Jump to content

infekterad polisvirus


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013
Ran by Troffén (administrator) on 16-08-2013 09:02:24
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Farbar) f:\frst64.exe.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [ufSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKCU\...\Run: [iSPMonitor] - C:\Program Files (x86)\ISP Monitor\isp.exe [423536 2010-02-28] (How2 Solutions)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\Troffén\AppData\Roaming\cache.dat [63488 2013-08-14] () <==== ATTENTION
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {1a7f770e-115d-11e2-954e-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {1a7f7712-115d-11e2-954e-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {4aa7833d-c214-11e1-9f99-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {4aa78341-c214-11e1-9f99-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {57d20d8d-1139-11e2-b754-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {57d20d92-1139-11e2-b754-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {bba94ef6-28db-11e2-ac9f-001e101f2500} - F:\AutoRun.exe
MountPoints2: {ce906029-1134-11e2-ad0f-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {ce90602e-1134-11e2-ad0f-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {ce906044-1134-11e2-ad0f-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {ce906050-1134-11e2-ad0f-1c4bd6effd70} - F:\AutoRun.exe
MountPoints2: {cf2d9aed-c9a6-11e1-a0b2-001e101f4e71} - F:\AutoRun.exe
HKLM-x32\...\Run: [updateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-06-28] ()
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Advanced System Protector_startup] - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6625728 2012-10-17] (Systweak)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.se/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Inloggningshjälp för Microsoft-konto - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=800694390
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1B417BEE-4D99-4FA2-A3CF-1A8D804252C2}: [NameServer]195.67.199.18 195.67.199.19
Tcpip\..\Interfaces\{7BD6F471-A382-4E32-9725-7CFEB8C3E983}: [NameServer]195.67.199.18 195.67.199.19

FireFox:
========
FF ProfilePath: C:\Users\Troffén\AppData\Roaming\Mozilla\Firefox\Profiles\rl3o680i.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @se.nexus/Personal - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Extension: (Google Drive) - C:\Users\TROFFN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\TROFFN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\TROFFN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\TROFFN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
S2 ISPMonitorSrv; C:\Program Files (x86)\ISP Monitor\ISPMonitorSrv.exe [36864 2008-06-10] (How2 Studios)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 Mobile Broadband. RunOuc; C:\Program Files (x86)\Mobile Broadband\UpdateDog\ouc.exe [655712 2012-10-08] ()
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)

==================== Drivers (Whitelisted) ====================

S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
S2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
S2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
S2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [x]
U3 tmlwf;
U3 tmwfp;
S3 zgdcat; system32\DRIVERS\zgdcat.sys [x]
S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [x]
S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [x]
S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [x]
S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-15 11:22 - 2013-08-15 11:22 - 00005632 ___SH C:\Users\Troffén\Documents\Thumbs.db
2013-08-15 11:21 - 2013-08-15 11:21 - 00049664 ___SH C:\Users\Troffén\Desktop\Thumbs.db
2013-08-14 23:05 - 2013-08-14 22:23 - 00063488 ____R C:\Users\Troffén\AppData\Roaming\cache.dat
2013-08-14 22:28 - 2013-08-16 08:26 - 00000004 _____ C:\Users\Troffén\AppData\Roaming\cache.ini
2013-08-12 07:52 - 2013-08-12 07:52 - 01067192 _____ (Solid State Networks) C:\Users\Troffén\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih (1).exe
2013-07-23 23:05 - 2013-07-23 23:05 - 01067192 _____ (Solid State Networks) C:\Users\Troffén\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih.exe

==================== One Month Modified Files and Folders =======

2013-08-16 09:02 - 2013-08-16 09:02 - 00000000 ____D C:\FRST
2013-08-16 08:57 - 2009-07-14 06:51 - 00134167 _____ C:\Windows\setupact.log
2013-08-16 08:56 - 2010-06-28 03:25 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-16 08:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-16 08:34 - 2009-08-04 12:58 - 03690618 _____ C:\Windows\system32\perfh01D.dat
2013-08-16 08:34 - 2009-08-04 12:58 - 01194240 _____ C:\Windows\system32\perfc01D.dat
2013-08-16 08:34 - 2009-07-14 07:13 - 00005194 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-16 08:26 - 2013-08-14 22:28 - 00000004 _____ C:\Users\Troffén\AppData\Roaming\cache.ini
2013-08-15 18:53 - 2010-06-28 03:08 - 02081299 _____ C:\Windows\WindowsUpdate.log
2013-08-15 18:53 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 18:53 - 2009-07-14 06:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 18:43 - 2013-07-14 07:49 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-08-15 11:22 - 2013-08-15 11:22 - 00005632 ___SH C:\Users\Troffén\Documents\Thumbs.db
2013-08-15 11:21 - 2013-08-15 11:21 - 00049664 ___SH C:\Users\Troffén\Desktop\Thumbs.db
2013-08-15 11:21 - 2013-04-27 10:41 - 00000000 ____D C:\Users\Troffén\Desktop\BJR281
2013-08-15 11:21 - 2013-04-27 10:38 - 00000000 ____D C:\Users\Troffén\Desktop\CHL824
2013-08-15 11:21 - 2013-04-27 10:36 - 00000000 ____D C:\Users\Troffén\Desktop\Vattenscoter
2013-08-15 11:21 - 2013-04-27 10:34 - 00000000 ____D C:\Users\Troffén\Desktop\XNX613
2013-08-15 11:21 - 2013-04-27 10:33 - 00000000 ____D C:\Users\Troffén\Desktop\WUH464
2013-08-15 11:21 - 2013-04-27 10:32 - 00000000 ____D C:\Users\Troffén\Desktop\PEK738
2013-08-15 11:21 - 2013-04-27 10:31 - 00000000 ____D C:\Users\Troffén\Desktop\PYB200
2013-08-15 11:21 - 2013-04-27 10:29 - 00000000 ____D C:\Users\Troffén\Desktop\OCF838
2013-08-15 11:21 - 2013-02-04 18:58 - 00000000 ____D C:\Users\Troffén\Desktop\Thunderbird
2013-08-15 11:21 - 2012-10-14 17:05 - 00000000 ____D C:\Users\Troffén\Desktop\Bilar
2013-08-15 11:21 - 2012-10-14 12:40 - 00000000 ____D C:\Users\Troffén\Desktop\Iphon bilder
2013-08-15 11:21 - 2012-04-18 18:23 - 00000000 ____D C:\Users\Troffén\Desktop\remus
2013-08-14 23:11 - 2012-09-14 10:15 - 00000000 ____D C:\Users\Troffén\AppData\Roaming\Skype
2013-08-14 22:29 - 2010-06-28 03:25 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 22:23 - 2013-08-14 23:05 - 00063488 ____R C:\Users\Troffén\AppData\Roaming\cache.dat
2013-08-14 21:33 - 2012-12-02 10:22 - 00000868 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 07:52 - 2013-08-12 07:52 - 01067192 _____ (Solid State Networks) C:\Users\Troffén\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih (1).exe
2013-08-07 12:20 - 2010-06-28 03:49 - 00001998 _____ C:\Windows\system32\AutoRunFilter.ini
2013-08-06 13:09 - 2009-07-14 07:08 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-02 10:18 - 2013-06-03 10:01 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-30 20:33 - 2013-06-06 21:49 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-24 00:10 - 2012-01-19 00:00 - 00000000 ____D C:\Users\TROFFN~1\AppData\Local\VirtualStore
2013-07-23 23:05 - 2013-07-23 23:05 - 01067192 _____ (Solid State Networks) C:\Users\Troffén\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih.exe
2013-07-20 08:04 - 2013-04-01 22:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-20 08:04 - 2012-01-18 23:52 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-20 08:04 - 2010-06-28 03:28 - 00000000 ____D C:\ProgramData\Skype
2013-07-18 20:59 - 2012-06-23 19:15 - 00000000 ____D C:\Windows\system32\Service

Files to move or delete:
====================
C:\Users\Troffén\AppData\Roaming\cache.dat
C:\Users\Troffén\AppData\Roaming\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-12 11:00

==================== End Of Log ============================

Link to comment
Share on other sites

Starta Anteckningar.

Kopiera alla rader i rutan:

HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Troffén\AppData\Roaming\cache.dat [63488 2013-08-14] () <==== ATTENTION

MountPoints2: F - F:\AutoRun.exe

MountPoints2: {1a7f770e-115d-11e2-954e-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {1a7f7712-115d-11e2-954e-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {4aa7833d-c214-11e1-9f99-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {4aa78341-c214-11e1-9f99-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {57d20d8d-1139-11e2-b754-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {57d20d92-1139-11e2-b754-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {bba94ef6-28db-11e2-ac9f-001e101f2500} - F:\AutoRun.exe

MountPoints2: {ce906029-1134-11e2-ad0f-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {ce90602e-1134-11e2-ad0f-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {ce906044-1134-11e2-ad0f-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {ce906050-1134-11e2-ad0f-1c4bd6effd70} - F:\AutoRun.exe

MountPoints2: {cf2d9aed-c9a6-11e1-a0b2-001e101f4e71} - F:\AutoRun.exe

2013-08-14 23:05 - 2013-08-14 22:23 - 00063488 ____R C:\Users\Troffén\AppData\Roaming\cache.dat

2013-08-14 22:28 - 2013-08-16 08:26 - 00000004 _____ C:\Users\Troffén\AppData\Roaming\cache.ini

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på USB-minnet med namnet fixlist.txt.

På den infekterade datorn från "System Recovery Options"

Starta FRST64 på samma sätt som sist.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på USB-minnet.

Klistra in innehållet i den i ditt svar.

Se om det nu går att starta den infekterade datorn på vanligt sätt. Om det går bra följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn för fortsatt borttagning av det skadliga programmet.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...