Just nu i M3-nätverket
Gå till innehåll
No-1

Polistrojanen

Rekommendera Poster

Sådärja! Då var den komplett:

 

ComboFix 12-12-30.01 - 2012-12-30 11:20:51.6.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.14161 [GMT 1:00]

Körs från: c:\users\Kristofer\Desktop\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Kristofer\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((( Filer skapade från 2012-11-28 till 2012-12-30 ))))))))))))))))))))))))))))))

.

.

2012-12-30 10:23 . 2012-12-30 10:23 -------- d-----w- c:\users\Kristofer - 1\AppData\Local\temp

2012-12-30 10:23 . 2012-12-30 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-30 09:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EEE9DCF-0876-462E-90B5-AE7535E3C41F}\mpengine.dll

2012-12-30 09:32 . 2012-12-30 10:23 -------- d-----w- c:\users\Kristofer\AppData\Local\temp

2012-12-29 12:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal

2012-12-28 15:15 . 2012-12-28 15:15 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js

2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-03 20:00 . 2012-12-03 20:00 -------- d-----w- c:\users\Kristofer - 1\AppData\Roaming\dvdcss

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll

2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-11 18:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-16 21:44 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-16 21:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-16 21:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-16 21:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-16 21:44 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-16 21:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-16 21:44 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-16 21:44 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-16 21:44 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 21:44 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-16 21:44 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-02 18:15 . 2012-10-02 18:16 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 ppldopsy;ppldopsy;c:\windows\system32\drivers\ppldopsy.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]

S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]

.

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]

"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]

.

------- Extra genomsökning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Sluttid: 2012-12-30 11:27:06 - datorn startades om.

ComboFix-quarantined-files.txt 2012-12-30 10:27

ComboFix2.txt 2012-12-29 16:22

ComboFix3.txt 2012-12-29 12:08

ComboFix4.txt 2012-12-28 23:48

.

Före genomsökningen: 566 523 473 920 byte ledigt

Efter genomsökningen: 566 491 975 680 byte ledigt

.

- - End Of File - - 0894E83C9F5E499B8F5B3E69C5E5FB67

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Tyvärr, ComboFix förstod sig inte på CFScript :(

Försök en gång till och kolla kodningen när du sparar filen.

 

Nu ska jag iväg och är kanske inte tillbaks vid datorn förrän sent i kväll.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Jo jag försöker igen men kodningen är ANSI, och filen sparas som CFScript... hmm...

 

Skall allt sparas på de olika raderna? Det blir samma rad i anteckningar, jag kanske missförstått dig... det där med att inte dela upp?

Jag har nu gjort en ny körning som var exakt som det du skrev tidigare dvs med varje rad uppdelad enligt din skrift.

 

 

ComboFix 12-12-30.01 - 2012-12-30 11:49:13.7.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.14232 [GMT 1:00]

Körs från: c:\users\Kristofer\Desktop\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Kristofer\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((( Filer skapade från 2012-11-28 till 2012-12-30 ))))))))))))))))))))))))))))))

.

.

2012-12-30 10:51 . 2012-12-30 10:51 -------- d-----w- c:\users\Kristofer - 1\AppData\Local\temp

2012-12-30 10:51 . 2012-12-30 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-30 09:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6EEE9DCF-0876-462E-90B5-AE7535E3C41F}\mpengine.dll

2012-12-30 09:32 . 2012-12-30 10:51 -------- d-----w- c:\users\Kristofer\AppData\Local\temp

2012-12-29 12:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal

2012-12-28 15:15 . 2012-12-28 15:15 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js

2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-03 20:00 . 2012-12-03 20:00 -------- d-----w- c:\users\Kristofer - 1\AppData\Roaming\dvdcss

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll

2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-11 18:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-16 21:44 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-16 21:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-16 21:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-16 21:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-16 21:44 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-16 21:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-16 21:44 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-16 21:44 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-16 21:44 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 21:44 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-16 21:44 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-02 18:15 . 2012-10-02 18:16 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 ppldopsy;ppldopsy;c:\windows\system32\drivers\ppldopsy.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]

S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]

.

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]

"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]

.

------- Extra genomsökning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

.

**************************************************************************

.

Sluttid: 2012-12-30 11:54:14 - datorn startades om.

ComboFix-quarantined-files.txt 2012-12-30 10:54

ComboFix2.txt 2012-12-30 10:27

ComboFix3.txt 2012-12-29 16:22

ComboFix4.txt 2012-12-29 12:08

ComboFix5.txt 2012-12-30 10:48

.

Före genomsökningen: 566 570 848 256 byte ledigt

Efter genomsökningen: 566 371 213 312 byte ledigt

.

- - End Of File - - F6C3895A91D8DA7B4DF36DF5527C6B0A

Redigerad av No-1

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Ledsen att det dröjde så länge, tyvärr glömde jag packa ner modemet för det mobila bredbandet. :(

 

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:files
c:\bad.sys | c:\windows\system32\drivers\ppldopsy.sys /replace
:Commands
[CREATERESTOREPOINT]
[REBOOT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Ingen fara!

 

Jag är tacksam för hjälpen!

 

 

OTL:

 

 

========== FILES ==========

File c:\windows\system32\drivers\ppldopsy.sys not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 01012013_192425

Redigerad av No-1

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Hej!

 

Inget av alternativen fungerade. Med skiva säger datorn: "Den här versionen av alternativ för systemåterställning är inte kompatibel med den version av Windows du försöker reparera. Försök att använda en återställningsdisk som är kompatibel med den här versionen av Windows."

 

Det är en hel köpt version och det är samma skiva och datorkomponenter! Kanske har väsentliga Windowskomponenter ändrats i och med vårt trixande?

 

Utan skivan så får jag endast upp vilken device jag vill boota ifrån och kan välja HD, CD etc eller Enter setup... det finns inget alternativ: Reparera.

 

Vad göra?

 

Kanske lättast att installera om hela Win 7 istället?

Redigerad av No-1

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Utan skivan så får jag endast upp vilken device jag vill boota ifrån och kan välja HD, CD etc eller Enter setup... det finns inget alternativ: Reparera.
Välj hårddisken och börja sedan trycka F8 igen.

 

Kanske har väsentliga Windowskomponenter ändrats
Kanske med och utan service pack.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Problemet nu är att namnen jag kunde välja INTE har samma namn i inloggningen till själva Win. Hur ser jag vilken av de tre som är kopplade till respektive användarkonto i Win? Det fanns en som hette HomeGroupuser eller nåt också... Sedan fanns det två med mitt namn varav en hade en - 1 efteråt.

 

Skall jag försöka välja den som är den infekterade användaren i Windows alltså?

 

 

Men vilken är det?

Redigerad av No-1

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Första ComboFix-loggen visar detta:

Körs från: c:\users\Kristofer - 1\Desktop\ComboFix.exe

Jag tror det kördes från det infekterade kontot, vilket alltså borde vara Kristofer - 1.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Efter mycket bråk lyckades det förhoppningsvis. Datorn tillät mig inte att köra Reparera från den infekterade användaren utan fick jag köra från administratör. Därefter frågade programmet om det var Win XP (ligger på min gamla disk = D:) som skulle repareras och det var det natruligtvis inte. Fick fråga om andra enheter men tillslut verkade den köra Local Disk d.v.s. C: efter en del bråk.

 

Hopps det var rätt. Men dessvärre ser det skumt ut med Win XP i nedanstående logg.

 

Jag kanske får ta ur den HD medan vi testar med FRST för detta verkar klurigt eftersom datorn själv valde den disken?

 

Förstår inte varför det står Running from G: nedan, när det senare i listan står C: och då datorn valde Local Disk... och varför skulle det bli en annan HD än den som jag normalt bootar ifrån? (Jag kanske bör tillägga att det är den gamla "polistrojandisken" som fixades i somras som sitter som andradisk och den skall formateras. Jag har bara inte hunnit färdigställa mitt datorbygge.)

 

Jag tror proceduren bör köras om, när jag plockat ut den gamla HD?

 

Här är i vart fall resultatet:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012

Ran by SYSTEM at 02-01-2013 18:26:14

Running from G:\

Microsoft Windows XP Service Pack 1 (X64) OS Language: Swedish

The current controlset is ControlSet003

 

ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.

==================== Registry (Whitelisted) ===================

 

HKLM\...\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe [x]

HKLM\...\Run: [ABIT uGuru] C:\Program\ABIT\ABIT uGuru\uGuru.exe [1695827 2004-09-13] (ABIT Computer Corporation)

HKLM\...\Run: [GuruClock] C:\Program\ABIT\ABIT uGuru\GuruClock.exe [4489280 2004-09-29] (ABIT Computer Corp.)

HKLM\...\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [495616 2007-01-26] ()

HKLM\...\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe [676040 2011-02-22] ()

HKLM\...\Run: [ATICustomerCare] "C:\Program\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [soundMan] SOUNDMAN.EXE [x]

HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x]

HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]

HKLM\...\Run: [e-kort] C:\Program\ekort\ekort.exe /dontopenmycards /Autostart [377856 2008-12-11] (Orbiscom Ltd. All rights reserved.)

HKLM\...\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM\...\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2011-12-05] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [DivXUpdate] "C:\Program\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()

HKLM\...\Run: [MSC] "c:\Program\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)

HKU\Administratör\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)

HKU\Default User\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)

HKU\Kristofer\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)

HKU\Kristofer\...\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)

HKU\Kristofer\...\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\Kristofer\...\Run: [spotify Web Helper] "C:\Program\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-07-16] ()

HKU\Kristofer\...\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /minimized /regrun [17417392 2012-07-03] (Skype Technologies S.A.)

HKU\LocalService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)

HKU\NetworkService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)

HKLM-x32\...\Winlogon: [userinit] [x]

HKLM-x32\...\Winlogon: [shell] [x ] ()

Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)

Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)

Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)

Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)

Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)

Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)

Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)

Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

==================== Services (Whitelisted) ===================

 

3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2012-08-02] (Adobe Systems Incorporated)

4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)

3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)

2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [643072 2011-12-06] (ATI Technologies Inc.)

4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)

3 dmadmin; C:\Windows\System32\dmadmin.exe /com [225280 2008-04-14] (Microsoft Corporation, Veritas Software)

3 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corporation)

2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)

2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-09] (Microsoft Corporation)

3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)

3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)

2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)

3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)

3 IDriverT; "C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-04] (Macrovision Corporation)

3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [881664 2008-07-29] (Microsoft Corporation)

3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)

2 Jamcast; "C:\Program\Jamcast\jamcastsvc.exe" [62704 2010-12-18] (Software Development Solutions, Inc.)

2 Lavasoft Ad-Aware Service; "C:\Program\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)

4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)

3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)

2 MsMpSvc; "C:\Program\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)

4 NetDDE; C:\Windows\System32\netdde.exe [112640 2008-04-14] (Microsoft Corporation)

4 NetDDEdsdm; C:\Windows\System32\netdde.exe [112640 2008-04-14] (Microsoft Corporation)

3 Nla; C:\Windows\System32\mswsock.dll [247296 2008-06-20] (Microsoft Corporation)

3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435712 2008-04-14] (Microsoft Corporation)

3 odserv; "C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE" [440696 2011-07-20] (Microsoft Corporation)

3 ose; "C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)

2 PlugPlay; C:\Windows\System32\services.exe [110592 2009-02-09] (Microsoft Corporation)

2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)

3 RSVP; C:\Windows\System32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation)

3 SCardSvr; C:\Windows\System32\SCardSvr.exe [98304 2008-04-14] (Microsoft Corporation)

2 Secunia PSI Agent; C:\Program\Secunia\PSI\PSIA.exe --start-service [1326176 2012-06-27] (Secunia)

2 Secunia Update Agent; C:\Program\Secunia\PSI\sua.exe --start-service [681056 2012-06-27] (Secunia)

2 Skype C2C Service; "C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-07-05] (Skype Technologies S.A.)

2 SkypeUpdate; C:\Program\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies)

3 Sony PC Companion; "C:\Program\Sony\Sony PC Companion\PCCService.exe" [155320 2012-01-18] (Avanquest Software)

2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)

3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{0197C7F7-9611-40FC-99B3-CC1A0C8B26C0} [5120 2008-04-14] (Microsoft Corporation)

3 SysmonLog; C:\Windows\System32\smlogsvc.exe [91648 2008-04-14] (Microsoft Corporation)

3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)

2 VoddlerNet; C:\Program\Voddler\service\voddler.exe [1039640 2011-02-22] (Voddler)

3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)

3 WMPNetworkSvc; "C:\Program\Windows Media Player\WMPNetwk.exe" [912384 2006-11-15] (Microsoft Corporation)

2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)

2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)

3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)

3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]

4 HidServ; C:\Windows\System32\hidserv.dll [x]

 

==================== Drivers (Whitelisted) =====================

 

4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11776 2004-08-04] (Microsoft Corporation)

3 aec; C:\Windows\System32\Drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)

3 Arp1394; C:\Windows\System32\Drivers\Arp1394.sys [60800 2008-04-13] (Microsoft Corporation)

3 ati2mtag; C:\Windows\System32\Drivers\ati2mtag.sys [7490560 2011-12-06] (ATI Technologies Inc.)

3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [100368 2011-12-20] (Advanced Micro Devices)

3 Atmarpc; C:\Windows\System32\Drivers\Atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)

3 audstub; C:\Windows\System32\Drivers\audstub.sys [3072 2001-08-17] (Microsoft Corporation)

3 BVRPMPR5; C:\Windows\System32\Drivers\BVRPMPR5.sys [49904 2010-09-27] (Avanquest Software)

4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation)

1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation)

4 dmboot; C:\Windows\System32\Drivers\dmboot.sys [800000 2008-04-14] (Microsoft Corporation, Veritas Software)

4 dmio; C:\Windows\System32\Drivers\dmio.sys [153856 2008-04-14] (Microsoft Corporation, Veritas Software)

4 dmload; C:\Windows\System32\Drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.)

3 DMusic; C:\Windows\System32\Drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)

1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)

0 Ftdisk; C:\Windows\System32\Drivers\Ftdisk.sys [125696 2004-08-04] (Microsoft Corporation)

3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)

3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [113664 2004-03-17] (Windows ® Server 2003 DDK provider)

3 HDAudBus; C:\Windows\System32\Drivers\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)

1 Imapi; C:\Windows\System32\Drivers\Imapi.sys [42112 2008-04-13] (Microsoft Corporation)

3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [4713472 2010-12-20] (Realtek Semiconductor Corp.)

3 Ip6Fw; C:\Windows\System32\Drivers\Ip6Fw.sys [36608 2008-04-13] (Microsoft Corporation)

3 IpInIp; C:\Windows\System32\Drivers\IpInIp.sys [20864 2008-04-13] (Microsoft Corporation)

1 IPSec; C:\Windows\System32\Drivers\IPSec.sys [75264 2008-04-13] (Microsoft Corporation)

3 kmixer; C:\Windows\System32\Drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)

3 Lavasoft Kernexplorer; \??\C:\Program\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-03-02] ()

0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [64512 2011-03-02] (Lavasoft AB)

1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation)

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)

3 NIC1394; C:\Windows\System32\Drivers\NIC1394.sys [61824 2008-04-13] (Microsoft Corporation)

3 NwlnkFlt; C:\Windows\System32\Drivers\NwlnkFlt.sys [12416 2004-08-04] (Microsoft Corporation)

3 NwlnkFwd; C:\Windows\System32\Drivers\NwlnkFwd.sys [32512 2004-08-04] (Microsoft Corporation)

3 PSched; C:\Windows\System32\Drivers\PSched.sys [69120 2008-04-13] (Microsoft Corporation)

3 Ptilink; C:\Windows\System32\Drivers\Ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.)

0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2010-07-12] (Sonic Solutions)

3 Raspti; C:\Windows\System32\Drivers\Raspti.sys [16512 2004-08-04] (Microsoft Corporation)

1 redbook; C:\Windows\System32\Drivers\redbook.sys [58240 2008-04-14] (Microsoft Corporation)

3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-13] (Realtek Semiconductor Corporation )

3 s0016bus; C:\Windows\System32\Drivers\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)

3 s0016mdfl; C:\Windows\System32\Drivers\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)

3 s0016mdm; C:\Windows\System32\Drivers\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)

3 s0016mgmt; C:\Windows\System32\Drivers\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)

3 s0016nd5; C:\Windows\System32\Drivers\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)

3 s0016obex; C:\Windows\System32\Drivers\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)

3 s0016unic; C:\Windows\System32\Drivers\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)

3 sea1bus; C:\Windows\System32\Drivers\sea1bus.sys [61536 2007-02-08] (MCCI)

3 sea1mdfl; C:\Windows\System32\Drivers\sea1mdfl.sys [9360 2007-02-08] (MCCI)

3 sea1mdm; C:\Windows\System32\Drivers\sea1mdm.sys [97088 2007-02-08] (MCCI)

3 sea1mgmt; C:\Windows\System32\Drivers\sea1mgmt.sys [88624 2007-02-08] (MCCI)

3 sea1nd5; C:\Windows\System32\Drivers\sea1nd5.sys [18704 2007-02-08] (MCCI)

3 sea1obex; C:\Windows\System32\Drivers\sea1obex.sys [86432 2007-02-08] (MCCI)

3 sea1unic; C:\Windows\System32\Drivers\sea1unic.sys [90800 2007-02-08] (MCCI)

3 splitter; C:\Windows\System32\Drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)

0 sr; C:\Windows\System32\Drivers\sr.sys [73344 2008-04-14] (Microsoft Corporation)

3 swmidi; C:\Windows\System32\Drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)

3 sysaudio; C:\Windows\System32\Drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)

0 uGuru; C:\Windows\System32\Drivers\uGuru.sys [10752 2004-08-04] (ABIT Computer Corporation)

3 Update; C:\Windows\System32\Drivers\Update.sys [384768 2008-04-13] (Microsoft Corporation)

3 wdmaud; C:\Windows\System32\Drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)

0 Winflash; C:\Windows\System32\Drivers\Winflash.sys [3548 2002-09-17] ()

4 Abiosdsk; [x]

4 abp480n5; [x]

4 adpu160m; [x]

4 Aha154x; [x]

4 aic78u2; [x]

4 aic78xx; [x]

4 AliIde; [x]

4 amsint; [x]

4 asc; [x]

4 asc3350p; [x]

4 asc3550; [x]

4 Atdisk; [x]

4 cd20xrnt; [x]

4 CmdIde; [x]

4 Cpqarray; [x]

4 dac2w2k; [x]

4 dac960nt; [x]

4 dpti2o; [x]

4 hpn; [x]

1 i2omgmt; [x]

4 i2omp; [x]

4 ini910u; [x]

1 lbrtfdc; [x]

4 mraid35x; [x]

1 PCIDump; [x]

3 PDCOMP; [x]

3 PDFRAME; [x]

3 PDRELI; [x]

3 PDRFRAME; [x]

4 perc2; [x]

4 perc2hib; [x]

4 ql1080; [x]

4 Ql10wnt; [x]

4 ql12160; [x]

4 ql1240; [x]

4 ql1280; [x]

4 Simbad; [x]

4 Sparrow; [x]

4 symc810; [x]

4 symc8xx; [x]

4 sym_hi; [x]

4 sym_u3; [x]

4 TosIde; [x]

4 ultra; [x]

4 ViaIde; [x]

3 WDICA; [x]

 

==================== NetSvcs (Whitelisted) ====================

 

 

==================== One Month Created Files and Folders ========

 

2013-01-02 18:26 - 2013-01-02 18:26 - 00000000 ____D C:\FRST

 

 

==================== One Month Modified Files and Folders =======

 

2013-01-02 18:26 - 2013-01-02 18:26 - 00000000 ____D C:\FRST

 

 

==================== Known DLLs (Whitelisted) =================

 

C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\comdlg32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\imagehlp.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\lz32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\oleaut32.dll IS MISSING <==== ATTENTION!

[2004-08-04 13:00] - [2008-04-14 17:04] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll

C:\Windows\SysWOW64\olecli32.dll IS MISSING <==== ATTENTION!

[2004-08-04 13:00] - [2008-04-14 17:04] - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll

C:\Windows\SysWOW64\olecnv32.dll IS MISSING <==== ATTENTION!

[2004-08-04 13:00] - [2004-08-04 13:00] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll

C:\Windows\SysWOW64\olesvr32.dll IS MISSING <==== ATTENTION!

[2004-08-04 13:00] - [2004-08-04 13:00] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll

C:\Windows\SysWOW64\olethk32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\shell32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\url.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\urlmon.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\version.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\wininet.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\wldap32.dll IS MISSING <==== ATTENTION!

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe

[2004-08-04 13:00] - [2008-04-14 17:05] - 0507904 ____A (Microsoft Corporation) ABD2D070BE76A9386A0A283A332E3862

 

C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.

C:\Windows\explorer.exe

[2004-08-04 13:00] - [2008-04-14 17:05] - 1034240 ____A (Microsoft Corporation) 74BB7DCD2BFDCC0E52869DB3582CA781

 

C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\svchost.exe

[2004-08-04 13:00] - [2008-04-14 17:05] - 0014336 ____A (Microsoft Corporation) 6CCEF19D7301D9861F90E299C798AD3F

 

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\services.exe

[2004-08-04 13:00] - [2009-02-09 12:27] - 0110592 ____A (Microsoft Corporation) 8870B0C4A094C1CE80CEA6F85FA38FF2

 

C:\Windows\System32\User32.dll

[2004-08-04 13:00] - [2008-04-14 17:04] - 0578560 ____A (Microsoft Corporation) E3CF0EC59316EA8E856DB1E1F442CD57

 

C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.

C:\Windows\System32\userinit.exe

[2004-08-04 13:00] - [2008-04-14 17:05] - 0026112 ____A (Microsoft Corporation) 317799A2E42B5EA048A8A70F482CBA9F

 

C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\Drivers\volsnap.sys

[2004-08-04 13:00] - [2008-04-14 16:36] - 0052864 ____A (Microsoft Corporation) 57187EC04878147E1F4F2D9224B12205

 

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points =========================

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 6%

Total physical RAM: 16336.89 MB

Available physical RAM: 15258.72 MB

Total Pagefile: 16335.09 MB

Available Pagefile: 15240.84 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

 

==================== Partitions =============================

 

1 Drive c: () (Fixed) (Total:931.5 GB) (Free:459.95 GB) NTFS

2 Drive e: () (Fixed) (Total:931.41 GB) (Free:514.81 GB) NTFS

4 Drive g: () (Removable) (Total:3.78 GB) (Free:3.5 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (Reserverad av systemet) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

Disk nr Status Storlek Ledigt Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk nr 0 Online 931 G B 0 B

Disk nr 1 Online 931 G B 8 M B

Disk nr 2 Online 3882 M B 0 B

 

 

Partitions of Disk 0:

===============

 

Disk 0 „r nu den valda disken.

 

Partitionsnr Typ Storlek Start

------------- ---------------- ------- -------

Partitionsnr 1 Prim„r 100 M 1024 K

Partitionsnr 2 Prim„r 931 G 101 M

 

==================================================================================

 

Disk: 0

Disk 0 „r nu den valda disken.

 

Partition 1 „r nu den valda partitionen.

 

Partition 1

Typ : 07

Dold : Nej

Aktiv : Ja

Offset i byte: 1048576

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 1 Y Reserverad NTFS Partition 100 M Felfri

 

=========================================================

 

Disk: 0

Disk 0 „r nu den valda disken.

 

Partition 2 „r nu den valda partitionen.

 

Partition 2

Typ : 07

Dold : Nej

Aktiv : Nej

Offset i byte: 105906176

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 2 E NTFS Partition 931 G Felfri

 

=========================================================

 

Partitions of Disk 1:

===============

 

Disk 1 „r nu den valda disken.

 

Partitionsnr Typ Storlek Start

------------- ---------------- ------- -------

Partitionsnr 1 Prim„r 931 G 31 K

 

==================================================================================

 

Disk: 1

Disk 1 „r nu den valda disken.

 

Partition 1 „r nu den valda partitionen.

 

Partition 1

Typ : 07

Dold : Nej

Aktiv : Ja

Offset i byte: 32256

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 3 C NTFS Partition 931 G Felfri

 

=========================================================

 

Partitions of Disk 2:

===============

 

Disk 2 „r nu den valda disken.

 

Partitionsnr Typ Storlek Start

------------- ---------------- ------- -------

* Partitionsnr 1 Prim„r 3882 M 0 B

 

==================================================================================

 

Disk: 2

Disk 2 „r nu den valda disken.

 

Ingen partition har valts.

 

Ingen partition har valts.

V„lj en partition och f”rs”k sedan igen.

 

=========================================================

==================== End Of Log =============================

Redigerad av No-1

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

"Running from G:\" innebär att FRST ligger på G:.

 

Jag håller med om att det verkar vara bäst att bara ha hårddisken med Windows 7 i datorn.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Nya tag och nu ser det fräschare ut utan att jag kopplat bort den gamla disken! Problemet är att datorn när man skall köra FRST döper om alla enhetsbeteckningarna.... men jag kan sannolikt identifiera detta som min bootdisk (d.v.s. C:) Hittar bl.a. USB 3.0. och det skvallrar om det nya moderkortet etc... I den gamla FRST fanns hur mycket gammalt skräp som helst (Abit moderkort bl.a.) som är dött och begravet på datorkyrkogården!

 

Är det förresten "farligt" att ha den gamla disken kvar med eventuella trojaner etc. som andradisk, alltså bör jag formatera om den? Det skall ändå göras men jag undrar för nyfikenhetens skull!

 

Således ny FRST! Vad sägs?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012

Ran by SYSTEM at 02-01-2013 18:53:07

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish

The current controlset is ControlSet001

 

==================== Registry (Whitelisted) ===================

 

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6463592 2012-02-10] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P [1158248 2012-02-08] (Realtek Semiconductor)

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]

HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-26] (Intel Corporation)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKU\Kristofer\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.)

HKU\Kristofer - 1\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17877168 2012-11-09] (Skype Technologies S.A.)

HKU\Kristofer - 1\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\Kristofer - 1\...\Run: [spotify] "C:\Users\Kristofer - 1\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7880664 2012-10-27] (Spotify Ltd)

HKU\Kristofer - 1\...\Run: [spotify Web Helper] "C:\Users\Kristofer - 1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-27] (Spotify Ltd)

HKU\Kristofer - 1\...\Run: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [445624 2012-09-12] (Sony)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

 

==================== Services (Whitelisted) ===================

 

2 DTSAudioSvc; "C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe" [233328 2012-01-23] (DTS, Inc)

2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe /s [123320 2011-11-07] (Symantec Corporation)

2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll" /prefetch:1 [132984 2011-11-07] (Symantec Corporation)

 

==================== Drivers (Whitelisted) =====================

 

0 asahci64; C:\Windows\System32\Drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)

2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)

1 bzhpvayj; \??\C:\Windows\system32\drivers\bzhpvayj.sys [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

1 fcysqvmb; \??\C:\Windows\system32\drivers\fcysqvmb.sys [x]

1 ppldopsy; \??\C:\Windows\system32\drivers\ppldopsy.sys [x]

 

==================== NetSvcs (Whitelisted) ====================

 

 

==================== One Month Created Files and Folders ========

 

2013-01-02 18:53 - 2013-01-02 18:53 - 00000000 ____D C:\FRST

2013-01-02 18:10 - 2013-01-02 18:10 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{572BF5CE-9741-4B33-8168-8E6016D155C7}

2013-01-01 23:02 - 2013-01-01 23:02 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A9B8925-AA15-4271-A66A-99584FCDEB31}

2013-01-01 19:24 - 2013-01-01 19:24 - 00000000 ____D C:\_OTL

2013-01-01 19:21 - 2013-01-01 19:21 - 00602112 ____A (OldTimer Tools) C:\Users\Kristofer\Desktop\OTL.exe

2013-01-01 11:01 - 2013-01-01 11:02 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3A84C707-D9AC-42AF-9D55-F13BDA1D78C5}

2012-12-31 10:30 - 2012-12-31 10:31 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D43BB784-0D06-415F-BDD5-F522A1F7D4C5}

2012-12-30 22:22 - 2012-12-30 22:22 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

2012-12-30 19:19 - 2012-12-30 19:20 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F08881AC-FC92-4815-A5D2-C7AF5A9E7658}

2012-12-30 11:54 - 2012-12-30 11:54 - 00016179 ____A C:\ComboFix.txt

2012-12-30 11:17 - 2012-12-30 11:17 - 05015826 ____R (Swearware) C:\Users\Kristofer\Desktop\ComboFix.exe

2012-12-30 07:19 - 2012-12-30 07:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{37289BA3-E66C-4A31-A75F-2FB78ACA4BB2}

2012-12-29 19:19 - 2012-12-29 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{11AE976F-699C-4B5C-9D22-F792F5CB3357}

2012-12-29 15:13 - 2012-12-29 15:13 - 00002150 ____A C:\Users\Kristofer\Desktop\RKreport[5]_S_12292012_1512.txt

2012-12-29 15:07 - 2012-12-29 15:07 - 00002434 ____A C:\Users\Kristofer\Desktop\RKreport[4]_S_12292012_02d1507.txt

2012-12-29 14:23 - 2012-12-29 14:23 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\Gymförteckning 20121203.xlsx

2012-12-29 13:09 - 2012-12-29 13:09 - 00015670 ____A C:\Users\Kristofer\Desktop\Combofix1.txt

2012-12-29 01:36 - 2012-12-29 01:37 - 00004169 ____A C:\Users\Kristofer\Desktop\aswMBR.txt

2012-12-29 01:36 - 2012-12-29 01:37 - 00000512 ____A C:\Users\Kristofer\Desktop\MBR.dat

2012-12-29 01:29 - 2012-12-29 01:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8B326BBF-42D9-438B-9177-1147170704F0}

2012-12-29 01:25 - 2012-12-29 01:26 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe.5y6u68o.partial

2012-12-29 01:25 - 2012-12-29 01:25 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe

2012-12-29 01:24 - 2012-12-29 01:24 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kristofer - 1\Desktop\tdsskiller.exe

2012-12-29 00:49 - 2012-12-29 00:49 - 00015983 ____A C:\Users\Kristofer\Desktop\Combofix.txt

2012-12-29 00:44 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe

2012-12-29 00:44 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe

2012-12-29 00:44 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-12-29 00:44 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-12-29 00:44 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-12-29 00:44 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe

2012-12-29 00:44 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe

2012-12-29 00:44 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe

2012-12-29 00:42 - 2012-12-30 11:54 - 00000000 ____D C:\Qoobox

2012-12-29 00:41 - 2012-12-29 11:14 - 00000000 ____D C:\Windows\erdnt

2012-12-29 00:41 - 2012-12-29 11:10 - 05015489 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\ComboFix.exe

2012-12-29 00:34 - 2012-12-29 00:34 - 00001875 ____A C:\Users\Kristofer\Desktop\RKreport[3]_D_12292012_02d0034.txt

2012-12-29 00:33 - 2012-12-29 00:33 - 00002525 ____A C:\Users\Kristofer\Desktop\RKreport[2]_D_12292012_02d0033.txt

2012-12-28 21:07 - 2012-12-28 21:07 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport S 12282012.txt

2012-12-28 21:06 - 2012-12-28 21:06 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport[1]_S_12282012_02d2106.txt

2012-12-28 21:05 - 2012-12-29 15:07 - 00000000 ____D C:\Users\Kristofer\Desktop\RK_Quarantine

2012-12-28 21:03 - 2012-12-28 21:03 - 00688992 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\dds.scr

2012-12-28 20:58 - 2012-12-28 20:58 - 00749056 ____A C:\Users\Kristofer - 1\Desktop\RogueKillerX64.exe

2012-12-28 18:53 - 2012-12-28 18:53 - 00073374 ____A C:\Users\Kristofer\Desktop\OTL.Txt

2012-12-28 18:53 - 2012-12-28 18:53 - 00053882 ____A C:\Users\Kristofer\Desktop\Extras.Txt

2012-12-28 18:47 - 2012-12-29 11:26 - 00016369 ____A C:\Users\Kristofer\Desktop\dds.txt

2012-12-28 18:47 - 2012-12-29 11:26 - 00006950 ____A C:\Users\Kristofer\Desktop\attach.txt

2012-12-28 18:41 - 2012-12-28 18:41 - 00688992 ____R (Swearware) C:\Users\Kristofer\Desktop\dds.scr

2012-12-28 18:41 - 2012-12-28 18:41 - 00139264 ____A C:\Users\Kristofer\Desktop\SystemLook.exe

2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\Personal

2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185}

2012-12-28 16:15 - 2012-12-30 22:22 - 00002959 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2012-12-28 13:25 - 2012-12-28 13:25 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{4A0695D1-DFFD-403A-BD9B-FC2D10B563B9}

2012-12-27 15:05 - 2012-12-27 15:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5D3C71B1-FC2C-4DF5-8D95-7D831F3951C6}

2012-12-27 00:56 - 2012-12-27 00:56 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1CF05B28-2488-4506-A785-DE28DEDE9446}

2012-12-26 10:16 - 2012-12-26 10:16 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2F04F958-0B14-46E3-BAC8-93EA3BCB46A6}

2012-12-25 18:54 - 2012-12-25 18:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{05906058-5F62-47D6-978C-2B4F8733181A}

2012-12-24 10:59 - 2012-12-24 10:59 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{17F20186-798D-4292-B9F0-229C09D21EC1}

2012-12-23 16:05 - 2012-12-23 16:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5A60AF4F-3B93-4476-ACDC-2F0AA3DBEFDC}

2012-12-22 21:40 - 2012-12-22 21:40 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{A9CE1DDD-2A8D-4CF4-8E58-DC251AD514C3}

2012-12-21 22:04 - 2012-12-16 18:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-21 22:04 - 2012-12-16 15:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-21 22:04 - 2012-12-16 15:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-21 22:04 - 2012-12-16 15:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-21 22:03 - 2012-12-21 22:03 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D4913C59-6473-41E1-9184-D132D936B365}

2012-12-20 20:37 - 2012-12-20 20:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{CF664DC2-48D4-4CAB-A7C7-BBE0CEC71F87}

2012-12-19 19:27 - 2012-12-19 19:27 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{835F2E3A-7F3B-4594-B2F3-AC40E6DE27C2}

2012-12-18 20:54 - 2012-12-18 20:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1B8B8CC8-7B23-499C-8584-4FAC01E2783B}

2012-12-17 20:38 - 2012-12-17 20:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{89D409A9-7D2C-4A10-8487-02E4713D13D2}

2012-12-16 17:38 - 2012-12-16 17:38 - 00077192 ___AT C:\Users\Kristofer - 1\Desktop\Jannica

2012-12-16 12:36 - 2012-12-16 12:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F5C9C444-8A5A-4452-AF6A-76B91A2917D8}

2012-12-15 20:41 - 2012-12-15 20:41 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{ADC72E47-EE38-4FAC-929B-4CA1ADABBC61}

2012-12-15 00:17 - 2012-12-15 00:17 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7669C6EF-F14B-4B40-9F93-B87919D90676}

2012-12-13 21:26 - 2012-12-13 21:27 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8367747F-B200-40B2-B369-50761FA7B68E}

2012-12-12 19:56 - 2012-12-12 19:57 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{E101615B-D57B-4FD6-9C98-6FEDE4627827}

2012-12-11 23:31 - 2012-11-14 08:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-12-11 23:31 - 2012-11-14 07:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-12-11 23:31 - 2012-11-14 07:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-12-11 23:31 - 2012-11-14 07:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-12-11 23:31 - 2012-11-14 07:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-12-11 23:31 - 2012-11-14 07:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-12-11 23:31 - 2012-11-14 07:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-12-11 23:31 - 2012-11-14 06:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-12-11 23:31 - 2012-11-14 06:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-12-11 23:31 - 2012-11-14 06:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-12-11 23:31 - 2012-11-14 06:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-12-11 23:31 - 2012-11-14 06:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-12-11 23:31 - 2012-11-14 06:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-12-11 23:31 - 2012-11-14 06:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-12-11 23:31 - 2012-11-14 06:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-12-11 23:31 - 2012-11-14 06:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-12-11 23:31 - 2012-11-14 03:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-12-11 23:31 - 2012-11-14 03:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-12-11 23:31 - 2012-11-14 03:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-12-11 23:31 - 2012-11-14 02:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-12-11 23:31 - 2012-11-14 02:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-12-11 23:31 - 2012-11-14 02:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-12-11 23:31 - 2012-11-14 02:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-12-11 23:31 - 2012-11-14 02:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-12-11 23:31 - 2012-11-14 02:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-12-11 23:31 - 2012-11-14 02:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-12-11 23:31 - 2012-11-14 02:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-12-11 23:31 - 2012-11-14 02:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-12-11 23:31 - 2012-11-14 02:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-12-11 23:31 - 2012-11-14 02:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-12-11 23:31 - 2012-11-14 02:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-12-11 23:31 - 2012-11-14 02:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-12-11 20:00 - 2012-12-11 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2C0CE8D4-D4C8-49A2-A4F9-F6FB70D5FAAE}

2012-12-11 19:32 - 2012-11-22 04:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-12-11 19:32 - 2012-11-09 06:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-12-11 19:32 - 2012-11-09 05:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-12-11 19:32 - 2012-11-02 06:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

2012-12-11 19:32 - 2012-11-02 06:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2012-12-11 19:32 - 2012-10-04 18:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-12-11 19:32 - 2012-10-04 18:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-12-11 19:32 - 2012-10-04 18:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-12-11 19:32 - 2012-10-04 18:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-12-11 19:32 - 2012-10-04 18:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-12-11 19:32 - 2012-10-04 18:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-12-11 19:32 - 2012-10-04 18:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-12-11 19:32 - 2012-10-04 17:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-12-11 19:32 - 2012-10-04 17:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 16:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-12-11 19:32 - 2012-10-04 15:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-12-11 19:32 - 2012-10-04 15:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-12-11 19:32 - 2012-10-04 15:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-12-11 19:32 - 2012-10-04 15:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-12-11 19:32 - 2012-10-04 15:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 15:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 15:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-12-11 19:32 - 2012-10-04 15:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-12-10 20:32 - 2012-12-10 20:32 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{C38E1182-C661-4C56-BB23-D73017BEF2B7}

2012-12-09 23:36 - 2012-12-09 23:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B13276A3-1A57-4A73-8D82-3C47B30A4A02}

2012-12-09 18:54 - 2012-12-09 18:54 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\GYM2012-12.xlsx

2012-12-09 11:35 - 2012-12-09 11:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D3D5707D-0FC1-4A8A-AC0D-1F628D45079F}

2012-12-08 22:23 - 2012-12-08 22:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{67DAA17B-DA47-4F26-B0A4-7273F5CB9370}

2012-12-08 10:23 - 2012-12-08 10:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B666FAD0-B4E2-4625-9507-934E1132DE94}

2012-12-07 20:00 - 2012-12-07 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{6C744D3A-9F1A-4C9A-B490-ADE49AE75AE0}

2012-12-06 19:19 - 2012-12-06 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{9AAB8196-AD46-426E-82CE-41FCD6E7F63F}

2012-12-05 20:28 - 2012-12-05 20:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A0D0F2C-6EB5-4B63-BF8E-20773BF0CB14}

2012-12-05 07:13 - 2012-12-05 07:14 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{52DD2F11-32C9-417B-9E39-9481CDE96F41}

2012-12-04 18:39 - 2012-12-04 18:40 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{62562F11-0A50-4009-BE94-70DD05D2C834}

2012-12-03 21:00 - 2012-12-03 21:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\dvdcss

2012-12-03 20:29 - 2012-12-03 20:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3D622C88-B53C-40C5-93FC-840E31E45FE0}

 

==================== One Month Modified Files and Folders =======

 

2013-01-02 18:53 - 2013-01-02 18:53 - 00000000 ____D C:\FRST

2013-01-02 18:50 - 2012-08-27 19:06 - 02041010 ____A C:\Windows\WindowsUpdate.log

2013-01-02 18:34 - 2009-07-14 05:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-02 18:34 - 2009-07-14 05:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-02 18:28 - 2012-11-11 19:15 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-01-02 18:27 - 2012-11-11 19:15 - 00000996 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-01-02 18:27 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-02 18:27 - 2009-07-14 05:51 - 00041247 ____A C:\Windows\setupact.log

2013-01-02 18:17 - 2012-09-22 22:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\Spotify

2013-01-02 18:17 - 2012-09-22 22:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\Spotify

2013-01-02 18:17 - 2012-08-31 18:26 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\Skype

2013-01-02 18:10 - 2013-01-02 18:10 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{572BF5CE-9741-4B33-8168-8E6016D155C7}

2013-01-01 23:40 - 2012-09-01 20:33 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\vlc

2013-01-01 23:13 - 2012-09-04 19:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\Azureus

2013-01-01 23:02 - 2013-01-01 23:02 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A9B8925-AA15-4271-A66A-99584FCDEB31}

2013-01-01 22:18 - 2012-08-27 20:32 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\Skype

2013-01-01 19:55 - 2011-04-12 15:28 - 00625534 ____A C:\Windows\System32\perfh01D.dat

2013-01-01 19:55 - 2011-04-12 15:28 - 00123688 ____A C:\Windows\System32\perfc01D.dat

2013-01-01 19:55 - 2009-07-14 06:13 - 01466438 ____A C:\Windows\System32\PerfStringBackup.INI

2013-01-01 19:51 - 2012-08-28 17:34 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\vlc

2013-01-01 19:24 - 2013-01-01 19:24 - 00000000 ____D C:\_OTL

2013-01-01 19:21 - 2013-01-01 19:21 - 00602112 ____A (OldTimer Tools) C:\Users\Kristofer\Desktop\OTL.exe

2013-01-01 18:54 - 2012-08-28 19:30 - 00000000 ____D C:\users\Kristofer - 1

2013-01-01 11:02 - 2013-01-01 11:01 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3A84C707-D9AC-42AF-9D55-F13BDA1D78C5}

2012-12-31 10:31 - 2012-12-31 10:30 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D43BB784-0D06-415F-BDD5-F522A1F7D4C5}

2012-12-30 22:22 - 2012-12-30 22:22 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

2012-12-30 22:22 - 2012-12-28 16:15 - 00002959 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2012-12-30 19:20 - 2012-12-30 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F08881AC-FC92-4815-A5D2-C7AF5A9E7658}

2012-12-30 11:54 - 2012-12-30 11:54 - 00016179 ____A C:\ComboFix.txt

2012-12-30 11:54 - 2012-12-29 00:42 - 00000000 ____D C:\Qoobox

2012-12-30 11:52 - 2010-11-21 04:47 - 00048850 ____A C:\Windows\PFRO.log

2012-12-30 11:52 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini

2012-12-30 11:17 - 2012-12-30 11:17 - 05015826 ____R (Swearware) C:\Users\Kristofer\Desktop\ComboFix.exe

2012-12-30 07:19 - 2012-12-30 07:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{37289BA3-E66C-4A31-A75F-2FB78ACA4BB2}

2012-12-29 22:47 - 2012-08-28 19:23 - 00000000 ____D C:\Foton

2012-12-29 19:19 - 2012-12-29 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{11AE976F-699C-4B5C-9D22-F792F5CB3357}

2012-12-29 15:13 - 2012-12-29 15:13 - 00002150 ____A C:\Users\Kristofer\Desktop\RKreport[5]_S_12292012_1512.txt

2012-12-29 15:07 - 2012-12-29 15:07 - 00002434 ____A C:\Users\Kristofer\Desktop\RKreport[4]_S_12292012_02d1507.txt

2012-12-29 15:07 - 2012-12-28 21:05 - 00000000 ____D C:\Users\Kristofer\Desktop\RK_Quarantine

2012-12-29 14:23 - 2012-12-29 14:23 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\Gymförteckning 20121203.xlsx

2012-12-29 13:09 - 2012-12-29 13:09 - 00015670 ____A C:\Users\Kristofer\Desktop\Combofix1.txt

2012-12-29 11:26 - 2012-12-28 18:47 - 00016369 ____A C:\Users\Kristofer\Desktop\dds.txt

2012-12-29 11:26 - 2012-12-28 18:47 - 00006950 ____A C:\Users\Kristofer\Desktop\attach.txt

2012-12-29 11:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF

2012-12-29 11:14 - 2012-12-29 00:41 - 00000000 ____D C:\Windows\erdnt

2012-12-29 11:10 - 2012-12-29 00:41 - 05015489 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\ComboFix.exe

2012-12-29 01:37 - 2012-12-29 01:36 - 00004169 ____A C:\Users\Kristofer\Desktop\aswMBR.txt

2012-12-29 01:37 - 2012-12-29 01:36 - 00000512 ____A C:\Users\Kristofer\Desktop\MBR.dat

2012-12-29 01:29 - 2012-12-29 01:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8B326BBF-42D9-438B-9177-1147170704F0}

2012-12-29 01:26 - 2012-12-29 01:25 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe.5y6u68o.partial

2012-12-29 01:26 - 2012-09-22 22:44 - 13138000 ____A C:\Users\Kristofer - 1\Downloads\FuturisticFractals_DLawler.themepack

2012-12-29 01:25 - 2012-12-29 01:25 - 04732416 ____A (AVAST Software) C:\Users\Kristofer - 1\Desktop\aswMBR.exe

2012-12-29 01:24 - 2012-12-29 01:24 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Kristofer - 1\Desktop\tdsskiller.exe

2012-12-29 00:49 - 2012-12-29 00:49 - 00015983 ____A C:\Users\Kristofer\Desktop\Combofix.txt

2012-12-29 00:48 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default

2012-12-29 00:37 - 2012-08-27 20:00 - 00000000 ____D C:\Users\Kristofer\Tracing

2012-12-29 00:34 - 2012-12-29 00:34 - 00001875 ____A C:\Users\Kristofer\Desktop\RKreport[3]_D_12292012_02d0034.txt

2012-12-29 00:33 - 2012-12-29 00:33 - 00002525 ____A C:\Users\Kristofer\Desktop\RKreport[2]_D_12292012_02d0033.txt

2012-12-28 21:07 - 2012-12-28 21:07 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport S 12282012.txt

2012-12-28 21:06 - 2012-12-28 21:06 - 00002460 ____A C:\Users\Kristofer\Desktop\RKreport[1]_S_12282012_02d2106.txt

2012-12-28 21:03 - 2012-12-28 21:03 - 00688992 ____R (Swearware) C:\Users\Kristofer - 1\Desktop\dds.scr

2012-12-28 20:58 - 2012-12-28 20:58 - 00749056 ____A C:\Users\Kristofer - 1\Desktop\RogueKillerX64.exe

2012-12-28 18:53 - 2012-12-28 18:53 - 00073374 ____A C:\Users\Kristofer\Desktop\OTL.Txt

2012-12-28 18:53 - 2012-12-28 18:53 - 00053882 ____A C:\Users\Kristofer\Desktop\Extras.Txt

2012-12-28 18:41 - 2012-12-28 18:41 - 00688992 ____R (Swearware) C:\Users\Kristofer\Desktop\dds.scr

2012-12-28 18:41 - 2012-12-28 18:41 - 00139264 ____A C:\Users\Kristofer\Desktop\SystemLook.exe

2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Roaming\Personal

2012-12-28 18:28 - 2012-12-28 18:28 - 00000000 ____D C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185}

2012-12-28 18:28 - 2012-08-27 19:42 - 00068328 ____A C:\Users\Kristofer\AppData\Local\GDIPFONTCACHEV1.DAT

2012-12-28 18:28 - 2012-08-27 19:06 - 00000000 ____D C:\users\Kristofer

2012-12-28 13:25 - 2012-12-28 13:25 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{4A0695D1-DFFD-403A-BD9B-FC2D10B563B9}

2012-12-27 15:05 - 2012-12-27 15:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5D3C71B1-FC2C-4DF5-8D95-7D831F3951C6}

2012-12-27 00:56 - 2012-12-27 00:56 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1CF05B28-2488-4506-A785-DE28DEDE9446}

2012-12-26 10:16 - 2012-12-26 10:16 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2F04F958-0B14-46E3-BAC8-93EA3BCB46A6}

2012-12-25 18:54 - 2012-12-25 18:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{05906058-5F62-47D6-978C-2B4F8733181A}

2012-12-24 10:59 - 2012-12-24 10:59 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{17F20186-798D-4292-B9F0-229C09D21EC1}

2012-12-23 16:05 - 2012-12-23 16:05 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{5A60AF4F-3B93-4476-ACDC-2F0AA3DBEFDC}

2012-12-22 21:40 - 2012-12-22 21:40 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{A9CE1DDD-2A8D-4CF4-8E58-DC251AD514C3}

2012-12-21 22:09 - 2009-07-14 05:45 - 00307616 ____A C:\Windows\System32\FNTCACHE.DAT

2012-12-21 22:03 - 2012-12-21 22:03 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D4913C59-6473-41E1-9184-D132D936B365}

2012-12-20 20:38 - 2012-12-20 20:37 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{CF664DC2-48D4-4CAB-A7C7-BBE0CEC71F87}

2012-12-19 19:27 - 2012-12-19 19:27 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{835F2E3A-7F3B-4594-B2F3-AC40E6DE27C2}

2012-12-18 20:54 - 2012-12-18 20:54 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{1B8B8CC8-7B23-499C-8584-4FAC01E2783B}

2012-12-17 20:38 - 2012-12-17 20:38 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{89D409A9-7D2C-4A10-8487-02E4713D13D2}

2012-12-16 18:11 - 2012-12-21 22:04 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-16 17:38 - 2012-12-16 17:38 - 00077192 ___AT C:\Users\Kristofer - 1\Desktop\Jannica

2012-12-16 15:45 - 2012-12-21 22:04 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-16 15:13 - 2012-12-21 22:04 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-16 15:13 - 2012-12-21 22:04 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-16 12:36 - 2012-12-16 12:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{F5C9C444-8A5A-4452-AF6A-76B91A2917D8}

2012-12-15 20:41 - 2012-12-15 20:41 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{ADC72E47-EE38-4FAC-929B-4CA1ADABBC61}

2012-12-15 00:18 - 2012-08-27 20:28 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-12-15 00:18 - 2012-08-27 20:28 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-12-15 00:17 - 2012-12-15 00:17 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7669C6EF-F14B-4B40-9F93-B87919D90676}

2012-12-13 21:27 - 2012-12-13 21:26 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{8367747F-B200-40B2-B369-50761FA7B68E}

2012-12-12 20:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2012-12-12 19:57 - 2012-12-12 19:56 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{E101615B-D57B-4FD6-9C98-6FEDE4627827}

2012-12-11 23:32 - 2012-09-01 12:09 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-12-11 23:31 - 2012-08-28 17:04 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-12-11 20:00 - 2012-12-11 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{2C0CE8D4-D4C8-49A2-A4F9-F6FB70D5FAAE}

2012-12-10 20:33 - 2012-11-03 17:26 - 00002026 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

2012-12-10 20:33 - 2012-08-27 19:33 - 00196316 ____A C:\Windows\DPINST.LOG

2012-12-10 20:32 - 2012-12-10 20:32 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{C38E1182-C661-4C56-BB23-D73017BEF2B7}

2012-12-10 20:32 - 2012-08-27 19:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2012-12-09 23:36 - 2012-12-09 23:36 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B13276A3-1A57-4A73-8D82-3C47B30A4A02}

2012-12-09 18:54 - 2012-12-09 18:54 - 00048547 ____A C:\Users\Kristofer - 1\Desktop\GYM2012-12.xlsx

2012-12-09 11:36 - 2012-12-09 11:35 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{D3D5707D-0FC1-4A8A-AC0D-1F628D45079F}

2012-12-08 22:23 - 2012-12-08 22:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{67DAA17B-DA47-4F26-B0A4-7273F5CB9370}

2012-12-08 10:23 - 2012-12-08 10:23 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{B666FAD0-B4E2-4625-9507-934E1132DE94}

2012-12-07 20:35 - 2012-09-04 19:26 - 00000000 ____D C:\Program Files (x86)\Vuze

2012-12-07 20:00 - 2012-12-07 20:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{6C744D3A-9F1A-4C9A-B490-ADE49AE75AE0}

2012-12-06 19:19 - 2012-12-06 19:19 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{9AAB8196-AD46-426E-82CE-41FCD6E7F63F}

2012-12-05 20:29 - 2012-12-05 20:28 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{7A0D0F2C-6EB5-4B63-BF8E-20773BF0CB14}

2012-12-05 07:14 - 2012-12-05 07:13 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{52DD2F11-32C9-417B-9E39-9481CDE96F41}

2012-12-04 18:40 - 2012-12-04 18:39 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{62562F11-0A50-4009-BE94-70DD05D2C834}

2012-12-04 06:49 - 2009-07-14 06:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-12-03 21:00 - 2012-12-03 21:00 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Roaming\dvdcss

2012-12-03 20:29 - 2012-12-03 20:29 - 00000000 ____D C:\Users\Kristofer - 1\AppData\Local\{3D622C88-B53C-40C5-93FC-840E31E45FE0}

 

==================== Known DLLs (Whitelisted) =================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points =========================

 

Restore point made on: 2012-12-30 02:45:25

Restore point made on: 2013-01-01 10:00:23

Restore point made on: 2013-01-01 19:24:38

 

==================== Memory info ===========================

 

Percentage of memory in use: 7%

Total physical RAM: 16336.89 MB

Available physical RAM: 15170.32 MB

Total Pagefile: 16335.09 MB

Available Pagefile: 15162.32 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

 

==================== Partitions =============================

 

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:514.75 GB) NTFS

3 Drive g: () (Removable) (Total:3.78 GB) (Free:3.5 GB) FAT32

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (Reserverad av systemet) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

Disk nr Status Storlek Ledigt Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk nr 0 Online 931 G B 0 B

Disk nr 1 Online 931 G B 8 M B

Disk nr 2 Online 3882 M B 0 B

 

 

Partitions of Disk 0:

===============

 

Disk 0 „r nu den valda disken.

 

Partitionsnr Typ Storlek Start

------------- ---------------- ------- -------

Partitionsnr 1 Prim„r 100 M 1024 K

Partitionsnr 2 Prim„r 931 G 101 M

 

==================================================================================

 

Disk: 0

Disk 0 „r nu den valda disken.

 

Partition 1 „r nu den valda partitionen.

 

Partition 1

Typ : 07

Dold : Nej

Aktiv : Ja

Offset i byte: 1048576

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 1 Y Reserverad NTFS Partition 100 M Felfri

 

=========================================================

 

Disk: 0

Disk 0 „r nu den valda disken.

 

Partition 2 „r nu den valda partitionen.

 

Partition 2

Typ : 07

Dold : Nej

Aktiv : Nej

Offset i byte: 105906176

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 2 C NTFS Partition 931 G Felfri

 

=========================================================

 

Partitions of Disk 1:

===============

 

Disk 1 „r nu den valda disken.

 

Partitionsnr Typ Storlek Start

------------- ---------------- ------- -------

Partitionsnr 1 Prim„r 931 G 31 K

 

==================================================================================

 

Disk: 1

Disk 1 „r nu den valda disken.

 

Partition 1 „r nu den valda partitionen.

 

Partition 1

Typ : 07

Dold : Nej

Aktiv : Ja

Offset i byte: 32256

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 3 NTFS Partition 931 G Felfri

 

=========================================================

 

Partitions of Disk 2:

===============

 

Disk 2 „r nu den valda disken.

 

Partitionsnr Typ Storlek Start

------------- ---------------- ------- -------

* Partitionsnr 1 Prim„r 3882 M 0 B

 

==================================================================================

 

Disk: 2

Disk 2 „r nu den valda disken.

 

Ingen partition har valts.

 

Ingen partition har valts.

V„lj en partition och f”rs”k sedan igen.

 

=========================================================

 

Last Boot: 2012-12-28 14:25

 

==================== End Of Log =============================

Redigerad av No-1

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Är det förresten "farligt" att ha den gamla disken kvar med eventuella trojaner etc. som andradisk, alltså bör jag formatera om den?
Inte så länge som inget skadligt program på den startas.

 

Starta FRST64 på samma sätt som sist.

 

I fältet Search skriver du in:

bzhpvayj.sys;fcysqvmb.sys;ppldopsy.sys

Observera inga mellanrum mellan filnamnen utan bara ett semikolon.

 

Klicka på knappen "Search File(s)".

Vänta tills programmet är klart.

 

Programmet skapar en logg Search.txt på USB-minnet.

Klistra in innehållet i den i ditt svar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Well here it is...

 

 

Farbar Recovery Scan Tool (x64) Version: 28-12-2012

Ran by SYSTEM at 2013-01-02 19:36:38

Running from G:\

 

================== Search: "bzhpvayj.sys;fcysqvmb.sys;ppldopsy.sys" ===================

 

====== End Of Search ======

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Helst på en annan dator

Starta Anteckningar.

Kopiera alla rader i rutan:

1 bzhpvayj; \??\C:\Windows\system32\drivers\bzhpvayj.sys [x]

1 fcysqvmb; \??\C:\Windows\system32\drivers\fcysqvmb.sys [x]

1 ppldopsy; \??\C:\Windows\system32\drivers\ppldopsy.sys [x]

2012-12-28 16:15 - 2012-12-30 22:22 - 00002959 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

[\code]

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på USB-minnet med namnet fixlist.txt.

 

[b] På den infekterade datorn från "System Recovery Options"[/b]

Starta FRST64 på samma sätt som sist.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på USB-minnet.

Klistra in innehållet i den i ditt svar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Sparade ner fixlist.txt på en helt ren dator på jobbet.

 

Såhär blev resultatet på den infekterade:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012

Ran by SYSTEM at 2013-01-03 19:04:03 Run:1

Running from G:\

 

==============================================

 

bzhpvayj service deleted successfully.

fcysqvmb service deleted successfully.

ppldopsy service deleted successfully.

C:\Users\All Users\dsgsdgdsgdsgw.js moved successfully.

 

==== End of Fixlog ====

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Bra!

 

Kör ComboFix på samma sätt som första gången och sedan DDS. Klistra in loggarna från programmen får vi se om det är något kvar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Här kommer de! Jag uppdaterade faktiskt inte Combofix (programmet ville det), det hängde sig senast och det har ju fungerat sen tidigare...

 

 

Combofix:

 

ComboFix 12-12-30.01 -DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run at 20:11:21 on 2013-01-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13967 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{FBB10A48-4C68-43FC-B65E-DD076634270C} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]

R0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-27 19224]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]

R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-27 233328]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-27 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-27 189608]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 161560]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-8-27 123320]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-8-27 126392]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 363800]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-27 356632]

R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-27 789272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-3 155320]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736]

.

=============== Created Last 30 ================

.

2013-01-03 18:16:02 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D16D2A3-B914-430A-9F8D-51552C1EC6F7}\mpengine.dll

2013-01-02 18:05:17 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-02 17:53:04 -------- d-----w- C:\FRST

2013-01-01 18:24:25 -------- d-----w- C:\_OTL

2012-12-30 09:32:35 -------- d-----w- C:\Users\Kristofer\AppData\Local\temp

2012-12-28 23:44:08 98816 ----a-w- C:\Windows\sed.exe

2012-12-28 23:44:08 256000 ----a-w- C:\Windows\PEV.exe

2012-12-28 23:44:08 208896 ----a-w- C:\Windows\MBR.exe

2012-12-28 17:28:40 -------- d-----w- C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185}

2012-12-28 17:28:26 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal

2012-12-21 21:04:27 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 21:04:27 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 21:04:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 21:04:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-11 18:32:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

==================== Find3M ====================

.

2012-12-14 23:18:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 23:18:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

.

============= FINISH: 20:11:25,65 ===============

2013-01-03 20:07:06.8.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13973 [GMT 1:00]

Körs från: c:\users\Kristofer\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Skapade en ny återställningspunkt

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\dsgsdgdsgdsgw.pad

.

.

(((((((((((((((((((((((( Filer skapade från 2012-12-03 till 2013-01-03 ))))))))))))))))))))))))))))))

.

.

2013-01-03 19:09 . 2013-01-03 19:09 -------- d-----w- c:\users\Kristofer - 1\AppData\Local\temp

2013-01-03 19:09 . 2013-01-03 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-03 18:16 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D16D2A3-B914-430A-9F8D-51552C1EC6F7}\mpengine.dll

2013-01-02 18:05 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-02 17:53 . 2013-01-02 17:53 -------- d-----w- C:\FRST

2013-01-01 18:24 . 2013-01-01 18:24 -------- d-----w- C:\_OTL

2012-12-30 09:32 . 2013-01-03 19:09 -------- d-----w- c:\users\Kristofer\AppData\Local\temp

2012-12-28 17:28 . 2012-12-28 17:28 -------- d-----w- c:\users\Kristofer\AppData\Roaming\Personal

2012-12-21 21:04 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 21:04 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 21:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 21:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-14 23:18 . 2012-08-27 19:28 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 23:18 . 2012-08-27 19:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-11 22:32 . 2012-09-01 11:09 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-28 21:06 . 2012-11-28 21:06 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6E89082-9D9A-436B-AC74-AA4490D0DCA9}\gapaengine.dll

2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-16 21:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 21:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 21:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 21:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

S0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2011-11-07 123320]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2011-11-07 126392]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]

S3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]

.

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 18:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]

"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [bU]

.

------- Extra genomsökning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.96\diMaster.dll\" /prefetch:1"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Sluttid: 2013-01-03 20:10:40

ComboFix-quarantined-files.txt 2013-01-03 19:10

ComboFix2.txt 2012-12-30 10:54

ComboFix3.txt 2012-12-30 10:27

ComboFix4.txt 2012-12-29 16:22

ComboFix5.txt 2013-01-03 19:06

.

Före genomsökningen: 552 446 492 672 byte ledigt

Efter genomsökningen: 552 735 133 696 byte ledigt

.

- - End Of File - - C953C04C7EE1612FE4ADA651DD7065F0

 

 

 

DDS:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run at 20:11:21 on 2013-01-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.16337.13967 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{FBB10A48-4C68-43FC-B65E-DD076634270C} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]

R0 iusb3hcs;Switchdrivrutin för Intel® USB 3.0 Värdstyrenhet;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-27 19224]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]

R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-8-27 233328]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-27 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-27 189608]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 161560]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe [2012-8-27 123320]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe [2012-8-27 126392]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 363800]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-27 356632]

R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-27 789272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-3 155320]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736]

.

=============== Created Last 30 ================

.

2013-01-03 18:16:02 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D16D2A3-B914-430A-9F8D-51552C1EC6F7}\mpengine.dll

2013-01-02 18:05:17 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-02 17:53:04 -------- d-----w- C:\FRST

2013-01-01 18:24:25 -------- d-----w- C:\_OTL

2012-12-30 09:32:35 -------- d-----w- C:\Users\Kristofer\AppData\Local\temp

2012-12-28 23:44:08 98816 ----a-w- C:\Windows\sed.exe

2012-12-28 23:44:08 256000 ----a-w- C:\Windows\PEV.exe

2012-12-28 23:44:08 208896 ----a-w- C:\Windows\MBR.exe

2012-12-28 17:28:40 -------- d-----w- C:\Users\Kristofer\AppData\Local\{2B0291F0-AF97-4EB9-A43E-67BF3B4CF185}

2012-12-28 17:28:26 -------- d-----w- C:\Users\Kristofer\AppData\Roaming\Personal

2012-12-21 21:04:27 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 21:04:27 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 21:04:27 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 21:04:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-11 18:32:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

==================== Find3M ====================

.

2012-12-14 23:18:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 23:18:06 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

.

============= FINISH: 20:11:25,65 ===============

 

 

=)

Redigerad av No-1

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Verkar allt bra med datorn nu?

 

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar kopiera resultatet och klistra sedan in det i ditt svar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Datorn tycks fungera bra trots infektionen. Det har den gjort en längre tid, ända sen själva polisbilden försvann... men det är ju ingen garanti, som synes nedan...

 

 

Här kommer resultatet från ESET!

 

C:\FRST\Quarantine\dsgsdgdsgdsgw.js JS/Agent.NID trojan

C:\Users\Kristofer - 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1GTI1WW\buildings_sessions_minimum-hits[1].htm JS/Agent.NHS trojan

C:\Users\Kristofer - 1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\47eccc26-75a34fe8 Win32/Reveton.O trojan

Redigerad av No-1

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Där ser man att Reveton-infektionen kom in via en webbsida med Java-applet (program). Ingen av dessa filer är aktiv i datorn nu.

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:Files
C:\Users\Kristofer - 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1GTI1WW\buildings_sessions_minimum-hits[1].htm
:Commands
[CREATERESTOREPOINT]
[EMPTYJAVA]
[REBOOT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

========== FILES ==========

C:\Users\Kristofer - 1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1GTI1WW\buildings_sessions_minimum-hits[1].htm moved successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Kristofer

->Java cache emptied: 0 bytes

 

User: Kristofer - 1

->Java cache emptied: 218840 bytes

 

User: Public

 

Total Java Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01052013_013019

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Det gick ju bra :thumbsup:

 

Nu återstår bara en sista städomgång:

 

1. Tryck Windows-tangenten + R

Kopiera och klistra in denna rad:

ComboFix /Uninstall

 

Observera att det är ett mellanrum före /

Klicka på OK.

 

2. Dubbelklicka på OTL för att starta programmet.

Tryck på knappen CleanUp! och DDS m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

 

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Eftersom jag kört programmen från såväl admin som mitt egna konto så finns det ibland dubbel uppsättning av vissa program på respektive skrivbord. På admin verkade allt ha tagits bort (ej ESET). Nu försöker jag rensa mitt eget konto. Här försvann endast Combofix. På mitt kontos skrivbord ligger nu aswMBR (minns ej vilket program det var), DDS, tdsskiller samt Rougekiller. Det KAN vara så att dessa programmen inte ens är körda från mitt konto och att det bara är nedladdningen som ligger där (du vet extract). Jag minns dock inte vilket program som kördes från vilket konto. Men om det bara är extracts så är de ju i såfall lätta att radera manuellt ju.

 

ESET kan jag väl ta bort via uninstall i den mappen? De andra kvarvarande programmen då?

 

Alla loggar, ev. filer / mappar som eventuellt inte försvann kan jag väl också radera manuellt?

Redigerad av No-1

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...