Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Logga in   
  • Registrera konto


Foto
- - - - -

Polisvirus


Den här tråden har arkiverats. Det innebär att du inte längre kan svara på inlägg i tråden. Vänligen starta en ny tråd vid behov.
3 svar i den här tråden

#1 mare1

mare1
  • Medlem
  • Pip
  • 2 inlägg

Skrivet 21 augusti 2013 - 10:15

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013
Ran by SYSTEM on 21-08-2013 10:37:26
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [217088 2007-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-27] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-09-13] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [Net iD] - C:\Program Files\Net iD\iid.exe [99640 2010-02-01] (SecMaker AB)
HKLM\...\Run: [ConnecteSupport] - C:\Program Files\Tific\Tific Client G1\ConnecteSupport.exe [2308608 2011-03-29] (Tific)
HKLM\...\Run: [Family Tree Builder Update] - C:\MyHeritage\Bin\FTBCheckUpdates.exe [229376 2011-12-21] (MyHeritage)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295072 2012-12-27] (RealNetworks, Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKU\Dator\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Dator\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Dator\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2012-07-13] (Skype Technologies S.A.)
HKU\Dator\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [ 2012-03-18] (EasyBits Software AS)
HKU\Dator\...\Run: [Ilubqyowon] - C:\Users\Dator\AppData\Roaming\Imfo\ygceh.exe [x]
HKU\Dator\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [ 2013-07-15] (Samsung)
HKU\Dator\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKU\Dator\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-07-15] (Samsung)
HKU\Dator\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Dator\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe [ 2013-08-20] (Valve Corporation) <===== ATTENTION
HKU\Dator\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://spel.spelo.se...1&dpl=1&nobtn=1" [x]
HKU\Dator\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe [ 2013-05-14] (Adobe Systems Incorporated)
HKU\Dator\...\Winlogon: [Shell] cmd.exe [ 2008-01-18] (Microsoft Corporation) <==== ATTENTION
HKU\Dator\...\Command Processor: "C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe" <===== ATTENTION!
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
Startup: C:\Users\Dator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

========================== Services (Whitelisted) =================

S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
S2 CTATSvc; C:\Program Files\Telia\Connect\ATService.exe [582976 2011-06-27] (Telia)
S2 CTConnect; C:\Program Files\Telia\Connect\Connect.exe [1899840 2011-06-27] (Columbitech)
S2 gupdate1ca0f5a6f8847e0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-28] (Google Inc.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-29] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-13] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 sprtsvc_teliada; C:\Program Files\Telia\Supportassistenten\bin\sprtsvc.exe [206120 2010-05-10] (SupportSoft, Inc.)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-13] (Sony Corporation)
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [382320 2008-10-16] (SupportSoft, Inc.)
S2 tgsrvc_teliada; C:\Program Files\Telia\Supportassistenten\bin\tgsrvc.exe [185640 2010-05-10] (SupportSoft, Inc.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-10-11] (Conexant Systems Inc.)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [9728 2007-01-15] (Microsoft Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-26] ()
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SymIM; system32\DRIVERS\SymIM.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433
2013-08-18 03:24 - 2013-08-18 03:24 - 00016091 _____ C:\Users\Dator\Desktop\hs_err_pid6952.log
2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F}
2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\AppData\Local\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F}
2013-08-17 05:01 - 2013-08-17 05:02 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{E409EE84-B070-4599-823B-CE07743C08EB}
2013-08-17 05:01 - 2013-08-17 05:02 - 00000000 ____D C:\Users\Dator\AppData\Local\{E409EE84-B070-4599-823B-CE07743C08EB}
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3}
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\AppData\Local\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3}
2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B}
2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B}
2013-08-15 17:10 - 2013-07-24 18:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-15 17:10 - 2013-07-24 18:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-15 17:10 - 2013-07-24 18:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-15 17:10 - 2013-07-24 18:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-15 17:10 - 2013-07-24 18:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-15 17:10 - 2013-07-24 18:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-15 17:10 - 2013-07-24 18:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-15 17:10 - 2013-07-24 18:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-15 17:10 - 2013-07-24 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-15 17:10 - 2013-07-24 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-15 17:10 - 2013-07-24 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-15 17:10 - 2013-07-24 18:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-15 17:10 - 2013-07-24 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-15 17:10 - 2013-07-24 18:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-15 17:10 - 2013-07-24 18:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-15 17:10 - 2013-07-24 18:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B}
2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\AppData\Local\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B}
2013-08-14 17:16 - 2013-08-14 17:21 - 00000000 ____D C:\Windows\System32\MRT
2013-08-13 23:04 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 23:04 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 23:04 - 2013-07-04 19:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 23:04 - 2013-07-04 17:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-08-13 23:04 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2013-08-13 23:04 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-13 23:03 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 23:03 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-08-13 23:03 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 23:03 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 23:03 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 23:03 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 23:03 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-05 01:33 - 2013-08-05 01:33 - 00000000 ____T C:\Users\Dator\Documents\10.0.0.2
2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5}
2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5}
2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{B6442200-398E-438E-9F6C-C8E760FE8265}
2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{B6442200-398E-438E-9F6C-C8E760FE8265}
2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\ProgramData\Documents\CrashDump
2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\Samsung
2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\AppData\Local\Samsung
2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\ProgramData\Documents\NativeFus_Log
2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\ProgramData\Desktop\Samsung Kies (Lite).lnk
2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\ProgramData\Desktop\Samsung Kies.lnk
2013-07-31 22:56 - 2013-07-31 22:56 - 00000000 ____D C:\Users\Dator\Documents\samsung
2013-07-31 22:51 - 2013-06-20 16:07 - 00153672 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdm.sys
2013-07-31 22:51 - 2013-06-20 16:07 - 00136904 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadbus.sys
2013-07-31 22:51 - 2013-06-20 16:07 - 00017864 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdfl.sys
2013-07-31 22:51 - 2013-06-20 16:07 - 00015560 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadcmnt.sys
2013-07-31 22:51 - 2013-06-20 16:07 - 00015560 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadcm.sys
2013-07-31 22:51 - 2013-06-20 16:07 - 00015304 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadwhnt.sys
2013-07-31 22:51 - 2013-06-20 16:07 - 00015304 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadwh.sys
2013-07-31 22:48 - 2013-07-31 22:48 - 00000000 ____D C:\Program Files\MyFree Codec
2013-07-31 22:34 - 2013-06-14 09:57 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\System32\Redemption.dll
2013-07-31 22:34 - 2013-06-14 09:56 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\System32\dgderapi.dll
2013-07-31 22:34 - 2013-06-14 09:56 - 00020032 _____ (Devguru Co., Ltd) C:\Windows\System32\Drivers\dgderdrv.sys
2013-07-31 22:29 - 2013-07-31 22:49 - 00000000 ____D C:\ProgramData\Samsung
2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{FA69375D-8775-41B6-AE2C-712AE8A9CF81}
2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\AppData\Local\{FA69375D-8775-41B6-AE2C-712AE8A9CF81}
2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4}
2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\AppData\Local\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4}
2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{5209729A-E0B2-4240-9A23-E6A52B97AC9A}
2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{5209729A-E0B2-4240-9A23-E6A52B97AC9A}

==================== One Month Modified Files and Folders =======

2013-08-21 10:33 - 2013-08-21 10:33 - 00000000 ____D C:\FRST
2013-08-20 23:56 - 2006-11-02 04:47 - 00003296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 23:56 - 2006-11-02 04:47 - 00003296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 23:54 - 2006-11-02 04:47 - 00327776 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-20 23:52 - 2008-04-15 20:01 - 01381120 _____ C:\Windows\WindowsUpdate.log
2013-08-20 23:31 - 2011-09-21 03:42 - 00000064 _____ C:\Windows\System32\rp_stats.dat
2013-08-20 23:31 - 2011-09-21 03:42 - 00000044 _____ C:\Windows\System32\rp_rules.dat
2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433
2013-08-20 02:36 - 2011-11-23 10:21 - 00000000 ____D C:\ProgramData\GameXN
2013-08-20 01:38 - 2012-05-08 01:13 - 00000423 _____ C:\Users\Dator\Desktop\Xerox Portal.website
2013-08-19 22:58 - 2011-05-29 07:53 - 00000000 ____D C:\Users\Dator\AppData\Roaming\go
2013-08-19 22:58 - 2008-06-15 03:40 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Skype
2013-08-18 03:24 - 2013-08-18 03:24 - 00016091 _____ C:\Users\Dator\Desktop\hs_err_pid6952.log
2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F}
2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\AppData\Local\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F}
2013-08-17 21:59 - 2009-04-03 07:23 - 00000000 ____D C:\Users\Dator\Tracing
2013-08-17 05:18 - 2008-06-04 02:33 - 00045170 _____ C:\Users\Dator\AppData\Roaming\wklnhst.dat
2013-08-17 05:05 - 2009-04-16 22:28 - 00000000 ____D C:\Users\Dator\Documents\Mina skanningar
2013-08-17 05:02 - 2013-08-17 05:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{E409EE84-B070-4599-823B-CE07743C08EB}
2013-08-17 05:02 - 2013-08-17 05:01 - 00000000 ____D C:\Users\Dator\AppData\Local\{E409EE84-B070-4599-823B-CE07743C08EB}
2013-08-17 04:55 - 2008-06-04 09:37 - 00049664 _____ C:\Users\Dator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-17 04:55 - 2008-06-04 09:37 - 00049664 _____ C:\Users\Dator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-16 21:20 - 2011-06-20 23:20 - 10000023 _____ C:\ATsvcLog.txt.old
2013-08-16 17:14 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-16 17:07 - 2007-12-11 05:15 - 00611620 _____ C:\Windows\System32\perfh01D.dat
2013-08-16 17:07 - 2007-12-11 05:15 - 00123186 _____ C:\Windows\System32\perfc01D.dat
2013-08-16 17:07 - 2006-11-02 02:33 - 01457454 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3}
2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\AppData\Local\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3}
2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B}
2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B}
2013-08-15 17:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE
2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B}
2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\AppData\Local\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B}
2013-08-14 17:21 - 2013-08-14 17:16 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 17:16 - 2006-11-02 02:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-08-07 04:40 - 2008-06-24 01:28 - 00000000 ____D C:\Users\Dator\Documents\Nya ID
2013-08-05 03:30 - 2008-12-09 02:06 - 00000000 ____D C:\Users\Dator\Documents\Mina dokument
2013-08-05 03:18 - 2008-06-04 00:37 - 00017769 _____ C:\ProgramData\hpzinstall.log
2013-08-05 03:03 - 2008-06-04 00:37 - 00138843 _____ C:\Windows\hpoins18.dat
2013-08-05 01:33 - 2013-08-05 01:33 - 00000000 ____T C:\Users\Dator\Documents\10.0.0.2
2013-08-05 01:17 - 2008-06-04 01:17 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Image Zone Express
2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5}
2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5}
2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{B6442200-398E-438E-9F6C-C8E760FE8265}
2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{B6442200-398E-438E-9F6C-C8E760FE8265}
2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\ProgramData\Documents\CrashDump
2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\Samsung
2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\AppData\Local\Samsung
2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\ProgramData\Documents\NativeFus_Log
2013-07-31 23:01 - 2008-08-29 07:27 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Samsung
2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\ProgramData\Desktop\Samsung Kies (Lite).lnk
2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\ProgramData\Desktop\Samsung Kies.lnk
2013-07-31 22:56 - 2013-07-31 22:56 - 00000000 ____D C:\Users\Dator\Documents\samsung
2013-07-31 22:53 - 2006-11-02 04:52 - 00068246 _____ C:\Windows\setupact.log
2013-07-31 22:52 - 2008-06-03 12:36 - 00000000 ____D C:\users\Dator
2013-07-31 22:50 - 2008-07-13 02:46 - 00000000 ____D C:\Program Files\Samsung
2013-07-31 22:49 - 2013-07-31 22:29 - 00000000 ____D C:\ProgramData\Samsung
2013-07-31 22:48 - 2013-07-31 22:48 - 00000000 ____D C:\Program Files\MyFree Codec
2013-07-31 22:33 - 2007-12-11 05:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-31 22:25 - 2009-05-17 09:55 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\Downloaded Installations
2013-07-31 22:25 - 2009-05-17 09:55 - 00000000 ____D C:\Users\Dator\AppData\Local\Downloaded Installations
2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{FA69375D-8775-41B6-AE2C-712AE8A9CF81}
2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\AppData\Local\{FA69375D-8775-41B6-AE2C-712AE8A9CF81}
2013-07-30 00:38 - 2010-12-30 01:14 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Personal
2013-07-29 23:34 - 2012-04-30 04:00 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Intelli-studio
2013-07-29 01:28 - 2010-11-10 01:51 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-29 01:28 - 2008-11-30 23:41 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-07-29 01:28 - 2008-06-04 03:49 - 00000000 ____D C:\Users\Dator\AppData\Roaming\iid
2013-07-29 01:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-07-29 01:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-07-29 01:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-07-29 01:28 - 2006-11-02 02:22 - 53477376 _____ C:\Windows\System32\config\software_previous
2013-07-29 01:28 - 2006-11-02 02:22 - 18612224 _____ C:\Windows\System32\config\system_previous
2013-07-29 01:19 - 2006-11-02 02:22 - 41943040 _____ C:\Windows\System32\config\components_previous
2013-07-29 01:19 - 2006-11-02 02:22 - 00053248 _____ C:\Windows\System32\config\sam_previous
2013-07-29 01:14 - 2006-11-02 02:22 - 00524288 _____ C:\Windows\System32\config\default_previous
2013-07-29 01:14 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4}
2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\AppData\Local\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4}
2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{5209729A-E0B2-4240-9A23-E6A52B97AC9A}
2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{5209729A-E0B2-4240-9A23-E6A52B97AC9A}
2013-07-24 18:40 - 2013-08-15 17:10 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-24 18:32 - 2013-08-15 17:10 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-24 18:30 - 2013-08-15 17:10 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-24 18:26 - 2013-08-15 17:10 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-24 18:26 - 2013-08-15 17:10 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-24 18:25 - 2013-08-15 17:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-24 18:24 - 2013-08-15 17:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-24 18:24 - 2013-08-15 17:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-24 18:23 - 2013-08-15 17:10 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-24 18:23 - 2013-08-15 17:10 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-24 18:23 - 2013-08-15 17:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-24 18:23 - 2013-08-15 17:10 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-24 18:23 - 2013-08-15 17:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-24 18:22 - 2013-08-15 17:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-24 18:22 - 2013-08-15 17:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-24 18:22 - 2013-08-15 17:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

ZeroAccess:
C:\Users\Dator\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

Files to move or delete:
====================
C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe
C:\ProgramData\dsgsdgdsgdsgw.pad

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-05 00:23:32
Restore point made on: 2013-08-08 23:51:50
Restore point made on: 2013-08-12 00:36:46
Restore point made on: 2013-08-14 17:02:55
Restore point made on: 2013-08-15 17:00:44
Restore point made on: 2013-08-16 17:02:42
Restore point made on: 2013-08-20 05:23:53

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 2037.4 MB
Available physical RAM: 1538.07 MB
Total Pagefile: 1788.11 MB
Available Pagefile: 1610.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.61 GB) (Free:48.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9.44 GB) (Free:2.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: FAA5FAA5)
Partition 1: (Active) - (Size=140 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1000 MB) (Disk ID: 69737369)
No partition Table on disk 1.

LastRegBack: 2013-08-20 23:51

==================== End Of Log ========




ANNONS:

#2 Cecilia

Cecilia
  • Hedersmedlem
  • 4 736 inlägg

Skrivet 21 augusti 2013 - 10:54

Starta Anteckningar.
Kopiera alla rader i rutan:
HKU\Dator\...\Run: [Ilubqyowon] - C:\Users\Dator\AppData\Roaming\Imfo\ygceh.exe [x]
HKU\Dator\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe [ 2013-08-20] (Valve Corporation) <===== ATTENTION
HKU\Dator\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://spel.spelo.se...1&dpl=1&nobtn=1" [x]
HKU\Dator\...\Winlogon: [Shell] cmd.exe [ 2008-01-18] (Microsoft Corporation) <==== ATTENTION
HKU\Dator\...\Command Processor: "C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe" <===== ATTENTION!
2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433
C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Dator\AppData\Roaming\Imfo
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på USB-minnet med namnet fixlist.txt.

På den infekterade datorn från "System Recovery Options"
Starta FRST (32-bitars Windows) resp. FRST64 (64-bitars Windows) på samma sätt som sist.
Klicka på knappen Fix.
Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på USB-minnet.
Klistra in innehållet i den i ditt svar.

Pröva att starta datorn på normalt sätt.
Om det går bra följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så gott det går för fortsatt rensning.

#3 mare1

mare1
  • Medlem
  • Pip
  • 2 inlägg

Skrivet 21 augusti 2013 - 12:29

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-08-2013
Ran by SYSTEM at 2013-08-21 13:09:22 Run:2
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Dator\...\Run: [Ilubqyowon] - C:\Users\Dator\AppData\Roaming\Imfo\ygceh.exe [x]
HKU\Dator\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe [ 2013-08-20] (Valve Corporation) <===== ATTENTION
HKU\Dator\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://spel.spelo.se...1&dpl=1&nobtn=1" [x]
HKU\Dator\...\Winlogon: [Shell] cmd.exe [ 2008-01-18] (Microsoft Corporation) <==== ATTENTION
HKU\Dator\...\Command Processor: "C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe" <===== ATTENTION!
2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433
2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433
C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Dator\AppData\Roaming\Imfo
*****************

HKU\Dator\Software\Microsoft\Windows\CurrentVersion\Run\\Ilubqyowon => Value deleted successfully.
HKU\Dator\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Dator\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater => Value deleted successfully.
HKU\Dator\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Dator\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Dator\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Dator\Local Settings\Application Data\2433f433 => Moved successfully.
"C:\Users\Dator\AppData\Local\2433f433" => File/Directory not found.
C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe => Moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad => Moved successfully.
C:\Users\Dator\AppData\Roaming\Imfo => Moved successfully.

 

Viruset kvar....



#4 Cecilia

Cecilia
  • Hedersmedlem
  • 4 736 inlägg

Skrivet 21 augusti 2013 - 13:26

Kör FRST som du gjorde första gången och klistra in den nya loggen så får vi se hur det ser ut nu.