windows\system32\DRIVERS\asahci64.sys [2012-01-06 08:44:12 49760]

    S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 17:13:18 19224]

    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-07-28 02:09:44 239616]

    S2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 14:30:22 233328]

    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 14:29:58 13592]

    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-02 20:29:52 628448]

    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe [2011-11-09 15:38:06 189608]

    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 15:52:04 161560]

    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 17:44:48 123320]

    S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 17:49:23 126392]

    S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 15:53:34 363800]

    S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys [2011-11-03 09:10:42 130536]

    S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 09:10:42 395752]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 06:12:30 96896]

    S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 17:13:20 356632]

    S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 17:13:20 789272]

     

     

    Innehåll i mappen 'Schemalagda aktiviteter':

     

    2012-12-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15:51 . 2012-11-11 18:15:48]

     

    2012-12-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15:51 . 2012-11-11 18:15:48]

     

     

    --------- X64 Entries -----------

     

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 06:39:32 6463592]

    "RtHDVBg_DTS"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 03:14:24 1158248]

    "MSC"="C:\Program Files\Microsoft Security Client\mssecex.exe" [bU]

     

     

    Jag har INTE gjort någon scanning med virustotal... Hur går jag vidare? Köra Combofix igen från adminkontot för att försöka göra den fullständig?


  20. Är inte direkt hemma i Win 7 ännu men vad jag förstod eller kunde hitta så fanns det inget att leta efter där. Filen togs ju bort enligt MSE men vi får se vad du säger nu. Jag vet dock inte med mig att jag skulle raderat loggarna i MSE heller, i vart fall inte under dagen. Men det finns heller inga om jag tittar under historiken där, tyvärr.

     

     

    Jag tycker mig fortfarande kunna se en skum mapp som ligger under skapade filer 20121128 - 20121229

     

    2012-12-28 15:15 . 2012-12-28 15:15 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js

     

     

    Combofix:

     

    ComboFix 12-12-29.02 - Kristofer 2012-12-29 17:19:21.4.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.14524 [GMT 1:00]

    Körs från: c:\users\Kristofer - 1\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((( Filer skapade från 2012-11-28 till 2012-12-29 ))))))))))))))))))))))))))))))

    .

    .

    2012-12-29 16:21 . 2012-12-29 16:21 -------- d-----w- c:\users\Kristofer\AppData\Local\temp

    2012-12-29 16:21 . 2012-12-29 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-12-29 12:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCC760-31EF-4800-9706-5A30334C34DE}\mpengine.dll

    2012-12-29 12:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal

    2012-12-28 15:15 . 2012-12-28 15:15 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js

    2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

    2012-12-03 20:00 . 2012-12-03 20:00 -------- d-----w- c:\users\Kristofer - 1\AppData\Roaming\dvdcss

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe

    2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll

    2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

    2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

    2012-10-04 16:40 . 2012-12-11 18:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2012-10-03 17:56 . 2012-11-16 21:44 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-10-03 17:44 . 2012-11-16 21:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

    2012-10-03 17:44 . 2012-11-16 21:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

    2012-10-03 17:44 . 2012-11-16 21:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

    2012-10-03 17:44 . 2012-11-16 21:44 18944 ----a-w- c:\windows\system32\netevent.dll

    2012-10-03 17:44 . 2012-11-16 21:44 216576 ----a-w- c:\windows\system32\ncsi.dll

    2012-10-03 17:42 . 2012-11-16 21:44 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

    2012-10-03 16:42 . 2012-11-16 21:44 18944 ----a-w- c:\windows\SysWow64\netevent.dll

    2012-10-03 16:42 . 2012-11-16 21:44 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

    2012-10-03 16:42 . 2012-11-16 21:44 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

    2012-10-03 16:07 . 2012-11-16 21:44 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2012-10-02 18:15 . 2012-10-02 18:16 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

    .

    .

    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Not* tomma poster & legitima standardposter visas inte.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]

    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

    "StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R1 ppldopsy;ppldopsy;c:\windows\system32\drivers\ppldopsy.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

    R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

    R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]

    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

    S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

    S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]

    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]

    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]

    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]

    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]

    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]

    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]

    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

    S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]

    S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]

    .

    .

    Innehåll i mappen 'Schemalagda aktiviteter':

    .

    2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]

    "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]

    "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]

    .

    ------- Extra genomsökning -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.1.1

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"

    .

    --------------------- LÅSTA REGISTERNYCKLAR ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

    @="?????????????????? v1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

    @="?????????????????? v2"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Sluttid: 2012-12-29 17:22:05

    ComboFix-quarantined-files.txt 2012-12-29 16:22

    ComboFix2.txt 2012-12-29 12:08

    ComboFix3.txt 2012-12-28 23:48

    .

    Före genomsökningen: 559 081 385 984 byte ledigt

    Efter genomsökningen: 559 222 599 680 byte ledigt

    .

    - - End Of File - - 82884192D04BF1FA27294CDC5477D5F1


  21. MSE har enligt sig självt tagit bort den trojanen och jag har raderat allt den ville så kan tyvärr inte se vilken mapp...

     

    Fick upp ett nytt fönster att datorn inte kunde hitta den filen när jag skulle scanna med virusscantotal.

     

     

    Här kommer Rougkiller:

     

    RogueKiller V8.4.1 _x64_ [Dec 28 2012] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

     

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : [Admin rights]

    Mode : Scan -- Date : 12/29/2012 15:12:28

     

    ¤¤¤ Bad processes : 0 ¤¤¤

     

    ¤¤¤ Registry Entries : 2 ¤¤¤

    [HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND

    [HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND

     

    ¤¤¤ Particular Files / Folders: ¤¤¤

     

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

     

    ¤¤¤ Extern Hives: ¤¤¤

    -> E:\windows\system32\config\SOFTWARE

    -> E:\Documents and Settings\Administratör\NTUSER.DAT

    -> E:\Documents and Settings\Default User\NTUSER.DAT

    -> E:\Documents and Settings\Kristofer\NTUSER.DAT

    -> E:\Documents and Settings\LocalService\NTUSER.DAT

    -> E:\Documents and Settings\NetworkService\NTUSER.DAT

     

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

     

    127.0.0.1 localhost

     

     

    ¤¤¤ MBR Check: ¤¤¤

     

    +++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 +++++

    --- User ---

    [MBR] ca59728e3a98146be6fe8bd5bb5199f5

    [bSP] c5ca265d97398da1a35aad0dbbb280d6 : Windows 7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

     

    +++++ PhysicalDrive1: SAMSUNG HD103SJ +++++

    --- User ---

    [MBR] 63431229979095f84d15f265f8bbd094

    [bSP] bbc7d10465252df158fb840619ee3381 : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

     

    Finished : << RKreport[5]_S_12292012_02d1512.txt >>

    RKreport[1]_S_12282012_02d2106.txt ; RKreport[2]_D_12292012_02d0033.txt ; RKreport[3]_D_12292012_02d0034.txt ; RKreport[4]_S_12292012_02d1507.txt ; RKreport[5]_S_12292012_02d1512.txt

     

     

     


  22. ComboFix 12-12-29.02 - 2012-12-29 13:05:13.3.8 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.14227 [GMT 1:00]

    Körs från: c:\users\Kristofer - 1\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((( Filer skapade från 2012-11-28 till 2012-12-29 ))))))))))))))))))))))))))))))

    .

    .

    2012-12-29 12:07 . 2012-12-29 12:07 -------- d-----w- c:\users\Kristofer\AppData\Local\temp

    2012-12-29 12:07 . 2012-12-29 12:07 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-12-29 11:44 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64A55861-DE77-4CF4-8DEB-8462C979BA1D}\mpengine.dll

    2012-12-28 18:21 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal

    2012-12-28 15:15 . 2012-12-28 15:15 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js

    2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

    2012-12-03 20:00 . 2012-12-03 20:00 -------- d-----w- c:\users\Kristofer - 1\AppData\Roaming\dvdcss

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe

    2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll

    2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

    2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

    2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

    2012-10-04 16:40 . 2012-12-11 18:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2012-10-03 17:56 . 2012-11-16 21:44 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-10-03 17:44 . 2012-11-16 21:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

    2012-10-03 17:44 . 2012-11-16 21:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

    2012-10-03 17:44 . 2012-11-16 21:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

    2012-10-03 17:44 . 2012-11-16 21:44 18944 ----a-w- c:\windows\system32\netevent.dll

    2012-10-03 17:44 . 2012-11-16 21:44 216576 ----a-w- c:\windows\system32\ncsi.dll

    2012-10-03 17:42 . 2012-11-16 21:44 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

    2012-10-03 16:42 . 2012-11-16 21:44 18944 ----a-w- c:\windows\SysWow64\netevent.dll

    2012-10-03 16:42 . 2012-11-16 21:44 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

    2012-10-03 16:42 . 2012-11-16 21:44 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

    2012-10-03 16:07 . 2012-11-16 21:44 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2012-10-02 18:15 . 2012-10-02 18:16 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

    .

    .

    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Not* tomma poster & legitima standardposter visas inte.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]

    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

    "StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R1 ppldopsy;ppldopsy;c:\windows\system32\drivers\ppldopsy.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

    R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

    R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]

    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

    S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

    S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]

    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]

    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]

    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]

    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]

    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]

    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]

    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

    S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]

    S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]

    .

    .

    Innehåll i mappen 'Schemalagda aktiviteter':

    .

    2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]

    "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]

    "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]

    .

    ------- Extra genomsökning -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.1.1

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"

    .

    --------------------- LÅSTA REGISTERNYCKLAR ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

    @="?????????????????? v1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

    @="?????????????????? v2"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Sluttid: 2012-12-29 13:08:36

    ComboFix-quarantined-files.txt 2012-12-29 12:08

    ComboFix2.txt 2012-12-28 23:48

    .

    Före genomsökningen: 559 703 015 424 byte ledigt

    Efter genomsökningen: 559 723 679 744 byte ledigt

    .

    - - End Of File - - 020D4AAE637F03BC58EE3BEAD4746E4E

     

     

     

    Fick även upp följande bifind via Microsoft Security Essentials när jag skulle återaktivera det efter Combofixen.

     

    PWS:Win32/Zbot malware was found on your PC

    Windows found and removed PWS:Win32/Zbot from your computer. PWS:Win32/Zbot is malware that is designed to steal passwords.

     

    Important

     

    We strongly recommend that you change all passwords immediately for websites that require a password, especially online banking websites and other sites that store personal info.

×
×
  • Skapa nytt...