Gå till innehåll

mare1

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    2

  • Gick med

  • Besökte senast

 Innehållstyp 

Inlägg postade av mare1

    Polisvirus

    i Borttagning av virus och andra skadliga program

    Postad

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-08-2013
    Ran by SYSTEM at 2013-08-21 13:09:22 Run:2
    Running from F:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    HKU\Dator\...\Run: [ilubqyowon] - C:\Users\Dator\AppData\Roaming\Imfo\ygceh.exe [x]
    HKU\Dator\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe [ 2013-08-20] (Valve Corporation) <===== ATTENTION
    HKU\Dator\...\RunOnce: [shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://spel.spelo.se...1&dpl=1&nobtn=1" [x]
    HKU\Dator\...\Winlogon: [shell] cmd.exe [ 2008-01-18] (Microsoft Corporation) <==== ATTENTION
    HKU\Dator\...\Command Processor: "C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe" <===== ATTENTION!
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433
    C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe
    C:\ProgramData\dsgsdgdsgdsgw.pad
    C:\Users\Dator\AppData\Roaming\Imfo
    *****************

    HKU\Dator\Software\Microsoft\Windows\CurrentVersion\Run\\Ilubqyowon => Value deleted successfully.
    HKU\Dator\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
    HKU\Dator\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater => Value deleted successfully.
    HKU\Dator\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
    HKU\Dator\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
    C:\Users\Dator\AppData\Roaming\2433f433 => Moved successfully.
    C:\ProgramData\2433f433 => Moved successfully.
    C:\Users\Dator\Local Settings\Application Data\2433f433 => Moved successfully.
    "C:\Users\Dator\AppData\Local\2433f433" => File/Directory not found.
    C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe => Moved successfully.
    C:\ProgramData\dsgsdgdsgdsgw.pad => Moved successfully.
    C:\Users\Dator\AppData\Roaming\Imfo => Moved successfully.

     

    Viruset kvar....

    Polisvirus

    i Borttagning av virus och andra skadliga program

    Postad

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013
    Ran by SYSTEM on 21-08-2013 10:37:26
    Running from F:\
    Windows Vista Home Premium (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [217088 2007-12-21] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
    HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2007-09-27] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [uCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-09-13] (CyberLink Corp.)
    HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
    HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
    HKLM\...\Run: [Net iD] - C:\Program Files\Net iD\iid.exe [99640 2010-02-01] (SecMaker AB)
    HKLM\...\Run: [ConnecteSupport] - C:\Program Files\Tific\Tific Client G1\ConnecteSupport.exe [2308608 2011-03-29] (Tific)
    HKLM\...\Run: [Family Tree Builder Update] - C:\MyHeritage\Bin\FTBCheckUpdates.exe [229376 2011-12-21] (MyHeritage)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
    HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295072 2012-12-27] (RealNetworks, Inc.)
    HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
    HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe
    HKU\Dator\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
    HKU\Dator\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
    HKU\Dator\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2012-07-13] (Skype Technologies S.A.)
    HKU\Dator\...\Run: [GameXN GO] - C:\ProgramData\GameXN\GameXNGO.exe [ 2012-03-18] (EasyBits Software AS)
    HKU\Dator\...\Run: [ilubqyowon] - C:\Users\Dator\AppData\Roaming\Imfo\ygceh.exe [x]
    HKU\Dator\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [ 2013-07-15] (Samsung)
    HKU\Dator\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]
    HKU\Dator\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-07-15] (Samsung)
    HKU\Dator\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)
    HKU\Dator\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe [ 2013-08-20] (Valve Corporation) <===== ATTENTION
    HKU\Dator\...\RunOnce: [shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://spel.spelo.se/699bbd6eba34f4b3728a65c02cb87c31/game.php?file=687474703a2f2f7370656c2e7370656c6f2e73652f36393962626436656261333466346233373238613635633032636238376333312f313634342e646372&width=100%&height=100%&spelo=1&cr=1&dpl=1&nobtn=1" [x]
    HKU\Dator\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe [ 2013-05-14] (Adobe Systems Incorporated)
    HKU\Dator\...\Winlogon: [shell] cmd.exe [ 2008-01-18] (Microsoft Corporation) <==== ATTENTION
    HKU\Dator\...\Command Processor: "C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe" <===== ATTENTION!
    HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
    Startup: C:\Users\Dator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

    ========================== Services (Whitelisted) =================

    S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
    S2 CTATSvc; C:\Program Files\Telia\Connect\ATService.exe [582976 2011-06-27] (Telia)
    S2 CTConnect; C:\Program Files\Telia\Connect\Connect.exe [1899840 2011-06-27] (Columbitech)
    S2 gupdate1ca0f5a6f8847e0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-28] (Google Inc.)
    S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
    S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-29] (Lavasoft Limited)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
    S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-13] ()
    S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
    S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
    S2 sprtsvc_teliada; C:\Program Files\Telia\Supportassistenten\bin\sprtsvc.exe [206120 2010-05-10] (SupportSoft, Inc.)
    S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-13] (Sony Corporation)
    S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [382320 2008-10-16] (SupportSoft, Inc.)
    S2 tgsrvc_teliada; C:\Program Files\Telia\Supportassistenten\bin\tgsrvc.exe [185640 2010-05-10] (SupportSoft, Inc.)
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]

    ==================== Drivers (Whitelisted) ====================

    S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
    S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-10-11] (Conexant Systems Inc.)
    S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
    S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
    S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [9728 2007-01-15] (Microsoft Corporation)
    S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-26] ()
    S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
    S1 eabfiltr;
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S3 SymIM; system32\DRIVERS\SymIM.sys [x]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433
    2013-08-18 03:24 - 2013-08-18 03:24 - 00016091 _____ C:\Users\Dator\Desktop\hs_err_pid6952.log
    2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F}
    2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\AppData\Local\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F}
    2013-08-17 05:01 - 2013-08-17 05:02 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{E409EE84-B070-4599-823B-CE07743C08EB}
    2013-08-17 05:01 - 2013-08-17 05:02 - 00000000 ____D C:\Users\Dator\AppData\Local\{E409EE84-B070-4599-823B-CE07743C08EB}
    2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3}
    2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\AppData\Local\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3}
    2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B}
    2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B}
    2013-08-15 17:10 - 2013-07-24 18:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-08-15 17:10 - 2013-07-24 18:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-08-15 17:10 - 2013-07-24 18:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-08-15 17:10 - 2013-07-24 18:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-08-15 17:10 - 2013-07-24 18:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-08-15 17:10 - 2013-07-24 18:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-08-15 17:10 - 2013-07-24 18:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-08-15 17:10 - 2013-07-24 18:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-08-15 17:10 - 2013-07-24 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-08-15 17:10 - 2013-07-24 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-08-15 17:10 - 2013-07-24 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-08-15 17:10 - 2013-07-24 18:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-08-15 17:10 - 2013-07-24 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-08-15 17:10 - 2013-07-24 18:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-08-15 17:10 - 2013-07-24 18:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-08-15 17:10 - 2013-07-24 18:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B}
    2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\AppData\Local\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B}
    2013-08-14 17:16 - 2013-08-14 17:21 - 00000000 ____D C:\Windows\System32\MRT
    2013-08-13 23:04 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-08-13 23:04 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
    2013-08-13 23:04 - 2013-07-04 19:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-08-13 23:04 - 2013-07-04 17:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    2013-08-13 23:04 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
    2013-08-13 23:04 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
    2013-08-13 23:03 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-08-13 23:03 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2013-08-13 23:03 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-08-13 23:03 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-08-13 23:03 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-08-13 23:03 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-08-13 23:03 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-08-05 01:33 - 2013-08-05 01:33 - 00000000 ____T C:\Users\Dator\Documents\10.0.0.2
    2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5}
    2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5}
    2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{B6442200-398E-438E-9F6C-C8E760FE8265}
    2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{B6442200-398E-438E-9F6C-C8E760FE8265}
    2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\Users\Public\Documents\CrashDump
    2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\ProgramData\Documents\CrashDump
    2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
    2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\Samsung
    2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\AppData\Local\Samsung
    2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\ProgramData\Documents\NativeFus_Log
    2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
    2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\ProgramData\Desktop\Samsung Kies (Lite).lnk
    2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
    2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\ProgramData\Desktop\Samsung Kies.lnk
    2013-07-31 22:56 - 2013-07-31 22:56 - 00000000 ____D C:\Users\Dator\Documents\samsung
    2013-07-31 22:51 - 2013-06-20 16:07 - 00153672 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdm.sys
    2013-07-31 22:51 - 2013-06-20 16:07 - 00136904 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadbus.sys
    2013-07-31 22:51 - 2013-06-20 16:07 - 00017864 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadmdfl.sys
    2013-07-31 22:51 - 2013-06-20 16:07 - 00015560 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadcmnt.sys
    2013-07-31 22:51 - 2013-06-20 16:07 - 00015560 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadcm.sys
    2013-07-31 22:51 - 2013-06-20 16:07 - 00015304 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadwhnt.sys
    2013-07-31 22:51 - 2013-06-20 16:07 - 00015304 _____ (MCCI Corporation) C:\Windows\System32\Drivers\ssadwh.sys
    2013-07-31 22:48 - 2013-07-31 22:48 - 00000000 ____D C:\Program Files\MyFree Codec
    2013-07-31 22:34 - 2013-06-14 09:57 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\System32\Redemption.dll
    2013-07-31 22:34 - 2013-06-14 09:56 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\System32\dgderapi.dll
    2013-07-31 22:34 - 2013-06-14 09:56 - 00020032 _____ (Devguru Co., Ltd) C:\Windows\System32\Drivers\dgderdrv.sys
    2013-07-31 22:29 - 2013-07-31 22:49 - 00000000 ____D C:\ProgramData\Samsung
    2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{FA69375D-8775-41B6-AE2C-712AE8A9CF81}
    2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\AppData\Local\{FA69375D-8775-41B6-AE2C-712AE8A9CF81}
    2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4}
    2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\AppData\Local\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4}
    2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{5209729A-E0B2-4240-9A23-E6A52B97AC9A}
    2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{5209729A-E0B2-4240-9A23-E6A52B97AC9A}

    ==================== One Month Modified Files and Folders =======

    2013-08-21 10:33 - 2013-08-21 10:33 - 00000000 ____D C:\FRST
    2013-08-20 23:56 - 2006-11-02 04:47 - 00003296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-08-20 23:56 - 2006-11-02 04:47 - 00003296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-08-20 23:54 - 2006-11-02 04:47 - 00327776 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-08-20 23:52 - 2008-04-15 20:01 - 01381120 _____ C:\Windows\WindowsUpdate.log
    2013-08-20 23:31 - 2011-09-21 03:42 - 00000064 _____ C:\Windows\System32\rp_stats.dat
    2013-08-20 23:31 - 2011-09-21 03:42 - 00000044 _____ C:\Windows\System32\rp_rules.dat
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038995 _____ C:\Users\Dator\AppData\Roaming\2433f433
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038976 _____ C:\ProgramData\2433f433
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\Local Settings\Application Data\2433f433
    2013-08-20 02:39 - 2013-08-20 02:39 - 01038961 _____ C:\Users\Dator\AppData\Local\2433f433
    2013-08-20 02:36 - 2011-11-23 10:21 - 00000000 ____D C:\ProgramData\GameXN
    2013-08-20 01:38 - 2012-05-08 01:13 - 00000423 _____ C:\Users\Dator\Desktop\Xerox Portal.website
    2013-08-19 22:58 - 2011-05-29 07:53 - 00000000 ____D C:\Users\Dator\AppData\Roaming\go
    2013-08-19 22:58 - 2008-06-15 03:40 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Skype
    2013-08-18 03:24 - 2013-08-18 03:24 - 00016091 _____ C:\Users\Dator\Desktop\hs_err_pid6952.log
    2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F}
    2013-08-17 22:00 - 2013-08-17 22:00 - 00000000 ____D C:\Users\Dator\AppData\Local\{CEEB70B2-5597-42A4-A0CF-BCF9CAA4160F}
    2013-08-17 21:59 - 2009-04-03 07:23 - 00000000 ____D C:\Users\Dator\Tracing
    2013-08-17 05:18 - 2008-06-04 02:33 - 00045170 _____ C:\Users\Dator\AppData\Roaming\wklnhst.dat
    2013-08-17 05:05 - 2009-04-16 22:28 - 00000000 ____D C:\Users\Dator\Documents\Mina skanningar
    2013-08-17 05:02 - 2013-08-17 05:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{E409EE84-B070-4599-823B-CE07743C08EB}
    2013-08-17 05:02 - 2013-08-17 05:01 - 00000000 ____D C:\Users\Dator\AppData\Local\{E409EE84-B070-4599-823B-CE07743C08EB}
    2013-08-17 04:55 - 2008-06-04 09:37 - 00049664 _____ C:\Users\Dator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-08-17 04:55 - 2008-06-04 09:37 - 00049664 _____ C:\Users\Dator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-08-16 21:20 - 2011-06-20 23:20 - 10000023 _____ C:\ATsvcLog.txt.old
    2013-08-16 17:14 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-08-16 17:07 - 2007-12-11 05:15 - 00611620 _____ C:\Windows\System32\perfh01D.dat
    2013-08-16 17:07 - 2007-12-11 05:15 - 00123186 _____ C:\Windows\System32\perfc01D.dat
    2013-08-16 17:07 - 2006-11-02 02:33 - 01457454 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3}
    2013-08-16 17:01 - 2013-08-16 17:01 - 00000000 ____D C:\Users\Dator\AppData\Local\{797D8E19-CB93-4080-A9B4-4F2FB541AAF3}
    2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B}
    2013-08-15 17:57 - 2013-08-15 17:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{0427F92F-CFF5-4E7B-8D1E-B3728F4AE33B}
    2013-08-15 17:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE
    2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B}
    2013-08-14 17:48 - 2013-08-14 17:48 - 00000000 ____D C:\Users\Dator\AppData\Local\{71BC6B42-C840-464F-A1DD-FB7FBB648D6B}
    2013-08-14 17:21 - 2013-08-14 17:16 - 00000000 ____D C:\Windows\System32\MRT
    2013-08-14 17:16 - 2006-11-02 02:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2013-08-07 04:40 - 2008-06-24 01:28 - 00000000 ____D C:\Users\Dator\Documents\Nya ID
    2013-08-05 03:30 - 2008-12-09 02:06 - 00000000 ____D C:\Users\Dator\Documents\Mina dokument
    2013-08-05 03:18 - 2008-06-04 00:37 - 00017769 _____ C:\ProgramData\hpzinstall.log
    2013-08-05 03:03 - 2008-06-04 00:37 - 00138843 _____ C:\Windows\hpoins18.dat
    2013-08-05 01:33 - 2013-08-05 01:33 - 00000000 ____T C:\Users\Dator\Documents\10.0.0.2
    2013-08-05 01:17 - 2008-06-04 01:17 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Image Zone Express
    2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5}
    2013-08-04 21:40 - 2013-08-04 21:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{31B6C25D-C2DC-4F87-83A7-30B6B30E67C5}
    2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{B6442200-398E-438E-9F6C-C8E760FE8265}
    2013-08-04 05:57 - 2013-08-04 05:57 - 00000000 ____D C:\Users\Dator\AppData\Local\{B6442200-398E-438E-9F6C-C8E760FE8265}
    2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\Users\Public\Documents\CrashDump
    2013-07-31 23:05 - 2013-07-31 23:05 - 00000000 ____D C:\ProgramData\Documents\CrashDump
    2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
    2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\Samsung
    2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\Users\Dator\AppData\Local\Samsung
    2013-07-31 23:01 - 2013-07-31 23:01 - 00000000 ____D C:\ProgramData\Documents\NativeFus_Log
    2013-07-31 23:01 - 2008-08-29 07:27 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Samsung
    2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
    2013-07-31 22:56 - 2013-07-31 22:56 - 00001783 _____ C:\ProgramData\Desktop\Samsung Kies (Lite).lnk
    2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
    2013-07-31 22:56 - 2013-07-31 22:56 - 00001773 _____ C:\ProgramData\Desktop\Samsung Kies.lnk
    2013-07-31 22:56 - 2013-07-31 22:56 - 00000000 ____D C:\Users\Dator\Documents\samsung
    2013-07-31 22:53 - 2006-11-02 04:52 - 00068246 _____ C:\Windows\setupact.log
    2013-07-31 22:52 - 2008-06-03 12:36 - 00000000 ____D C:\users\Dator
    2013-07-31 22:50 - 2008-07-13 02:46 - 00000000 ____D C:\Program Files\Samsung
    2013-07-31 22:49 - 2013-07-31 22:29 - 00000000 ____D C:\ProgramData\Samsung
    2013-07-31 22:48 - 2013-07-31 22:48 - 00000000 ____D C:\Program Files\MyFree Codec
    2013-07-31 22:33 - 2007-12-11 05:43 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2013-07-31 22:25 - 2009-05-17 09:55 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\Downloaded Installations
    2013-07-31 22:25 - 2009-05-17 09:55 - 00000000 ____D C:\Users\Dator\AppData\Local\Downloaded Installations
    2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{FA69375D-8775-41B6-AE2C-712AE8A9CF81}
    2013-07-31 21:54 - 2013-07-31 21:54 - 00000000 ____D C:\Users\Dator\AppData\Local\{FA69375D-8775-41B6-AE2C-712AE8A9CF81}
    2013-07-30 00:38 - 2010-12-30 01:14 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Personal
    2013-07-29 23:34 - 2012-04-30 04:00 - 00000000 ____D C:\Users\Dator\AppData\Roaming\Intelli-studio
    2013-07-29 01:28 - 2010-11-10 01:51 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2013-07-29 01:28 - 2008-11-30 23:41 - 00000000 ____D C:\ProgramData\HP Product Assistant
    2013-07-29 01:28 - 2008-06-04 03:49 - 00000000 ____D C:\Users\Dator\AppData\Roaming\iid
    2013-07-29 01:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
    2013-07-29 01:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
    2013-07-29 01:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
    2013-07-29 01:28 - 2006-11-02 02:22 - 53477376 _____ C:\Windows\System32\config\software_previous
    2013-07-29 01:28 - 2006-11-02 02:22 - 18612224 _____ C:\Windows\System32\config\system_previous
    2013-07-29 01:19 - 2006-11-02 02:22 - 41943040 _____ C:\Windows\System32\config\components_previous
    2013-07-29 01:19 - 2006-11-02 02:22 - 00053248 _____ C:\Windows\System32\config\sam_previous
    2013-07-29 01:14 - 2006-11-02 02:22 - 00524288 _____ C:\Windows\System32\config\default_previous
    2013-07-29 01:14 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous
    2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4}
    2013-07-28 00:14 - 2013-07-28 00:14 - 00000000 ____D C:\Users\Dator\AppData\Local\{4B06ED7B-0BA6-4491-A8EC-7D712817CDB4}
    2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\Local Settings\Application Data\{5209729A-E0B2-4240-9A23-E6A52B97AC9A}
    2013-07-27 03:40 - 2013-07-27 03:40 - 00000000 ____D C:\Users\Dator\AppData\Local\{5209729A-E0B2-4240-9A23-E6A52B97AC9A}
    2013-07-24 18:40 - 2013-08-15 17:10 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-07-24 18:32 - 2013-08-15 17:10 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-07-24 18:30 - 2013-08-15 17:10 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-07-24 18:26 - 2013-08-15 17:10 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-07-24 18:26 - 2013-08-15 17:10 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-07-24 18:25 - 2013-08-15 17:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-07-24 18:24 - 2013-08-15 17:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-07-24 18:24 - 2013-08-15 17:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-07-24 18:23 - 2013-08-15 17:10 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-07-24 18:23 - 2013-08-15 17:10 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-07-24 18:23 - 2013-08-15 17:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-07-24 18:23 - 2013-08-15 17:10 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-07-24 18:23 - 2013-08-15 17:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-07-24 18:22 - 2013-08-15 17:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-07-24 18:22 - 2013-08-15 17:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-07-24 18:22 - 2013-08-15 17:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

    ZeroAccess:
    C:\Users\Dator\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

    Files to move or delete:
    ====================
    C:\Users\Dator\AppData\Local\Temp\doxnnyqrlofmrotrs.exe
    C:\ProgramData\dsgsdgdsgdsgw.pad

    ==================== Known DLLs (Whitelisted) ============

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points  =========================

    Restore point made on: 2013-08-05 00:23:32
    Restore point made on: 2013-08-08 23:51:50
    Restore point made on: 2013-08-12 00:36:46
    Restore point made on: 2013-08-14 17:02:55
    Restore point made on: 2013-08-15 17:00:44
    Restore point made on: 2013-08-16 17:02:42
    Restore point made on: 2013-08-20 05:23:53

    ==================== Memory info ===========================

    Percentage of memory in use: 24%
    Total physical RAM: 2037.4 MB
    Available physical RAM: 1538.07 MB
    Total Pagefile: 1788.11 MB
    Available Pagefile: 1610.7 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.21 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:139.61 GB) (Free:48.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:9.44 GB) (Free:2.94 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive f: () (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149 GB) (Disk ID: FAA5FAA5)
    Partition 1: (Active) - (Size=140 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 1000 MB) (Disk ID: 69737369)
    No partition Table on disk 1.

    LastRegBack: 2013-08-20 23:51

    ==================== End Of Log ========

×
×
  • Skapa nytt...