MaPe Postad Oktober 20, 2012 Dela Postad Oktober 20, 2012 Hej, Min son råkade idag ut för det som tidigare kallats polistrojan, vilket "låste" datorn. I felsäkert läge gjorde vi en systemåterställning, varefter datorn är "upplåst" igen. Nu skulle vi vilja få hjälp med att ta bort resterna av detta otyg. Tack på förhand! Hälsningar MaPe DDS (Ver_2012-10-19.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0 Run by sul11isak at 19:15:13 on 2012-10-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.700 [GMT 2:00] . AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\ProgramData\Premium\Codec\Codec.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\RunDll32.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=110823&tt=120912_cpc_3812_1&babsrc=HP_ss_cr&mntrId=10c52bef000000000000705ab6b62662 uDefault_Page_URL = lbs.se uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned> BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Codec-V Class: {5CDCDF85-0810-472D-16EC-9B4C7A811901} - C:\ProgramData\Codec-V\505c89129062c.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW StartupFolder: C:\Users\SUL11I~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OCSINV~1.LNK - C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoAutorun = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B3250C6D-0ECF-4138-BD7C-7083043B1945} : DHCPNameServer = 172.23.10.10 172.21.10.10 TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3}\C42435 : DHCPNameServer = 172.23.10.10 172.21.10.10 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-09-21 11:13; {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-21 56208] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-21 89600] R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-21 30520] R2 OCS Inventory Service;OCS Inventory Service;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2011-5-8 35840] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-9-21 301232] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-9-21 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-9-21 158720] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832] R3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;C:\Windows\System32\drivers\NETwNs64.sys [2012-9-21 8507392] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-9-21 75776] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-9-21 177152] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-21 188224] R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2012-9-21 59008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-7 250808] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-21 1432400] S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-21 113120] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-10-20 15:50:45 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA5B6542-FFE8-44DD-920D-1A91AA0DB923}\mpengine.dll 2012-10-20 15:06:36 -------- d-sh--w- C:\found.000 2012-10-18 18:05:32 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Diagnostics 2012-10-17 11:37:14 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Macromedia 2012-10-15 07:17:47 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Foxit Software 2012-10-14 15:29:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Mozilla 2012-10-11 17:56:12 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-10-11 17:56:12 -------- d-----w- C:\Program Files (x86)\StarCraft II 2012-10-11 17:23:59 -------- d-----w- C:\ProgramData\Battle.net 2012-10-11 16:58:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-10-10 15:13:12 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Apple 2012-10-10 13:49:57 -------- d-----w- C:\Program Files (x86)\LucasArts 2012-10-10 06:55:49 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-10 06:55:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-10 06:55:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-10 06:55:44 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-10 06:55:30 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 06:55:30 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 06:55:28 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 06:55:27 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 06:55:27 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 06:55:27 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 06:55:26 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 06:55:26 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-08 18:15:17 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\OpenOffice.org 2012-10-07 10:03:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-07 09:31:24 -------- d--h--w- C:\Windows\AxInstSV 2012-10-02 09:32:49 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2012-10-01 16:57:27 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll 2012-09-26 08:15:25 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-24 09:05:27 -------- d-----w- C:\Windows\SysWow64\xlive 2012-09-24 09:05:27 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2012-09-24 08:58:05 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58:05 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58:01 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:58:01 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:57:15 -------- d-----w- C:\Windows\System32\RsFx 2012-09-24 08:53:02 -------- d-----w- C:\Program Files\Microsoft SQL Server 2012-09-24 08:52:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-09-24 08:52:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-09-24 08:51:34 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2012-09-24 08:48:48 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET 2012-09-24 08:48:45 -------- d-----w- C:\Program Files\IIS 2012-09-24 08:48:44 -------- d-----w- C:\Program Files (x86)\IIS 2012-09-24 08:41:22 -------- d-----w- C:\Windows\SysWow64\1033 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Microsoft F# 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules 2012-09-24 08:26:34 2380224 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-24 08:20:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2012-09-24 08:19:16 -------- d-----w- C:\Windows\System32\appmgmt 2012-09-24 08:17:28 -------- d-----w- C:\Windows\System32\1033 2012-09-24 07:36:46 -------- d-----w- C:\Program Files (x86)\Microsoft XNA 2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2012-09-22 15:02:12 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-09-21 17:24:04 -------- d-----w- C:\Windows\Panther 2012-09-21 17:23:51 -------- d-sh--w- C:\Boot 2012-09-21 17:20:43 -------- d-----w- C:\Program Files\Synaptics 2012-09-21 17:17:52 -------- d-----w- C:\Windows\SysWow64\Wat 2012-09-21 17:17:51 -------- d-----w- C:\Windows\System32\Wat 2012-09-21 17:14:51 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-09-21 17:13:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-09-21 17:03:39 8507392 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys 2012-09-21 17:02:51 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll 2012-09-21 17:01:55 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-09-21 17:01:55 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-09-21 17:01:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-09-21 17:01:53 90112 ----a-w- C:\Windows\System32\snymsico.dll 2012-09-21 17:01:53 67584 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys 2012-09-21 17:01:53 59008 ----a-w- C:\Windows\System32\drivers\rismcx64.sys 2012-09-21 17:01:53 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys 2012-09-21 17:01:53 55296 ----a-w- C:\Windows\System32\drivers\rimspx64.sys 2012-09-21 17:01:53 172032 ----a-w- C:\Windows\System32\rixdicon.dll 2012-09-21 17:01:52 75776 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys 2012-09-21 17:01:52 177152 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys 2012-09-21 16:23:49 -------- d-----w- C:\Program Files (x86)\Conduit 2012-09-21 16:23:46 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Conduit 2012-09-21 16:08:51 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-21 15:55:36 -------- d-----w- C:\Windows\SysWow64\searchplugins 2012-09-21 15:55:36 -------- d-----w- C:\Windows\SysWow64\Extensions 2012-09-21 15:54:43 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Babylon 2012-09-21 15:54:43 -------- d-----w- C:\ProgramData\Babylon 2012-09-21 15:44:18 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\DDMSettings 2012-09-21 15:37:51 -------- d-----w- C:\Program Files\DivX 2012-09-21 15:37:46 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2012-09-21 15:36:24 -------- d-----w- C:\Program Files (x86)\DivX 2012-09-21 15:35:29 -------- d-----w- C:\ProgramData\DivX 2012-09-21 15:32:56 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Google 2012-09-21 15:32:43 -------- d-----w- C:\ProgramData\Premium 2012-09-21 15:31:04 -------- d-----w- C:\ProgramData\Codec-V 2012-09-21 15:30:48 -------- d-----w- C:\ProgramData\InstallMate 2012-09-21 11:54:33 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\cache 2012-09-21 11:39:21 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared 2012-09-21 11:38:33 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Autodesk 2012-09-21 11:35:57 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared 2012-09-21 11:35:57 -------- d-----w- C:\Program Files\Autodesk 2012-09-21 11:32:59 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared 2012-09-21 11:32:59 -------- d-----w- C:\Program Files (x86)\Autodesk 2012-09-21 11:31:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Autodesk 2012-09-21 11:01:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Adobe 2012-09-21 09:14:54 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2012-09-21 09:13:49 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3 2012-09-21 09:12:28 -------- d-----w- C:\Windows\sv 2012-09-21 09:11:43 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-09-21 09:10:51 -------- d-----w- C:\Windows\PCHEALTH 2012-09-21 09:10:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1633f31cd97d802\DSETUP.dll 2012-09-21 09:10:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1633f31cd97d802\DXSETUP.exe 2012-09-21 09:10:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2cf1691cd97d801\DXSETUP.exe 2012-09-21 09:10:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1633f31cd97d802\dsetup32.dll 2012-09-21 09:10:18 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2cf1691cd97d801\DSETUP.dll 2012-09-21 09:10:18 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2cf1691cd97d801\dsetup32.dll 2012-09-21 09:10:15 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-09-21 09:08:51 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-09-21 09:03:50 -------- d-----w- C:\Program Files (x86)\Unity 2012-09-21 09:02:15 -------- d-----w- C:\totalcmd 2012-09-21 09:00:24 -------- d-----w- C:\Program Files (x86)\FreeMind 2012-09-21 08:58:59 -------- d-----w- C:\Program Files (x86)\Foxit Software 2012-09-21 08:58:36 -------- d-----w- C:\Program Files (x86)\Lame For Audacity 2012-09-21 08:58:27 -------- d-----w- C:\Program Files (x86)\Audacity 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-09-21 08:46:23 -------- d-----w- C:\ProgramData\ALM 2012-09-21 08:27:49 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys 2012-09-21 08:27:49 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys 2012-09-21 08:27:49 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys 2012-09-21 08:27:49 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared 2012-09-21 08:27:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2012-09-21 08:20:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 08:16:35 -------- d-----w- C:\Program Files (x86)\OCS Inventory Agent 2012-09-21 08:16:09 -------- d-----w- C:\ProgramData\OCS Inventory NG 2012-09-21 08:09:43 142336 ----a-w- C:\Windows\System32\poqexec.exe 2012-09-21 08:09:43 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2012-09-21 07:46:02 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-21 07:46:02 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-21 07:45:09 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-21 07:45:09 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-21 07:36:37 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5D961A0-24EC-4808-9A72-71738A0ADA88}\gapaengine.dll 2012-09-21 07:31:40 -------- d-sh--w- C:\Windows\Installer 2012-09-21 07:31:40 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-09-21 07:31:12 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-09-21 07:31:10 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-09-21 07:31:03 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-09-21 07:31:03 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-09-21 07:30:50 -------- d-----w- C:\Windows\wlansvc 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Start-meny 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Skrivbord 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Programdata 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Mallar 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Favoriter 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Dokument 2012-09-21 07:30:44 -------- d-sh--we C:\Program Files\Delade filer 2012-09-21 07:30:44 -------- d-sh--we C:\Program 2012-09-21 07:30:44 -------- d-sh--w- C:\Recovery . ==================== Find3M ==================== . 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll . ============= FINISH: 19:16:07,57 =============== Attach1.txt Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Oktober 20, 2012 Dela Postad Oktober 20, 2012 Spara RougueKiller på Skrivbordet. http://www.sur-la-toile.com/RogueKiller/ Stäng av alla program. Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår. Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe. Vänta tills "Prescan" har avslutats. Klicka på "Scan"-knappen uppe till höger. Vänta tills skanningen är klar. En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
MaPe Postad Oktober 21, 2012 Författare Dela Postad Oktober 21, 2012 Hej, Här kommer rapporten: RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : sul11isak [Admin rights] Mode : Scan -- Date : 10/21/2012 10:46:35 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] Codec.exe -- C:\ProgramData\Premium\Codec\Codec.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [TASK][sUSP PATH] CodecUpdaterTask{AE8F3E24-D2D8-4BFB-A28D-419812CC81B7}.job : C:\ProgramData\Premium\Codec\Codec.exe -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2556GSY +++++ --- User --- [MBR] 94944553cd40f81590d2277d1c1ae0f3 [bSP] 2aa1f76fa8ce7440a39b3b87a99c8b9c : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Oktober 21, 2012 Dela Postad Oktober 21, 2012 1. Vet du vad det här är för program? C:\ProgramData\Premium\Codec 2. På sidan http://www.virustotal.com klickar du på Choose File -knappen och klistrar in ett av följande filnamn i fältet "Filnamn", klicka på Öppna och sedan på Scan it!. Om det kommer upp en fråga om filen ska analyseras om så välj det alternativet. Vänta tills resultatet är klart. Klistra in länken (webbadressen) till resultatet här. Upprepa med nästa filnamn. C:\ProgramData\Codec-V\505c89129062c.dll C:\ProgramData\Premium\Codec\Codec.exe 3. Avinstallera: Java 6 Update 22 Java 7 Update 5 Java 7 Update 5 (64-bit) Eftersom det är gamla programversioner med kända säkerhetshål som gör det lätt för en webbsida att infektera datorn. 4. Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på. Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html Kör ComboFix och följ anvisningarna som visas. Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja. Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar. VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då. När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet. Om du får problem med att komma ut på internet: Kontrollpanelen - Nätverksanslutningar högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
MaPe Postad Oktober 21, 2012 Författare Dela Postad Oktober 21, 2012 1. Enligt Isak behövs Codec (http://www.allpremiumsoft.com) tillsammans med DivX Plus för att titta på en viss streamad film. För att även höra ljud ska en Direct Show encoder laddas ner, men det har han inte lyckats med ännu. 2. Länkar till VirusTotal: https://www.virustotal.com/file/de1c043cd39c887c12ab24581903cd242287afeb46c7c02e9b52a659ae2945a7/analysis/1350817155/ https://www.virustotal.com/file/4eaf177ee831e9b99e3e8704264d2f25cbc33f24d59fbbe5f98e288f2a35d606/analysis/1350817532/ 3. Avinstallerat 4. Såvitt vi kunde se kom inget särskilt meddelande upp från ComboFix, detta är loggen: ComboFix 12-10-21.01 - sul11isak 2012-10-21 13:32:04.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.769 [GMT 2:00] Körs från: c:\users\Sul11Isak\Desktop\ComboFix.exe AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_nvsvc . . (((((((((((((((((((((((( Filer skapade från 2012-09-21 till 2012-10-21 )))))))))))))))))))))))))))))) . . 2012-10-21 11:38 . 2012-10-21 11:38 -------- d-----w- c:\users\sa.mdt\AppData\Local\temp 2012-10-21 11:38 . 2012-10-21 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-20 17:33 . 2012-10-20 17:35 -------- d-----w- c:\program files (x86)\ERUNT 2012-10-20 15:06 . 2012-10-20 15:06 -------- d-----w- C:\found.000 2012-10-18 18:05 . 2012-10-18 18:05 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Diagnostics 2012-10-17 11:37 . 2012-10-17 11:37 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Macromedia 2012-10-15 07:17 . 2012-10-15 07:17 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Foxit Software 2012-10-14 15:29 . 2012-10-14 15:29 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Mozilla 2012-10-11 17:56 . 2012-10-11 18:52 -------- d-----w- c:\program files (x86)\StarCraft II 2012-10-11 17:56 . 2012-10-11 18:31 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-10-11 17:23 . 2012-10-11 17:24 -------- d-----w- c:\programdata\Battle.net 2012-10-11 16:58 . 2012-10-11 18:32 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-10-10 15:13 . 2012-10-10 15:13 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Apple 2012-10-10 13:49 . 2012-10-10 13:57 -------- d-----w- c:\program files (x86)\LucasArts 2012-10-10 13:49 . 2012-10-10 13:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2012-10-10 13:47 . 2012-10-10 13:47 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\InstallShield 2012-10-10 06:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 06:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-10 06:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 06:55 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 06:55 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 06:55 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 06:55 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 06:55 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 06:55 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 06:55 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 06:55 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 06:55 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-08 18:15 . 2012-10-08 18:15 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\OpenOffice.org 2012-10-07 10:03 . 2012-10-09 13:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-07 09:31 . 2012-10-07 09:33 -------- d--h--w- c:\windows\AxInstSV 2012-10-02 09:32 . 2012-10-02 09:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-10-01 16:57 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll 2012-09-26 08:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\windows\SysWow64\xlive 2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2012-09-24 08:58 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:57 . 2012-09-24 08:57 -------- d-----w- c:\windows\system32\RsFx 2012-09-24 08:56 . 2012-09-24 08:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2012-09-24 08:40 . 2012-09-25 17:33 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules 2012-09-24 08:40 . 2012-09-24 08:44 -------- d-----w- c:\program files (x86)\Microsoft F# 2012-09-24 08:40 . 2012-09-24 08:42 -------- d-----w- c:\program files (x86)\HTML Help Workshop 2012-09-24 08:28 . 2012-09-24 08:29 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\vlc 2012-09-24 08:26 . 2012-09-25 17:39 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-24 08:20 . 2012-09-24 08:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0 2012-09-24 08:19 . 2012-09-24 08:20 -------- d-----w- c:\windows\system32\appmgmt 2012-09-24 08:17 . 2012-09-24 08:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2012-09-24 08:17 . 2012-09-24 08:56 -------- d-----w- c:\windows\system32\1033 2012-09-24 07:36 . 2012-09-24 07:36 -------- d-----w- c:\program files (x86)\Microsoft XNA 2012-09-24 07:26 . 2012-09-24 08:52 -------- d-----w- c:\program files (x86)\Microsoft SDKs 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\windows\symbols 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-09-22 15:02 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-09-21 17:24 . 2012-09-21 07:30 -------- d-----w- c:\windows\Panther 2012-09-21 17:23 . 2012-09-21 17:23 -------- d-----w- C:\Boot 2012-09-21 17:20 . 2012-09-21 17:20 -------- d-----w- c:\program files\Synaptics 2012-09-21 17:17 . 2012-09-21 17:17 -------- d-----w- c:\windows\SysWow64\Wat 2012-09-21 17:17 . 2012-09-21 17:17 -------- d-----w- c:\windows\system32\Wat 2012-09-21 17:14 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-09-21 17:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-09-21 17:03 . 2011-07-19 07:43 8507392 ----a-w- c:\windows\system32\drivers\NETwNs64.sys 2012-09-21 17:02 . 2011-07-19 07:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-09-21 17:01 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll 2012-09-21 17:01 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2012-09-21 17:01 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-09-21 17:01 . 2011-07-19 07:45 90112 ----a-w- c:\windows\system32\snymsico.dll 2012-09-21 17:01 . 2011-07-19 07:45 67584 ----a-w- c:\windows\system32\drivers\rimmpx64.sys 2012-09-21 17:01 . 2011-07-19 07:45 59008 ----a-w- c:\windows\system32\drivers\rismcx64.sys 2012-09-21 17:01 . 2011-07-19 07:45 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys 2012-09-21 17:01 . 2011-07-19 07:45 55296 ----a-w- c:\windows\system32\drivers\rimspx64.sys 2012-09-21 17:01 . 2011-07-19 07:45 172032 ----a-w- c:\windows\system32\rixdicon.dll 2012-09-21 17:01 . 2011-07-19 07:39 75776 ----a-w- c:\windows\system32\drivers\nusb3hub.sys 2012-09-21 17:01 . 2011-07-19 07:39 177152 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys 2012-09-21 16:23 . 2012-09-21 16:23 -------- d-----w- c:\program files (x86)\Conduit 2012-09-21 16:23 . 2012-09-24 08:24 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Conduit 2012-09-21 16:08 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-21 15:55 . 2012-09-21 15:55 -------- d-----w- c:\windows\SysWow64\searchplugins 2012-09-21 15:55 . 2012-09-21 15:55 -------- d-----w- c:\windows\SysWow64\Extensions 2012-09-21 15:55 . 2012-09-21 15:55 315 ----a-w- C:\user.js 2012-09-21 15:54 . 2012-09-21 15:54 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Babylon 2012-09-21 15:54 . 2012-09-21 15:54 -------- d-----w- c:\programdata\Babylon 2012-09-21 15:44 . 2012-09-21 15:44 -------- d-----w- c:\users\Sul11Isak\AppData\Local\DDMSettings 2012-09-21 15:38 . 2012-09-21 16:07 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\DivX 2012-09-21 15:37 . 2012-09-21 15:38 -------- d-----w- c:\program files\DivX 2012-09-21 15:37 . 2012-09-21 15:38 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared 2012-09-21 15:37 . 2012-09-21 15:37 -------- d-----w- c:\program files\Google 2012-09-21 15:36 . 2012-09-21 15:39 -------- d-----w- c:\program files (x86)\DivX 2012-09-21 15:35 . 2012-09-21 15:39 -------- d-----w- c:\programdata\DivX 2012-09-21 15:32 . 2012-09-30 00:46 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Google 2012-09-21 15:32 . 2012-09-21 15:32 -------- d-----w- c:\programdata\Premium 2012-09-21 15:31 . 2012-09-21 15:58 -------- d-----w- c:\programdata\Codec-V 2012-09-21 15:30 . 2012-09-21 15:32 -------- d-----w- c:\programdata\InstallMate 2012-09-21 11:54 . 2012-10-19 06:52 -------- d-----w- c:\users\Sul11Isak\AppData\Local\cache 2012-09-21 11:49 . 2012-10-20 15:44 -------- d-----w- c:\programdata\FLEXnet . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 13:17 . 2012-09-21 08:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-25 17:39 . 2012-09-24 08:26 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-21 09:11 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-09-21 08:14 . 2012-09-21 08:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-09-21 08:14 . 2012-09-21 08:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-09-21 08:14 . 2012-09-21 08:14 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-09-21 08:14 . 2012-09-21 08:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-09-21 08:14 . 2012-09-21 08:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-09-21 08:14 . 2012-09-21 08:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-09-21 08:14 . 2012-09-21 08:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-09-21 08:14 . 2012-09-21 08:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-09-21 08:14 . 2012-09-21 08:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-09-21 08:14 . 2012-09-21 08:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-09-21 08:14 . 2012-09-21 08:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-09-21 08:14 . 2012-09-21 08:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-09-21 08:14 . 2012-09-21 08:14 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-09-21 08:14 . 2012-09-21 08:14 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-09-21 08:14 . 2012-09-21 08:14 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-09-21 08:14 . 2012-09-21 08:14 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-09-21 08:14 . 2012-09-21 08:14 222208 ----a-w- c:\windows\system32\msls31.dll 2012-09-21 08:14 . 2012-09-21 08:14 197120 ----a-w- c:\windows\system32\msrating.dll 2012-09-21 08:14 . 2012-09-21 08:14 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-09-21 08:14 . 2012-09-21 08:14 149504 ----a-w- c:\windows\system32\occache.dll 2012-09-21 08:14 . 2012-09-21 08:14 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-09-21 08:14 . 2012-09-21 08:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-09-21 08:14 . 2012-09-21 08:14 12288 ----a-w- c:\windows\system32\mshta.exe 2012-09-21 08:14 . 2012-09-21 08:14 114176 ----a-w- c:\windows\system32\admparse.dll 2012-09-21 08:14 . 2012-09-21 08:14 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-09-21 08:14 . 2012-09-21 08:14 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-09-21 08:14 . 2012-09-21 08:14 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-09-21 08:14 . 2012-09-21 08:14 82432 ----a-w- c:\windows\system32\icardie.dll 2012-09-21 08:14 . 2012-09-21 08:14 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-09-21 08:14 . 2012-09-21 08:14 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-09-21 08:14 . 2012-09-21 08:14 448512 ----a-w- c:\windows\system32\html.iec 2012-09-21 08:14 . 2012-09-21 08:14 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-09-21 08:14 . 2012-09-21 08:14 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-09-21 08:14 . 2012-09-21 08:14 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-09-21 08:14 . 2012-09-21 08:14 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-09-21 08:14 . 2012-09-21 08:14 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-09-21 08:14 . 2012-09-21 08:14 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-09-21 08:14 . 2012-09-21 08:14 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\wextract.exe 2012-09-21 08:14 . 2012-09-21 08:14 103936 ----a-w- c:\windows\system32\inseng.dll 2012-09-21 07:45 . 2012-09-21 07:46 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-21 07:45 . 2012-09-21 07:46 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-21 07:44 . 2012-09-21 07:45 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-21 07:44 . 2012-09-21 07:45 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-21 07:36 . 2012-09-21 07:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5D961A0-24EC-4808-9A72-71738A0ADA88}\gapaengine.dll 2012-08-24 10:13 . 2012-09-22 15:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-20 17:38 . 2012-10-10 06:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5CDCDF85-0810-472D-16EC-9B4C7A811901}] 2012-09-21 15:34 145920 ----a-w- c:\programdata\Codec-V\505c89129062c.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . c:\users\Sul11Isak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ OCS Inventory NG Systray.lnk - c:\program files (x86)\OCS Inventory Agent\OcsSystray.exe [2011-5-8 57344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoAutorun"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\0\0] "Script"=LastLogin.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\1\0] "Script"=login-mapping-domain.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\2\0] "Script"=OCS-Agent.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-21 1432400] R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-21 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-07-19 89600] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-09 30520] S2 OCS Inventory Service;OCS Inventory Service;c:\program files (x86)\OCS Inventory Agent\OcsService.exe [2011-05-08 35840] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-19 301232] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-07-19 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720] S3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-07-19 8507392] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-19 75776] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-19 177152] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224] S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2011-07-19 59008] . . --- Övriga tjänster/drivrutiner i minnet --- . *NewlyCreated* - WS2IFSL . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 13:17] . 2012-10-21 c:\windows\Tasks\CodecUpdaterTask{AE8F3E24-D2D8-4BFB-A28D-419812CC81B7}.job - c:\programdata\Premium\Codec\Codec.exe [2012-09-21 12:31] . 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00] . 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-19 489472] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680] . ------- Extra genomsökning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?affID=110823&tt=120912_cpc_3812_1&babsrc=HP_ss_cr&mntrId=10c52bef000000000000705ab6b62662 mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2012-10-21 13:44:36 - datorn startades om. ComboFix-quarantined-files.txt 2012-10-21 11:44 . Före genomsökningen: 168 676 032 512 byte ledigt Efter genomsökningen: 170 102 509 568 byte ledigt . - - End Of File - - 58A0FDA57AB9B1128E3B718F332175C8 Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Oktober 21, 2012 Dela Postad Oktober 21, 2012 1. Webbplatsen verkar inte ha särskilt gott rykte, se: http://www.mywot.com/en/scorecard/allpremiumsoft.com?utm_source=addon&utm_content=popup http://support.mozilla.org/sv/questions/850509 2. Codec-V verkar ju inte bra enligt resultatet på virustotal. Avinstallera det. 3. Ladda ner Malwarebytes Anti-Malware (MBAM) från http://www.malwarebytes.org/ Dubbelklicka på mbam-setup för att installera programmet. Se till i slutet av installationen att det är bockar för: Uppdatera Malwarebytes' Anti-Malware Starta Malwarebytes' Anti-Malware Klicka på Slutför Om det finns någon uppdatering så kommer den att laddas ner och installeras. När programmet startar så välj Utför fullständig skanning och klicka på Skanna. Skanningen tar ett tag. När den är klar så klicka på OK och sedan Visa resultat. Bocka för allt och tryck sedan Ta bort markerade. När borttagningen är klar så öppnar Anteckningar med en logg. Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det. Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång. Om programmet inte kommer igång efter omstarten så starta det. Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM. Kopiera loggen och klistra in den i ditt svar. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
MaPe Postad Oktober 21, 2012 Författare Dela Postad Oktober 21, 2012 2. Avinstalleat 3. MBAM loggen kommer här: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Databasversion: v2012.10.21.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 sul11isak :: LLD359LT [administratör] 2012-10-21 16:03:05 mbam-log-2012-10-21 (16-03-05).txt Skanningstyp: Fullständig skanning (C:\|) Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM Inaktiverade skanningsalternativ: P2P Antal skannade objekt: 469784 Förfluten tid: 1 timme(ar), 2 minut(er), 27 sekund(er) Upptäckta minnesprocesser: 0 (Inga skadliga poster hittades) Upptäckta minnesmoduler: 0 (Inga skadliga poster hittades) Upptäckta registernycklar: 0 (Inga skadliga poster hittades) Upptäckta registervärden: 0 (Inga skadliga poster hittades) Upptäckta registerdataposter: 0 (Inga skadliga poster hittades) Upptäckta mappar: 0 (Inga skadliga poster hittades) Upptäckta filer: 0 (Inga skadliga poster hittades) (klar) Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Oktober 21, 2012 Dela Postad Oktober 21, 2012 1. Starta Anteckningar. Kopiera alla rader i rutan: Killall:: ClearJavaCache:: DDS:: uStart Page = hxxp://search.babylon.com/?affID=110823&tt=120912_cpc_3812_1&babsrc=HP_ss_cr&mntrId=10c52bef000000000000705ab6b62662 Folder:: c:\program files (x86)\Conduit c:\users\Sul11Isak\AppData\Local\Conduit c:\users\Sul11Isak\AppData\Roaming\Babylon c:\programdata\Babylon c:\programdata\Codec-V och klistra in i Anteckningar. Kontrollera att inga filnamn/sökvägar delas upp på två rader. Det ska vara 10 rader. Spara filen på Skrivbordet med kodningen ANSI och med namnet CFScript. Förbered datorn på samma sätt som tidigare för ComboFix. Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt. Klistra in loggen som kommer ut. 2. Skanna datorn online på http://www.eset.com/onlinescan/ För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden. Avbocka alternativet Remove found threats Bocka för Scan Archives Klicka på Advanced Settings Bocka för: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Klicka på Scan När skanningen är klar kopiera resultatet och klistra sedan in det i ditt svar. 3. Observera att AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} är ett antivirusprogram avsett för företag. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
MaPe Postad Oktober 22, 2012 Författare Dela Postad Oktober 22, 2012 1. CombFis log: ComboFix 12-10-21.01 - sul11isak 2012-10-22 7:30.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.671 [GMT 2:00] Körs från: c:\users\Sul11Isak\Desktop\ComboFix.exe Kommandoväxlar som använts :: c:\users\Sul11Isak\Desktop\CFScript.txt AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Conduit c:\program files (x86)\Conduit\Community Alerts\Alert.dll c:\programdata\Babylon c:\users\Sul11Isak\AppData\Local\Conduit c:\users\Sul11Isak\AppData\Roaming\Babylon c:\users\Sul11Isak\AppData\Roaming\Babylon\log_file.txt . . (((((((((((((((((((((((( Filer skapade från 2012-09-22 till 2012-10-22 )))))))))))))))))))))))))))))) . . 2012-10-22 05:37 . 2012-10-22 05:37 -------- d-----w- c:\users\sa.mdt\AppData\Local\temp 2012-10-22 05:37 . 2012-10-22 05:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-22 05:37 . 2012-10-22 05:37 -------- d-----w- c:\users\Administratör\AppData\Local\temp 2012-10-22 05:24 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57510484-6776-4F6C-9337-556194912D4E}\mpengine.dll 2012-10-21 14:01 . 2012-10-21 14:01 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Malwarebytes 2012-10-21 14:01 . 2012-10-21 14:01 -------- d-----w- c:\programdata\Malwarebytes 2012-10-21 14:01 . 2012-10-21 14:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-21 14:01 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-20 17:33 . 2012-10-20 17:35 -------- d-----w- c:\program files (x86)\ERUNT 2012-10-20 15:06 . 2012-10-20 15:06 -------- d-----w- C:\found.000 2012-10-18 18:05 . 2012-10-18 18:05 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Diagnostics 2012-10-17 11:37 . 2012-10-17 11:37 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Macromedia 2012-10-15 07:17 . 2012-10-15 07:17 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Foxit Software 2012-10-14 15:29 . 2012-10-14 15:29 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Mozilla 2012-10-11 17:56 . 2012-10-11 18:52 -------- d-----w- c:\program files (x86)\StarCraft II 2012-10-11 17:56 . 2012-10-11 18:31 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-10-11 17:23 . 2012-10-11 17:24 -------- d-----w- c:\programdata\Battle.net 2012-10-11 16:58 . 2012-10-11 18:32 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-10-10 15:13 . 2012-10-10 15:13 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Apple 2012-10-10 13:49 . 2012-10-10 13:57 -------- d-----w- c:\program files (x86)\LucasArts 2012-10-10 13:49 . 2012-10-10 13:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2012-10-10 13:47 . 2012-10-10 13:47 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\InstallShield 2012-10-10 06:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 06:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-10 06:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 06:55 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 06:55 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 06:55 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 06:55 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 06:55 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 06:55 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 06:55 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 06:55 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 06:55 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-08 18:15 . 2012-10-08 18:15 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\OpenOffice.org 2012-10-07 10:03 . 2012-10-09 13:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-07 09:31 . 2012-10-07 09:33 -------- d--h--w- c:\windows\AxInstSV 2012-10-02 09:32 . 2012-10-02 09:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-10-01 16:57 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll 2012-09-26 08:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\windows\SysWow64\xlive 2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2012-09-24 08:58 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:57 . 2012-09-24 08:57 -------- d-----w- c:\windows\system32\RsFx 2012-09-24 08:56 . 2012-09-24 08:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2012-09-24 08:40 . 2012-09-25 17:33 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules 2012-09-24 08:40 . 2012-09-24 08:44 -------- d-----w- c:\program files (x86)\Microsoft F# 2012-09-24 08:40 . 2012-09-24 08:42 -------- d-----w- c:\program files (x86)\HTML Help Workshop 2012-09-24 08:28 . 2012-09-24 08:29 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\vlc 2012-09-24 08:26 . 2012-09-25 17:39 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-24 08:20 . 2012-09-24 08:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0 2012-09-24 08:19 . 2012-09-24 08:20 -------- d-----w- c:\windows\system32\appmgmt 2012-09-24 08:17 . 2012-09-24 08:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2012-09-24 08:17 . 2012-09-24 08:56 -------- d-----w- c:\windows\system32\1033 2012-09-24 07:36 . 2012-09-24 07:36 -------- d-----w- c:\program files (x86)\Microsoft XNA 2012-09-24 07:26 . 2012-09-24 08:52 -------- d-----w- c:\program files (x86)\Microsoft SDKs 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\windows\symbols 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-09-22 15:02 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-12 07:19 . 2012-09-21 16:08 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-09 13:17 . 2012-09-21 08:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-25 17:39 . 2012-09-24 08:26 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-21 09:11 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-09-21 08:14 . 2012-09-21 08:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-09-21 08:14 . 2012-09-21 08:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-09-21 08:14 . 2012-09-21 08:14 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-09-21 08:14 . 2012-09-21 08:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-09-21 08:14 . 2012-09-21 08:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-09-21 08:14 . 2012-09-21 08:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-09-21 08:14 . 2012-09-21 08:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-09-21 08:14 . 2012-09-21 08:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-09-21 08:14 . 2012-09-21 08:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-09-21 08:14 . 2012-09-21 08:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-09-21 08:14 . 2012-09-21 08:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-09-21 08:14 . 2012-09-21 08:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-09-21 08:14 . 2012-09-21 08:14 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-09-21 08:14 . 2012-09-21 08:14 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-09-21 08:14 . 2012-09-21 08:14 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-09-21 08:14 . 2012-09-21 08:14 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-09-21 08:14 . 2012-09-21 08:14 222208 ----a-w- c:\windows\system32\msls31.dll 2012-09-21 08:14 . 2012-09-21 08:14 197120 ----a-w- c:\windows\system32\msrating.dll 2012-09-21 08:14 . 2012-09-21 08:14 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-09-21 08:14 . 2012-09-21 08:14 149504 ----a-w- c:\windows\system32\occache.dll 2012-09-21 08:14 . 2012-09-21 08:14 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-09-21 08:14 . 2012-09-21 08:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-09-21 08:14 . 2012-09-21 08:14 12288 ----a-w- c:\windows\system32\mshta.exe 2012-09-21 08:14 . 2012-09-21 08:14 114176 ----a-w- c:\windows\system32\admparse.dll 2012-09-21 08:14 . 2012-09-21 08:14 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-09-21 08:14 . 2012-09-21 08:14 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-09-21 08:14 . 2012-09-21 08:14 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-09-21 08:14 . 2012-09-21 08:14 82432 ----a-w- c:\windows\system32\icardie.dll 2012-09-21 08:14 . 2012-09-21 08:14 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-09-21 08:14 . 2012-09-21 08:14 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-09-21 08:14 . 2012-09-21 08:14 448512 ----a-w- c:\windows\system32\html.iec 2012-09-21 08:14 . 2012-09-21 08:14 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-09-21 08:14 . 2012-09-21 08:14 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-09-21 08:14 . 2012-09-21 08:14 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-09-21 08:14 . 2012-09-21 08:14 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-09-21 08:14 . 2012-09-21 08:14 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-09-21 08:14 . 2012-09-21 08:14 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-09-21 08:14 . 2012-09-21 08:14 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\wextract.exe 2012-09-21 08:14 . 2012-09-21 08:14 103936 ----a-w- c:\windows\system32\inseng.dll 2012-09-21 07:45 . 2012-09-21 07:46 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-21 07:45 . 2012-09-21 07:46 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-21 07:44 . 2012-09-21 07:45 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-21 07:44 . 2012-09-21 07:45 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-21 07:36 . 2012-09-21 07:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5D961A0-24EC-4808-9A72-71738A0ADA88}\gapaengine.dll 2012-08-22 18:12 . 2012-09-21 16:07 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-21 16:07 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-21 16:07 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-21 16:07 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:38 . 2012-10-10 06:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-02 17:58 . 2012-09-21 16:07 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-21 16:07 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . c:\users\Sul11Isak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ OCS Inventory NG Systray.lnk - c:\program files (x86)\OCS Inventory Agent\OcsSystray.exe [2011-5-8 57344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoAutorun"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\0\0] "Script"=LastLogin.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\1\0] "Script"=login-mapping-domain.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\2\0] "Script"=OCS-Agent.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-21 1432400] R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-21 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-07-19 89600] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-09 30520] S2 OCS Inventory Service;OCS Inventory Service;c:\program files (x86)\OCS Inventory Agent\OcsService.exe [2011-05-08 35840] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-19 301232] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-07-19 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720] S3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-07-19 8507392] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-19 75776] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-19 177152] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224] S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2011-07-19 59008] . . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 13:17] . 2012-10-22 c:\windows\Tasks\CodecUpdaterTask{AE8F3E24-D2D8-4BFB-A28D-419812CC81B7}.job - c:\programdata\Premium\Codec\Codec.exe [2012-09-21 12:31] . 2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00] . 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-19 489472] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680] . ------- Extra genomsökning ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . Toolbar-Locked - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2012-10-22 07:43:07 - datorn startades om. ComboFix-quarantined-files.txt 2012-10-22 05:43 . Före genomsökningen: 170 107 650 048 byte ledigt Efter genomsökningen: 169 774 804 992 byte ledigt . - - End Of File - - 528FAD4666C76B4426D2A20843BAF170 2. Resultat av onlinescaninning: C:\ProgramData\Premium\Codec\runtime.dll Win32/GenUpdater application C:\Users\All Users\Premium\Codec\runtime.dll Win32/GenUpdater application C:\Users\Sul11Isak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EUNIRV4X\f003c44deab679aa2edfaff864c77402[1].htm HTML/Iframe.B.Gen virus 3. Detta är en sk elevdator som Isak lånar under terminstid, så antivirusprogrammet har skolan valt. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Oktober 22, 2012 Dela Postad Oktober 22, 2012 2. Inte heller Esets antivirusprogram gillar Premium Codec, som synes. Det finns säkert andra bättre codec-paket att installera i stället. 3. Det förklarar saken Eftersom det då inte är en privatperson som äger datorn är det nog bäst att du avinstallerar MBAM, eftersom det då kan vara ett brott mot deras licensvillkor att använda gratisvarianten. 4. Klistra in nya DDS-loggar så får vi se om det finns något mer som ska bort. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
MaPe Postad Oktober 22, 2012 Författare Dela Postad Oktober 22, 2012 2. Har avinstallerat Premium Codec mha Kontrollpanelen Avinstallera/Lägg till program 4. DDS log: DDS (Ver_2012-10-19.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by sul11isak at 20:45:21 on 2012-10-22 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.703 [GMT 2:00] . AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned> BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW StartupFolder: C:\Users\SUL11I~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OCSINV~1.LNK - C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoAutorun = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B3250C6D-0ECF-4138-BD7C-7083043B1945} : DHCPNameServer = 172.23.10.10 172.21.10.10 TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3}\C42435 : DHCPNameServer = 172.23.10.10 172.21.10.10 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-21 56208] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-21 89600] R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-21 30520] R2 OCS Inventory Service;OCS Inventory Service;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2011-5-8 35840] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-9-21 301232] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-9-21 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-9-21 158720] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832] R3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;C:\Windows\System32\drivers\NETwNs64.sys [2012-9-21 8507392] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-9-21 75776] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-9-21 177152] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-21 188224] R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2012-9-21 59008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-7 250808] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-21 1432400] S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-21 113120] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-10-22 11:26:53 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DC0CFF2-203E-4644-993F-D971A32645A2}\mpengine.dll 2012-10-22 05:39:31 -------- d-sh--w- C:\$RECYCLE.BIN 2012-10-21 14:01:59 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Malwarebytes 2012-10-21 14:01:21 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-21 11:30:11 98816 ----a-w- C:\Windows\sed.exe 2012-10-21 11:30:11 256000 ----a-w- C:\Windows\PEV.exe 2012-10-21 11:30:11 208896 ----a-w- C:\Windows\MBR.exe 2012-10-20 15:06:36 -------- d-----w- C:\found.000 2012-10-18 18:05:32 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Diagnostics 2012-10-17 11:37:14 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Macromedia 2012-10-15 07:17:47 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Foxit Software 2012-10-14 15:29:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Mozilla 2012-10-11 17:56:12 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-10-11 17:56:12 -------- d-----w- C:\Program Files (x86)\StarCraft II 2012-10-11 17:23:59 -------- d-----w- C:\ProgramData\Battle.net 2012-10-11 16:58:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-10-10 15:13:12 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Apple 2012-10-10 13:49:57 -------- d-----w- C:\Program Files (x86)\LucasArts 2012-10-10 06:55:49 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-10 06:55:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-10 06:55:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-10 06:55:44 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-10 06:55:30 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 06:55:30 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 06:55:28 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 06:55:27 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 06:55:27 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 06:55:27 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 06:55:26 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 06:55:26 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-08 18:15:17 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\OpenOffice.org 2012-10-07 10:03:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-02 09:32:49 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2012-10-01 16:57:27 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll 2012-09-26 08:15:25 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-24 09:05:27 -------- d-----w- C:\Windows\SysWow64\xlive 2012-09-24 09:05:27 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2012-09-24 08:58:05 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58:05 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58:01 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:58:01 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:57:15 -------- d-----w- C:\Windows\System32\RsFx 2012-09-24 08:53:02 -------- d-----w- C:\Program Files\Microsoft SQL Server 2012-09-24 08:52:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-09-24 08:52:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-09-24 08:51:34 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2012-09-24 08:48:48 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET 2012-09-24 08:48:45 -------- d-----w- C:\Program Files\IIS 2012-09-24 08:48:44 -------- d-----w- C:\Program Files (x86)\IIS 2012-09-24 08:41:22 -------- d-----w- C:\Windows\SysWow64\1033 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Microsoft F# 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules 2012-09-24 08:26:34 2380224 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-24 08:20:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2012-09-24 08:19:16 -------- d-----w- C:\Windows\System32\appmgmt 2012-09-24 08:17:28 -------- d-----w- C:\Windows\System32\1033 2012-09-24 07:36:46 -------- d-----w- C:\Program Files (x86)\Microsoft XNA 2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Help Viewer . ==================== Find3M ==================== . 2012-10-09 13:17:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 07:45:39 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-21 07:45:39 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-21 07:44:42 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-21 07:44:42 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll . ============= FINISH: 20:45:44,35 =============== attach2.txt Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Oktober 22, 2012 Dela Postad Oktober 22, 2012 AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} Se till att aktivera antivirusprogrammet igen. Kontrollera att Windows 7s kontroll av användarkonto (UAC) är påslagen och på en hög nivå: Kontrollpanelen - System och säkerhet - Åtgärdscenter följt av UAC i vänsterkolumnen Det verkar fortfarande vara kvar en gammal Java-version i Internet Explorer. Se om den går att hitta och ta bort här: Kontrollpanelen - Internet-alternativ - Program - Hantera tillägg Verkar allt bra med datorn nu så att det är dags att avinstallera rensningsprogrammen? Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
MaPe Postad Oktober 22, 2012 Författare Dela Postad Oktober 22, 2012 Har inte kunnat ta bort den gamla Javaversionen du nämner, kunde inte hitta något via kontrollpanelen I övrigt verkar datorn vara ok, har inte märkts några konstigheter längre. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Oktober 22, 2012 Dela Postad Oktober 22, 2012 Bra! Nu återstår bara en sista städomgång: 1. Tryck Windows-tangenten + R Kopiera och klistra in denna rad: ComboFix /Uninstall Observera att det är ett mellanrum före / Klicka på OK. 2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet. http://oldtimer.geekstogo.com/OTC.exe Dubbelklicka på filen för att starta programmet. Tryck på knappen CleanUp! och DDS m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar. 3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer. http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc. 4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/ Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
MaPe Postad Oktober 23, 2012 Författare Dela Postad Oktober 23, 2012 Tack så hjärtligt för all hjälp och ha det så gott! Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Oktober 23, 2012 Dela Postad Oktober 23, 2012 Bara trevligt att kunna hjälpa till och ha det så bra! Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Recommended Posts
Delta i dialogen
Du kan skriva svaret nu och registrera dig senare, Om du har ett konto, logga in nu för att svara på inlägget.