Jump to content

Polisvirus

aikputte
 Share
Go to solution Solved by Cecilia,

Recommended Posts

aikputte

aikputte

Posted
Posted

Hej!

 

Jag fick polisviruset för några dagar sen, Malwarebytes tog bort en eller två trojaner.

Nu vill jag veta om något är skadat i datorn eftersom jag inte kan skapa en nätverkskarta, högerklicka på min nätverksanslutning för då står den bara och laddar, Photoshop tar evigheter att starta. Sen i eventlogger står det att WMI inte kunde startas.

 

Jag installerade Farbar Recovery Scan och körde, fick detta till svar:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Patrik (administrator) on PATRIK-DATOR2 on 23-06-2014 11:23:24
Running from D:\Skrivbord
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Dropbox, Inc.) C:\Users\Patrik\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Canon INC.) C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
(CompSoft) C:\Program Files (x86)\Howard\Howard.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(CANON INC.) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [234792 2011-04-20] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-888069939-4022858788-180252807-1002\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2611808 2014-03-16] ()
HKU\S-1-5-21-888069939-4022858788-180252807-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-888069939-4022858788-180252807-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-888069939-4022858788-180252807-1002\...\MountPoints2: P - P:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-888069939-4022858788-180252807-1002\...\MountPoints2: {bb385516-a6c1-11e3-b7aa-74d02b94094a} - P:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-888069939-4022858788-180252807-1002\...\MountPoints2: {ed87e7de-5d3c-11e3-bcce-74d02b94094a} - P:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Patrik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
Startup: C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Howard.lnk
ShortcutTarget: Howard.lnk -> C:\Program Files (x86)\Howard\Howard.exe (CompSoft)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phbuss.se/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.inet.se
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x47CA65D122F1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyEtDzyyE0A0ByC0BtCtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1608275637&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=SE&userid=b1fe98f7-099b-c9df-c065-aca30b39f1bd&searchtype=ds&q={searchTerms}&installDate=05/12/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=SE&userid=b1fe98f7-099b-c9df-c065-aca30b39f1bd&searchtype=ds&q={searchTerms}&installDate=05/12/2013
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.google.com/search?hl=sv&q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.google.com/search?hl=sv&q={searchTerms}
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webbkamera.ljusnarsberg.se/activex/AxisCamControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\5dh8sxq8.default
FF Homepage: hxxp://www.phbuss.se
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 - C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF user.js: detected! => C:\Users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\5dh8sxq8.default\user.js
FF SearchPlugin: C:\Users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\5dh8sxq8.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-06]

Chrome: 
=======
CHR HomePage: hxxp://www.phbuss.se/
CHR Extension: (Google Dokument) - C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04]
CHR Extension: (Google Drive) - C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04]
CHR Extension: (YouTube) - C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04]
CHR Extension: (Sök på Google) - C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04]
CHR Extension: (Adobe Acrobat - Skapa PDF) - C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-12-07]
CHR Extension: (Google Wallet) - C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]
CHR Extension: (Gmail) - C:\Users\Patrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Patrik\AppData\Local\mysearchdial-speeddial.crx [2013-12-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-12-05] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 Winmgmt; C:\ProgramData\E30C8B73395412A8AC30B9642F45F825\e4rjmqylc.dot [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-07] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-05] (Disc Soft Ltd)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-03-14] ()
S3 JabraDFU; C:\Windows\System32\Drivers\JabraMobileCsrDfuX64.sys [38768 2014-01-07] (GN Netcom A/S)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 11:23 - 2014-06-23 11:23 - 00000000 ____D () C:\FRST
2014-06-23 11:12 - 2014-06-23 11:12 - 00000017 _____ () C:\Users\Patrik\AppData\Local\resmon.resmoncfg
2014-06-23 11:06 - 2014-06-23 11:21 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Solvusoft
2014-06-23 11:06 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2014-06-23 11:00 - 2014-06-23 11:00 - 00000000 ____D () C:\Windows\System32\Tasks\Aktiviteter i loggboken
2014-06-23 01:05 - 2014-06-23 01:15 - 00000000 ____D () C:\Users\WDTV Live\AppData\Local\Adobe
2014-06-23 01:05 - 2014-06-23 01:05 - 00154640 _____ () C:\Users\WDTV Live\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-23 01:05 - 2014-06-23 01:05 - 00000000 ____D () C:\Users\WDTV Live\AppData\Roaming\Logitech
2014-06-23 01:05 - 2014-06-23 01:05 - 00000000 ____D () C:\Users\WDTV Live\AppData\Roaming\Apple Computer
2014-06-23 00:23 - 2014-06-23 00:23 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-06-23 00:23 - 2014-06-23 00:23 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-06-22 22:54 - 2014-06-22 22:54 - 00000000 ____D () C:\Windows\pss
2014-06-19 20:55 - 2014-06-19 20:55 - 00000000 ____D () C:\Users\Patrik\Documents\Canon Utilities
2014-06-18 22:24 - 2014-06-22 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 21:45 - 2014-06-23 11:15 - 00002790 _____ () C:\CCALib8WS.log
2014-06-18 09:53 - 2014-06-18 09:53 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rainlendar2
2014-06-18 08:27 - 2014-06-18 09:01 - 00019484 _____ () C:\ProgramData\RUNDLL32.EXE-17464-F.txt
2014-06-18 08:20 - 2014-06-18 09:02 - 00000000 ____D () C:\ProgramData\E30C8B73395412A8AC30B9642F45F825
2014-06-15 12:51 - 2014-06-15 12:51 - 00006656 _____ () C:\Users\Emelie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-15 12:47 - 2014-06-15 12:50 - 1271142086 _____ () C:\Users\Emelie\Downloads\Powerpoint VO11 .pptx
2014-06-06 09:27 - 2014-06-17 08:26 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Spotify
2014-06-06 09:27 - 2014-06-06 09:27 - 00001809 _____ () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-06-06 09:26 - 2014-06-23 10:52 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Spotify

==================== One Month Modified Files and Folders =======

2014-06-23 11:23 - 2014-06-23 11:23 - 00000000 ____D () C:\FRST
2014-06-23 11:21 - 2014-06-23 11:06 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Solvusoft
2014-06-23 11:21 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 11:21 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 11:20 - 2013-12-04 20:54 - 01279528 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 11:16 - 2014-05-03 20:20 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\DropboxMaster
2014-06-23 11:16 - 2013-12-04 21:50 - 00000000 ___RD () C:\Users\Patrik\Dropbox
2014-06-23 11:16 - 2013-12-04 21:49 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Dropbox
2014-06-23 11:15 - 2014-06-18 21:45 - 00002790 _____ () C:\CCALib8WS.log
2014-06-23 11:15 - 2013-12-04 23:06 - 00000000 ____D () C:\Users\Patrik\.rainlendar2
2014-06-23 11:15 - 2013-12-04 22:13 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 11:14 - 2013-12-06 12:50 - 00020253 _____ () C:\Windows\setupact.log
2014-06-23 11:14 - 2013-12-02 10:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-23 11:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 11:12 - 2014-06-23 11:12 - 00000017 _____ () C:\Users\Patrik\AppData\Local\resmon.resmoncfg
2014-06-23 11:00 - 2014-06-23 11:00 - 00000000 ____D () C:\Windows\System32\Tasks\Aktiviteter i loggboken
2014-06-23 10:54 - 2013-12-04 22:13 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 10:52 - 2014-06-06 09:26 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Spotify
2014-06-23 10:52 - 2013-12-05 00:42 - 00000000 ____D () C:\MIE
2014-06-23 01:15 - 2014-06-23 01:05 - 00000000 ____D () C:\Users\WDTV Live\AppData\Local\Adobe
2014-06-23 01:15 - 2013-12-05 00:20 - 00000000 ____D () C:\Users\WDTV Live\AppData\Roaming\Adobe
2014-06-23 01:13 - 2013-12-04 22:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-23 01:05 - 2014-06-23 01:05 - 00154640 _____ () C:\Users\WDTV Live\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-23 01:05 - 2014-06-23 01:05 - 00000000 ____D () C:\Users\WDTV Live\AppData\Roaming\Logitech
2014-06-23 01:05 - 2014-06-23 01:05 - 00000000 ____D () C:\Users\WDTV Live\AppData\Roaming\Apple Computer
2014-06-23 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 00:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-23 00:23 - 2014-06-23 00:23 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-06-23 00:23 - 2014-06-23 00:23 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-06-23 00:23 - 2013-12-02 10:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-23 00:23 - 2013-12-02 10:24 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-23 00:23 - 2012-12-27 01:26 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-06-22 22:54 - 2014-06-22 22:54 - 00000000 ____D () C:\Windows\pss
2014-06-22 21:52 - 2013-12-05 01:17 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Adobe
2014-06-22 21:52 - 2013-12-04 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 21:51 - 2013-12-05 12:30 - 00000000 ____D () C:\Users\Patrik\AppData\Local\CANON_INC
2014-06-22 16:26 - 2013-12-05 01:28 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Applian FLV and Media Player
2014-06-22 16:20 - 2013-12-05 01:47 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\vlc
2014-06-22 16:02 - 2014-06-18 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-21 11:34 - 2013-12-05 00:48 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\uTorrent
2014-06-20 12:34 - 2013-12-05 10:21 - 00013896 _____ () C:\Users\Patrik\AppData\Roaming\ReplayMusicLog.log
2014-06-19 21:03 - 2013-12-04 22:13 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Google
2014-06-19 20:55 - 2014-06-19 20:55 - 00000000 ____D () C:\Users\Patrik\Documents\Canon Utilities
2014-06-18 21:45 - 2013-12-05 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-06-18 21:45 - 2013-12-05 00:28 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-06-18 21:18 - 2013-12-05 09:47 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\CANON INC
2014-06-18 09:53 - 2014-06-18 09:53 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rainlendar2
2014-06-18 09:02 - 2014-06-18 08:20 - 00000000 ____D () C:\ProgramData\E30C8B73395412A8AC30B9642F45F825
2014-06-18 09:02 - 2013-12-08 14:41 - 00035684 _____ () C:\Windows\PFRO.log
2014-06-18 09:01 - 2014-06-18 08:27 - 00019484 _____ () C:\ProgramData\RUNDLL32.EXE-17464-F.txt
2014-06-18 06:17 - 2013-12-22 20:09 - 00000000 ____D () C:\Users\Emelie\AppData\Roaming\Spotify
2014-06-17 19:42 - 2013-12-22 20:09 - 00000000 ____D () C:\Users\Emelie\AppData\Local\Spotify
2014-06-17 08:49 - 2013-12-04 22:13 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 08:49 - 2013-12-04 22:13 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 08:26 - 2014-06-06 09:27 - 00000000 ____D () C:\Users\Patrik\AppData\Local\Spotify
2014-06-15 12:51 - 2014-06-15 12:51 - 00006656 _____ () C:\Users\Emelie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-15 12:50 - 2014-06-15 12:47 - 1271142086 _____ () C:\Users\Emelie\Downloads\Powerpoint VO11 .pptx
2014-06-15 09:48 - 2013-12-05 01:34 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\CoreFTP
2014-06-06 09:27 - 2014-06-06 09:27 - 00001809 _____ () C:\Users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-06-06 07:13 - 2014-01-03 02:42 - 00000000 ____D () C:\Users\Patrik\Documents\Corel VideoStudio Pro
2014-06-04 15:23 - 2014-05-18 12:05 - 00000000 ____D () C:\Users\Emelie\AppData\Roaming\Applian FLV and Media Player
2014-05-30 09:56 - 2010-11-21 13:38 - 00666046 _____ () C:\Windows\system32\perfh01D.dat
2014-05-30 09:56 - 2010-11-21 13:38 - 00143146 _____ () C:\Windows\system32\perfc01D.dat
2014-05-30 09:56 - 2009-07-14 07:13 - 01586210 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 14:25 - 2013-12-04 20:53 - 00000000 ____D () C:\Users\Patrik

Some content of TEMP:
====================
C:\Users\Patrik\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabq7zr.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 00:05

==================== End Of Log ============================
Link to comment
Share on other sites
  • Solution
Cecilia

Cecilia

Posted
  • Solution
Posted

1. Det finns lite registerinformation kvar som har med polistrojanen att göra och den försvinner så här:

 

Starta Anteckningar.
Kopiera alla rader i rutan:

S2 Winmgmt; C:\ProgramData\E30C8B73395412A8AC30B9642F45F825\e4rjmqylc.dot [X]
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.

Observera att det är Spoiler-funktionen du helst ska använda och inte Code.

 

2. Vad finns i denna mapp?

2014-06-18 08:20 - 2014-06-18 09:02 - 00000000 ____D () C:\ProgramData\E30C8B73395412A8AC30B9642F45F825

Var det den 18 juni som datorn blev infekterad med polistrojanen?

 

3. Vad innehåller följande fil om du öppnar den i Anteckningar?

2014-06-18 08:27 - 2014-06-18 09:01 - 00019484 _____ () C:\ProgramData\RUNDLL32.EXE-17464-F.txt

 

4. Vad har du installerat från Solvusoft idag?

2014-06-23 11:12 - 2014-06-23 11:12 - 00000017 _____ () C:\Users\Patrik\AppData\Local\resmon.resmoncfg
2014-06-23 11:06 - 2014-06-23 11:21 - 00000000 ____D () C:\Users\Patrik\AppData\Roaming\Solvusoft
2014-06-23 11:06 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe

 

5. Var det Solvusoft-programmet som la in en olämplig startsida (mysearchdial) i Internet Explorer mm eller skedde det vid ett tidigare tillfälle?

Link to comment
Share on other sites
aikputte

aikputte

Posted
  • Author
Posted

Herregud, jag älskar dig! :D

Allt funkar precis som det ska nu!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014

Ran by Patrik at 2014-06-23 12:10:31 Run:1
Running from D:\Skrivbord
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
S2 Winmgmt; C:\ProgramData\E30C8B73395412A8AC30B9642F45F825\e4rjmqylc.dot [X]
*****************
 
Winmgmt => Service restored successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

 
Spoiler fixat, jag visste inte :)
 
2. Mappen är tom, ja det var det säkert!
 
3.
 

2014-06-18 08:27:17 | THread Start IP:184.105.237.186:443
2014-06-18 08:27:17 | Start Indefitu: 184.105.237.186
2014-06-18 08:27:29 | Revice His OK
2014-06-18 08:27:29 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2  
2014-06-18 08:27:29 | Start OK
2014-06-18 08:27:30 | Recv OK
2014-06-18 08:27:30 | Info OK
2014-06-18 08:27:33 | Write OK - 184.105.237.186
2014-06-18 08:27:43 | THread Start IP:5.79.81.117:80
2014-06-18 08:27:45 | Revice His OK
2014-06-18 08:27:45 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:27:47 | Write OK - 5.79.81.117
2014-06-18 08:28:08 | THread Start IP:162.221.224.48:80
2014-06-18 08:28:09 | Revice His OK
2014-06-18 08:28:09 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:28:10 | Write OK - 162.221.224.48
2014-06-18 08:28:34 | THread Start IP:5.79.81.117:80
2014-06-18 08:28:36 | Revice His OK
2014-06-18 08:28:36 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:28:39 | Write OK - 5.79.81.117
2014-06-18 08:29:00 | THread Start IP:204.45.15.203:443
2014-06-18 08:29:00 | Revice His OK
2014-06-18 08:29:00 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:29:02 | Write OK - 204.45.15.203
2014-06-18 08:29:25 | THread Start IP:199.189.105.126:80
2014-06-18 08:29:27 | Revice His OK
2014-06-18 08:29:27 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:29:29 | Write OK - 199.189.105.126
2014-06-18 08:29:51 | THread Start IP:162.221.224.48:80
2014-06-18 08:29:53 | Revice His OK
2014-06-18 08:29:53 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:29:56 | Write OK - 162.221.224.48
2014-06-18 08:30:16 | THread Start IP:184.105.237.186:443
2014-06-18 08:30:19 | Revice His OK
2014-06-18 08:30:19 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:30:21 | Write OK - 184.105.237.186
2014-06-18 08:30:42 | THread Start IP:5.79.81.117:80
2014-06-18 08:30:45 | Revice His OK
2014-06-18 08:30:45 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:30:48 | Write OK - 5.79.81.117
2014-06-18 08:31:08 | THread Start IP:184.105.237.186:443
2014-06-18 08:31:08 | Revice His OK
2014-06-18 08:31:08 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:31:10 | Write OK - 184.105.237.186
2014-06-18 08:31:34 | THread Start IP:162.221.224.48:80
2014-06-18 08:31:36 | Revice His OK
2014-06-18 08:31:36 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:31:38 | Write OK - 162.221.224.48
2014-06-18 08:31:59 | THread Start IP:184.105.237.186:443
2014-06-18 08:32:01 | Revice His OK
2014-06-18 08:32:01 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:32:04 | Write OK - 184.105.237.186
2014-06-18 08:32:25 | THread Start IP:199.189.105.126:80
2014-06-18 08:32:27 | Revice His OK
2014-06-18 08:32:27 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:32:30 | Write OK - 199.189.105.126
2014-06-18 08:32:50 | THread Start IP:162.221.224.48:80
2014-06-18 08:32:53 | Start Indefitu: 162.221.224.48
2014-06-18 08:32:55 | Revice His OK
2014-06-18 08:32:55 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:32:57 | Write OK - 162.221.224.48
2014-06-18 08:33:16 | THread Start IP:5.79.81.117:80
2014-06-18 08:33:18 | Revice His OK
2014-06-18 08:33:18 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:33:21 | Write OK - 5.79.81.117
2014-06-18 08:33:42 | THread Start IP:162.221.224.48:80
2014-06-18 08:33:42 | Revice His OK
2014-06-18 08:33:42 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:33:44 | Write OK - 162.221.224.48
2014-06-18 08:34:08 | THread Start IP:5.79.81.117:80
2014-06-18 08:34:09 | Revice His OK
2014-06-18 08:34:09 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:34:12 | Write OK - 5.79.81.117
2014-06-18 08:34:33 | THread Start IP:204.45.15.203:443
2014-06-18 08:34:34 | Revice His OK
2014-06-18 08:34:34 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:34:35 | Write OK - 204.45.15.203
2014-06-18 08:34:59 | THread Start IP:5.79.81.117:80
2014-06-18 08:35:01 | Revice His OK
2014-06-18 08:35:01 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:35:03 | Write OK - 5.79.81.117
2014-06-18 08:35:25 | THread Start IP:204.45.15.203:443
2014-06-18 08:35:25 | Revice His OK
2014-06-18 08:35:25 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:35:27 | Write OK - 204.45.15.203
2014-06-18 08:35:50 | THread Start IP:199.189.105.126:443
2014-06-18 08:35:52 | Revice His OK
2014-06-18 08:35:52 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:35:54 | Write OK - 199.189.105.126
2014-06-18 08:36:16 | THread Start IP:5.79.81.117:80
2014-06-18 08:36:18 | Revice His OK
2014-06-18 08:36:18 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:36:21 | Write OK - 5.79.81.117
2014-06-18 08:36:41 | THread Start IP:204.45.15.203:443
2014-06-18 08:36:42 | Revice His OK
2014-06-18 08:36:42 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:36:43 | Write OK - 204.45.15.203
2014-06-18 08:37:07 | THread Start IP:162.221.224.48:80
2014-06-18 08:37:09 | Revice His OK
2014-06-18 08:37:09 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:37:11 | Write OK - 162.221.224.48
2014-06-18 08:37:33 | THread Start IP:184.105.237.186:443
2014-06-18 08:37:35 | Revice His OK
2014-06-18 08:37:35 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:37:37 | Write OK - 184.105.237.186
2014-06-18 08:37:58 | THread Start IP:199.189.105.126:80
2014-06-18 08:38:00 | Revice His OK
2014-06-18 08:38:00 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:38:03 | Write OK - 199.189.105.126
2014-06-18 08:38:24 | THread Start IP:162.221.224.48:80
2014-06-18 08:38:26 | Revice His OK
2014-06-18 08:38:26 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:38:29 | Write OK - 162.221.224.48
2014-06-18 08:38:50 | THread Start IP:199.189.105.126:80
2014-06-18 08:38:52 | Revice His OK
2014-06-18 08:38:52 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:38:54 | Write OK - 199.189.105.126
2014-06-18 08:39:15 | THread Start IP:162.221.224.48:80
2014-06-18 08:39:18 | Revice His OK
2014-06-18 08:39:18 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:39:21 | Write OK - 162.221.224.48
2014-06-18 08:39:41 | THread Start IP:5.79.81.117:80
2014-06-18 08:39:43 | Revice His OK
2014-06-18 08:39:43 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:39:46 | Write OK - 5.79.81.117
2014-06-18 08:40:07 | THread Start IP:199.189.105.126:80
2014-06-18 08:40:08 | Revice His OK
2014-06-18 08:40:08 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:40:09 | Write OK - 199.189.105.126
2014-06-18 08:40:33 | THread Start IP:162.221.224.48:80
2014-06-18 08:40:35 | Revice His OK
2014-06-18 08:40:35 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:40:38 | Write OK - 162.221.224.48
2014-06-18 08:40:59 | THread Start IP:184.105.237.186:443
2014-06-18 08:41:00 | Revice His OK
2014-06-18 08:41:00 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:41:03 | Write OK - 184.105.237.186
2014-06-18 08:41:24 | THread Start IP:5.79.81.117:80
2014-06-18 08:41:26 | Revice His OK
2014-06-18 08:41:26 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:41:29 | Write OK - 5.79.81.117
2014-06-18 08:41:50 | THread Start IP:204.45.15.203:443
2014-06-18 08:41:50 | Revice His OK
2014-06-18 08:41:50 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:41:52 | Write OK - 204.45.15.203
2014-06-18 08:42:15 | THread Start IP:5.79.81.117:80
2014-06-18 08:42:17 | Revice His OK
2014-06-18 08:42:17 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:42:20 | Write OK - 5.79.81.117
2014-06-18 08:42:41 | THread Start IP:204.45.15.203:443
2014-06-18 08:42:42 | Revice His OK
2014-06-18 08:42:42 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:42:43 | Write OK - 204.45.15.203
2014-06-18 08:43:07 | THread Start IP:199.189.105.126:443
2014-06-18 08:43:08 | Revice His OK
2014-06-18 08:43:08 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:43:11 | Write OK - 199.189.105.126
2014-06-18 08:43:32 | THread Start IP:5.79.81.117:80
2014-06-18 08:43:35 | Revice His OK
2014-06-18 08:43:35 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:43:37 | Write OK - 5.79.81.117
2014-06-18 08:43:58 | THread Start IP:204.45.15.203:443
2014-06-18 08:43:58 | Revice His OK
2014-06-18 08:43:58 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:44:00 | Write OK - 204.45.15.203
2014-06-18 08:44:23 | THread Start IP:199.189.105.126:80
2014-06-18 08:44:25 | Revice His OK
2014-06-18 08:44:25 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:44:28 | Write OK - 199.189.105.126
2014-06-18 08:44:49 | THread Start IP:204.45.15.203:443
2014-06-18 08:44:51 | Revice His OK
2014-06-18 08:44:51 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:44:54 | Write OK - 204.45.15.203
2014-06-18 08:45:15 | THread Start IP:5.79.81.117:80
2014-06-18 08:45:17 | Revice His OK
2014-06-18 08:45:17 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:45:19 | Write OK - 5.79.81.117
2014-06-18 08:45:41 | THread Start IP:204.45.15.203:443
2014-06-18 08:45:41 | Revice His OK
2014-06-18 08:45:41 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:45:43 | Write OK - 204.45.15.203
2014-06-18 08:46:06 | THread Start IP:5.79.81.117:80
2014-06-18 08:46:08 | Revice His OK
2014-06-18 08:46:08 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:46:10 | Write OK - 5.79.81.117
2014-06-18 08:46:32 | THread Start IP:184.105.237.186:443
2014-06-18 08:46:33 | Revice His OK
2014-06-18 08:46:33 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:46:34 | Write OK - 184.105.237.186
2014-06-18 08:46:58 | THread Start IP:5.79.81.117:80
2014-06-18 08:47:00 | Revice His OK
2014-06-18 08:47:00 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:47:02 | Write OK - 5.79.81.117
2014-06-18 08:47:23 | THread Start IP:204.45.15.203:443
2014-06-18 08:47:24 | Revice His OK
2014-06-18 08:47:24 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:47:25 | Write OK - 204.45.15.203
2014-06-18 08:47:49 | THread Start IP:5.79.81.117:80
2014-06-18 08:47:51 | Revice His OK
2014-06-18 08:47:51 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:47:53 | Write OK - 5.79.81.117
2014-06-18 08:48:15 | THread Start IP:204.45.15.203:443
2014-06-18 08:48:15 | Revice His OK
2014-06-18 08:48:15 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:48:17 | Write OK - 204.45.15.203
2014-06-18 08:48:40 | THread Start IP:199.189.105.126:80
2014-06-18 08:48:42 | Revice His OK
2014-06-18 08:48:42 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:48:45 | Write OK - 199.189.105.126
2014-06-18 08:49:06 | THread Start IP:204.45.15.203:443
2014-06-18 08:49:08 | Revice His OK
2014-06-18 08:49:08 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:49:11 | Write OK - 204.45.15.203
2014-06-18 08:49:32 | THread Start IP:199.189.105.126:80
2014-06-18 08:49:34 | Revice His OK
2014-06-18 08:49:34 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:49:36 | Write OK - 199.189.105.126
2014-06-18 08:49:57 | THread Start IP:162.221.224.48:80
2014-06-18 08:49:59 | Revice His OK
2014-06-18 08:49:59 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:50:02 | Write OK - 162.221.224.48
2014-06-18 08:50:23 | THread Start IP:199.189.105.126:80
2014-06-18 08:50:25 | Revice His OK
2014-06-18 08:50:25 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:50:28 | Write OK - 199.189.105.126
2014-06-18 08:50:49 | THread Start IP:5.79.81.117:80
2014-06-18 08:50:52 | Revice His OK
2014-06-18 08:50:52 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:50:55 | Write OK - 5.79.81.117
2014-06-18 08:51:15 | THread Start IP:5.79.81.117:80
2014-06-18 08:51:16 | Revice His OK
2014-06-18 08:51:16 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:51:17 | Write OK - 5.79.81.117
2014-06-18 08:51:41 | THread Start IP:204.45.15.203:443
2014-06-18 08:51:42 | Revice His OK
2014-06-18 08:51:42 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:51:43 | Write OK - 204.45.15.203
2014-06-18 08:52:07 | THread Start IP:199.189.105.126:443
2014-06-18 08:52:08 | Revice His OK
2014-06-18 08:52:08 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:52:11 | Write OK - 199.189.105.126
2014-06-18 08:52:32 | THread Start IP:5.79.81.117:80
2014-06-18 08:52:34 | Revice His OK
2014-06-18 08:52:34 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:52:37 | Write OK - 5.79.81.117
2014-06-18 08:52:58 | THread Start IP:204.45.15.203:443
2014-06-18 08:52:58 | Revice His OK
2014-06-18 08:52:58 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:53:00 | Write OK - 204.45.15.203
2014-06-18 08:53:23 | THread Start IP:5.79.81.117:80
2014-06-18 08:53:25 | Revice His OK
2014-06-18 08:53:25 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:53:28 | Write OK - 5.79.81.117
2014-06-18 08:53:49 | THread Start IP:204.45.15.203:443
2014-06-18 08:53:50 | Start Indefitu: 204.45.15.203
2014-06-18 08:53:52 | Revice His OK
2014-06-18 08:53:52 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:53:54 | Write OK - 204.45.15.203
2014-06-18 08:54:15 | THread Start IP:199.189.105.126:443
2014-06-18 08:54:16 | Revice His OK
2014-06-18 08:54:16 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:54:19 | Write OK - 199.189.105.126
2014-06-18 08:54:40 | THread Start IP:5.79.81.117:80
2014-06-18 08:54:42 | Revice His OK
2014-06-18 08:54:42 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:54:45 | Write OK - 5.79.81.117
2014-06-18 08:55:06 | THread Start IP:204.45.15.203:443
2014-06-18 08:55:07 | Revice His OK
2014-06-18 08:55:07 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:55:08 | Write OK - 204.45.15.203
2014-06-18 08:55:32 | THread Start IP:5.79.81.117:80
2014-06-18 08:55:33 | Revice His OK
2014-06-18 08:55:33 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:55:36 | Write OK - 5.79.81.117
2014-06-18 08:55:57 | THread Start IP:204.45.15.203:443
2014-06-18 08:55:58 | Revice His OK
2014-06-18 08:55:58 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:55:59 | Write OK - 204.45.15.203
2014-06-18 08:56:23 | THread Start IP:162.221.224.48:80
2014-06-18 08:56:25 | Revice His OK
2014-06-18 08:56:25 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:56:27 | Write OK - 162.221.224.48
2014-06-18 08:56:49 | THread Start IP:5.79.81.117:80
2014-06-18 08:56:51 | Revice His OK
2014-06-18 08:56:51 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:56:53 | Write OK - 5.79.81.117
2014-06-18 08:57:15 | THread Start IP:162.221.224.48:80
2014-06-18 08:57:15 | Revice His OK
2014-06-18 08:57:15 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:57:17 | Write OK - 162.221.224.48
2014-06-18 08:57:40 | THread Start IP:199.189.105.126:80
2014-06-18 08:57:42 | Revice His OK
2014-06-18 08:57:42 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:57:45 | Write OK - 199.189.105.126
2014-06-18 08:58:06 | THread Start IP:162.221.224.48:80
2014-06-18 08:58:08 | Revice His OK
2014-06-18 08:58:08 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:58:11 | Write OK - 162.221.224.48
2014-06-18 08:58:31 | THread Start IP:184.105.237.186:443
2014-06-18 08:58:33 | Revice His OK
2014-06-18 08:58:33 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:58:36 | Write OK - 184.105.237.186
2014-06-18 08:58:57 | THread Start IP:5.79.81.117:80
2014-06-18 08:58:59 | Revice His OK
2014-06-18 08:58:59 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:59:02 | Write OK - 5.79.81.117
2014-06-18 08:59:23 | THread Start IP:204.45.15.203:443
2014-06-18 08:59:23 | Revice His OK
2014-06-18 08:59:23 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:59:25 | Write OK - 204.45.15.203
2014-06-18 08:59:48 | THread Start IP:199.189.105.126:443
2014-06-18 08:59:50 | Revice His OK
2014-06-18 08:59:50 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 08:59:53 | Write OK - 199.189.105.126
2014-06-18 09:00:14 | THread Start IP:162.221.224.48:80
2014-06-18 09:00:16 | Revice His OK
2014-06-18 09:00:16 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 09:00:19 | Write OK - 162.221.224.48
2014-06-18 09:00:40 | THread Start IP:199.189.105.126:80
2014-06-18 09:00:42 | Revice His OK
2014-06-18 09:00:42 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 09:00:44 | Write OK - 199.189.105.126
2014-06-18 09:01:05 | THread Start IP:162.221.224.48:80
2014-06-18 09:01:07 | Revice His OK
2014-06-18 09:01:07 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 09:01:10 | Write OK - 162.221.224.48
2014-06-18 09:01:31 | THread Start IP:5.79.81.117:80
2014-06-18 09:01:33 | Revice His OK
2014-06-18 09:01:33 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 09:01:36 | Write OK - 5.79.81.117
2014-06-18 09:01:57 | THread Start IP:204.45.15.203:443
2014-06-18 09:01:58 | Revice His OK
2014-06-18 09:01:58 | Connect OK - D426F62EB7DDC815F465EED6FA5A25C2 Sweden IT-Norr Group AB
2014-06-18 09:01:59 | Write OK - 204.45.15.203

 
4. Jag tror det var ett registry-program som började på W som jag avinstallerade efter 10 min.
 
5. Jag har för mig att det har kommit in tidigare och jag har avaktiverat det.
Link to comment
Share on other sites
Cecilia

Cecilia

Posted
Posted

Hehe, utmärkt :)

 

2. Ta då bort mappen C:\ProgramData\E30C8B73395412A8AC30B9642F45F825

 

3. Det kanske är en loggfil med vad trojanen gjorde. Du kan ta bort filen C:\ProgramData\RUNDLL32.EXE-17464-F.txt

 

5. Använd AdwCleaner för att rensa bort det olämpliga från alla tre webbläsarna.

AdwCleaner av Xplode: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Stäng av alla program innan du använder det.
 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...