Just nu i M3-nätverket
Gå till innehåll
tskgumman

ett program försökte verka som internetserver

Rekommendera Poster

tskgumman

Fick igår bifogad varning som jag självklart nekade direkt men trots det slogs uppkopplingen ut trots att jag bevisligen fortfarande var uppkopplad. Tänkte köra antivirusprogrammet men då ville datorn att jag installerade senaste versionen av F-secure vilket jag förökte. Det stoppades dock eftersom uppkopplingen inte funkade men med supporthjälp lyckades installationen till slut och efter mycke om och men fick vi igång internetuppkopplingen igen. Just det här att man är uppkopplad men inte kommer ut på nätet är skumt och vi är flera stycke som fått det problemet.Jag bara en gång men andra har drabbats flera gånger. Det har alltid skett när vi varit inne på ett forum men inte samtidigt. Forumansvariga har sökt men inte funnit något. Har gjort en total genomsökning av min dator men F-secure hittade ingenting.

 

Skulle bli så glad om någon kan tala om vad det är för skräp.

post-62055-0-41311800-1341476640_thumb.jpg

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

Men nu funkar det ju och jag har kört fullständig genomsökning och det fanns inget. Skylten har inte heller kommit upp igen. Menar du att datorn ändå är infekterad?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Jag kan ju inte veta om den filen eller någon annan skadlig fil finns kvar i datorn utan att undersöka det med olika program.

 

wywyi liksom Hapoc är slumpmässiga namn så det är olika namn i olika datorer. Men det är mycket sällan det ska finnas programfiler under Appdata\Roaming och då finns det information om dem på internet.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

När jag kollade nu efter genomsökning ser jag att några filer inte scannats eftersom de inte gick att öppna.

Dessutom fick jag felmeddelande när jag skulle söka på F-secures sida likaså på Mc Afee:s sida. Kan Googleannonser orsaka sånt här på ett forum?

post-62055-0-23910700-1341506250_thumb.jpg

post-62055-0-18367300-1341506212_thumb.jpg

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

De ej genomsökta filerna ser normala ut och det är normalt att hiberfil.sys och pagefile.sys inte kan genomsökas.

 

När det gäller den första bilden så kan det vara för att du kör det genom Google translate. När jag skriver in det som står som webbadress i din bild så anser F-secure att det är en sida som inte finns. Det här är webbsidan till F-secures analyssystem: https://analysis.f-secure.com/portal/login.html

 

Då och då förekommer det skadliga annonser i annonsnätverk. Men observera en del skadliga program märks inte på en gång utan det förekommer sådana som ligger och väntar i datorn i en halvtimme eller som inte gör något innan datorn har startats om.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

Tack snälla för den hjälp jag får!

 

Oj Hum jag måste ha aktiverat google translate av misstag, har nu åtgärdat det och då funkar det. tack!

 

Tror du alltså att det ligger ett skadligt virus i datorn som F-secure inte ser?

 

Vi är ett helt gäng som fått eländet på en sida som dagligen besöks av tusentals personer. odla.nu Det började för flera månader sen och fler och fler drabbas. De ansvariga har inte kunnat hitta något fel annat än en googleannons som tydligen vissa antivirusprogram reagerade på. Mycket märkligt. En del har ju fått knas med sina banker också p.g.a. detta. nu sitter folket på facebook och beklagar sig istället för ingen vågar öppna Odlasidan. :( Fick en ny sån varning idag när jag skulle kolla efter svar på en fråga men stängde rutan fort som sjutton och även sidan. Genomsökte sidan igen och det jag la in här är resultatet av den scanningen.

Jag märkte inget konstigt när jag startade datorn i morse.

 

Gjorde en fullständig säkerhetskopiering av datorn men kan viruset finnas på kopian?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Odla.nu känner jag till lite fast jag aldrig har varit någon regelbunden besökare.

 

Om du kör DDS och klistrar in loggarna som jag föreslog i inlägg 2 så kan jag se om jag ser något skadligt. Inget antivirusprogram kan hitta allt skadligt.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

Ska se om jag klarar av att göra det i morgon för jag måste stänga ner och göra lite annat nu.

 

Jättemycke tack så länge iallafall!

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Ingen orsak :)

 

Om det är något problem så är det bara att fråga.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

Detta kom upp då jag startade datorn idag. Det är antagligen det virus jag fick varning om igår och hade så bråttom med att klicka bort och stänga ner sidan. Som synes har det lagt sig på samma plats som det virus jag först fick varning om. Förhoppningsvis upptäcks även det viruset och tas bort men jag har inte sett något liknande meddelande om det.

post-62055-0-34896300-1341553281_thumb.jpg

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Du behöver verkligen få datorn kollad. Programfiler kan inte bara hoppa in i datorn hur som helst utan du måste ju ha något program med säkerhetshål.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

Ja i så fall har väl alla som fått samma problem på Odla det. Jag känner till säkert 20 personer som drabbats och hur många okända som råkat ut för det vet man ju inte

 

Jag vet inte men jag har inte installerat något program vad jag vet sen jag skaffade datorn för 1½ år sen. Jag har varit mycket noga med att inte klicka på länkar hur som helst.

Ska försöka köra DDS nu.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

Oj det verkar va mycket de två sista dagarna :unsure:

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by stina at 10:38:49 on 2012-07-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3003.1563 [GMT 2:00]

.

AV: Datorskydd *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

SP: Datorskydd *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Datorskydd *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\CCF_Reputation\fsorsp.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSM32.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSHDLL64.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\FWES\Program\fsdfwd.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Windows Live\Companion\companionuser.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.facebook.com/home.php

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [F-Secure Hoster] "C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe" -app -hosterid:1

mRun: [F-Secure Manager] "C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.se/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 213.80.98.2 213.80.101.3

TCP: Interfaces\{46E034D5-EF05-4435-BAFF-9AD1FA2D443E} : DhcpNameServer = 213.80.98.2 213.80.101.3

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8dcb7100-df86-4384-8842-8fa844297b3f}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [F-Secure Hoster] "C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe" -app -hosterid:1

mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash

SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids

.

============= SERVICES / DRIVERS ===============

.

R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2012-7-4 62032]

R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]

R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?]

R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-7-4 13976]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-17 98208]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-7-15 514232]

R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe [2012-4-27 159480]

R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Bahnhof Internet Security\apps\CCF_Reputation\fsorsp.exe [2011-12-12 61120]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-30 27192]

R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-20 315392]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-7-4 199888]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-28 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257224]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-28 136176]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-07-06 07:50:55 -------- d-----w- C:\Users\stina\AppData\Local\{8D6F571B-002D-4C3A-839D-C4E1638042AA}

2012-07-06 07:50:46 -------- d-----w- C:\Users\stina\AppData\Local\{D8D2CDAD-BA89-46BB-AE27-81BA53B485F9}

2012-07-06 07:50:37 -------- d-----w- C:\Users\stina\AppData\Local\{055EE16D-15DF-4D75-A4B4-5030683D7440}

2012-07-06 07:50:27 -------- d-----w- C:\Users\stina\AppData\Local\{B42DB006-BA80-4B36-9A67-D7999D270785}

2012-07-05 19:50:02 -------- d-----w- C:\Users\stina\AppData\Local\{922015D2-DD0C-4126-A841-91BB4FE28C6E}

2012-07-05 19:49:53 -------- d-----w- C:\Users\stina\AppData\Local\{12AAF0D3-A715-4081-9BFD-12A68FA0B367}

2012-07-05 19:49:43 -------- d-----w- C:\Users\stina\AppData\Local\{13624CB3-2E3C-4353-B8D5-9D9EEFE4C7E4}

2012-07-05 19:49:33 -------- d-----w- C:\Users\stina\AppData\Local\{35FD0C6C-7ECA-4EF9-8CDB-6220AE06D5CB}

2012-07-05 15:06:49 -------- d-----w- C:\Users\stina\AppData\Roaming\Syug

2012-07-05 15:06:49 -------- d-----w- C:\Users\stina\AppData\Roaming\Oqufw

2012-07-05 15:06:49 -------- d-----w- C:\Users\stina\AppData\Roaming\Lubada

2012-07-05 14:08:56 -------- d-----w- C:\Users\stina\AppData\Roaming\Ylyse

2012-07-05 14:08:56 -------- d-----w- C:\Users\stina\AppData\Roaming\Tyli

2012-07-05 14:08:56 -------- d-----w- C:\Users\stina\AppData\Roaming\Inypi

2012-07-05 12:43:52 -------- d-----w- C:\Users\stina\AppData\Roaming\Ysop

2012-07-05 12:43:52 -------- d-----w- C:\Users\stina\AppData\Roaming\Ravy

2012-07-05 12:43:52 -------- d-----w- C:\Users\stina\AppData\Roaming\Alymd

2012-07-05 11:21:43 -------- d-----w- C:\Users\stina\AppData\Roaming\Yfha

2012-07-05 11:21:43 -------- d-----w- C:\Users\stina\AppData\Roaming\Hugag

2012-07-05 11:21:43 -------- d-----w- C:\Users\stina\AppData\Roaming\Afbau

2012-07-05 11:10:55 -------- d-----w- C:\Users\stina\AppData\Roaming\Vyefn

2012-07-05 11:10:55 -------- d-----w- C:\Users\stina\AppData\Roaming\Diur

2012-07-05 11:10:55 -------- d-----w- C:\Users\stina\AppData\Roaming\Coot

2012-07-05 10:01:24 -------- d-----w- C:\Users\stina\AppData\Roaming\Odqy

2012-07-05 10:01:24 -------- d-----w- C:\Users\stina\AppData\Roaming\Eweny

2012-07-05 10:01:24 -------- d-----w- C:\Users\stina\AppData\Roaming\Cofe

2012-07-05 09:45:30 -------- d-----w- C:\Users\stina\AppData\Roaming\Ulbuik

2012-07-05 09:45:30 -------- d-----w- C:\Users\stina\AppData\Roaming\Hyfele

2012-07-05 09:45:29 -------- d-----w- C:\Users\stina\AppData\Roaming\Ryitm

2012-07-05 07:49:09 -------- d-----w- C:\Users\stina\AppData\Local\{86F5ACE0-6EBB-410E-AFB8-A5331A71FA74}

2012-07-05 07:49:00 -------- d-----w- C:\Users\stina\AppData\Local\{109D5D1B-66F8-481D-8745-8B9F2547AB8D}

2012-07-05 07:48:50 -------- d-----w- C:\Users\stina\AppData\Local\{0E9AF8F3-69DE-482A-ADA5-000D9CFCAB06}

2012-07-05 07:48:41 -------- d-----w- C:\Users\stina\AppData\Local\{B03D475B-5616-4C24-9CCF-46809A910DF4}

2012-07-04 22:28:18 -------- d-----w- C:\Users\stina\AppData\Roaming\Ugfo

2012-07-04 22:28:18 -------- d-----w- C:\Users\stina\AppData\Roaming\Hugau

2012-07-04 22:28:17 -------- d-----w- C:\Users\stina\AppData\Roaming\Fiwum

2012-07-04 21:37:33 -------- d-----w- C:\Users\stina\AppData\Roaming\Umegi

2012-07-04 21:37:33 -------- d-----w- C:\Users\stina\AppData\Roaming\Nahe

2012-07-04 21:37:33 -------- d-----w- C:\Users\stina\AppData\Roaming\Inovp

2012-07-04 19:48:16 -------- d-----w- C:\Users\stina\AppData\Local\{179AD686-F266-4D0C-B629-1A6F5F5D2312}

2012-07-04 19:48:07 -------- d-----w- C:\Users\stina\AppData\Local\{DB1B8D79-1577-4306-912C-A3A8975D9F5C}

2012-07-04 19:47:57 -------- d-----w- C:\Users\stina\AppData\Local\{AAE77D5A-46F3-4606-9C2E-56D1BB024F68}

2012-07-04 19:47:47 -------- d-----w- C:\Users\stina\AppData\Local\{15AD9D65-8D79-43EF-ACAF-DB20869625FB}

2012-07-04 19:33:35 -------- d-----w- C:\Users\stina\AppData\Roaming\Upohy

2012-07-04 19:33:35 -------- d-----w- C:\Users\stina\AppData\Roaming\Huikh

2012-07-04 19:33:35 -------- d-----w- C:\Users\stina\AppData\Roaming\Aqga

2012-07-04 18:29:22 -------- d-----w- C:\Users\stina\AppData\Roaming\Okecna

2012-07-04 18:29:22 -------- d-----w- C:\Users\stina\AppData\Roaming\Fosa

2012-07-04 18:29:22 -------- d-----w- C:\Users\stina\AppData\Roaming\Ecbek

2012-07-04 16:37:54 44984 ----a-w- C:\Windows\System32\drivers\fses.sys

2012-07-04 16:37:53 94072 ----a-w- C:\Windows\System32\drivers\fsdfw.sys

2012-07-04 14:31:44 -------- d-----w- C:\Users\stina\AppData\Roaming\Sihua

2012-07-04 14:31:44 -------- d-----w- C:\Users\stina\AppData\Roaming\Hapoc

2012-07-04 14:31:44 -------- d-----w- C:\Users\stina\AppData\Roaming\Ekukho

2012-07-04 07:47:23 -------- d-----w- C:\Users\stina\AppData\Local\{9DA07D1B-1D47-4BEF-812F-D14F8D06C03F}

2012-07-04 07:47:13 -------- d-----w- C:\Users\stina\AppData\Local\{A24EBE24-3F7D-4331-86F8-DE86AAC85899}

2012-07-04 07:47:04 -------- d-----w- C:\Users\stina\AppData\Local\{E6CA611B-381D-40ED-919D-A0A1B65E5605}

2012-07-04 07:46:54 -------- d-----w- C:\Users\stina\AppData\Local\{D2FE09AC-8B78-47DA-8952-42E82A894854}

2012-07-03 19:46:29 -------- d-----w- C:\Users\stina\AppData\Local\{F8C56531-DF22-4509-BD3E-D0B708FE1FCE}

2012-07-03 19:46:20 -------- d-----w- C:\Users\stina\AppData\Local\{787588CF-B58B-44E9-B199-31AA5EF063B1}

2012-07-03 19:46:00 -------- d-----w- C:\Users\stina\AppData\Local\{CC5D3A54-686A-4115-B653-7A32474B904A}

2012-07-03 17:56:56 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27B42DD3-AAF4-4105-A82C-513F273D8E26}\mpengine.dll

2012-07-03 07:45:49 -------- d-----w- C:\Users\stina\AppData\Local\{E4175555-6248-48B5-90E2-D1ABEC501EDC}

2012-07-03 07:45:39 -------- d-----w- C:\Users\stina\AppData\Local\{A40CEFF5-7192-4DA3-A2DA-4561DEF074C3}

2012-07-03 07:45:29 -------- d-----w- C:\Users\stina\AppData\Local\{6563337F-3EB4-4F98-B24E-8BEA954E652A}

2012-07-03 07:45:20 -------- d-----w- C:\Users\stina\AppData\Local\{51866DD0-E29E-49C0-9055-49A5D7C33CCE}

2012-07-02 19:44:56 -------- d-----w- C:\Users\stina\AppData\Local\{EACB07BE-F461-41D3-8378-0FBC8D232505}

2012-07-02 19:44:46 -------- d-----w- C:\Users\stina\AppData\Local\{6A29CED5-BC25-4475-88D4-16FBDD626784}

2012-07-02 19:44:27 -------- d-----w- C:\Users\stina\AppData\Local\{C25EE1DC-3AC3-46A6-9422-612AA8FB7529}

2012-07-02 07:44:15 -------- d-----w- C:\Users\stina\AppData\Local\{35F16D4F-567D-4D35-8A79-E70CC98E0841}

2012-07-02 07:44:06 -------- d-----w- C:\Users\stina\AppData\Local\{6122D7DC-2DA7-49CD-AF00-A14DB0646D1A}

2012-07-02 07:43:56 -------- d-----w- C:\Users\stina\AppData\Local\{2BD9FD76-FB3E-4356-BDC2-DC122F775778}

2012-07-02 07:43:46 -------- d-----w- C:\Users\stina\AppData\Local\{7254B8A8-82B0-4AA1-AF3B-146774CD3C9A}

2012-07-01 19:43:22 -------- d-----w- C:\Users\stina\AppData\Local\{2414AB15-43E5-43A1-9A04-596163573197}

2012-07-01 19:43:12 -------- d-----w- C:\Users\stina\AppData\Local\{34FE9E5B-CCDF-48FD-B594-6B5C0CEC6FF6}

2012-07-01 19:42:53 -------- d-----w- C:\Users\stina\AppData\Local\{AD02CEC5-6A56-4D1B-91BE-AF4D0A21EC70}

2012-07-01 07:42:42 -------- d-----w- C:\Users\stina\AppData\Local\{A3DF127F-D41E-45B5-8F58-B5FBD93B1297}

2012-07-01 07:42:32 -------- d-----w- C:\Users\stina\AppData\Local\{160A5D49-A35C-48D5-B432-F6A333E82136}

2012-07-01 07:42:22 -------- d-----w- C:\Users\stina\AppData\Local\{E0A2A27D-84E0-45D3-AF25-AA09158AB26A}

2012-07-01 07:42:12 -------- d-----w- C:\Users\stina\AppData\Local\{1B721F2D-A4B2-4750-BF84-6CD2B55C1ABF}

2012-06-30 19:41:48 -------- d-----w- C:\Users\stina\AppData\Local\{D40C130A-CB7A-42DB-9703-DC432B3A0426}

2012-06-30 19:41:39 -------- d-----w- C:\Users\stina\AppData\Local\{36F30496-F344-4035-9780-CE15AA457353}

2012-06-30 19:41:19 -------- d-----w- C:\Users\stina\AppData\Local\{038CC08A-09DE-43CE-AA18-2C901BC3B11F}

2012-06-30 07:41:08 -------- d-----w- C:\Users\stina\AppData\Local\{AD50A047-B229-4ACB-A561-2065FA2A0E2C}

2012-06-30 07:40:58 -------- d-----w- C:\Users\stina\AppData\Local\{F9E89C02-9D51-403F-B073-423E67E710C9}

2012-06-30 07:40:49 -------- d-----w- C:\Users\stina\AppData\Local\{E3D347E9-7C61-4503-A281-CAE2698A233D}

2012-06-30 07:40:39 -------- d-----w- C:\Users\stina\AppData\Local\{249A4D99-3F26-4965-9D72-9D221B1D7673}

2012-06-29 19:40:14 -------- d-----w- C:\Users\stina\AppData\Local\{BB980F7A-382B-4B00-9BFC-70745D010BB3}

2012-06-29 19:40:05 -------- d-----w- C:\Users\stina\AppData\Local\{198631D5-BB97-4D77-91E5-5F77DDD27C18}

2012-06-29 19:39:55 -------- d-----w- C:\Users\stina\AppData\Local\{4B265573-C179-4E5A-BE2C-89A3F52E04DF}

2012-06-29 07:39:42 -------- d-----w- C:\Users\stina\AppData\Local\{2FF2B996-10D1-47C9-A88F-E5AB000326D8}

2012-06-29 07:39:33 -------- d-----w- C:\Users\stina\AppData\Local\{840E0F94-6DD7-41B4-8676-F8157CE635A0}

2012-06-29 07:39:23 -------- d-----w- C:\Users\stina\AppData\Local\{4C17595F-DDD5-46EF-9CE1-2CE7FFC31A90}

2012-06-29 07:39:13 -------- d-----w- C:\Users\stina\AppData\Local\{E9A84BA3-D729-4BF4-A6BC-C496FEED99AA}

2012-06-28 19:38:49 -------- d-----w- C:\Users\stina\AppData\Local\{CDE2552D-41A4-4A01-98BA-C0D1A820127B}

2012-06-28 19:38:39 -------- d-----w- C:\Users\stina\AppData\Local\{87674877-D641-47D1-AB8C-970E97B84303}

2012-06-28 19:38:20 -------- d-----w- C:\Users\stina\AppData\Local\{5D3A607A-0D7D-471D-BF47-8FBEF291E58C}

2012-06-28 07:38:08 -------- d-----w- C:\Users\stina\AppData\Local\{02E038EB-490B-42BD-8BBB-06688D3A8C34}

2012-06-28 07:37:59 -------- d-----w- C:\Users\stina\AppData\Local\{D641F195-C697-45EF-93F1-FC553E18B172}

2012-06-28 07:37:49 -------- d-----w- C:\Users\stina\AppData\Local\{4DCC82F6-AB35-4997-B389-5CF07B9A03E5}

2012-06-28 07:37:39 -------- d-----w- C:\Users\stina\AppData\Local\{6948A940-8AA4-4CD0-AB88-36EFBC339F90}

2012-06-27 19:37:14 -------- d-----w- C:\Users\stina\AppData\Local\{E71C646B-D7EE-4B34-847A-ECD03C4AE09D}

2012-06-27 19:37:05 -------- d-----w- C:\Users\stina\AppData\Local\{D6E6C064-FD45-4331-9A1F-2C47339FBC27}

2012-06-27 07:36:43 -------- d-----w- C:\Users\stina\AppData\Local\{202F0016-53BF-48D1-B4B2-5C1FB502AFBA}

2012-06-27 07:36:33 -------- d-----w- C:\Users\stina\AppData\Local\{AD4A0C4A-5A80-4EFE-B388-CDA8C07A5AEA}

2012-06-27 07:36:24 -------- d-----w- C:\Users\stina\AppData\Local\{EC7E6D2B-E2C9-43DE-A77A-B145B156EBBA}

2012-06-27 07:36:14 -------- d-----w- C:\Users\stina\AppData\Local\{C598DCD4-6584-42F7-8294-61C99CDD4BFD}

2012-06-26 19:35:50 -------- d-----w- C:\Users\stina\AppData\Local\{8CB8B0E7-B677-4F77-A3F2-11AF5002B019}

2012-06-26 19:35:40 -------- d-----w- C:\Users\stina\AppData\Local\{A6C3F74D-2FB4-4E8B-8394-B2A89F9E4FE7}

2012-06-26 19:35:31 -------- d-----w- C:\Users\stina\AppData\Local\{89D26014-2E50-43F4-AB28-9F46118E95E8}

2012-06-26 07:35:10 -------- d-----w- C:\Users\stina\AppData\Local\{9C782738-31E0-4E12-929B-6458D8659D9D}

2012-06-26 07:35:00 -------- d-----w- C:\Users\stina\AppData\Local\{BFFCB8C9-648E-42F8-83BB-B48537A6EF75}

2012-06-26 07:34:51 -------- d-----w- C:\Users\stina\AppData\Local\{EB414763-8346-4CB3-BB69-D31A071A21A1}

2012-06-26 07:34:41 -------- d-----w- C:\Users\stina\AppData\Local\{547D8A48-340B-41EA-AAFA-51B199FC84BE}

2012-06-25 19:34:16 -------- d-----w- C:\Users\stina\AppData\Local\{76323D57-84F4-4349-96F9-1A379F8EE059}

2012-06-25 19:34:07 -------- d-----w- C:\Users\stina\AppData\Local\{EAE51399-293C-4A82-BA9E-FFA6A7C2A3A9}

2012-06-25 19:33:48 -------- d-----w- C:\Users\stina\AppData\Local\{447BCDD7-BCCD-4A45-97F2-D4CBD2C86510}

2012-06-25 07:33:36 -------- d-----w- C:\Users\stina\AppData\Local\{E91B9C65-70FA-4DBB-B841-89959CF3C630}

2012-06-25 07:33:27 -------- d-----w- C:\Users\stina\AppData\Local\{F031443D-00A8-40A0-9BAE-9FC933CD9B64}

2012-06-25 07:33:17 -------- d-----w- C:\Users\stina\AppData\Local\{5AB9E447-D5F7-4CA7-9D1D-12A286E1AF97}

2012-06-25 07:33:07 -------- d-----w- C:\Users\stina\AppData\Local\{87CB8214-1AC1-4BCA-BCAC-4221EB43E649}

2012-06-24 19:32:42 -------- d-----w- C:\Users\stina\AppData\Local\{978A92D2-9F11-4614-B258-675A606D1DC2}

2012-06-24 19:32:33 -------- d-----w- C:\Users\stina\AppData\Local\{6CCFE260-5B71-45CE-B0EA-073C8385ECB2}

2012-06-24 19:32:23 -------- d-----w- C:\Users\stina\AppData\Local\{C6014186-821F-44D4-8353-1B2DC41DE0E4}

2012-06-24 07:32:02 -------- d-----w- C:\Users\stina\AppData\Local\{F1C2EB6F-78B3-4FBD-8A31-2759AF515E59}

2012-06-24 07:31:53 -------- d-----w- C:\Users\stina\AppData\Local\{888A2594-F360-477A-B9A7-53283413A562}

2012-06-24 07:31:43 -------- d-----w- C:\Users\stina\AppData\Local\{4C1998C6-215F-4101-9C1B-9F6AA9349BB8}

2012-06-24 07:31:34 -------- d-----w- C:\Users\stina\AppData\Local\{18B7EFE4-8E34-49D3-8768-757E4F1BBC04}

2012-06-23 19:31:10 -------- d-----w- C:\Users\stina\AppData\Local\{9D3B3193-4426-4D99-B104-3E44E7C95412}

2012-06-23 19:31:00 -------- d-----w- C:\Users\stina\AppData\Local\{095EE6AF-65D6-4D0C-B4F6-A1D712ACECB7}

2012-06-23 19:30:51 -------- d-----w- C:\Users\stina\AppData\Local\{CD20EE33-D61C-4EA8-9D90-0EEE7E63DFE7}

2012-06-23 19:30:41 -------- d-----w- C:\Users\stina\AppData\Local\{BD09ADAD-5EA0-4868-B599-B5AD6FE574D3}

2012-06-23 07:30:16 -------- d-----w- C:\Users\stina\AppData\Local\{9D599130-0E25-4696-890D-BBBC81F91C8B}

2012-06-23 07:30:07 -------- d-----w- C:\Users\stina\AppData\Local\{726A8D34-90A0-42DD-846C-F531ED6D9144}

2012-06-23 07:29:57 -------- d-----w- C:\Users\stina\AppData\Local\{9F27A51A-021D-4284-AB4B-4EFC830D8E00}

2012-06-23 07:29:47 -------- d-----w- C:\Users\stina\AppData\Local\{D583AC1F-3D26-4F0F-BE95-FD30ACC9F14A}

2012-06-22 19:29:22 -------- d-----w- C:\Users\stina\AppData\Local\{117B67F1-2834-43CA-81A1-FD709C077BB0}

2012-06-22 19:29:13 -------- d-----w- C:\Users\stina\AppData\Local\{EC7BB19B-238B-4A52-B486-935174E9DC47}

2012-06-22 19:28:53 -------- d-----w- C:\Users\stina\AppData\Local\{63CA000B-29C6-49C6-9777-EC7B16CF3DF2}

2012-06-22 07:28:41 -------- d-----w- C:\Users\stina\AppData\Local\{8B1699F8-C177-4FC6-871C-BB98F388AD7C}

2012-06-22 07:28:32 -------- d-----w- C:\Users\stina\AppData\Local\{00BDF5C5-7580-44AF-B2AE-9702B068ABA9}

2012-06-22 07:28:22 -------- d-----w- C:\Users\stina\AppData\Local\{560DFB60-EB13-4013-A91A-CFF25B8DE389}

2012-06-22 07:28:12 -------- d-----w- C:\Users\stina\AppData\Local\{F88089F1-4926-4B3C-B9E0-C3CDEB2447D6}

2012-06-21 20:40:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 20:39:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 20:39:29 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 20:39:29 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 19:27:48 -------- d-----w- C:\Users\stina\AppData\Local\{B14741E1-96C1-44E0-9E90-C6E3AC657011}

2012-06-21 19:27:38 -------- d-----w- C:\Users\stina\AppData\Local\{DF2CF809-67CA-431B-9D97-676BD1094C8E}

2012-06-21 19:27:29 -------- d-----w- C:\Users\stina\AppData\Local\{FDABB90B-EAA5-4767-A149-01336A6640A5}

2012-06-21 19:27:18 -------- d-----w- C:\Users\stina\AppData\Local\{5DA5F603-7B57-4161-B785-14611461CAA4}

2012-06-21 07:26:54 -------- d-----w- C:\Users\stina\AppData\Local\{49195C15-D4F0-4866-9D23-6CA1FC65F504}

2012-06-21 07:26:44 -------- d-----w- C:\Users\stina\AppData\Local\{21788763-2E70-46E5-94FB-C0D4D4B3A058}

2012-06-21 07:26:35 -------- d-----w- C:\Users\stina\AppData\Local\{029AE6C2-F5D3-4A0C-9A33-241615D990F6}

2012-06-21 07:26:25 -------- d-----w- C:\Users\stina\AppData\Local\{EE2FBA82-C148-4D7C-8BA0-2DEB0CF83F15}

2012-06-20 19:26:01 -------- d-----w- C:\Users\stina\AppData\Local\{2438D1B8-89D3-46A3-BFD8-A7CEE2584709}

2012-06-20 19:25:51 -------- d-----w- C:\Users\stina\AppData\Local\{BEC30764-4C48-404C-B48C-937EBC708BEC}

2012-06-20 19:25:42 -------- d-----w- C:\Users\stina\AppData\Local\{4686BB14-6DC4-4164-94A0-4CDACE09C9A0}

2012-06-20 07:25:21 -------- d-----w- C:\Users\stina\AppData\Local\{50067432-28C9-4128-9D1B-99436CD248A0}

2012-06-20 07:25:11 -------- d-----w- C:\Users\stina\AppData\Local\{6CA23D99-AECF-4151-A7BA-10DD7EFB010F}

2012-06-20 07:25:01 -------- d-----w- C:\Users\stina\AppData\Local\{CB7E4373-3846-472D-BC3C-BAAAD9C4030C}

2012-06-20 07:24:51 -------- d-----w- C:\Users\stina\AppData\Local\{3E9FDA21-6C98-4574-975E-8EB8AD18C6E0}

2012-06-19 19:24:27 -------- d-----w- C:\Users\stina\AppData\Local\{28E6DA75-5429-4D4D-881D-55B21A7CDAE4}

2012-06-19 19:24:17 -------- d-----w- C:\Users\stina\AppData\Local\{64EB504A-59C9-4987-9544-BF58041CA784}

2012-06-19 19:24:08 -------- d-----w- C:\Users\stina\AppData\Local\{F0C347D9-E88E-4403-932D-7A630D6B5FBE}

2012-06-19 07:23:46 -------- d-----w- C:\Users\stina\AppData\Local\{E492AC77-12A3-4CE9-90A7-1663705EAAED}

2012-06-19 07:23:31 -------- d-----w- C:\Users\stina\AppData\Local\{523B97B3-FBB5-4576-B7F6-7AD858E346D7}

2012-06-19 07:23:21 -------- d-----w- C:\Users\stina\AppData\Local\{01DFC672-B6A2-446B-9752-DC3363BFA9D1}

2012-06-19 07:23:11 -------- d-----w- C:\Users\stina\AppData\Local\{4D2B854F-19A3-4576-A729-7CF1CB7048F9}

2012-06-18 19:22:48 -------- d-----w- C:\Users\stina\AppData\Local\{140CF76E-E93E-428C-85C8-8FF27FD13EA4}

2012-06-18 19:22:39 -------- d-----w- C:\Users\stina\AppData\Local\{4BC49146-5514-46DC-884F-3E594DFD7DCE}

2012-06-18 07:22:15 -------- d-----w- C:\Users\stina\AppData\Local\{5DC9D4CE-9837-4FA9-A13D-621CD4677107}

2012-06-17 19:21:43 -------- d-----w- C:\Users\stina\AppData\Local\{C26E265F-CBD5-402D-BA99-7794A9187FBF}

2012-06-17 07:21:32 -------- d-----w- C:\Users\stina\AppData\Local\{2D195B63-6805-4EF2-B40F-61EA091A0223}

2012-06-16 07:20:58 -------- d-----w- C:\Users\stina\AppData\Local\{5C01B139-9B47-45AD-8BC8-2F196FF4CFB4}

2012-06-16 07:20:48 -------- d-----w- C:\Users\stina\AppData\Local\{915F8755-BE63-483F-80C6-874983E09B78}

2012-06-15 07:20:14 -------- d-----w- C:\Users\stina\AppData\Local\{B6155DF4-41C3-4A91-9F68-F47556176946}

2012-06-14 19:19:49 -------- d-----w- C:\Users\stina\AppData\Local\{957C4EF0-2B9F-4458-8E35-415C07E43A9E}

2012-06-14 19:19:40 -------- d-----w- C:\Users\stina\AppData\Local\{C1E73B22-C362-4A31-81DA-81BD3F1E65D0}

2012-06-14 19:19:30 -------- d-----w- C:\Users\stina\AppData\Local\{AC848170-EF7B-42F0-A54A-C079CA3854F4}

2012-06-14 07:19:09 -------- d-----w- C:\Users\stina\AppData\Local\{08F4D910-D159-4FD3-AA89-469244CBE19D}

2012-06-14 07:18:59 -------- d-----w- C:\Users\stina\AppData\Local\{A10A6431-243E-4847-8140-DD9F31DAB24A}

2012-06-14 07:18:50 -------- d-----w- C:\Users\stina\AppData\Local\{9377A104-9ECC-4CA0-A2C6-2E09F8E9D5D5}

2012-06-14 07:18:39 -------- d-----w- C:\Users\stina\AppData\Local\{80CD6CD4-3075-4C02-BF1C-B21DC07780F2}

2012-06-13 21:10:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-13 21:10:01 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-13 21:10:01 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-13 19:18:15 -------- d-----w- C:\Users\stina\AppData\Local\{97D1DC74-6FFD-4A57-B39D-652D3A70E7B9}

2012-06-13 19:18:05 -------- d-----w- C:\Users\stina\AppData\Local\{A229581C-B0D2-4F25-9107-235421971BD9}

2012-06-13 19:17:46 -------- d-----w- C:\Users\stina\AppData\Local\{568EF687-D48B-4A7C-BAC4-53AF07DAA046}

2012-06-13 07:17:34 -------- d-----w- C:\Users\stina\AppData\Local\{A2CEACF2-6D3D-474B-AAA2-15703EEE86D3}

2012-06-13 07:17:25 -------- d-----w- C:\Users\stina\AppData\Local\{73258CB6-ED9C-432F-BC3C-B70452D64CD5}

2012-06-13 07:17:15 -------- d-----w- C:\Users\stina\AppData\Local\{046D038D-BE48-4B57-A3E6-975FEA8D6367}

2012-06-13 07:17:05 -------- d-----w- C:\Users\stina\AppData\Local\{10286032-CA28-4CE2-AC15-CEDD2003901D}

2012-06-12 19:16:41 -------- d-----w- C:\Users\stina\AppData\Local\{F07EBA4C-EC2D-4275-A0E1-84BB3C69E08D}

2012-06-12 19:16:32 -------- d-----w- C:\Users\stina\AppData\Local\{79790264-C359-421A-A6AF-72CF367E23DF}

2012-06-12 19:16:12 -------- d-----w- C:\Users\stina\AppData\Local\{8236362F-A2DA-4FC1-8A28-B9D68E251431}

2012-06-12 07:16:00 -------- d-----w- C:\Users\stina\AppData\Local\{F36A3A93-0020-4D6D-9906-B64977DAC937}

2012-06-12 07:15:50 -------- d-----w- C:\Users\stina\AppData\Local\{CD355AD0-35E2-4F8C-B3C2-49CCF41AF353}

2012-06-12 07:15:40 -------- d-----w- C:\Users\stina\AppData\Local\{14F909E0-0B21-46F6-BA6E-7C21293635AA}

2012-06-12 07:15:30 -------- d-----w- C:\Users\stina\AppData\Local\{0D69F3C1-8F89-42C7-BD6F-A90D464A3AD4}

2012-06-11 19:15:04 -------- d-----w- C:\Users\stina\AppData\Local\{50544278-87BE-4299-8546-988FC056CE5B}

2012-06-11 19:14:54 -------- d-----w- C:\Users\stina\AppData\Local\{BD9AFF86-DFD3-442F-88E0-415BF9152949}

2012-06-11 19:14:45 -------- d-----w- C:\Users\stina\AppData\Local\{63469665-9C1B-454A-940D-C6984E56F126}

2012-06-11 07:14:24 -------- d-----w- C:\Users\stina\AppData\Local\{33CA9805-9CBD-4AC7-80EB-B0C64D45A20A}

2012-06-11 07:14:14 -------- d-----w- C:\Users\stina\AppData\Local\{8E866263-A7BA-414C-95BE-5AFCAFA6D417}

2012-06-11 07:14:04 -------- d-----w- C:\Users\stina\AppData\Local\{D38191A1-154B-4215-BEC8-5A4A88ADF36F}

2012-06-11 07:13:54 -------- d-----w- C:\Users\stina\AppData\Local\{0C9590FE-F47F-485C-BA7F-0314E739B3D5}

2012-06-10 19:13:30 -------- d-----w- C:\Users\stina\AppData\Local\{84D8320E-B93E-4356-9039-4CEBAF16973E}

2012-06-10 19:13:20 -------- d-----w- C:\Users\stina\AppData\Local\{227B0BD2-A244-4574-8797-98A315FB870D}

2012-06-10 19:13:01 -------- d-----w- C:\Users\stina\AppData\Local\{89A562DD-65A2-4028-974E-1B07176A0E09}

2012-06-10 07:12:50 -------- d-----w- C:\Users\stina\AppData\Local\{C14D3108-D698-4637-AF35-5C21DD94723D}

2012-06-10 07:12:40 -------- d-----w- C:\Users\stina\AppData\Local\{6813CD20-9257-4D2A-8247-19CD94BE93BB}

2012-06-10 07:12:30 -------- d-----w- C:\Users\stina\AppData\Local\{3110F8DC-6487-4198-8E9D-3F128694A699}

2012-06-10 07:12:20 -------- d-----w- C:\Users\stina\AppData\Local\{20959937-D0F0-426B-B9E0-10CEFE87D95E}

2012-06-09 19:11:52 -------- d-----w- C:\Users\stina\AppData\Local\{BB5CA421-1865-48EB-9D00-10A46D6CF7B7}

2012-06-09 19:11:43 -------- d-----w- C:\Users\stina\AppData\Local\{D1EC4E84-E2BF-48F6-B58B-DE5B9B2EDFC7}

2012-06-09 19:11:33 -------- d-----w- C:\Users\stina\AppData\Local\{84935E4F-2A77-4932-931D-555C83271E48}

2012-06-09 07:11:12 -------- d-----w- C:\Users\stina\AppData\Local\{F8E6DB9B-991A-4F4F-B6DA-BA611676CED4}

2012-06-09 07:11:03 -------- d-----w- C:\Users\stina\AppData\Local\{F17DA4FC-67A3-4E70-8BE3-4C211A23EB95}

2012-06-09 07:10:53 -------- d-----w- C:\Users\stina\AppData\Local\{CAF9EB11-DE36-4284-AA53-79277E702812}

2012-06-09 07:10:44 -------- d-----w- C:\Users\stina\AppData\Local\{9CC88E44-DD49-4B65-B3E5-F7F48D8E330A}

2012-06-08 19:10:19 -------- d-----w- C:\Users\stina\AppData\Local\{4A93F9A1-835B-46C6-AE1B-44A8BEC21B37}

2012-06-08 19:10:10 -------- d-----w- C:\Users\stina\AppData\Local\{4FC30AD4-028B-4125-A14A-976680F476AB}

2012-06-08 19:10:01 -------- d-----w- C:\Users\stina\AppData\Local\{9A0ECFEA-8412-4E73-A074-5187175DBD17}

2012-06-08 07:09:39 -------- d-----w- C:\Users\stina\AppData\Local\{9E72E600-A5E1-4EFE-B713-EC266B7768EC}

2012-06-08 07:09:30 -------- d-----w- C:\Users\stina\AppData\Local\{7C764A04-CB37-4F2E-B1C4-71697608A63C}

2012-06-08 07:09:20 -------- d-----w- C:\Users\stina\AppData\Local\{652CA943-C8D4-445C-B0F3-626C8E28F561}

2012-06-08 07:09:10 -------- d-----w- C:\Users\stina\AppData\Local\{1E62D9BC-D5BD-4131-B700-4C5D220A7342}

2012-06-07 19:08:46 -------- d-----w- C:\Users\stina\AppData\Local\{B36B9876-888D-463E-90A1-07DBE11E9C91}

2012-06-07 19:08:37 -------- d-----w- C:\Users\stina\AppData\Local\{C09B3E76-2290-4127-90F1-CEAA192711F7}

2012-06-07 19:08:17 -------- d-----w- C:\Users\stina\AppData\Local\{3A0CA289-3DFA-403D-99F8-9FFC237372A9}

2012-06-07 07:08:05 -------- d-----w- C:\Users\stina\AppData\Local\{CEC1B2F9-A3D8-4945-803B-3BBABEADBA7C}

2012-06-07 07:07:56 -------- d-----w- C:\Users\stina\AppData\Local\{B6A8501B-0773-4923-BAB3-3FD0426C6B69}

2012-06-07 07:07:46 -------- d-----w- C:\Users\stina\AppData\Local\{A378A924-E6B2-467C-AE8C-46774FC46C72}

2012-06-07 07:07:36 -------- d-----w- C:\Users\stina\AppData\Local\{13DB11CE-425F-4293-9ED1-8E7E958C3668}

2012-06-06 19:07:12 -------- d-----w- C:\Users\stina\AppData\Local\{E08D1CEE-FF78-463C-8FF3-680ABC2E4B4F}

2012-06-06 19:07:03 -------- d-----w- C:\Users\stina\AppData\Local\{2DA58743-6C9A-44CD-9CEC-13742BD0B7A0}

2012-06-06 19:06:53 -------- d-----w- C:\Users\stina\AppData\Local\{E9E43D28-2538-4A4B-92AD-C5DBC40F52AB}

.

==================== Find3M ====================

.

2012-06-15 07:06:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-15 07:06:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-09 07:34:59 55960 ----a-w- C:\Windows\System32\drivers\fsbts.sys

2012-05-05 05:53:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 21:47:49 0 ----a-w- C:\Windows\SysWow64\shoE92E.tmp

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

.

============= FINISH: 10:40:43,20 ===============

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

Hur får jag in Attach-loggen? Jag får inte lägga in den står det.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Om du har problem med att bifoga Attach-loggen så kan du klistra in den i stället, precis som med DDS.txt.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2010-12-17 09:28:10

System Uptime: 2012-07-06 06:52:32 (4 hours ago)

.

Motherboard: Hewlett-Packard | | 1605

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 230,398 GiB free.

D: is FIXED (NTFS) - 19 GiB total, 2,736 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP299: 2012-06-20 04:38:06 - Windows Update

RP300: 2012-06-21 22:38:39 - Windows Update

RP301: 2012-06-24 19:00:16 - Windows Säkerhetskopiering

RP302: 2012-06-26 23:19:07 - Windows Update

RP303: 2012-07-01 19:00:17 - Windows Säkerhetskopiering

RP304: 2012-07-03 19:55:54 - Windows Update

RP305: 2012-07-05 13:38:28 - Windows Säkerhetskopiering

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Photoshop 7.0

Adobe Reader 9.5.1 MUI

Adobe Shockwave Player 11.5

Agatha Christie - Death on the Nile

Bahnhof Internet Security

Bejeweled 2 Deluxe

Bing Bar

Blackhawk Striker 2

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Computer Security 12.49.104.0 (release)

CyberLink DVD Suite

CyberLink PowerDVD 9

CyberLink YouCam

D3DX10

Dora's Carnival Adventure

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

F-Secure CCF Reputation

F-Secure Network CCF 1.02.106

FATE

Final Drive Nitro

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.2.0

HP Advisor

HP Customer Experience Enhancements

HP Documentation

HP Game Console

HP Games

HP Power Manager

HP Quick Launch

HP Setup

HP Software Framework

HP Support Assistant

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 31

Jewel Quest - Heritage

Junk Mail filter update

LabelPrint

LightScribe System Software

Magic Desktop

Messenger Companion

Microsoft Office 2010

Microsoft Office Klicka-och-kör 2010

Microsoft Office Starter 2010 - svenska

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSVCRT_amd64

Penguins!

PhotoNow!

Plants vs. Zombies

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

REALTEK Wireless LAN Software

Recovery Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Virtual Villagers - The Secret City

Zuma Deluxe

.

==== End Of File ===========================

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Infektionerna har skapat många mappar i datorn. Det framgår inte av loggen om de är tomma eller inte så det är bäst att ta bort dem. Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

Nu äntligen har COMBOFIX tragglat sig igenom datorn och lämnade följande logg:

Hoppas inget viktigt tagits bort.

Kan det vara idé att göra en fullständig systemåterställningsskiva eller vad det heter?

 

ComboFix 12-07-06.01 - stina 2012-07-06 14:02:34.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3003.1585 [GMT 2:00]

Körs från: c:\users\stina\Desktop\ComboFix.exe

AV: Datorskydd *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Datorskydd *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Datorskydd *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\IWONGEI\Installr\1.bin

c:\users\stina\AppData\Roaming\Afbau

c:\users\stina\AppData\Roaming\Afbau\hedug.qup

c:\users\stina\AppData\Roaming\Alymd

c:\users\stina\AppData\Roaming\Alymd\qasua.exe

c:\users\stina\AppData\Roaming\Aqga

c:\users\stina\AppData\Roaming\Aqga\ocdau.gyu

c:\users\stina\AppData\Roaming\Cofe

c:\users\stina\AppData\Roaming\Cofe\ekagu.exe

c:\users\stina\AppData\Roaming\Coot

c:\users\stina\AppData\Roaming\Coot\atafl.eki

c:\users\stina\AppData\Roaming\Diur

c:\users\stina\AppData\Roaming\Diur\ynmus.awy

c:\users\stina\AppData\Roaming\Ecbek

c:\users\stina\AppData\Roaming\Ecbek\qoos.exe

c:\users\stina\AppData\Roaming\Eweny

c:\users\stina\AppData\Roaming\Eweny\guwa.pit

c:\users\stina\AppData\Roaming\Fiwum

c:\users\stina\AppData\Roaming\Fiwum\ytpy.exe

c:\users\stina\AppData\Roaming\Fosa

c:\users\stina\AppData\Roaming\Fosa\zeyqy.zox

c:\users\stina\AppData\Roaming\Hugag

c:\users\stina\AppData\Roaming\Hugag\emfyk.usb

c:\users\stina\AppData\Roaming\Hugau

c:\users\stina\AppData\Roaming\Hugau\zauwq.iva

c:\users\stina\AppData\Roaming\Huikh

c:\users\stina\AppData\Roaming\Huikh\piixl.ect

c:\users\stina\AppData\Roaming\Hyfele

c:\users\stina\AppData\Roaming\Hyfele\hoef.iga

c:\users\stina\AppData\Roaming\Inovp

c:\users\stina\AppData\Roaming\Inovp\udagi.ihd

c:\users\stina\AppData\Roaming\Inypi

c:\users\stina\AppData\Roaming\Inypi\yvir.exe

c:\users\stina\AppData\Roaming\Nahe

c:\users\stina\AppData\Roaming\Nahe\mypy.exe

c:\users\stina\AppData\Roaming\Odqy

c:\users\stina\AppData\Roaming\Odqy\ikubn.uty

c:\users\stina\AppData\Roaming\Okecna

c:\users\stina\AppData\Roaming\Okecna\tyehy.oky

c:\users\stina\AppData\Roaming\Ravy

c:\users\stina\AppData\Roaming\Ravy\zyzy.ihn

c:\users\stina\AppData\Roaming\Ryitm

c:\users\stina\AppData\Roaming\Ryitm\tieb.exe

c:\users\stina\AppData\Roaming\Syug

c:\users\stina\AppData\Roaming\Syug\ulze.ybz

c:\users\stina\AppData\Roaming\Tyli

c:\users\stina\AppData\Roaming\Tyli\tyyr.reo

c:\users\stina\AppData\Roaming\Ugfo

c:\users\stina\AppData\Roaming\Ugfo\ytip.ixi

c:\users\stina\AppData\Roaming\Ulbuik

c:\users\stina\AppData\Roaming\Ulbuik\feiq.gay

c:\users\stina\AppData\Roaming\Umegi

c:\users\stina\AppData\Roaming\Umegi\amyn.soy

c:\users\stina\AppData\Roaming\Upohy

c:\users\stina\AppData\Roaming\Upohy\zuryq.exe

c:\users\stina\AppData\Roaming\Vyefn

c:\users\stina\AppData\Roaming\Vyefn\galyb.exe

c:\users\stina\AppData\Roaming\Yfha

c:\users\stina\AppData\Roaming\Yfha\been.exe

c:\users\stina\AppData\Roaming\Ylyse

c:\users\stina\AppData\Roaming\Ylyse\suax.enp

c:\users\stina\AppData\Roaming\Ysop

c:\users\stina\AppData\Roaming\Ysop\pufe.ree

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-06 till 2012-07-06 ))))))))))))))))))))))))))))))

.

.

2012-07-06 15:16 . 2012-07-06 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-06 09:09 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD0D2528-0050-4328-A29A-4DA5ABCF43DA}\mpengine.dll

2012-07-05 15:06 . 2012-07-06 04:49 -------- d-----w- c:\users\stina\AppData\Roaming\Oqufw

2012-07-05 15:06 . 2012-07-06 04:43 -------- d-----w- c:\users\stina\AppData\Roaming\Lubada

2012-07-04 16:37 . 2011-12-19 03:27 44984 ----a-w- c:\windows\system32\drivers\fses.sys

2012-07-04 16:37 . 2011-12-19 03:27 94072 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-07-04 14:31 . 2012-07-06 04:49 -------- d-----w- c:\users\stina\AppData\Roaming\Hapoc

2012-07-04 14:31 . 2012-07-06 04:46 -------- d-----w- c:\users\stina\AppData\Roaming\Ekukho

2012-07-04 14:31 . 2012-07-04 14:31 -------- d-----w- c:\users\stina\AppData\Roaming\Sihua

2012-06-21 20:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 20:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 20:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 20:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 20:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 20:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 20:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 20:39 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 20:39 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-13 21:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 21:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 21:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-15 07:06 . 2012-03-30 06:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-15 07:06 . 2011-06-04 04:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 07:34 . 2011-02-28 09:51 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-05-05 05:53 . 2012-04-13 20:53 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-26 21:47 . 2012-04-26 21:47 0 ----a-w- c:\windows\SysWow64\shoE92E.tmp

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-28 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"F-Secure Hoster"="c:\program files (x86)\Bahnhof Internet Security\fshoster32.exe" [2012-04-27 159480]

"F-Secure Manager"="c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSM32.EXE" [2011-12-19 310936]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-17 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 257224]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 136176]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2012-07-04 62032]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-12-19 44984]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-12-19 94072]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2011-12-19 13976]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Bahnhof Internet Security\fshoster32.exe [2012-04-27 159480]

S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Bahnhof Internet Security\apps\CCF_Reputation\fsorsp.exe [2011-12-12 61120]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-07-04 199888]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-02-05 1093152]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:06]

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 09:07]

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 09:07]

.

2012-07-01 c:\windows\Tasks\HPCeeScheduleForstina.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Extra genomsökning -------

.

uStart Page = https://www.facebook.com/home.php

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 213.80.98.2 213.80.101.3

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.se/Genoogle/Components/ActiveX/SearchEngineQuery.dll

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fshoster]

"ImagePath"="\"c:\program files (x86)\Bahnhof Internet Security\fshoster32.exe\" -hosterid:0"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\F-Secure\My Services Agent\Protected]

@Denied: ) (Everyone)

"AgentIdentifier"="df2048be-72b8-438c-89a8-8768bb0944ca"

"AuthorizationCode"="vGekavBEijOCXjkE9XSinJFKiScawnCVycvOsQeMh4Lm27iswaOk2Q"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE

.

**************************************************************************

.

Sluttid: 2012-07-06 17:25:32 - datorn startades om.

ComboFix-quarantined-files.txt 2012-07-06 15:25

.

Före genomsökningen: 247 295 926 272 byte ledigt

Efter genomsökningen: 247 550 246 912 byte ledigt

.

- - End Of File - - C6D3AAC533868456A34D85D5C0C6D1E6

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

ComboFix tog bort de flesta av mapparna med skadliga program, men några är kvar. Gör så här för att få bort dem:

 

Kopiera alla rader i rutan:

Killall::
ClearJavaCache::
Folder::
c:\users\stina\AppData\Roaming\Oqufw
c:\users\stina\AppData\Roaming\Lubada
c:\users\stina\AppData\Roaming\Hapoc
c:\users\stina\AppData\Roaming\Ekukho
c:\users\stina\AppData\Roaming\Sihua

och klistra in i Anteckningar. Kontrollera att det är 8 rader.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut och en ny DDS-logg.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

Jag har kvar kombofixikonen på skrivbordet, den går väl att använda?

Måste jag stänga av alla program o antivirusgrejer igen innan? Pust!

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Cecilia

Du behöver inte ladda ner ComboFix igen, men du behöver stänga av antivirusprogrammet igen för att det inte ska lägga sig i vad ComboFix gör och eftersom datorn kommer att startas om är det bäst att du stänger av alla andra program.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

tog lite tid :)

 

ComboFix 12-07-06.01 - stina 2012-07-06 18:50:53.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3003.1965 [GMT 2:00]

Körs från: c:\users\stina\Desktop\ComboFix.exe

Kommandoväxlar som använts :: c:\users\stina\Desktop\CFScript.txt

AV: Datorskydd *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Datorskydd *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Datorskydd *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\stina\AppData\Roaming\Ekukho

c:\users\stina\AppData\Roaming\Ekukho\moov.rur

c:\users\stina\AppData\Roaming\Hapoc

c:\users\stina\AppData\Roaming\Lubada

c:\users\stina\AppData\Roaming\Lubada\xylu.heu

c:\users\stina\AppData\Roaming\Lubada\xylu.tmp

c:\users\stina\AppData\Roaming\Oqufw

c:\users\stina\AppData\Roaming\Sihua

c:\users\stina\AppData\Roaming\Sihua\faahu.seo

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-06 till 2012-07-06 ))))))))))))))))))))))))))))))

.

.

2012-07-06 19:22 . 2012-07-06 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-06 09:09 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD0D2528-0050-4328-A29A-4DA5ABCF43DA}\mpengine.dll

2012-07-04 16:37 . 2011-12-19 03:27 44984 ----a-w- c:\windows\system32\drivers\fses.sys

2012-07-04 16:37 . 2011-12-19 03:27 94072 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-06-21 20:40 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 20:40 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 20:40 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 20:40 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 20:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 20:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 20:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 20:39 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 20:39 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-13 21:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 21:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 21:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-15 07:06 . 2012-03-30 06:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-15 07:06 . 2011-06-04 04:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 07:34 . 2011-02-28 09:51 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-05-05 05:53 . 2012-04-13 20:53 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-26 21:47 . 2012-04-26 21:47 0 ----a-w- c:\windows\SysWow64\shoE92E.tmp

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-06_15.19.07 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-07-06 15:17 . 2012-07-06 15:17 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2012-07-06 19:23 . 2012-07-06 19:23 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2009-07-14 04:54 . 2012-07-06 15:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-06 19:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-06 15:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-06 19:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-06 15:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-06 19:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-07-14 20:31 . 2012-07-06 19:25 64366 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-06 19:25 51424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-12-17 10:26 . 2012-07-06 19:25 16052 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-308898443-342613545-1408850838-1000_UserData.bin

+ 2012-07-06 19:23 . 2012-07-06 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-06 15:18 . 2012-07-06 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-06 15:18 . 2012-07-06 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-06 19:23 . 2012-07-06 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-07-06 15:17 234124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-06 19:23 234124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-12-17 10:23 . 2012-07-06 19:23 6474216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-308898443-342613545-1408850838-1000-8192.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-28 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"F-Secure Hoster"="c:\program files (x86)\Bahnhof Internet Security\fshoster32.exe" [2012-04-27 159480]

"F-Secure Manager"="c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSM32.EXE" [2011-12-19 310936]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-17 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 257224]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 136176]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2012-07-04 62032]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-12-19 44984]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-12-19 94072]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2011-12-19 13976]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Bahnhof Internet Security\fshoster32.exe [2012-04-27 159480]

S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Bahnhof Internet Security\apps\CCF_Reputation\fsorsp.exe [2011-12-12 61120]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-07-04 199888]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-02-05 1093152]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:06]

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 09:07]

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-28 09:07]

.

2012-07-01 c:\windows\Tasks\HPCeeScheduleForstina.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

.

------- Extra genomsökning -------

.

uStart Page = https://www.facebook.com/home.php

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 213.80.98.2 213.80.101.3

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.se/Genoogle/Components/ActiveX/SearchEngineQuery.dll

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fshoster]

"ImagePath"="\"c:\program files (x86)\Bahnhof Internet Security\fshoster32.exe\" -hosterid:0"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\F-Secure\My Services Agent\Protected]

@Denied: ) (Everyone)

"AgentIdentifier"="df2048be-72b8-438c-89a8-8768bb0944ca"

"AuthorizationCode"="vGekavBEijOCXjkE9XSinJFKiScawnCVycvOsQeMh4Lm27iswaOk2Q"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE

c:\program files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe

.

**************************************************************************

.

Sluttid: 2012-07-06 21:30:48 - datorn startades om.

ComboFix-quarantined-files.txt 2012-07-06 19:30

ComboFix2.txt 2012-07-06 15:25

.

Före genomsökningen: 247 599 034 368 byte ledigt

Efter genomsökningen: 247 560 097 792 byte ledigt

.

- - End Of File - - 7FDA27E3B4E075903D658D059602E06F

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
tskgumman

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by stina at 21:38:21 on 2012-07-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3003.1815 [GMT 2:00]

.

AV: Datorskydd *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

SP: Datorskydd *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Datorskydd *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\CCF_Reputation\fsorsp.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSM32.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSHDLL64.EXE

C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\FWES\Program\fsdfwd.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.facebook.com/home.php

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [F-Secure Hoster] "C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe" -app -hosterid:1

mRun: [F-Secure Manager] "C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.se/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 213.80.98.2 213.80.101.3

TCP: Interfaces\{46E034D5-EF05-4435-BAFF-9AD1FA2D443E} : DhcpNameServer = 213.80.98.2 213.80.101.3

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}

{AA58ED58-01DD-4d91-8333-CF10577473F7}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8dcb7100-df86-4384-8842-8fa844297b3f}

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [F-Secure Hoster] "C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe" -app -hosterid:1

mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash

SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids

.

============= SERVICES / DRIVERS ===============

.

R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2012-7-4 62032]

R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]

R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?]

R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-7-4 13976]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-17 98208]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-7-15 514232]

R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Bahnhof Internet Security\fshoster32.exe [2012-4-27 159480]

R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Bahnhof Internet Security\apps\CCF_Reputation\fsorsp.exe [2011-12-12 61120]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-30 27192]

R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-20 315392]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Bahnhof Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-7-4 199888]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-28 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257224]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-28 136176]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-07-06 19:35:03 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-06 10:34:34 98816 ----a-w- C:\Windows\sed.exe

2012-07-06 10:34:34 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-06 10:34:34 256000 ----a-w- C:\Windows\PEV.exe

2012-07-06 10:34:34 208896 ----a-w- C:\Windows\MBR.exe

2012-07-06 09:09:36 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD0D2528-0050-4328-A29A-4DA5ABCF43DA}\mpengine.dll

2012-07-06 07:50:55 -------- d-----w- C:\Users\stina\AppData\Local\{8D6F571B-002D-4C3A-839D-C4E1638042AA}

2012-07-06 07:50:46 -------- d-----w- C:\Users\stina\AppData\Local\{D8D2CDAD-BA89-46BB-AE27-81BA53B485F9}

2012-07-06 07:50:37 -------- d-----w- C:\Users\stina\AppData\Local\{055EE16D-15DF-4D75-A4B4-5030683D7440}

2012-07-06 07:50:27 -------- d-----w- C:\Users\stina\AppData\Local\{B42DB006-BA80-4B36-9A67-D7999D270785}

2012-07-05 19:50:02 -------- d-----w- C:\Users\stina\AppData\Local\{922015D2-DD0C-4126-A841-91BB4FE28C6E}

2012-07-05 19:49:53 -------- d-----w- C:\Users\stina\AppData\Local\{12AAF0D3-A715-4081-9BFD-12A68FA0B367}

2012-07-05 19:49:43 -------- d-----w- C:\Users\stina\AppData\Local\{13624CB3-2E3C-4353-B8D5-9D9EEFE4C7E4}

2012-07-05 19:49:33 -------- d-----w- C:\Users\stina\AppData\Local\{35FD0C6C-7ECA-4EF9-8CDB-6220AE06D5CB}

2012-07-05 07:49:09 -------- d-----w- C:\Users\stina\AppData\Local\{86F5ACE0-6EBB-410E-AFB8-A5331A71FA74}

2012-07-05 07:49:00 -------- d-----w- C:\Users\stina\AppData\Local\{109D5D1B-66F8-481D-8745-8B9F2547AB8D}

2012-07-05 07:48:50 -------- d-----w- C:\Users\stina\AppData\Local\{0E9AF8F3-69DE-482A-ADA5-000D9CFCAB06}

2012-07-05 07:48:41 -------- d-----w- C:\Users\stina\AppData\Local\{B03D475B-5616-4C24-9CCF-46809A910DF4}

2012-07-04 19:48:16 -------- d-----w- C:\Users\stina\AppData\Local\{179AD686-F266-4D0C-B629-1A6F5F5D2312}

2012-07-04 19:48:07 -------- d-----w- C:\Users\stina\AppData\Local\{DB1B8D79-1577-4306-912C-A3A8975D9F5C}

2012-07-04 19:47:57 -------- d-----w- C:\Users\stina\AppData\Local\{AAE77D5A-46F3-4606-9C2E-56D1BB024F68}

2012-07-04 19:47:47 -------- d-----w- C:\Users\stina\AppData\Local\{15AD9D65-8D79-43EF-ACAF-DB20869625FB}

2012-07-04 16:37:54 44984 ----a-w- C:\Windows\System32\drivers\fses.sys

2012-07-04 16:37:53 94072 ----a-w- C:\Windows\System32\drivers\fsdfw.sys

2012-07-04 07:47:23 -------- d-----w- C:\Users\stina\AppData\Local\{9DA07D1B-1D47-4BEF-812F-D14F8D06C03F}

2012-07-04 07:47:13 -------- d-----w- C:\Users\stina\AppData\Local\{A24EBE24-3F7D-4331-86F8-DE86AAC85899}

2012-07-04 07:47:04 -------- d-----w- C:\Users\stina\AppData\Local\{E6CA611B-381D-40ED-919D-A0A1B65E5605}

2012-07-04 07:46:54 -------- d-----w- C:\Users\stina\AppData\Local\{D2FE09AC-8B78-47DA-8952-42E82A894854}

2012-07-03 19:46:29 -------- d-----w- C:\Users\stina\AppData\Local\{F8C56531-DF22-4509-BD3E-D0B708FE1FCE}

2012-07-03 19:46:20 -------- d-----w- C:\Users\stina\AppData\Local\{787588CF-B58B-44E9-B199-31AA5EF063B1}

2012-07-03 19:46:00 -------- d-----w- C:\Users\stina\AppData\Local\{CC5D3A54-686A-4115-B653-7A32474B904A}

2012-07-03 07:45:49 -------- d-----w- C:\Users\stina\AppData\Local\{E4175555-6248-48B5-90E2-D1ABEC501EDC}

2012-07-03 07:45:39 -------- d-----w- C:\Users\stina\AppData\Local\{A40CEFF5-7192-4DA3-A2DA-4561DEF074C3}

2012-07-03 07:45:29 -------- d-----w- C:\Users\stina\AppData\Local\{6563337F-3EB4-4F98-B24E-8BEA954E652A}

2012-07-03 07:45:20 -------- d-----w- C:\Users\stina\AppData\Local\{51866DD0-E29E-49C0-9055-49A5D7C33CCE}

2012-07-02 19:44:56 -------- d-----w- C:\Users\stina\AppData\Local\{EACB07BE-F461-41D3-8378-0FBC8D232505}

2012-07-02 19:44:46 -------- d-----w- C:\Users\stina\AppData\Local\{6A29CED5-BC25-4475-88D4-16FBDD626784}

2012-07-02 19:44:27 -------- d-----w- C:\Users\stina\AppData\Local\{C25EE1DC-3AC3-46A6-9422-612AA8FB7529}

2012-07-02 07:44:15 -------- d-----w- C:\Users\stina\AppData\Local\{35F16D4F-567D-4D35-8A79-E70CC98E0841}

2012-07-02 07:44:06 -------- d-----w- C:\Users\stina\AppData\Local\{6122D7DC-2DA7-49CD-AF00-A14DB0646D1A}

2012-07-02 07:43:56 -------- d-----w- C:\Users\stina\AppData\Local\{2BD9FD76-FB3E-4356-BDC2-DC122F775778}

2012-07-02 07:43:46 -------- d-----w- C:\Users\stina\AppData\Local\{7254B8A8-82B0-4AA1-AF3B-146774CD3C9A}

2012-07-01 19:43:22 -------- d-----w- C:\Users\stina\AppData\Local\{2414AB15-43E5-43A1-9A04-596163573197}

2012-07-01 19:43:12 -------- d-----w- C:\Users\stina\AppData\Local\{34FE9E5B-CCDF-48FD-B594-6B5C0CEC6FF6}

2012-07-01 19:42:53 -------- d-----w- C:\Users\stina\AppData\Local\{AD02CEC5-6A56-4D1B-91BE-AF4D0A21EC70}

2012-07-01 07:42:42 -------- d-----w- C:\Users\stina\AppData\Local\{A3DF127F-D41E-45B5-8F58-B5FBD93B1297}

2012-07-01 07:42:32 -------- d-----w- C:\Users\stina\AppData\Local\{160A5D49-A35C-48D5-B432-F6A333E82136}

2012-07-01 07:42:22 -------- d-----w- C:\Users\stina\AppData\Local\{E0A2A27D-84E0-45D3-AF25-AA09158AB26A}

2012-07-01 07:42:12 -------- d-----w- C:\Users\stina\AppData\Local\{1B721F2D-A4B2-4750-BF84-6CD2B55C1ABF}

2012-06-30 19:41:48 -------- d-----w- C:\Users\stina\AppData\Local\{D40C130A-CB7A-42DB-9703-DC432B3A0426}

2012-06-30 19:41:39 -------- d-----w- C:\Users\stina\AppData\Local\{36F30496-F344-4035-9780-CE15AA457353}

2012-06-30 19:41:19 -------- d-----w- C:\Users\stina\AppData\Local\{038CC08A-09DE-43CE-AA18-2C901BC3B11F}

2012-06-30 07:41:08 -------- d-----w- C:\Users\stina\AppData\Local\{AD50A047-B229-4ACB-A561-2065FA2A0E2C}

2012-06-30 07:40:58 -------- d-----w- C:\Users\stina\AppData\Local\{F9E89C02-9D51-403F-B073-423E67E710C9}

2012-06-30 07:40:49 -------- d-----w- C:\Users\stina\AppData\Local\{E3D347E9-7C61-4503-A281-CAE2698A233D}

2012-06-30 07:40:39 -------- d-----w- C:\Users\stina\AppData\Local\{249A4D99-3F26-4965-9D72-9D221B1D7673}

2012-06-29 19:40:14 -------- d-----w- C:\Users\stina\AppData\Local\{BB980F7A-382B-4B00-9BFC-70745D010BB3}

2012-06-29 19:40:05 -------- d-----w- C:\Users\stina\AppData\Local\{198631D5-BB97-4D77-91E5-5F77DDD27C18}

2012-06-29 19:39:55 -------- d-----w- C:\Users\stina\AppData\Local\{4B265573-C179-4E5A-BE2C-89A3F52E04DF}

2012-06-29 07:39:42 -------- d-----w- C:\Users\stina\AppData\Local\{2FF2B996-10D1-47C9-A88F-E5AB000326D8}

2012-06-29 07:39:33 -------- d-----w- C:\Users\stina\AppData\Local\{840E0F94-6DD7-41B4-8676-F8157CE635A0}

2012-06-29 07:39:23 -------- d-----w- C:\Users\stina\AppData\Local\{4C17595F-DDD5-46EF-9CE1-2CE7FFC31A90}

2012-06-29 07:39:13 -------- d-----w- C:\Users\stina\AppData\Local\{E9A84BA3-D729-4BF4-A6BC-C496FEED99AA}

2012-06-28 19:38:49 -------- d-----w- C:\Users\stina\AppData\Local\{CDE2552D-41A4-4A01-98BA-C0D1A820127B}

2012-06-28 19:38:39 -------- d-----w- C:\Users\stina\AppData\Local\{87674877-D641-47D1-AB8C-970E97B84303}

2012-06-28 19:38:20 -------- d-----w- C:\Users\stina\AppData\Local\{5D3A607A-0D7D-471D-BF47-8FBEF291E58C}

2012-06-28 07:38:08 -------- d-----w- C:\Users\stina\AppData\Local\{02E038EB-490B-42BD-8BBB-06688D3A8C34}

2012-06-28 07:37:59 -------- d-----w- C:\Users\stina\AppData\Local\{D641F195-C697-45EF-93F1-FC553E18B172}

2012-06-28 07:37:49 -------- d-----w- C:\Users\stina\AppData\Local\{4DCC82F6-AB35-4997-B389-5CF07B9A03E5}

2012-06-28 07:37:39 -------- d-----w- C:\Users\stina\AppData\Local\{6948A940-8AA4-4CD0-AB88-36EFBC339F90}

2012-06-27 19:37:14 -------- d-----w- C:\Users\stina\AppData\Local\{E71C646B-D7EE-4B34-847A-ECD03C4AE09D}

2012-06-27 19:37:05 -------- d-----w- C:\Users\stina\AppData\Local\{D6E6C064-FD45-4331-9A1F-2C47339FBC27}

2012-06-27 07:36:43 -------- d-----w- C:\Users\stina\AppData\Local\{202F0016-53BF-48D1-B4B2-5C1FB502AFBA}

2012-06-27 07:36:33 -------- d-----w- C:\Users\stina\AppData\Local\{AD4A0C4A-5A80-4EFE-B388-CDA8C07A5AEA}

2012-06-27 07:36:24 -------- d-----w- C:\Users\stina\AppData\Local\{EC7E6D2B-E2C9-43DE-A77A-B145B156EBBA}

2012-06-27 07:36:14 -------- d-----w- C:\Users\stina\AppData\Local\{C598DCD4-6584-42F7-8294-61C99CDD4BFD}

2012-06-26 19:35:50 -------- d-----w- C:\Users\stina\AppData\Local\{8CB8B0E7-B677-4F77-A3F2-11AF5002B019}

2012-06-26 19:35:40 -------- d-----w- C:\Users\stina\AppData\Local\{A6C3F74D-2FB4-4E8B-8394-B2A89F9E4FE7}

2012-06-26 19:35:31 -------- d-----w- C:\Users\stina\AppData\Local\{89D26014-2E50-43F4-AB28-9F46118E95E8}

2012-06-26 07:35:10 -------- d-----w- C:\Users\stina\AppData\Local\{9C782738-31E0-4E12-929B-6458D8659D9D}

2012-06-26 07:35:00 -------- d-----w- C:\Users\stina\AppData\Local\{BFFCB8C9-648E-42F8-83BB-B48537A6EF75}

2012-06-26 07:34:51 -------- d-----w- C:\Users\stina\AppData\Local\{EB414763-8346-4CB3-BB69-D31A071A21A1}

2012-06-26 07:34:41 -------- d-----w- C:\Users\stina\AppData\Local\{547D8A48-340B-41EA-AAFA-51B199FC84BE}

2012-06-25 19:34:16 -------- d-----w- C:\Users\stina\AppData\Local\{76323D57-84F4-4349-96F9-1A379F8EE059}

2012-06-25 19:34:07 -------- d-----w- C:\Users\stina\AppData\Local\{EAE51399-293C-4A82-BA9E-FFA6A7C2A3A9}

2012-06-25 19:33:48 -------- d-----w- C:\Users\stina\AppData\Local\{447BCDD7-BCCD-4A45-97F2-D4CBD2C86510}

2012-06-25 07:33:36 -------- d-----w- C:\Users\stina\AppData\Local\{E91B9C65-70FA-4DBB-B841-89959CF3C630}

2012-06-25 07:33:27 -------- d-----w- C:\Users\stina\AppData\Local\{F031443D-00A8-40A0-9BAE-9FC933CD9B64}

2012-06-25 07:33:17 -------- d-----w- C:\Users\stina\AppData\Local\{5AB9E447-D5F7-4CA7-9D1D-12A286E1AF97}

2012-06-25 07:33:07 -------- d-----w- C:\Users\stina\AppData\Local\{87CB8214-1AC1-4BCA-BCAC-4221EB43E649}

2012-06-24 19:32:42 -------- d-----w- C:\Users\stina\AppData\Local\{978A92D2-9F11-4614-B258-675A606D1DC2}

2012-06-24 19:32:33 -------- d-----w- C:\Users\stina\AppData\Local\{6CCFE260-5B71-45CE-B0EA-073C8385ECB2}

2012-06-24 19:32:23 -------- d-----w- C:\Users\stina\AppData\Local\{C6014186-821F-44D4-8353-1B2DC41DE0E4}

2012-06-24 07:32:02 -------- d-----w- C:\Users\stina\AppData\Local\{F1C2EB6F-78B3-4FBD-8A31-2759AF515E59}

2012-06-24 07:31:53 -------- d-----w- C:\Users\stina\AppData\Local\{888A2594-F360-477A-B9A7-53283413A562}

2012-06-24 07:31:43 -------- d-----w- C:\Users\stina\AppData\Local\{4C1998C6-215F-4101-9C1B-9F6AA9349BB8}

2012-06-24 07:31:34 -------- d-----w- C:\Users\stina\AppData\Local\{18B7EFE4-8E34-49D3-8768-757E4F1BBC04}

2012-06-23 19:31:10 -------- d-----w- C:\Users\stina\AppData\Local\{9D3B3193-4426-4D99-B104-3E44E7C95412}

2012-06-23 19:31:00 -------- d-----w- C:\Users\stina\AppData\Local\{095EE6AF-65D6-4D0C-B4F6-A1D712ACECB7}

2012-06-23 19:30:51 -------- d-----w- C:\Users\stina\AppData\Local\{CD20EE33-D61C-4EA8-9D90-0EEE7E63DFE7}

2012-06-23 19:30:41 -------- d-----w- C:\Users\stina\AppData\Local\{BD09ADAD-5EA0-4868-B599-B5AD6FE574D3}

2012-06-23 07:30:16 -------- d-----w- C:\Users\stina\AppData\Local\{9D599130-0E25-4696-890D-BBBC81F91C8B}

2012-06-23 07:30:07 -------- d-----w- C:\Users\stina\AppData\Local\{726A8D34-90A0-42DD-846C-F531ED6D9144}

2012-06-23 07:29:57 -------- d-----w- C:\Users\stina\AppData\Local\{9F27A51A-021D-4284-AB4B-4EFC830D8E00}

2012-06-23 07:29:47 -------- d-----w- C:\Users\stina\AppData\Local\{D583AC1F-3D26-4F0F-BE95-FD30ACC9F14A}

2012-06-22 19:29:22 -------- d-----w- C:\Users\stina\AppData\Local\{117B67F1-2834-43CA-81A1-FD709C077BB0}

2012-06-22 19:29:13 -------- d-----w- C:\Users\stina\AppData\Local\{EC7BB19B-238B-4A52-B486-935174E9DC47}

2012-06-22 19:28:53 -------- d-----w- C:\Users\stina\AppData\Local\{63CA000B-29C6-49C6-9777-EC7B16CF3DF2}

2012-06-22 07:28:41 -------- d-----w- C:\Users\stina\AppData\Local\{8B1699F8-C177-4FC6-871C-BB98F388AD7C}

2012-06-22 07:28:32 -------- d-----w- C:\Users\stina\AppData\Local\{00BDF5C5-7580-44AF-B2AE-9702B068ABA9}

2012-06-22 07:28:22 -------- d-----w- C:\Users\stina\AppData\Local\{560DFB60-EB13-4013-A91A-CFF25B8DE389}

2012-06-22 07:28:12 -------- d-----w- C:\Users\stina\AppData\Local\{F88089F1-4926-4B3C-B9E0-C3CDEB2447D6}

2012-06-21 20:40:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 20:39:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 20:39:29 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 20:39:29 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 19:27:48 -------- d-----w- C:\Users\stina\AppData\Local\{B14741E1-96C1-44E0-9E90-C6E3AC657011}

2012-06-21 19:27:38 -------- d-----w- C:\Users\stina\AppData\Local\{DF2CF809-67CA-431B-9D97-676BD1094C8E}

2012-06-21 19:27:29 -------- d-----w- C:\Users\stina\AppData\Local\{FDABB90B-EAA5-4767-A149-01336A6640A5}

2012-06-21 19:27:18 -------- d-----w- C:\Users\stina\AppData\Local\{5DA5F603-7B57-4161-B785-14611461CAA4}

2012-06-21 07:26:54 -------- d-----w- C:\Users\stina\AppData\Local\{49195C15-D4F0-4866-9D23-6CA1FC65F504}

2012-06-21 07:26:44 -------- d-----w- C:\Users\stina\AppData\Local\{21788763-2E70-46E5-94FB-C0D4D4B3A058}

2012-06-21 07:26:35 -------- d-----w- C:\Users\stina\AppData\Local\{029AE6C2-F5D3-4A0C-9A33-241615D990F6}

2012-06-21 07:26:25 -------- d-----w- C:\Users\stina\AppData\Local\{EE2FBA82-C148-4D7C-8BA0-2DEB0CF83F15}

2012-06-20 19:26:01 -------- d-----w- C:\Users\stina\AppData\Local\{2438D1B8-89D3-46A3-BFD8-A7CEE2584709}

2012-06-20 19:25:51 -------- d-----w- C:\Users\stina\AppData\Local\{BEC30764-4C48-404C-B48C-937EBC708BEC}

2012-06-20 19:25:42 -------- d-----w- C:\Users\stina\AppData\Local\{4686BB14-6DC4-4164-94A0-4CDACE09C9A0}

2012-06-20 07:25:21 -------- d-----w- C:\Users\stina\AppData\Local\{50067432-28C9-4128-9D1B-99436CD248A0}

2012-06-20 07:25:11 -------- d-----w- C:\Users\stina\AppData\Local\{6CA23D99-AECF-4151-A7BA-10DD7EFB010F}

2012-06-20 07:25:01 -------- d-----w- C:\Users\stina\AppData\Local\{CB7E4373-3846-472D-BC3C-BAAAD9C4030C}

2012-06-20 07:24:51 -------- d-----w- C:\Users\stina\AppData\Local\{3E9FDA21-6C98-4574-975E-8EB8AD18C6E0}

2012-06-19 19:24:27 -------- d-----w- C:\Users\stina\AppData\Local\{28E6DA75-5429-4D4D-881D-55B21A7CDAE4}

2012-06-19 19:24:17 -------- d-----w- C:\Users\stina\AppData\Local\{64EB504A-59C9-4987-9544-BF58041CA784}

2012-06-19 19:24:08 -------- d-----w- C:\Users\stina\AppData\Local\{F0C347D9-E88E-4403-932D-7A630D6B5FBE}

2012-06-19 07:23:46 -------- d-----w- C:\Users\stina\AppData\Local\{E492AC77-12A3-4CE9-90A7-1663705EAAED}

2012-06-19 07:23:31 -------- d-----w- C:\Users\stina\AppData\Local\{523B97B3-FBB5-4576-B7F6-7AD858E346D7}

2012-06-19 07:23:21 -------- d-----w- C:\Users\stina\AppData\Local\{01DFC672-B6A2-446B-9752-DC3363BFA9D1}

2012-06-19 07:23:11 -------- d-----w- C:\Users\stina\AppData\Local\{4D2B854F-19A3-4576-A729-7CF1CB7048F9}

2012-06-18 19:22:48 -------- d-----w- C:\Users\stina\AppData\Local\{140CF76E-E93E-428C-85C8-8FF27FD13EA4}

2012-06-18 19:22:39 -------- d-----w- C:\Users\stina\AppData\Local\{4BC49146-5514-46DC-884F-3E594DFD7DCE}

2012-06-18 07:22:15 -------- d-----w- C:\Users\stina\AppData\Local\{5DC9D4CE-9837-4FA9-A13D-621CD4677107}

2012-06-17 19:21:43 -------- d-----w- C:\Users\stina\AppData\Local\{C26E265F-CBD5-402D-BA99-7794A9187FBF}

2012-06-17 07:21:32 -------- d-----w- C:\Users\stina\AppData\Local\{2D195B63-6805-4EF2-B40F-61EA091A0223}

2012-06-16 07:20:58 -------- d-----w- C:\Users\stina\AppData\Local\{5C01B139-9B47-45AD-8BC8-2F196FF4CFB4}

2012-06-16 07:20:48 -------- d-----w- C:\Users\stina\AppData\Local\{915F8755-BE63-483F-80C6-874983E09B78}

2012-06-15 07:20:14 -------- d-----w- C:\Users\stina\AppData\Local\{B6155DF4-41C3-4A91-9F68-F47556176946}

2012-06-14 19:19:49 -------- d-----w- C:\Users\stina\AppData\Local\{957C4EF0-2B9F-4458-8E35-415C07E43A9E}

2012-06-14 19:19:40 -------- d-----w- C:\Users\stina\AppData\Local\{C1E73B22-C362-4A31-81DA-81BD3F1E65D0}

2012-06-14 19:19:30 -------- d-----w- C:\Users\stina\AppData\Local\{AC848170-EF7B-42F0-A54A-C079CA3854F4}

2012-06-14 07:19:09 -------- d-----w- C:\Users\stina\AppData\Local\{08F4D910-D159-4FD3-AA89-469244CBE19D}

2012-06-14 07:18:59 -------- d-----w- C:\Users\stina\AppData\Local\{A10A6431-243E-4847-8140-DD9F31DAB24A}

2012-06-14 07:18:50 -------- d-----w- C:\Users\stina\AppData\Local\{9377A104-9ECC-4CA0-A2C6-2E09F8E9D5D5}

2012-06-14 07:18:39 -------- d-----w- C:\Users\stina\AppData\Local\{80CD6CD4-3075-4C02-BF1C-B21DC07780F2}

2012-06-13 21:10:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-13 21:10:01 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-13 21:10:01 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-13 19:18:15 -------- d-----w- C:\Users\stina\AppData\Local\{97D1DC74-6FFD-4A57-B39D-652D3A70E7B9}

2012-06-13 19:18:05 -------- d-----w- C:\Users\stina\AppData\Local\{A229581C-B0D2-4F25-9107-235421971BD9}

2012-06-13 19:17:46 -------- d-----w- C:\Users\stina\AppData\Local\{568EF687-D48B-4A7C-BAC4-53AF07DAA046}

2012-06-13 07:17:34 -------- d-----w- C:\Users\stina\AppData\Local\{A2CEACF2-6D3D-474B-AAA2-15703EEE86D3}

2012-06-13 07:17:25 -------- d-----w- C:\Users\stina\AppData\Local\{73258CB6-ED9C-432F-BC3C-B70452D64CD5}

2012-06-13 07:17:15 -------- d-----w- C:\Users\stina\AppData\Local\{046D038D-BE48-4B57-A3E6-975FEA8D6367}

2012-06-13 07:17:05 -------- d-----w- C:\Users\stina\AppData\Local\{10286032-CA28-4CE2-AC15-CEDD2003901D}

2012-06-12 19:16:41 -------- d-----w- C:\Users\stina\AppData\Local\{F07EBA4C-EC2D-4275-A0E1-84BB3C69E08D}

2012-06-12 19:16:32 -------- d-----w- C:\Users\stina\AppData\Local\{79790264-C359-421A-A6AF-72CF367E23DF}

2012-06-12 19:16:12 -------- d-----w- C:\Users\stina\AppData\Local\{8236362F-A2DA-4FC1-8A28-B9D68E251431}

2012-06-12 07:16:00 -------- d-----w- C:\Users\stina\AppData\Local\{F36A3A93-0020-4D6D-9906-B64977DAC937}

2012-06-12 07:15:50 -------- d-----w- C:\Users\stina\AppData\Local\{CD355AD0-35E2-4F8C-B3C2-49CCF41AF353}

2012-06-12 07:15:40 -------- d-----w- C:\Users\stina\AppData\Local\{14F909E0-0B21-46F6-BA6E-7C21293635AA}

2012-06-12 07:15:30 -------- d-----w- C:\Users\stina\AppData\Local\{0D69F3C1-8F89-42C7-BD6F-A90D464A3AD4}

2012-06-11 19:15:04 -------- d-----w- C:\Users\stina\AppData\Local\{50544278-87BE-4299-8546-988FC056CE5B}

2012-06-11 19:14:54 -------- d-----w- C:\Users\stina\AppData\Local\{BD9AFF86-DFD3-442F-88E0-415BF9152949}

2012-06-11 19:14:45 -------- d-----w- C:\Users\stina\AppData\Local\{63469665-9C1B-454A-940D-C6984E56F126}

2012-06-11 07:14:24 -------- d-----w- C:\Users\stina\AppData\Local\{33CA9805-9CBD-4AC7-80EB-B0C64D45A20A}

2012-06-11 07:14:14 -------- d-----w- C:\Users\stina\AppData\Local\{8E866263-A7BA-414C-95BE-5AFCAFA6D417}

2012-06-11 07:14:04 -------- d-----w- C:\Users\stina\AppData\Local\{D38191A1-154B-4215-BEC8-5A4A88ADF36F}

2012-06-11 07:13:54 -------- d-----w- C:\Users\stina\AppData\Local\{0C9590FE-F47F-485C-BA7F-0314E739B3D5}

2012-06-10 19:13:30 -------- d-----w- C:\Users\stina\AppData\Local\{84D8320E-B93E-4356-9039-4CEBAF16973E}

2012-06-10 19:13:20 -------- d-----w- C:\Users\stina\AppData\Local\{227B0BD2-A244-4574-8797-98A315FB870D}

2012-06-10 19:13:01 -------- d-----w- C:\Users\stina\AppData\Local\{89A562DD-65A2-4028-974E-1B07176A0E09}

2012-06-10 07:12:50 -------- d-----w- C:\Users\stina\AppData\Local\{C14D3108-D698-4637-AF35-5C21DD94723D}

2012-06-10 07:12:40 -------- d-----w- C:\Users\stina\AppData\Local\{6813CD20-9257-4D2A-8247-19CD94BE93BB}

2012-06-10 07:12:30 -------- d-----w- C:\Users\stina\AppData\Local\{3110F8DC-6487-4198-8E9D-3F128694A699}

2012-06-10 07:12:20 -------- d-----w- C:\Users\stina\AppData\Local\{20959937-D0F0-426B-B9E0-10CEFE87D95E}

2012-06-09 19:11:52 -------- d-----w- C:\Users\stina\AppData\Local\{BB5CA421-1865-48EB-9D00-10A46D6CF7B7}

2012-06-09 19:11:43 -------- d-----w- C:\Users\stina\AppData\Local\{D1EC4E84-E2BF-48F6-B58B-DE5B9B2EDFC7}

2012-06-09 19:11:33 -------- d-----w- C:\Users\stina\AppData\Local\{84935E4F-2A77-4932-931D-555C83271E48}

2012-06-09 07:11:12 -------- d-----w- C:\Users\stina\AppData\Local\{F8E6DB9B-991A-4F4F-B6DA-BA611676CED4}

2012-06-09 07:11:03 -------- d-----w- C:\Users\stina\AppData\Local\{F17DA4FC-67A3-4E70-8BE3-4C211A23EB95}

2012-06-09 07:10:53 -------- d-----w- C:\Users\stina\AppData\Local\{CAF9EB11-DE36-4284-AA53-79277E702812}

2012-06-09 07:10:44 -------- d-----w- C:\Users\stina\AppData\Local\{9CC88E44-DD49-4B65-B3E5-F7F48D8E330A}

2012-06-08 19:10:19 -------- d-----w- C:\Users\stina\AppData\Local\{4A93F9A1-835B-46C6-AE1B-44A8BEC21B37}

2012-06-08 19:10:10 -------- d-----w- C:\Users\stina\AppData\Local\{4FC30AD4-028B-4125-A14A-976680F476AB}

2012-06-08 19:10:01 -------- d-----w- C:\Users\stina\AppData\Local\{9A0ECFEA-8412-4E73-A074-5187175DBD17}

2012-06-08 07:09:39 -------- d-----w- C:\Users\stina\AppData\Local\{9E72E600-A5E1-4EFE-B713-EC266B7768EC}

2012-06-08 07:09:30 -------- d-----w- C:\Users\stina\AppData\Local\{7C764A04-CB37-4F2E-B1C4-71697608A63C}

2012-06-08 07:09:20 -------- d-----w- C:\Users\stina\AppData\Local\{652CA943-C8D4-445C-B0F3-626C8E28F561}

2012-06-08 07:09:10 -------- d-----w- C:\Users\stina\AppData\Local\{1E62D9BC-D5BD-4131-B700-4C5D220A7342}

2012-06-07 19:08:46 -------- d-----w- C:\Users\stina\AppData\Local\{B36B9876-888D-463E-90A1-07DBE11E9C91}

2012-06-07 19:08:37 -------- d-----w- C:\Users\stina\AppData\Local\{C09B3E76-2290-4127-90F1-CEAA192711F7}

2012-06-07 19:08:17 -------- d-----w- C:\Users\stina\AppData\Local\{3A0CA289-3DFA-403D-99F8-9FFC237372A9}

2012-06-07 07:08:05 -------- d-----w- C:\Users\stina\AppData\Local\{CEC1B2F9-A3D8-4945-803B-3BBABEADBA7C}

2012-06-07 07:07:56 -------- d-----w- C:\Users\stina\AppData\Local\{B6A8501B-0773-4923-BAB3-3FD0426C6B69}

2012-06-07 07:07:46 -------- d-----w- C:\Users\stina\AppData\Local\{A378A924-E6B2-467C-AE8C-46774FC46C72}

2012-06-07 07:07:36 -------- d-----w- C:\Users\stina\AppData\Local\{13DB11CE-425F-4293-9ED1-8E7E958C3668}

.

==================== Find3M ====================

.

2012-06-15 07:06:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-15 07:06:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-09 07:34:59 55960 ----a-w- C:\Windows\System32\drivers\fsbts.sys

2012-05-05 05:53:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 21:47:49 0 ----a-w- C:\Windows\SysWow64\shoE92E.tmp

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 21:40:16,18 ===============

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...